gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity
1,126 Commits 1 Branch 126 Tags
863467f3444acabcef236e7e9135abcc60092f4f
Commit Graph

62 Commits

Author SHA1 Message Date
Marten Seemann
863467f344 validate XLCT tag in client hello 
fixes #363
 2017-01-04 11:41:43 +07:00
Marten Seemann
d39c2a3027 validate version tag in CHLO to prevent version downgrade attacks 
fixes #360
 2016-12-23 15:31:52 +01:00
Marten Seemann
f72154e30b require version tag in CHLOs 
ref #360
 2016-12-23 15:31:52 +01:00
Marten Seemann
ebc053dbe0 create interface for the ConnectionParametersManager 2016-12-08 18:39:14 +07:00
Marten Seemann
4e8a2ee2b1 validate KEXS in client hellos 
fixes #364
 2016-12-03 14:24:55 +07:00
Marten Seemann
62a38f24d7 validate AEAD tag in client hellos 
fixes #365
 2016-12-03 14:16:54 +07:00
Marten Seemann
6602101288 verify OBIT value in client nonce 
fixes #350
 2016-11-28 19:26:46 +07:00
Marten Seemann
2ae196761b reject CHLOs with wrong length client nonces 
fixes #352
 2016-11-27 21:18:14 +07:00
Lucas Clemente
9e5bba7937 fix inchoate CHLO detection with missing STKs 
This fixes a STK-bypass security issue discovered by Alessandro Ghedini.
 2016-09-17 16:49:58 +02:00
Lucas Clemente
bc54c50b7e replace CachingReader with io.TeeReader 2016-09-05 23:21:17 +02:00
Lucas Clemente
5dda3b8e69 remove support for version 32 from crypto 2016-09-01 12:20:19 +02:00
Lucas Clemente
3a3295d911 add our server id to the REJ handshake message 2016-08-31 23:32:27 +02:00
Lucas Clemente
906114450e ignore undecryptable packets after the handshake is complete 
fixes #304
 2016-08-25 20:02:39 +02:00
Lucas Clemente
4eb9077f1b simplify crypto/rand reading 2016-08-09 13:08:42 +02:00
Lucas Clemente
6868d70710 improve handshake package coverage 
ref #241
 2016-08-02 12:04:25 +02:00
Lucas Clemente
1712a7388f drop support for v30 
fixes #213
 2016-07-29 15:22:56 +02:00
Lucas Clemente
c03e9448a1 don't send certificate chains to client requests without STK 
fixes #141
 2016-07-29 11:35:02 +02:00
Lucas Clemente
af56ff2aca cache the ephermal key for up to 1 min 
fixes #136
 2016-07-28 19:07:57 +02:00
Lucas Clemente
769655c43e delay server nonce generation until after the CHLO 
fixes the second part of #136
 2016-07-28 18:25:29 +02:00
Lucas Clemente
5c4a7a9ec1 delay diversification nonce generation until after the CHLO 
fixes the first part of #136
 2016-07-28 17:21:39 +02:00
Lucas Clemente
d5255a4075 update AEADs to allow in-place encryption and decryption 
ref #217
 2016-07-26 15:13:15 +02:00
Lucas Clemente
705da8fd00 switch to AES-GCM as symmetric cipher 
fixes #200
 2016-07-05 12:13:41 +02:00
Lucas Clemente
240946dfde replace version number literals with constants to make grepping easier 2016-06-03 11:09:48 +02:00
Lucas Clemente
5ed0182b67 fix a race condition in CryptoSetup 
CryptoSetup's AEADs were changed between calls to
DiversificationNonce() and Seal()
 2016-06-02 16:13:06 +02:00
Lucas Clemente
21db6f9270 move CHLO log to debug 2016-06-02 13:33:19 +02:00
Lucas Clemente
fa2e34d360 require and generate source address tokens in crypto setup 
fixes #121
 2016-05-24 11:20:16 +02:00
Lucas Clemente
241c9f3a3c add support for diversification to key derivation 
ref #51
 2016-05-21 00:04:28 +02:00
Lucas Clemente
2606b891e2 add diversification to AEADs and conditionally include in public header 
ref #51
 2016-05-20 23:41:04 +02:00
Lucas Clemente
52d734f644 fix 0-RTT handshakes by not requiring SNOs for initial encryption 
fixes #118, fixes #119
 2016-05-20 13:05:51 +02:00
Lucas Clemente
f86875f746 reject small CHLOs to prevent amplification attacks 
fixes #1
 2016-05-19 16:20:22 +02:00
Lucas Clemente
7a97f34fac don't panic 🤓 
fixes #93
 2016-05-18 18:29:42 +02:00
Lucas Clemente
d0e6b993bb use new error codes throughout the server 
fixes #86
 2016-05-17 12:49:59 +02:00
Lucas Clemente
c7126137d1 queue undecryptable packets for later decryption & possibly send PRST 
fixes #38, fixes #69, fixes #73
 2016-05-12 16:46:18 +02:00
Lucas Clemente
ea83ca8950 implement cert compression with cached certificates 2016-05-11 16:30:04 +02:00
Lucas Clemente
7c1e1cde56 rename GetCertCompressed to GetCertsCompressed 2016-05-11 11:41:44 +02:00
Lucas Clemente
20655bac5a rename GetCertUncompressed to GetLeafCert 2016-05-11 11:40:20 +02:00
Lucas Clemente
7609246b45 re-add support for version 30 
fixes #72
 2016-05-10 11:05:52 +02:00
Lucas Clemente
f4ac8ff949 read SNI from crypto handshake 
fixes #48
 2016-05-08 23:06:18 +02:00
Lucas Clemente
85c39721ec change Signer interface to return errors 2016-05-08 22:46:59 +02:00
Lucas Clemente
6738f0eadf add sni to crypto.Signer interface 2016-05-08 22:23:36 +02:00
Lucas Clemente
c6fb85be22 add handshake message logging 2016-05-08 22:09:02 +02:00
Lucas Clemente
40ee20c02b use a ephermal curve25519 for forward secure key exchange 
fixes #17
 2016-05-04 12:45:25 +02:00
Marten Seemann
d07baef91b manage connection parameters in a separate class 2016-05-04 17:20:36 +07:00
Lucas Clemente
daf4e4a867 remove support for version 30, since we don't implement FEC at all 2016-05-02 20:56:02 +02:00
Lucas Clemente
623bf065fd accept null-encrypted pckts until an encrypted pckt has ben received 
this should fix issue #33
 2016-05-02 14:38:05 +02:00
Lucas Clemente
607ab843d6 close session when crypto stream errors 2016-04-27 12:49:55 +02:00
Lucas Clemente
9fc874be53 add newline to crypto error messages 2016-04-26 15:37:52 +02:00
Lucas Clemente
bb3c8b707b fix randomness 2016-04-21 13:48:42 +02:00
Lucas Clemente
7efc7f79d2 validate that CryptoSetup is an AEAD 2016-04-21 13:48:42 +02:00
Lucas Clemente
4e1942a76e improve inchoate CHLO recognition 2016-04-19 13:37:59 +02:00