emersion
commented
8 months ago Interestingly, test vector index 33 is the only other vector using MLS_256_DHKEMP521_AES256GCM_SHA512_P521, and has a correct encryption private key size of 66.
Closed emersion closed 8 months ago
emersion
commented
8 months ago Interestingly, test vector index 33 is the only other vector using MLS_256_DHKEMP521_AES256GCM_SHA512_P521, and has a correct encryption private key size of 66.
OtaK
commented
8 months ago I'd recommend looking at this issue https://github.com/mlswg/mls-implementations/issues/176#issuecomment-1817043142
You need to prepad keys with 0x00 to reach 66 bytes.
emersion
commented
8 months ago Ah, yes, indeed. Closing as a duplicate.
Test vectors indices 32, and 34 to 39 inclusive have an encryption private key size of 65 and a cipher suite set to
MLS_256_DHKEMP521_AES256GCM_SHA512_P521. This doesn't match the requirement of a private key length of 66 in RFC 9180 section 7.1 forDHKEM(P-521, HKDF-SHA512).