tls-n / nss-tlsn Goto Github PK
View Code? Open in Web Editor NEWMozilla's NSS library with TLS-N implementation.
License: Mozilla Public License 2.0
nss-tlsn's People
Contributors
Stargazers
Watchers
nss-tlsn's Issues
No Network-Byte Order
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 564 in c7a5845
Extend ordering_vector_len to 32 bits.
nss-tlsn/nss/lib/ssl/tlsproof.h
Line 97 in 5730a7a
Padding computation must not be done anymore
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 288 in 5730a7a
How does this thing work? You have a struct ProofNode. It contains an enum called TLSProofNodeType, but its length is not specified. You copy its first byte on the proof string. How does the program know that the enum must be only one byte?
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 1396 in 5730a7a
Implement stricter controls for the incoming messages. Also in the handle message request and handle message response functions.
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 618 in 5730a7a
Clarification requested: must server-side of an HTTPS session use specific TLS-N code?
It's not clear to me from your website and demo whether a server's TLS code must be modified, in order for a client to generate a non-repudiable proof of what the server said.
In particular, I used your "try it out" form to generate a proof of a HTTPS URL on twitter.com. (I don't expect Twitter's servers have been updated with your server-side code.) I then used your 'verify a proof' form to check the .PROOF file, and it showed the full conversation, client and server, as a 'valid proof'.
However, other credible sources (such as this Cryptography Stack Overflow answer) suggest there's not enough in a normal session to provide assurance a session transcript is authentic. (In particular, it says either party to the initial handshake could forge a transcript of both sides of the session.)
Can you clarify if your technique overcomes the TLS limitation even with only one side, such as the client with a non-upgraded server, generating the proof?
I think the size of this array must be set with realloc. If two consecutive nodes are hidden, in fact, one does not need to store both their hases, they can directly store the root hash of the subtree.
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 1095 in 5730a7a
Should we return 0 here?
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 1637 in 5730a7a
Can this function be cancelled?
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 1366 in 5730a7a
Resizing allocation
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 2326 in 5730a7a
It seems to me that the right allocation size should be ss->tlsproofOrderingVectorLen/8 +1 because ss->tlsproofOrderingVectorLen is the size in BIT of the ordering vector.
We saw that the function only works if the hash_size is exactly twice the salt_size. This is a note to remember to modify this function.
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 720 in 5730a7a
Rename it to request the evidence
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 678 in 5730a7a
The OrderingVectorLenIs reduced to 16 bytes, is it accidental or on purpose?
nss-tlsn/nss/lib/ssl/tlsproof.h
Line 97 in 5730a7a
Rename it to add message to evidence
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 2201 in 5730a7a
Since the evidence size can exceed the one of the packet, it might be sent in multiple packets. In that case, all the packet data must be put together, and then the handling function called.
nss-tlsn/nss/lib/ssl/ssl3con.c
Line 12855 in c7a5845
should it be renamed into num_normal_chunks?
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 202 in 5730a7a
I couldn't test it, but I think this is never freed
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 206 in 5730a7a
As far as I can understand, this structure qill be sent to the peer, but it uses a variable type which is typical of NSS. This might make it not compatible with other applications.
nss-tlsn/nss/lib/ssl/tlsproof.h
Lines 57 to 68 in 5730a7a
shouldn't a non existing chunk be considered non-sensitive?
nss-tlsn/nss/lib/ssl/tlsproof.c
Line 909 in 5730a7a
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.