Marten Seemann
|
b8e11d6e67
|
improve tests for key derivation
|
2017-01-14 18:52:23 +07:00 |
|
Marten Seemann
|
fdd0fdf90d
|
send KEXS and AEAD value in full client hello
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
63f2faec85
|
send common certificate sets in the client hello
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
44303fcd4b
|
don’t panic if the certificate chain contains cached entries
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
a3dcac8239
|
implement certificate decompressing using common certificate sets
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
86da7dce81
|
send leaf certificate hash (XLCT) in client hello
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
11cb69d2ce
|
optimize reading of diversification nonces from the PublicHeader
|
2017-01-14 18:52:22 +07:00 |
|
Marten Seemann
|
4a88422d9f
|
add workaround for incorrect public flag values sent by Google servers
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
420f5abcd7
|
log when certificate or server proof verification fails
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
46678abfa6
|
error on malformed version negotiation packets
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
d37380b7a5
|
detect unsupported versions when parsing version negotiation packet
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
5b97f0550c
|
implement a function to find the highest supported version
|
2017-01-14 18:52:21 +07:00 |
|
Marten Seemann
|
1154d22218
|
parse version negotiation packets
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
7fa93c56af
|
implement a proper Close method for the Client
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
de168addd5
|
don’t panic after sending a ConnectionClose
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
2131e8fa6d
|
don’t send more than 3 CHLOs
makes sure that the server allows the client to make progress in the handshake
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
7f2e706908
|
increase CryptoParameterMaxLength
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
8161e1f4a1
|
simplify server proof verification function signature
|
2017-01-14 18:52:20 +07:00 |
|
Marten Seemann
|
6f5b2d308d
|
simplify certificate verification in certManager
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
865aed07d8
|
verify certificate chain when receiving it, return correct errors
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
41c66f9a60
|
save parsed certificate chain in certManager
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
014315d3c7
|
parse hostname from address and pass it to the client cryptoSetup
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
4b8508c017
|
verify certificate chain in certManager
|
2017-01-14 18:52:19 +07:00 |
|
Marten Seemann
|
6913f5ae75
|
add tests for certChain, simplify constructor
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
bb1af0db1e
|
move server proof verification to crypto package
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
0535491f30
|
rename crypto.Signer to crypto.CertChain
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
c8b3189caf
|
validate server config signature, for ECDSA certificates
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
3063cab7cc
|
only escalate crypto when the server config has been verified
|
2017-01-14 18:52:18 +07:00 |
|
Marten Seemann
|
58b905e636
|
validate server config signature, for RSA certificates
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
5aae3fbafe
|
save the proof in client CryptoSetup
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
a388d6bf6a
|
fix error code for invalid certificate chains
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
52ba2ce9f8
|
prevent int64 overflow when reading the expiry date of the server config
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
f9013edb77
|
check if the received server config is expired
|
2017-01-14 18:52:17 +07:00 |
|
Marten Seemann
|
0b736b2cce
|
create forwardSecureAEAD after receiving all necessary values
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
2e0eae1a1d
|
calculate required padding size in CHLOs
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
8bcad17297
|
create secureAEAD after receiving all necessary values
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
5a1c94ba7b
|
send client nonce and public value after receiving the certificate chain
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
f6cef67c3d
|
create interface for crypto.CertManager
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
992678b9d7
|
save last sent CHLO in client CryptoSetup
|
2017-01-14 18:52:16 +07:00 |
|
Marten Seemann
|
731dd87872
|
also keys for the client in AESGCM key derivation
|
2017-01-14 18:52:15 +07:00 |
|
Marten Seemann
|
4b67aefb83
|
generate a client nonce once, when reading a server config multiple times
|
2017-01-14 18:52:15 +07:00 |
|
Marten Seemann
|
a2996f6343
|
improve logging in client
|
2017-01-14 18:52:15 +07:00 |
|
Marten Seemann
|
f1810ae82d
|
generate a client nonce after receiving a server config
|
2017-01-14 18:52:15 +07:00 |
|
Marten Seemann
|
39e7591756
|
include source address token, server config id and server nonce in CHLO
|
2017-01-14 18:52:15 +07:00 |
|
Marten Seemann
|
0b8c883b71
|
read certificate chain from SHLO
|
2017-01-14 18:52:14 +07:00 |
|
Marten Seemann
|
c5f88e01f5
|
implement a CertManager for the certificate chain sent by the server
|
2017-01-14 18:52:14 +07:00 |
|
Marten Seemann
|
fece562b22
|
compose PublicHeader depending on perspective set in packetPacker
|
2017-01-14 18:52:12 +07:00 |
|
Marten Seemann
|
b58bc8cffd
|
parse server config sent in the SHLO in client CryptoSetup
|
2017-01-14 18:51:19 +07:00 |
|
Marten Seemann
|
dbee83b8de
|
read source address token and server nonce from SHLO
|
2017-01-14 18:51:19 +07:00 |
|
Marten Seemann
|
5b72a535d0
|
improve CHLO generation in client CryptoSetup
|
2017-01-14 18:51:19 +07:00 |
|