Releases: libzig/libsafe
Releases · libzig/libsafe
0.0.7
⛰️ Features
- Add generation-scoped SSH traffic key updates
- Add hostkey-blob auth signature verification
- Add SSH algorithm agility extension points
- Add SSH rekey lifecycle utilities
- Add SSH auth signature crypto utilities
- Canonicalize SSH mpint secret derivation
- Add SSH KEX guards and exporter secret API
- Harden SSH hostkey blob parsing
📚 Documentation
- Add comprehensive documentation
🧪 Testing
- Add SSH ECDH deterministic derivation checks
- Add SSH label expansion boundary coverage
- Expand SSH hostkey validator and fingerprint checks
- Tighten SSH algorithm selection edge cases
- Expand SSH KEX negotiation and hash guards
- Add SSH rekey context and immutability checks
- Expand hostkey-based SSH auth failure coverage
- Strengthen TLS key schedule determinism checks
- Add TLS handshake encoding edge guards
- Cover TLS out-of-order extension handling
- Guard TLS client state on bad server hello
- Guard TLS server hello ALPN preconditions
- Validate TLS processServerHello field retention
- Verify TLS server cipher preference selection
- Add TLS context invalid state matrix
- Guard TLS local transport parameter validation
- Add TLS finished verification checks
- Expand engine vtable forwarding coverage
- Add TLS handshake version and size guards
- Add TLS ALPN boundary and no-ALPN paths
- Cover TLS handshake completion secret profiles
- Add TLS unsupported cipher state guards
- Assert TLS server state on ALPN and TP paths
- Guard TLS server hello against bad client TP
- Tighten TLS ALPN contract failure coverage
- Expand TLS key schedule derivation coverage
- Add TLS handshake parser negative coverage
- Enforce deterministic TLS adapter failure mapping
- Assert adapter state invariants on failures
- Cover malformed ALPN adapter failure states
- Enforce TLS adapter single-use transitions
- Add TLS adapter negative extension cases
- Verify TLS adapter ALPN and TP exposure
- Add TLS adapter state transition matrix
- Add TLS adapter error mapping coverage
- Expand SSH auth signature negative matrix
- Add SSH zeroization coverage