gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity
1,527 Commits 1 Branch 126 Tags
2e0f5473a07145854841c170ac3fe03e4b47be62
Commit Graph

59 Commits

Author SHA1 Message Date
Marten Seemann
2e0f5473a0 Merge pull request #577 from lucas-clemente/fix-565 
add a quic.Config option for QUIC versions
 2017-05-09 18:30:04 +08:00
Marten Seemann
2014ced934 fix data race in client crypto setup 2017-05-06 23:44:15 +08:00
Marten Seemann
b305cd674f make it possible to configure the QUIC versions for the server 2017-05-05 18:05:57 +08:00
Marten Seemann
3c223b22a2 include peer perspective in nullAEAD 
ref #375
 2017-04-27 18:05:24 +07:00
Lucas Clemente
013d7fdb30 Simplify code in a few places 
Found by running `gosimple ./...`
 2017-04-13 16:43:58 +02:00
Marten Seemann
2903f9b238 return a lambda to for sealing a packet in the CryptoSetup 2017-03-22 16:52:00 +07:00
Marten Seemann
8c5e7818a0 retransmit the diversification nonce in the packet carrying the SHLO 
The packet containing the SHLO is the only packet that is sent with
initial encryption. If it is lost, we need to make sure that the
diversification nonce is included in the PublicHeader, otherwise the
client will not be able to derive the keys for the forward-secure
encryption.
 2017-03-01 15:11:01 +07:00
Marten Seemann
599926e3cb add a method to force the encryption level when sealing a packet 2017-03-01 14:01:51 +07:00
Marten Seemann
6cb19e42a5 explicitly pass encryption level in the aeadChanges channel 2017-02-25 21:38:08 +07:00
Marten Seemann
0c20f5e9b3 return the encryption level used for Sealing 2017-02-25 08:27:14 +07:00
Marten Seemann
a972c7a21e return the encryption level of a packet when decrypting it 2017-02-25 08:27:08 +07:00
Marten Seemann
eb7a7f79f7 add tests for clientCryptoSetup Open and Seal methods 2017-02-24 11:42:41 +07:00
Marten Seemann
cd465ae0b5 move utils.Stream to quic.Stream 2017-02-22 23:03:09 +07:00
Marten Seemann
268841f0cc add a TLSClientConfig to the QUIC RoundTripper 
fixes #407
 2017-02-04 10:28:00 +07:00
Marten Seemann
713df41c8b verify certificates using a client TLS config, if given 
ref #407
 2017-02-03 15:46:38 +07:00
Marten Seemann
c71e8cfb25 log sent CHLOs 2017-01-14 19:00:24 +07:00
Marten Seemann
82f2298658 fix race condition in client crypto setup 2017-01-14 19:00:23 +07:00
Marten Seemann
db09de621c detect version downgrade attacks in the client crypto setup 2017-01-14 18:58:47 +07:00
Marten Seemann
53706049c7 read connection parameters when receiving a SHLO 2017-01-14 18:58:46 +07:00
Marten Seemann
a587af079d improve the connection parameters manager for the client 2017-01-14 18:58:46 +07:00
Marten Seemann
a0bdf79b5b create an aeadChanged channel in the client crypto setup 2017-01-14 18:52:25 +07:00
Marten Seemann
9fc9522539 implement a HandshakeComplete method in the client crypto setup 2017-01-14 18:52:24 +07:00
Marten Seemann
f72fbc57a9 send connection parameters in CHLO 2017-01-14 18:52:24 +07:00
Marten Seemann
dde5ce465c enforce presence of version list in SHLO 2017-01-14 18:52:23 +07:00
Marten Seemann
2589a6eff9 reject unencrypted SHLOs 2017-01-14 18:52:23 +07:00
Marten Seemann
e19416a43b use server nonce in key derivation for initial encryption, if available 2017-01-14 18:52:23 +07:00
Marten Seemann
fdd0fdf90d send KEXS and AEAD value in full client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
63f2faec85 send common certificate sets in the client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
86da7dce81 send leaf certificate hash (XLCT) in client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
420f5abcd7 log when certificate or server proof verification fails 2017-01-14 18:52:21 +07:00
Marten Seemann
2131e8fa6d don’t send more than 3 CHLOs 
makes sure that the server allows the client to make progress in the handshake
 2017-01-14 18:52:20 +07:00
Marten Seemann
8161e1f4a1 simplify server proof verification function signature 2017-01-14 18:52:20 +07:00
Marten Seemann
865aed07d8 verify certificate chain when receiving it, return correct errors 2017-01-14 18:52:19 +07:00
Marten Seemann
014315d3c7 parse hostname from address and pass it to the client cryptoSetup 2017-01-14 18:52:19 +07:00
Marten Seemann
bb1af0db1e move server proof verification to crypto package 2017-01-14 18:52:18 +07:00
Marten Seemann
c8b3189caf validate server config signature, for ECDSA certificates 2017-01-14 18:52:18 +07:00
Marten Seemann
3063cab7cc only escalate crypto when the server config has been verified 2017-01-14 18:52:18 +07:00
Marten Seemann
58b905e636 validate server config signature, for RSA certificates 2017-01-14 18:52:17 +07:00
Marten Seemann
5aae3fbafe save the proof in client CryptoSetup 2017-01-14 18:52:17 +07:00
Marten Seemann
f9013edb77 check if the received server config is expired 2017-01-14 18:52:17 +07:00
Marten Seemann
0b736b2cce create forwardSecureAEAD after receiving all necessary values 2017-01-14 18:52:16 +07:00
Marten Seemann
2e0eae1a1d calculate required padding size in CHLOs 2017-01-14 18:52:16 +07:00
Marten Seemann
8bcad17297 create secureAEAD after receiving all necessary values 2017-01-14 18:52:16 +07:00
Marten Seemann
5a1c94ba7b send client nonce and public value after receiving the certificate chain 2017-01-14 18:52:16 +07:00
Marten Seemann
f6cef67c3d create interface for crypto.CertManager 2017-01-14 18:52:16 +07:00
Marten Seemann
992678b9d7 save last sent CHLO in client CryptoSetup 2017-01-14 18:52:16 +07:00
Marten Seemann
4b67aefb83 generate a client nonce once, when reading a server config multiple times 2017-01-14 18:52:15 +07:00
Marten Seemann
f1810ae82d generate a client nonce after receiving a server config 2017-01-14 18:52:15 +07:00
Marten Seemann
39e7591756 include source address token, server config id and server nonce in CHLO 2017-01-14 18:52:15 +07:00
Marten Seemann
0b8c883b71 read certificate chain from SHLO 2017-01-14 18:52:14 +07:00