quic-go

Author	SHA1	Message	Date
Lucas Clemente	130620d18c	Merge pull request #511 from lucas-clemente/simplify Simplify code in a few places	2017-04-13 17:06:41 +02:00
Lucas Clemente	013d7fdb30	Simplify code in a few places Found by running `gosimple ./...`	2017-04-13 16:43:58 +02:00
Lucas Clemente	dd89967035	Fix wrong scfg expiry test in some timezones Fixes #533.	2017-04-13 16:30:34 +02:00
Lucas Clemente	e2a0d9f77c	Remove several unused fields and symbols Detected with `unused -exports=true ./...`	2017-04-05 21:46:33 +01:00
Marten Seemann	584fc021bf	add tests for incorrect nullAEAD signatures in both cryptoSetups	2017-03-22 19:32:54 +07:00
Marten Seemann	19aad731ed	improve logging and tests of cryptoSetupServer	2017-03-22 19:23:48 +07:00
Marten Seemann	2903f9b238	return a lambda to for sealing a packet in the CryptoSetup	2017-03-22 16:52:00 +07:00
Marten Seemann	a0bb98207b	Merge pull request #489 from lucas-clemente/fix-411 send a Public Reset when receiving a CHLO with the FHL2 tag	2017-03-20 16:07:08 +07:00
Marten Seemann	6d5c9776e9	send a Public Reset when receiving a CHLO with the FHL2 tag Fixes #411. Chrome sends the FHL2 when it wants to perform a head-of-line blocking experiment, introduced in QUIC version 36 (see https://codereview.chromium.org/2115033002). We don’t support this experiment. By sending a Public Reset when receiving this tag we force Chrome to use the TCP fallback.	2017-03-20 12:35:34 +07:00
Marten Seemann	28c115fee1	drop support for QUIC 34 fixes #368	2017-03-19 20:57:28 +07:00
Marten Seemann	8c5e7818a0	retransmit the diversification nonce in the packet carrying the SHLO The packet containing the SHLO is the only packet that is sent with initial encryption. If it is lost, we need to make sure that the diversification nonce is included in the PublicHeader, otherwise the client will not be able to derive the keys for the forward-secure encryption.	2017-03-01 15:11:01 +07:00
Marten Seemann	b5c8c11c0c	switch to forward-secure encryption after sending the SHLO	2017-03-01 14:11:25 +07:00
Marten Seemann	9e147714ac	pack smaller packets as long as the encryption is not forward secure	2017-03-01 14:01:52 +07:00
Marten Seemann	599926e3cb	add a method to force the encryption level when sealing a packet	2017-03-01 14:01:51 +07:00
Marten Seemann	6cb19e42a5	explicitly pass encryption level in the aeadChanges channel	2017-02-25 21:38:08 +07:00
Marten Seemann	0c20f5e9b3	return the encryption level used for Sealing	2017-02-25 08:27:14 +07:00
Marten Seemann	a972c7a21e	return the encryption level of a packet when decrypting it	2017-02-25 08:27:08 +07:00
Marten Seemann	eb7a7f79f7	add tests for clientCryptoSetup Open and Seal methods	2017-02-24 11:42:41 +07:00
Marten Seemann	cd465ae0b5	move utils.Stream to quic.Stream	2017-02-22 23:03:09 +07:00
Marten Seemann	7fe2a37c76	use byte-slice instead of net.IP for generating source address tokens	2017-02-22 23:03:07 +07:00
Marten Seemann	268841f0cc	add a TLSClientConfig to the QUIC RoundTripper fixes #407	2017-02-04 10:28:00 +07:00
Marten Seemann	713df41c8b	verify certificates using a client TLS config, if given ref #407	2017-02-03 15:46:38 +07:00
Marten Seemann	90983470e8	fix logging of REJs and SHLOs	2017-02-02 14:16:46 +07:00
Marten Seemann	c71e8cfb25	log sent CHLOs	2017-01-14 19:00:24 +07:00
Marten Seemann	82f2298658	fix race condition in client crypto setup	2017-01-14 19:00:23 +07:00
Marten Seemann	db09de621c	detect version downgrade attacks in the client crypto setup	2017-01-14 18:58:47 +07:00
Marten Seemann	53706049c7	read connection parameters when receiving a SHLO	2017-01-14 18:58:46 +07:00
Marten Seemann	a587af079d	improve the connection parameters manager for the client	2017-01-14 18:58:46 +07:00
Marten Seemann	64c4bede3e	remove unnecessary loop from connection parameters manager	2017-01-14 18:58:45 +07:00
Marten Seemann	a0bdf79b5b	create an aeadChanged channel in the client crypto setup	2017-01-14 18:52:25 +07:00
Marten Seemann	9fc9522539	implement a HandshakeComplete method in the client crypto setup	2017-01-14 18:52:24 +07:00
Marten Seemann	f72fbc57a9	send connection parameters in CHLO	2017-01-14 18:52:24 +07:00
Marten Seemann	dde5ce465c	enforce presence of version list in SHLO	2017-01-14 18:52:23 +07:00
Marten Seemann	2589a6eff9	reject unencrypted SHLOs	2017-01-14 18:52:23 +07:00
Marten Seemann	e19416a43b	use server nonce in key derivation for initial encryption, if available	2017-01-14 18:52:23 +07:00
Marten Seemann	b8e11d6e67	improve tests for key derivation	2017-01-14 18:52:23 +07:00
Marten Seemann	fdd0fdf90d	send KEXS and AEAD value in full client hello	2017-01-14 18:52:22 +07:00
Marten Seemann	63f2faec85	send common certificate sets in the client hello	2017-01-14 18:52:22 +07:00
Marten Seemann	86da7dce81	send leaf certificate hash (XLCT) in client hello	2017-01-14 18:52:22 +07:00
Marten Seemann	420f5abcd7	log when certificate or server proof verification fails	2017-01-14 18:52:21 +07:00
Marten Seemann	2131e8fa6d	don’t send more than 3 CHLOs makes sure that the server allows the client to make progress in the handshake	2017-01-14 18:52:20 +07:00
Marten Seemann	8161e1f4a1	simplify server proof verification function signature	2017-01-14 18:52:20 +07:00
Marten Seemann	865aed07d8	verify certificate chain when receiving it, return correct errors	2017-01-14 18:52:19 +07:00
Marten Seemann	014315d3c7	parse hostname from address and pass it to the client cryptoSetup	2017-01-14 18:52:19 +07:00
Marten Seemann	4b8508c017	verify certificate chain in certManager	2017-01-14 18:52:19 +07:00
Marten Seemann	bb1af0db1e	move server proof verification to crypto package	2017-01-14 18:52:18 +07:00
Marten Seemann	0535491f30	rename crypto.Signer to crypto.CertChain	2017-01-14 18:52:18 +07:00
Marten Seemann	c8b3189caf	validate server config signature, for ECDSA certificates	2017-01-14 18:52:18 +07:00
Marten Seemann	3063cab7cc	only escalate crypto when the server config has been verified	2017-01-14 18:52:18 +07:00
Marten Seemann	58b905e636	validate server config signature, for RSA certificates	2017-01-14 18:52:17 +07:00

1 2 3 4

189 Commits