quic-go

Author	SHA1	Message	Date
Marten Seemann	ac63554791	drop support for Go 1.7	2017-07-12 18:43:18 +07:00
Marten Seemann	2c920dbfc8	remove obsolete check for tls.Config.ServerName when verifying the cert The hostname is set to tls.Config.ServerName in the client already, thus we don't have to read that value again when verifying the certificate.	2017-06-20 09:54:08 +02:00
Marten Seemann	987905149b	run gofmt to fix ordering of imports	2017-06-13 18:07:22 +02:00
Marten Seemann	c0b09c8646	make utils an internal package	2017-06-09 22:28:40 +02:00
Marten Seemann	ef4699adef	use ASN1 to marshal source address tokens	2017-05-25 11:49:24 +08:00
Marten Seemann	eb72b494b2	generate valid tokens for remote addresses that are not UDP addresses	2017-05-20 23:27:40 +08:00
Marten Seemann	8e01921495	move comparison of the source address in the STK to the STKGenerator	2017-05-20 23:27:40 +08:00
Marten Seemann	9562df5838	move the STK generation from the ServerConfig to a separate struct	2017-05-20 23:27:40 +08:00
Marten Seemann	81985f44bd	move the STK expiration check to the cryptoSetup	2017-05-20 23:27:39 +08:00
Marten Seemann	3c223b22a2	include peer perspective in nullAEAD ref #375	2017-04-27 18:05:24 +07:00
Lucas Clemente	013d7fdb30	Simplify code in a few places Found by running `gosimple ./...`	2017-04-13 16:43:58 +02:00
Lucas Clemente	723f86c725	Don't use GetConfigForClient on go < 1.8	2017-03-02 10:40:20 +01:00
Lucas Clemente	219ce60a5e	Call GetConfigForClient in tls.Config if present	2017-03-01 21:11:52 +01:00
Lucas Clemente	1bb4a26965	Fix reading of tls.Config certificates This commit mostly copies the getCertificate function from crypto/tls to align our certificate reading with the standard library. Should fix #458.	2017-03-01 18:33:05 +01:00
Marten Seemann	7fe2a37c76	use byte-slice instead of net.IP for generating source address tokens	2017-02-22 23:03:07 +07:00
Marten Seemann	e9666c6313	add a test for the Root CA specified in the TLS client config ref #407	2017-02-04 10:27:50 +07:00
Marten Seemann	713df41c8b	verify certificates using a client TLS config, if given ref #407	2017-02-03 15:46:38 +07:00
Marten Seemann	63f2faec85	send common certificate sets in the client hello	2017-01-14 18:52:22 +07:00
Marten Seemann	44303fcd4b	don’t panic if the certificate chain contains cached entries	2017-01-14 18:52:22 +07:00
Marten Seemann	a3dcac8239	implement certificate decompressing using common certificate sets	2017-01-14 18:52:22 +07:00
Marten Seemann	86da7dce81	send leaf certificate hash (XLCT) in client hello	2017-01-14 18:52:22 +07:00
Marten Seemann	8161e1f4a1	simplify server proof verification function signature	2017-01-14 18:52:20 +07:00
Marten Seemann	6f5b2d308d	simplify certificate verification in certManager	2017-01-14 18:52:19 +07:00
Marten Seemann	41c66f9a60	save parsed certificate chain in certManager	2017-01-14 18:52:19 +07:00
Marten Seemann	4b8508c017	verify certificate chain in certManager	2017-01-14 18:52:19 +07:00
Marten Seemann	6913f5ae75	add tests for certChain, simplify constructor	2017-01-14 18:52:18 +07:00
Marten Seemann	bb1af0db1e	move server proof verification to crypto package	2017-01-14 18:52:18 +07:00
Marten Seemann	0535491f30	rename crypto.Signer to crypto.CertChain	2017-01-14 18:52:18 +07:00
Marten Seemann	a388d6bf6a	fix error code for invalid certificate chains	2017-01-14 18:52:17 +07:00
Marten Seemann	f6cef67c3d	create interface for crypto.CertManager	2017-01-14 18:52:16 +07:00
Marten Seemann	731dd87872	also keys for the client in AESGCM key derivation	2017-01-14 18:52:15 +07:00
Marten Seemann	c5f88e01f5	implement a CertManager for the certificate chain sent by the server	2017-01-14 18:52:14 +07:00
Marten Seemann	060d02cb4f	implement certificate decompression, without cached and common certs	2017-01-14 18:45:17 +07:00
Marten Seemann	863467f344	validate XLCT tag in client hello fixes #363	2017-01-04 11:41:43 +07:00
Marten Seemann	98ff7ccb50	use FNV1a hash for cached certificates fixes #383	2017-01-04 10:56:36 +07:00
Lucas Clemente	5d0399bfe3	use LRU cache for cached certificates fixes #268	2016-09-08 23:08:57 +02:00
Lucas Clemente	5dda3b8e69	remove support for version 32 from crypto	2016-09-01 12:20:19 +02:00
Lucas Clemente	6239d80492	remove leftover code from v30	2016-08-18 10:31:28 +02:00
Lucas Clemente	3bf525ed16	update common certificate sets from chrome	2016-08-17 23:53:10 +02:00
Lucas Clemente	fe531dd65e	cache compressed certificate chains fixes #227	2016-08-09 14:34:49 +02:00
Lucas Clemente	4eb9077f1b	simplify crypto/rand reading	2016-08-09 13:08:42 +02:00
Lucas Clemente	125842d80d	simplify key derivation	2016-08-06 17:54:11 +02:00
Lucas Clemente	ed15c18387	disable chacha20 build until we have solved the dependency situation	2016-08-01 16:28:22 +02:00
Lucas Clemente	8a08171322	move nonce generation to separate file	2016-08-01 16:27:38 +02:00
Lucas Clemente	d5255a4075	update AEADs to allow in-place encryption and decryption ref #217	2016-07-26 15:13:15 +02:00
Andreas Auernhammer	c5be7d0d62	Replace ChaCha20Poly1305 implementation Improve AEAD speed with slightly faster poly1305 implementation. Avoid memory allocations whenever possible. (AEAD) But currently missing AVX2 support. BenchmarkSeal64B-8 1561 ns/op 40.97 MB/s BenchmarkSeal1K-8 5570 ns/op 183.82 MB/s BenchmarkSeal64K-8 161271 ns/op 406.37 MB/s BenchmarkOpen64B-8 1747 ns/op 45.79 MB/s BenchmarkOpen1K-8 5741 ns/op 181.14 MB/s BenchmarkOpen64K-8 157116 ns/op 417.22 MB/s	2016-07-17 23:23:30 +02:00
Lucas Clemente	705da8fd00	switch to AES-GCM as symmetric cipher fixes #200	2016-07-05 12:13:41 +02:00
Lucas Clemente	240946dfde	replace version number literals with constants to make grepping easier	2016-06-03 11:09:48 +02:00
Lucas Clemente	d87e20efc9	remove DiversificationNonce() from the AEAD interface	2016-06-02 16:13:48 +02:00
Lucas Clemente	981d4e7fb8	add support for ECDSA private keys fixes #158	2016-05-31 23:06:38 +02:00

1 2

98 Commits