jhoyla
jhoyla
This is a preliminary piece of work, beginning to apply Wycheproof to Golang's crypto library. Some tests fail for minor issues, but I thought it more important to mirror the...
This PR fixes a number of bugs in the DC implementation. Specifically this addresses Issues #127, #128, #129, and #130. It also adds `generate_delegated_credential.go` which provides a tool matching `generate_cert.go`...
In `delegated_credentials_test.go` `TestDCHandshakeServerAuth` sets `clientConfig.InsecureSkipVerify = true`. Because of how golang handles global state this is propagated to all later tests. This leads to test failures if the tests are...
`getSignatureAlgorithm` should return the signature algorithm of a certificate, but returns the signature algorithm of the certificate's parent (the intermediate cert.) It also doesn't support RSA leaf certificates at all.
`selectSignatureSchemeDC` only checks the client's `supportedSignatureAlgorithmsDC` field. Per the [spec](https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-15#section-4.1.1) the selected signature scheme MUST be in both the `supportedSignatureAlgorithmsDC` and `supportedSignatureAlgorithms` fields.
`signatureSchemeForDelegatedCredential` returns the list of supported signature schemes for a delegated credential; however, per the spec, DCs are explicitly restricted to a single `SignatureAlgorithm` defined in the `dc_cert_verify_algorithm` field. We...
Currently message Reacts do not appear. These would be really nice.
A potential use case we might want to consider is multiple layers of privacy-proxy. Consider a website that wants rate limits provided by Issuer₁ and Geo-location provided by Issuer₂. Whilst...
This PR implements the first half of the [TLS Flags extension](https://datatracker.ietf.org/doc/draft-ietf-tls-tlsflags/).
A feature that lets us filter by algorithms that are broken would be really fun.