wireapp · OtaK · Apr 16, 2024 · Apr 9, 2024
diff --git a/basic_credential/Cargo.toml b/basic_credential/Cargo.toml
@@ -19,6 +19,7 @@ serde = "1.0"
 ed25519-dalek = { version = "2.0.0-rc.3", features = ["rand_core"] }
 p256 = "0.13"
 p384 = "0.13"
+p521 = "0.13"
 secrecy = { version = "0.8", features = ["serde"] }
 rand_core = "0.6"
 getrandom = { version = "0.2", features = ["js"] }

diff --git a/basic_credential/src/lib.rs b/basic_credential/src/lib.rs
@@ -121,6 +121,14 @@ impl SignatureKeyPair {
                 let pk = sk.verifying_key().to_encoded_point(false).to_bytes().into();
                 (sk.to_bytes().to_vec().into(), pk)
             }
+            SignatureScheme::ECDSA_SECP521R1_SHA512 => {
+                let sk = p521::ecdsa::SigningKey::random(csprng);
+                let pk = p521::ecdsa::VerifyingKey::from(&sk)
+                    .to_encoded_point(false)
+                    .to_bytes()
+                    .into();
+                (sk.to_bytes().to_vec().into(), pk)
+            }
             SignatureScheme::ED25519 => {
                 let sk = ed25519_dalek::SigningKey::generate(csprng);
                 let pk = sk.verifying_key();
@@ -159,31 +167,45 @@ impl SignatureKeyPair {
                     &private[..ed25519_dalek::SECRET_KEY_LENGTH],
                 )
                 .map_err(|_| CryptoError::InvalidKey)?;
-                let pk = ed25519_dalek::VerifyingKey::try_from(&public[..])
+                let pk = ed25519_dalek::VerifyingKey::try_from(public.as_slice())
                     .map_err(|_| CryptoError::InvalidKey)?;
 
                 if sk.verifying_key() != pk {
                     return Err(CryptoError::MismatchKeypair);
                 }
             }
             SignatureScheme::ECDSA_SECP256R1_SHA256 => {
-                let sk = p256::ecdsa::SigningKey::try_from(&private[..])
+                let sk = p256::ecdsa::SigningKey::from_slice(&private)
                     .map_err(|_| CryptoError::InvalidKey)?;
-                let pk = p256::ecdsa::VerifyingKey::try_from(&public[..])
+                let pk = p256::ecdsa::VerifyingKey::from_sec1_bytes(&public)
                     .map_err(|_| CryptoError::InvalidKey)?;
+
                 if sk.verifying_key() != &pk {
                     return Err(CryptoError::MismatchKeypair);
                 }
             }
             SignatureScheme::ECDSA_SECP384R1_SHA384 => {
-                let sk = p384::ecdsa::SigningKey::try_from(&private[..])
+                let sk = p384::ecdsa::SigningKey::from_slice(&private)
                     .map_err(|_| CryptoError::InvalidKey)?;
-                let pk = p384::ecdsa::VerifyingKey::try_from(&public[..])
+
+                let pk = p384::ecdsa::VerifyingKey::from_sec1_bytes(&public)
                     .map_err(|_| CryptoError::InvalidKey)?;
+
                 if sk.verifying_key() != &pk {
                     return Err(CryptoError::MismatchKeypair);
                 }
             }
+            SignatureScheme::ECDSA_SECP521R1_SHA512 => {
+                let sk = p521::ecdsa::SigningKey::from_slice(&private)
+                    .map_err(|_| CryptoError::InvalidKey)?;
+                let pk = p521::ecdsa::VerifyingKey::from_sec1_bytes(&public)
+                    .map_err(|_| CryptoError::InvalidKey)?;
+                let sk_pk = p521::ecdsa::VerifyingKey::from(&sk);
+
+                if sk_pk.to_encoded_point(false) != pk.to_encoded_point(false) {
+                    return Err(CryptoError::MismatchKeypair);
+                }
+            }
             _ => {}
         };
 
@@ -238,6 +260,7 @@ pub mod tests {
             SignatureScheme::ED25519,
             SignatureScheme::ECDSA_SECP256R1_SHA256,
             SignatureScheme::ECDSA_SECP384R1_SHA384,
+            SignatureScheme::ECDSA_SECP521R1_SHA512,
         ];
         for scheme in schemes {
             let kp = SignatureKeyPair::new(scheme, &mut rand::thread_rng()).unwrap();

diff --git a/openmls/src/group/core_group/kat_passive_client.rs b/openmls/src/group/core_group/kat_passive_client.rs
@@ -115,6 +115,7 @@ pub async fn run_test_vector(test_vector: PassiveClientWelcomeTestVector) {
         warn!("Skipping {}", cipher_suite);
         return;
     }
+    info!("Ciphersuite: {cipher_suite}");
 
     let group_config = MlsGroupConfig::builder()
         .crypto_config(CryptoConfig::with_default_version(cipher_suite))

diff --git a/openmls/src/group/public_group/diff/compute_path.rs b/openmls/src/group/public_group/diff/compute_path.rs
@@ -74,6 +74,7 @@ impl<'a> PublicGroupDiff<'a> {
                             Ciphersuite::MLS_128_DHKEMP256_AES128GCM_SHA256_P256,
                             Ciphersuite::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519,
                             Ciphersuite::MLS_256_DHKEMP384_AES256GCM_SHA384_P384,
+                            Ciphersuite::MLS_256_DHKEMP521_AES256GCM_SHA512_P521,
                             Ciphersuite::MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519,
                         ]),
                         Some(&[]),

diff --git a/openmls/src/group/tests/test_proposal_validation.rs b/openmls/src/group/tests/test_proposal_validation.rs
@@ -1455,28 +1455,13 @@ async fn test_valsem107(ciphersuite: Ciphersuite, backend: &impl OpenMlsCryptoPr
     // expected.
     let bob_leaf_index = bob_group.own_leaf_index();
 
-    let ref_propose = {
-        // We first go the manual route
-        let (ref_propose1, _) = alice_group
-            .propose_remove_member(
-                backend,
-                &alice_credential_with_key_and_signer.signer,
-                bob_leaf_index,
-            )
-            .unwrap();
-
-        let (ref_propose2, _) = alice_group
-            .propose_remove_member(
-                backend,
-                &alice_credential_with_key_and_signer.signer,
-                bob_leaf_index,
-            )
-            .unwrap();
-
-        assert_eq!(ref_propose1, ref_propose2);
-
-        ref_propose1
-    };
+    let (ref_propose, _) = alice_group
+        .propose_remove_member(
+            backend,
+            &alice_credential_with_key_and_signer.signer,
+            bob_leaf_index,
+        )
+        .unwrap();
 
     // While this shouldn't fail, it should produce a valid commit, i.e. one
     // that contains only one remove proposal.

diff --git a/openmls/src/test_utils/mod.rs b/openmls/src/test_utils/mod.rs
@@ -229,6 +229,9 @@ pub async fn backends(backend: &impl OpenMlsCryptoProvider) {}
     case::MLS_256_DHKEMP384_AES256GCM_SHA384_P384(
         Ciphersuite::MLS_256_DHKEMP384_AES256GCM_SHA384_P384
     ),
+    case::MLS_256_DHKEMP521_AES256GCM_SHA512_P521(
+        Ciphersuite::MLS_256_DHKEMP521_AES256GCM_SHA512_P521
+    ),
     case::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519(
         Ciphersuite::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519
     ),
@@ -247,6 +250,7 @@ pub async fn ciphersuites(ciphersuite: Ciphersuite) {}
     case::rust_crypto_MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519(Ciphersuite::MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519, &OpenMlsRustCrypto::default()),
     case::rust_crypto_MLS_128_DHKEMP256_AES128GCM_SHA256_P256(Ciphersuite::MLS_128_DHKEMP256_AES128GCM_SHA256_P256, &OpenMlsRustCrypto::default()),
     case::rust_crypto_MLS_256_DHKEMP384_AES256GCM_SHA384_P384(Ciphersuite::MLS_256_DHKEMP384_AES256GCM_SHA384_P384, &OpenMlsRustCrypto::default()),
+    case::rust_crypto_MLS_256_DHKEMP521_AES256GCM_SHA512_P521(Ciphersuite::MLS_256_DHKEMP521_AES256GCM_SHA512_P521, &OpenMlsRustCrypto::default()),
     case::rust_crypto_MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519(Ciphersuite::MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519, &OpenMlsRustCrypto::default()),
     case::rust_crypto_MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519(Ciphersuite::MLS_128_X25519KYBER768DRAFT00_AES128GCM_SHA256_Ed25519, &OpenMlsRustCrypto::default()),
   )