gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity
1,428 Commits 1 Branch 126 Tags
a0bb98207b3dc8261279cfa6cabbb58655f9862a
Commit Graph

182 Commits

Author SHA1 Message Date
Marten Seemann
a0bb98207b Merge pull request #489 from lucas-clemente/fix-411 
send a Public Reset when receiving a CHLO with the FHL2 tag
 2017-03-20 16:07:08 +07:00
Marten Seemann
6d5c9776e9 send a Public Reset when receiving a CHLO with the FHL2 tag 
Fixes #411.

Chrome sends the FHL2 when it wants to perform a head-of-line blocking
experiment, introduced in QUIC version 36 (see
https://codereview.chromium.org/2115033002). We don’t support this
experiment. By sending a Public Reset when receiving this tag we force
Chrome to use the TCP fallback.
 2017-03-20 12:35:34 +07:00
Marten Seemann
28c115fee1 drop support for QUIC 34 
fixes #368
 2017-03-19 20:57:28 +07:00
Marten Seemann
8c5e7818a0 retransmit the diversification nonce in the packet carrying the SHLO 
The packet containing the SHLO is the only packet that is sent with
initial encryption. If it is lost, we need to make sure that the
diversification nonce is included in the PublicHeader, otherwise the
client will not be able to derive the keys for the forward-secure
encryption.
 2017-03-01 15:11:01 +07:00
Marten Seemann
b5c8c11c0c switch to forward-secure encryption after sending the SHLO 2017-03-01 14:11:25 +07:00
Marten Seemann
9e147714ac pack smaller packets as long as the encryption is not forward secure 2017-03-01 14:01:52 +07:00
Marten Seemann
599926e3cb add a method to force the encryption level when sealing a packet 2017-03-01 14:01:51 +07:00
Marten Seemann
6cb19e42a5 explicitly pass encryption level in the aeadChanges channel 2017-02-25 21:38:08 +07:00
Marten Seemann
0c20f5e9b3 return the encryption level used for Sealing 2017-02-25 08:27:14 +07:00
Marten Seemann
a972c7a21e return the encryption level of a packet when decrypting it 2017-02-25 08:27:08 +07:00
Marten Seemann
eb7a7f79f7 add tests for clientCryptoSetup Open and Seal methods 2017-02-24 11:42:41 +07:00
Marten Seemann
cd465ae0b5 move utils.Stream to quic.Stream 2017-02-22 23:03:09 +07:00
Marten Seemann
7fe2a37c76 use byte-slice instead of net.IP for generating source address tokens 2017-02-22 23:03:07 +07:00
Marten Seemann
268841f0cc add a TLSClientConfig to the QUIC RoundTripper 
fixes #407
 2017-02-04 10:28:00 +07:00
Marten Seemann
713df41c8b verify certificates using a client TLS config, if given 
ref #407
 2017-02-03 15:46:38 +07:00
Marten Seemann
90983470e8 fix logging of REJs and SHLOs 2017-02-02 14:16:46 +07:00
Marten Seemann
c71e8cfb25 log sent CHLOs 2017-01-14 19:00:24 +07:00
Marten Seemann
82f2298658 fix race condition in client crypto setup 2017-01-14 19:00:23 +07:00
Marten Seemann
db09de621c detect version downgrade attacks in the client crypto setup 2017-01-14 18:58:47 +07:00
Marten Seemann
53706049c7 read connection parameters when receiving a SHLO 2017-01-14 18:58:46 +07:00
Marten Seemann
a587af079d improve the connection parameters manager for the client 2017-01-14 18:58:46 +07:00
Marten Seemann
64c4bede3e remove unnecessary loop from connection parameters manager 2017-01-14 18:58:45 +07:00
Marten Seemann
a0bdf79b5b create an aeadChanged channel in the client crypto setup 2017-01-14 18:52:25 +07:00
Marten Seemann
9fc9522539 implement a HandshakeComplete method in the client crypto setup 2017-01-14 18:52:24 +07:00
Marten Seemann
f72fbc57a9 send connection parameters in CHLO 2017-01-14 18:52:24 +07:00
Marten Seemann
dde5ce465c enforce presence of version list in SHLO 2017-01-14 18:52:23 +07:00
Marten Seemann
2589a6eff9 reject unencrypted SHLOs 2017-01-14 18:52:23 +07:00
Marten Seemann
e19416a43b use server nonce in key derivation for initial encryption, if available 2017-01-14 18:52:23 +07:00
Marten Seemann
b8e11d6e67 improve tests for key derivation 2017-01-14 18:52:23 +07:00
Marten Seemann
fdd0fdf90d send KEXS and AEAD value in full client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
63f2faec85 send common certificate sets in the client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
86da7dce81 send leaf certificate hash (XLCT) in client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
420f5abcd7 log when certificate or server proof verification fails 2017-01-14 18:52:21 +07:00
Marten Seemann
2131e8fa6d don’t send more than 3 CHLOs 
makes sure that the server allows the client to make progress in the handshake
 2017-01-14 18:52:20 +07:00
Marten Seemann
8161e1f4a1 simplify server proof verification function signature 2017-01-14 18:52:20 +07:00
Marten Seemann
865aed07d8 verify certificate chain when receiving it, return correct errors 2017-01-14 18:52:19 +07:00
Marten Seemann
014315d3c7 parse hostname from address and pass it to the client cryptoSetup 2017-01-14 18:52:19 +07:00
Marten Seemann
4b8508c017 verify certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
bb1af0db1e move server proof verification to crypto package 2017-01-14 18:52:18 +07:00
Marten Seemann
0535491f30 rename crypto.Signer to crypto.CertChain 2017-01-14 18:52:18 +07:00
Marten Seemann
c8b3189caf validate server config signature, for ECDSA certificates 2017-01-14 18:52:18 +07:00
Marten Seemann
3063cab7cc only escalate crypto when the server config has been verified 2017-01-14 18:52:18 +07:00
Marten Seemann
58b905e636 validate server config signature, for RSA certificates 2017-01-14 18:52:17 +07:00
Marten Seemann
5aae3fbafe save the proof in client CryptoSetup 2017-01-14 18:52:17 +07:00
Marten Seemann
52ba2ce9f8 prevent int64 overflow when reading the expiry date of the server config 2017-01-14 18:52:17 +07:00
Marten Seemann
f9013edb77 check if the received server config is expired 2017-01-14 18:52:17 +07:00
Marten Seemann
0b736b2cce create forwardSecureAEAD after receiving all necessary values 2017-01-14 18:52:16 +07:00
Marten Seemann
2e0eae1a1d calculate required padding size in CHLOs 2017-01-14 18:52:16 +07:00
Marten Seemann
8bcad17297 create secureAEAD after receiving all necessary values 2017-01-14 18:52:16 +07:00
Marten Seemann
5a1c94ba7b send client nonce and public value after receiving the certificate chain 2017-01-14 18:52:16 +07:00