Commit Graph

10 Commits

Author SHA1 Message Date
f09eee913a Change package name from tls to trs 2019-05-12 18:42:15 +01:00
da110326f8 Swap TLS 1.3 to RFC 8446 2018-09-16 12:22:20 +01:00
Christopher Patton
a2fe2d9a71 DC draft-02, last minute change (#121)
* Drop DC test data for draft23

* DC: Change public key type

There was a last minute change to spec that changes the public key type
from a byte string of length at most 2^16 to a byte string of length at
most 2^24.
2018-08-10 08:34:10 +01:00
d3e18f99e2
Minimal number of changes needed to udpate to draft-28 (#115)
* includes AD in authentication check of TLS records

As per 5.2 of TLS 1.3 draft-28, the additional data is record header.

* tests: Update tests in order to support draft-28

* Interoperability: Updates NSS and BoringSSL versions to the
  one supporting draft-28
* Bogo: Updates revision number to use tests for draft-28
* FIX: makefile was using test-compat target instead of
  test-interop

* DC test: constify

* Use binary interface to encode in big-endian
2018-08-09 20:47:50 +01:00
Christopher Patton
0d6e4561a6 Add DC test data for tls13draft28 and tls13rfc (#117)
The test in subcerts_test.go only passes if maxVersion ==
VersionTLS13Draft23. This is because DCs are cryptographically bound to
the protocol version on the wire. To work around this as we move towards
the RFC, this PR adds test data for VersionTLS13Draft28 and VersionTLS13
and uses maxVersion to pick which data to load.  # Please enter the
commit message for your changes. Lines starting
2018-08-09 19:47:38 +01:00
Christopher Patton
174a68a0fb Update implementation of draft-ietf-tls-subcerts to draft 02 (#108)
Drops support for delegated credentials with TLS 1.2 and adds the
protocol version and signature algorithm to the credential structure.
2018-08-09 19:24:40 +01:00
77d1fbf262 Don't use VersionTLS13DraftXX anywhere 2018-08-07 19:22:54 +01:00
Christopher Patton
c5280001a4 Remove delegated credential minting from the API
What's left are the minimal API changes required to use the delegated
credential extension in the TLS handshake.
2018-07-27 19:12:28 +01:00
Christopher Patton
1ea9624098 Use static test data for testing delegated credentials
This removes dependency on NewDelegatedCredential from tris.
2018-07-27 19:12:28 +01:00
Christopher Patton
84fe9084cd Implement the delegated_credential extension for TLS
This complies with the standard, currently an Internet draft:
https://tlswg.github.io/tls-subcerts/draft-ietf-tls-subcerts.html

It also adds a minimal interface for generating new delegated
credentials.
2018-07-03 09:57:54 -07:00