gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity
1,886 Commits 1 Branch 126 Tags
8bcabe0ba90dec0a0b878550aaebf273ffd9fd1b
Commit Graph

108 Commits

Author SHA1 Message Date
Marten Seemann
7cbef3cb1b implement the Overhead method for the AEADs 2017-09-08 12:04:45 +03:00
Marten Seemann
6931edaf6b implement the AES-GCM AEAD needed for the IETF draft 2017-09-08 12:04:38 +03:00
Marten Seemann
8df2cb3b1d rename the current key derivation function 
TLS will use a completely different key derivation function.
 2017-09-07 20:08:24 +03:00
Marten Seemann
fd780e3eab move the nonce generation to the AEAD implementations 
The AES AEAD used by IETF QUIC uses a different nonce format.
 2017-09-07 20:08:24 +03:00
Marten Seemann
23f3432b9d select the right null AEAD algorithm depending on the version 2017-09-07 20:07:54 +03:00
Marten Seemann
15e9e3658a implement the FNV64a nullAEAD 
It is not used yet.
 2017-09-07 18:16:20 +03:00
Marten Seemann
f1ada87dcf make the protocol package internal 2017-08-30 00:19:44 +07:00
Marten Seemann
2330ac0497 introduce an utils.LittleEndian 2017-08-23 15:57:35 +07:00
Lucas Clemente
75070d057b Fix import order 2017-08-21 12:25:27 +02:00
Lucas Clemente
8ec11c0b53 Move testdata/ to internal/ 2017-08-18 12:06:36 +02:00
Marten Seemann
ac63554791 drop support for Go 1.7 2017-07-12 18:43:18 +07:00
Marten Seemann
2c920dbfc8 remove obsolete check for tls.Config.ServerName when verifying the cert 
The hostname is set to tls.Config.ServerName in the client already, thus
we don't have to read that value again when verifying the certificate.
 2017-06-20 09:54:08 +02:00
Marten Seemann
987905149b run gofmt to fix ordering of imports 2017-06-13 18:07:22 +02:00
Marten Seemann
c0b09c8646 make utils an internal package 2017-06-09 22:28:40 +02:00
Marten Seemann
ef4699adef use ASN1 to marshal source address tokens 2017-05-25 11:49:24 +08:00
Marten Seemann
eb72b494b2 generate valid tokens for remote addresses that are not UDP addresses 2017-05-20 23:27:40 +08:00
Marten Seemann
8e01921495 move comparison of the source address in the STK to the STKGenerator 2017-05-20 23:27:40 +08:00
Marten Seemann
9562df5838 move the STK generation from the ServerConfig to a separate struct 2017-05-20 23:27:40 +08:00
Marten Seemann
81985f44bd move the STK expiration check to the cryptoSetup 2017-05-20 23:27:39 +08:00
Marten Seemann
3c223b22a2 include peer perspective in nullAEAD 
ref #375
 2017-04-27 18:05:24 +07:00
Lucas Clemente
013d7fdb30 Simplify code in a few places 
Found by running `gosimple ./...`
 2017-04-13 16:43:58 +02:00
Lucas Clemente
723f86c725 Don't use GetConfigForClient on go < 1.8 2017-03-02 10:40:20 +01:00
Lucas Clemente
219ce60a5e Call GetConfigForClient in tls.Config if present 2017-03-01 21:11:52 +01:00
Lucas Clemente
1bb4a26965 Fix reading of tls.Config certificates 
This commit mostly copies the getCertificate function from crypto/tls to
align our certificate reading with the standard library.

Should fix #458.
 2017-03-01 18:33:05 +01:00
Marten Seemann
7fe2a37c76 use byte-slice instead of net.IP for generating source address tokens 2017-02-22 23:03:07 +07:00
Marten Seemann
e9666c6313 add a test for the Root CA specified in the TLS client config 
ref #407
 2017-02-04 10:27:50 +07:00
Marten Seemann
713df41c8b verify certificates using a client TLS config, if given 
ref #407
 2017-02-03 15:46:38 +07:00
Marten Seemann
63f2faec85 send common certificate sets in the client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
44303fcd4b don’t panic if the certificate chain contains cached entries 2017-01-14 18:52:22 +07:00
Marten Seemann
a3dcac8239 implement certificate decompressing using common certificate sets 2017-01-14 18:52:22 +07:00
Marten Seemann
86da7dce81 send leaf certificate hash (XLCT) in client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
8161e1f4a1 simplify server proof verification function signature 2017-01-14 18:52:20 +07:00
Marten Seemann
6f5b2d308d simplify certificate verification in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
41c66f9a60 save parsed certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
4b8508c017 verify certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
6913f5ae75 add tests for certChain, simplify constructor 2017-01-14 18:52:18 +07:00
Marten Seemann
bb1af0db1e move server proof verification to crypto package 2017-01-14 18:52:18 +07:00
Marten Seemann
0535491f30 rename crypto.Signer to crypto.CertChain 2017-01-14 18:52:18 +07:00
Marten Seemann
a388d6bf6a fix error code for invalid certificate chains 2017-01-14 18:52:17 +07:00
Marten Seemann
f6cef67c3d create interface for crypto.CertManager 2017-01-14 18:52:16 +07:00
Marten Seemann
731dd87872 also keys for the client in AESGCM key derivation 2017-01-14 18:52:15 +07:00
Marten Seemann
c5f88e01f5 implement a CertManager for the certificate chain sent by the server 2017-01-14 18:52:14 +07:00
Marten Seemann
060d02cb4f implement certificate decompression, without cached and common certs 2017-01-14 18:45:17 +07:00
Marten Seemann
863467f344 validate XLCT tag in client hello 
fixes #363
 2017-01-04 11:41:43 +07:00
Marten Seemann
98ff7ccb50 use FNV1a hash for cached certificates 
fixes #383
 2017-01-04 10:56:36 +07:00
Lucas Clemente
5d0399bfe3 use LRU cache for cached certificates 
fixes #268
 2016-09-08 23:08:57 +02:00
Lucas Clemente
5dda3b8e69 remove support for version 32 from crypto 2016-09-01 12:20:19 +02:00
Lucas Clemente
6239d80492 remove leftover code from v30 2016-08-18 10:31:28 +02:00
Lucas Clemente
3bf525ed16 update common certificate sets from chrome 2016-08-17 23:53:10 +02:00
Lucas Clemente
fe531dd65e cache compressed certificate chains 
fixes #227
 2016-08-09 14:34:49 +02:00