security: harden handshake/masking flows and add adversarial regressions

Browse Source

- forward valid-TLS/invalid-MTProto clients to mask backend in both client paths\n- harden TLS validation against timing and clock edge cases\n- move replay tracking behind successful authentication to avoid cache pollution\n- tighten secret decoding and key-material handling paths\n- add dedicated security test modules for tls/client/handshake/masking\n- include production-path regression for ClientHandler fallback behavior

...

This commit is contained in:

David Osipov

2026-03-16 20:04:41 +04:00

parent dcab19a64f

commit 6ffbc51fb0

11 changed files with 2669 additions and 502 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

src/protocol/tls_security_tests.rs

+1242

File diff suppressed because it is too large Load Diff