gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity
1,304 Commits 1 Branch 126 Tags
713df41c8b9efdf0ecdb55c60af4207112170b23
Commit Graph

82 Commits

Author SHA1 Message Date
Marten Seemann
713df41c8b verify certificates using a client TLS config, if given 
ref #407
 2017-02-03 15:46:38 +07:00
Marten Seemann
63f2faec85 send common certificate sets in the client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
44303fcd4b don’t panic if the certificate chain contains cached entries 2017-01-14 18:52:22 +07:00
Marten Seemann
a3dcac8239 implement certificate decompressing using common certificate sets 2017-01-14 18:52:22 +07:00
Marten Seemann
86da7dce81 send leaf certificate hash (XLCT) in client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
8161e1f4a1 simplify server proof verification function signature 2017-01-14 18:52:20 +07:00
Marten Seemann
6f5b2d308d simplify certificate verification in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
41c66f9a60 save parsed certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
4b8508c017 verify certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
6913f5ae75 add tests for certChain, simplify constructor 2017-01-14 18:52:18 +07:00
Marten Seemann
bb1af0db1e move server proof verification to crypto package 2017-01-14 18:52:18 +07:00
Marten Seemann
0535491f30 rename crypto.Signer to crypto.CertChain 2017-01-14 18:52:18 +07:00
Marten Seemann
a388d6bf6a fix error code for invalid certificate chains 2017-01-14 18:52:17 +07:00
Marten Seemann
f6cef67c3d create interface for crypto.CertManager 2017-01-14 18:52:16 +07:00
Marten Seemann
731dd87872 also keys for the client in AESGCM key derivation 2017-01-14 18:52:15 +07:00
Marten Seemann
c5f88e01f5 implement a CertManager for the certificate chain sent by the server 2017-01-14 18:52:14 +07:00
Marten Seemann
060d02cb4f implement certificate decompression, without cached and common certs 2017-01-14 18:45:17 +07:00
Marten Seemann
863467f344 validate XLCT tag in client hello 
fixes #363
 2017-01-04 11:41:43 +07:00
Marten Seemann
98ff7ccb50 use FNV1a hash for cached certificates 
fixes #383
 2017-01-04 10:56:36 +07:00
Lucas Clemente
5d0399bfe3 use LRU cache for cached certificates 
fixes #268
 2016-09-08 23:08:57 +02:00
Lucas Clemente
5dda3b8e69 remove support for version 32 from crypto 2016-09-01 12:20:19 +02:00
Lucas Clemente
6239d80492 remove leftover code from v30 2016-08-18 10:31:28 +02:00
Lucas Clemente
3bf525ed16 update common certificate sets from chrome 2016-08-17 23:53:10 +02:00
Lucas Clemente
fe531dd65e cache compressed certificate chains 
fixes #227
 2016-08-09 14:34:49 +02:00
Lucas Clemente
4eb9077f1b simplify crypto/rand reading 2016-08-09 13:08:42 +02:00
Lucas Clemente
125842d80d simplify key derivation 2016-08-06 17:54:11 +02:00
Lucas Clemente
ed15c18387 disable chacha20 build until we have solved the dependency situation 2016-08-01 16:28:22 +02:00
Lucas Clemente
8a08171322 move nonce generation to separate file 2016-08-01 16:27:38 +02:00
Lucas Clemente
d5255a4075 update AEADs to allow in-place encryption and decryption 
ref #217
 2016-07-26 15:13:15 +02:00
Andreas Auernhammer
c5be7d0d62 Replace ChaCha20Poly1305 implementation 
Improve AEAD speed with slightly faster poly1305 implementation.
Avoid memory allocations whenever possible. (AEAD)
But currently missing AVX2 support.

BenchmarkSeal64B-8     1561 ns/op       40.97 MB/s
BenchmarkSeal1K-8      5570 ns/op      183.82 MB/s
BenchmarkSeal64K-8     161271 ns/op    406.37 MB/s
BenchmarkOpen64B-8     1747 ns/op       45.79 MB/s
BenchmarkOpen1K-8      5741 ns/op      181.14 MB/s
BenchmarkOpen64K-8     157116 ns/op    417.22 MB/s
 2016-07-17 23:23:30 +02:00
Lucas Clemente
705da8fd00 switch to AES-GCM as symmetric cipher 
fixes #200
 2016-07-05 12:13:41 +02:00
Lucas Clemente
240946dfde replace version number literals with constants to make grepping easier 2016-06-03 11:09:48 +02:00
Lucas Clemente
d87e20efc9 remove DiversificationNonce() from the AEAD interface 2016-06-02 16:13:48 +02:00
Lucas Clemente
981d4e7fb8 add support for ECDSA private keys 
fixes #158
 2016-05-31 23:06:38 +02:00
Lucas Clemente
b0bc84c5aa improve crypto test coverage 2016-05-30 10:16:25 +02:00
Lucas Clemente
fa2e34d360 require and generate source address tokens in crypto setup 
fixes #121
 2016-05-24 11:20:16 +02:00
Lucas Clemente
9539169fa4 implement source address token generation and validation 
ref #121
 2016-05-23 18:13:39 +02:00
Lucas Clemente
241c9f3a3c add support for diversification to key derivation 
ref #51
 2016-05-21 00:04:28 +02:00
Lucas Clemente
2606b891e2 add diversification to AEADs and conditionally include in public header 
ref #51
 2016-05-20 23:41:04 +02:00
Lucas Clemente
224524c8d3 move to a faster chacha20poly1305 implementation 
refs #125
 2016-05-20 00:43:08 +02:00
Lucas Clemente
7a97f34fac don't panic 🤓 
fixes #93
 2016-05-18 18:29:42 +02:00
Lucas Clemente
283cab4e0d improve crypto tests 2016-05-15 15:23:46 +02:00
Lucas Clemente
c12a12518e run gofmt -s on tests 2016-05-15 14:42:34 +02:00
Lucas Clemente
d17d597ebe implement certificate compression using common certificate sets 
fixes #47
 2016-05-11 16:30:04 +02:00
Lucas Clemente
ea83ca8950 implement cert compression with cached certificates 2016-05-11 16:30:04 +02:00
Lucas Clemente
8cdf832aa0 add support for sending intermediate certificate 
fixes #76
 2016-05-11 12:23:09 +02:00
Lucas Clemente
7c1e1cde56 rename GetCertCompressed to GetCertsCompressed 2016-05-11 11:41:44 +02:00
Lucas Clemente
20655bac5a rename GetCertUncompressed to GetLeafCert 2016-05-11 11:40:20 +02:00
Lucas Clemente
88c6311ab8 read tls.Config data properly in RSA proof implementation 
ref #48
 2016-05-08 22:57:53 +02:00
Lucas Clemente
85c39721ec change Signer interface to return errors 2016-05-08 22:46:59 +02:00