gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity
1,633 Commits 1 Branch 126 Tags
c0b09c8646235c7487c6e8b13f152c3e3e7a9c22
Commit Graph

95 Commits

Author SHA1 Message Date
Marten Seemann
c0b09c8646 make utils an internal package 2017-06-09 22:28:40 +02:00
Marten Seemann
ef4699adef use ASN1 to marshal source address tokens 2017-05-25 11:49:24 +08:00
Marten Seemann
eb72b494b2 generate valid tokens for remote addresses that are not UDP addresses 2017-05-20 23:27:40 +08:00
Marten Seemann
8e01921495 move comparison of the source address in the STK to the STKGenerator 2017-05-20 23:27:40 +08:00
Marten Seemann
9562df5838 move the STK generation from the ServerConfig to a separate struct 2017-05-20 23:27:40 +08:00
Marten Seemann
81985f44bd move the STK expiration check to the cryptoSetup 2017-05-20 23:27:39 +08:00
Marten Seemann
3c223b22a2 include peer perspective in nullAEAD 
ref #375
 2017-04-27 18:05:24 +07:00
Lucas Clemente
013d7fdb30 Simplify code in a few places 
Found by running `gosimple ./...`
 2017-04-13 16:43:58 +02:00
Lucas Clemente
723f86c725 Don't use GetConfigForClient on go < 1.8 2017-03-02 10:40:20 +01:00
Lucas Clemente
219ce60a5e Call GetConfigForClient in tls.Config if present 2017-03-01 21:11:52 +01:00
Lucas Clemente
1bb4a26965 Fix reading of tls.Config certificates 
This commit mostly copies the getCertificate function from crypto/tls to
align our certificate reading with the standard library.

Should fix #458.
 2017-03-01 18:33:05 +01:00
Marten Seemann
7fe2a37c76 use byte-slice instead of net.IP for generating source address tokens 2017-02-22 23:03:07 +07:00
Marten Seemann
e9666c6313 add a test for the Root CA specified in the TLS client config 
ref #407
 2017-02-04 10:27:50 +07:00
Marten Seemann
713df41c8b verify certificates using a client TLS config, if given 
ref #407
 2017-02-03 15:46:38 +07:00
Marten Seemann
63f2faec85 send common certificate sets in the client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
44303fcd4b don’t panic if the certificate chain contains cached entries 2017-01-14 18:52:22 +07:00
Marten Seemann
a3dcac8239 implement certificate decompressing using common certificate sets 2017-01-14 18:52:22 +07:00
Marten Seemann
86da7dce81 send leaf certificate hash (XLCT) in client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
8161e1f4a1 simplify server proof verification function signature 2017-01-14 18:52:20 +07:00
Marten Seemann
6f5b2d308d simplify certificate verification in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
41c66f9a60 save parsed certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
4b8508c017 verify certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
6913f5ae75 add tests for certChain, simplify constructor 2017-01-14 18:52:18 +07:00
Marten Seemann
bb1af0db1e move server proof verification to crypto package 2017-01-14 18:52:18 +07:00
Marten Seemann
0535491f30 rename crypto.Signer to crypto.CertChain 2017-01-14 18:52:18 +07:00
Marten Seemann
a388d6bf6a fix error code for invalid certificate chains 2017-01-14 18:52:17 +07:00
Marten Seemann
f6cef67c3d create interface for crypto.CertManager 2017-01-14 18:52:16 +07:00
Marten Seemann
731dd87872 also keys for the client in AESGCM key derivation 2017-01-14 18:52:15 +07:00
Marten Seemann
c5f88e01f5 implement a CertManager for the certificate chain sent by the server 2017-01-14 18:52:14 +07:00
Marten Seemann
060d02cb4f implement certificate decompression, without cached and common certs 2017-01-14 18:45:17 +07:00
Marten Seemann
863467f344 validate XLCT tag in client hello 
fixes #363
 2017-01-04 11:41:43 +07:00
Marten Seemann
98ff7ccb50 use FNV1a hash for cached certificates 
fixes #383
 2017-01-04 10:56:36 +07:00
Lucas Clemente
5d0399bfe3 use LRU cache for cached certificates 
fixes #268
 2016-09-08 23:08:57 +02:00
Lucas Clemente
5dda3b8e69 remove support for version 32 from crypto 2016-09-01 12:20:19 +02:00
Lucas Clemente
6239d80492 remove leftover code from v30 2016-08-18 10:31:28 +02:00
Lucas Clemente
3bf525ed16 update common certificate sets from chrome 2016-08-17 23:53:10 +02:00
Lucas Clemente
fe531dd65e cache compressed certificate chains 
fixes #227
 2016-08-09 14:34:49 +02:00
Lucas Clemente
4eb9077f1b simplify crypto/rand reading 2016-08-09 13:08:42 +02:00
Lucas Clemente
125842d80d simplify key derivation 2016-08-06 17:54:11 +02:00
Lucas Clemente
ed15c18387 disable chacha20 build until we have solved the dependency situation 2016-08-01 16:28:22 +02:00
Lucas Clemente
8a08171322 move nonce generation to separate file 2016-08-01 16:27:38 +02:00
Lucas Clemente
d5255a4075 update AEADs to allow in-place encryption and decryption 
ref #217
 2016-07-26 15:13:15 +02:00
Andreas Auernhammer
c5be7d0d62 Replace ChaCha20Poly1305 implementation 
Improve AEAD speed with slightly faster poly1305 implementation.
Avoid memory allocations whenever possible. (AEAD)
But currently missing AVX2 support.

BenchmarkSeal64B-8     1561 ns/op       40.97 MB/s
BenchmarkSeal1K-8      5570 ns/op      183.82 MB/s
BenchmarkSeal64K-8     161271 ns/op    406.37 MB/s
BenchmarkOpen64B-8     1747 ns/op       45.79 MB/s
BenchmarkOpen1K-8      5741 ns/op      181.14 MB/s
BenchmarkOpen64K-8     157116 ns/op    417.22 MB/s
 2016-07-17 23:23:30 +02:00
Lucas Clemente
705da8fd00 switch to AES-GCM as symmetric cipher 
fixes #200
 2016-07-05 12:13:41 +02:00
Lucas Clemente
240946dfde replace version number literals with constants to make grepping easier 2016-06-03 11:09:48 +02:00
Lucas Clemente
d87e20efc9 remove DiversificationNonce() from the AEAD interface 2016-06-02 16:13:48 +02:00
Lucas Clemente
981d4e7fb8 add support for ECDSA private keys 
fixes #158
 2016-05-31 23:06:38 +02:00
Lucas Clemente
b0bc84c5aa improve crypto test coverage 2016-05-30 10:16:25 +02:00
Lucas Clemente
fa2e34d360 require and generate source address tokens in crypto setup 
fixes #121
 2016-05-24 11:20:16 +02:00
Lucas Clemente
9539169fa4 implement source address token generation and validation 
ref #121
 2016-05-23 18:13:39 +02:00