This is the prototype TLS-N implementation based on Mozilla's NSS library.
The main library file can be found inside nss/lib/ssl/tlsproof.c. Here the most important functions are:
tlsproof_addMessageToProof
This function adds a record to the evidence calculation.
SSL_TLSProofRequestProof
The requester calls this function to trigger the evidence request.
tlsproof_handleMessageRequest
The function used by the generator to finalize the evidence.
tlsproof_handleMessageResponse
Uses the supplied evidence to create a proof according to the user's wishes.
SSL_TLSProofCheckProof
Verifies a given proof.
We have also provided multiple test applications, such as:
- A standalone verifier that verifies proofs.
- A client and server application to test TLS-N with a specified amount of random traffic.
- A benchmarking app for TLS-N.
For testing purposes we provide a Test CA with a test certiface for tls-n.testserver inside the ca folder. The certificate store has an empty password. You have to resolve this hostname accordingly in DNS.