Skip to content

v2.2.0

Latest
Latest

Choose a tag to compare

View all tags
@jmlepisto jmlepisto released this 27 Jan 20:24
· 1 commit to main since this release
clatter-v2.2.0
1e991cf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Clatter v2.2.0

PSK validity security fixes and stabilization of hybrid handshake types

#18 reported a severe security issue with some PQ *_psk0 handshake pattern variants which offended
the PSK validity rule. This issue is fixed by removing the offending default patterns and by implementing
runtime checks against invalid patterns. This issue is further explained in the related security advisory.

Upon this release the HybridHandshake type is stabilized with some final changes to PQ token ordering.
Motivated by the PSK validity issue some runtime checks were also implemented to guarantee correct PQ
token ordering in handshake messages.

What's Changed

Compatibility

  • Clatter v2.2.0 removes the offending default handshake types but is otherwise API compatible with earlier versions
    • Clatter v2.2.0 adds some new error variants in a non-breaking manner
  • Clatter v2.2.0 HybridHandshake is not protocol-compatible with earlier versions

Full Changelog: clatter-v2.1.0...clatter-v2.2.0

Contributors

jmlepisto
Assets 2
Loading