mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-06 05:37:36 +03:00
Code Issues Projects Releases Packages Wiki Activity
1633 commits 12 branches 6 tags 19 MiB
Commit graph

60 commits

Author SHA1 Message Date
Lucas Clemente
e43b91f633 Fix encryption of stream data 
This commit splits up handling of the crypto stream and the other streams in the framer, crypto setup, and the packer.

- Crypto stream data is handled separately and should never be sent unencrypted or FW-secure. Fixes #544.
- Non-crypto stream data is only sent with FW encryption on the server and only with non-FW or FW encryption on the client. Fixes #611.

The crypto stream is current excluded from flow control (#657), but that shouldn't be an issue in practice for now.
 2017-06-09 19:12:10 +02:00
Marten Seemann
7a18b870e8
add a quic.Config option to ask the server to truncate the connection ID 2017-05-13 17:19:09 +08:00
Marten Seemann
adc4ef464a
simplify the CryptoSetup.SetDiversificationNonce interface 
Pass the diversification nonce via a channel instead of setting it
directly. That way there is no need to protect the diversificationNonce
member by a mutex. Also prevents a possible deadlock that occurred when
SetDiversificationNonce was called before maybeUpgradeCrypto returned.
 2017-05-11 21:56:41 +08:00
Marten Seemann
8c4fe4ff80
fix race when setting the diversification nonce in clientCryptoSetup 2017-05-11 21:56:35 +08:00
Marten Seemann
acbd14f940
implement a HandshakeMessage struct 
This makes passing handshake messages around easier, since it’s now one
struct instead of one message tag and one data map.
 2017-05-11 21:31:31 +08:00
Marten Seemann
3a357369b0
use a directed aeadChanged chan in the crypto setups 2017-05-09 18:41:40 +08:00
Marten Seemann
0a6a9551f8
close the aeadChanged chan when the handshake completes 
This allows us to remove HandshakeComplete() from the CryptoSetup
interface. It also provides a signal to the session when the handshake
completes.
 2017-05-09 18:40:23 +08:00
Marten Seemann
b305cd674f
make it possible to configure the QUIC versions for the server 2017-05-05 18:05:57 +08:00
Lucas Clemente
e2a0d9f77c Remove several unused fields and symbols 
Detected with `unused -exports=true ./...`
 2017-04-05 21:46:33 +01:00
Marten Seemann
584fc021bf
add tests for incorrect nullAEAD signatures in both cryptoSetups 2017-03-22 19:32:54 +07:00
Marten Seemann
2903f9b238
return a lambda to for sealing a packet in the CryptoSetup 2017-03-22 16:52:00 +07:00
Marten Seemann
599926e3cb
add a method to force the encryption level when sealing a packet 2017-03-01 14:01:51 +07:00
Marten Seemann
6cb19e42a5
explicitly pass encryption level in the aeadChanges channel 2017-02-25 21:38:08 +07:00
Marten Seemann
0c20f5e9b3
return the encryption level used for Sealing 2017-02-25 08:27:14 +07:00
Marten Seemann
a972c7a21e
return the encryption level of a packet when decrypting it 2017-02-25 08:27:08 +07:00
Marten Seemann
eb7a7f79f7
add tests for clientCryptoSetup Open and Seal methods 2017-02-24 11:42:41 +07:00
Marten Seemann
268841f0cc
add a TLSClientConfig to the QUIC RoundTripper 
fixes #407
 2017-02-04 10:28:00 +07:00
Marten Seemann
db09de621c
detect version downgrade attacks in the client crypto setup 2017-01-14 18:58:47 +07:00
Marten Seemann
53706049c7
read connection parameters when receiving a SHLO 2017-01-14 18:58:46 +07:00
Marten Seemann
a587af079d
improve the connection parameters manager for the client 2017-01-14 18:58:46 +07:00
Marten Seemann
a0bdf79b5b
create an aeadChanged channel in the client crypto setup 2017-01-14 18:52:25 +07:00
Marten Seemann
9fc9522539
implement a HandshakeComplete method in the client crypto setup 2017-01-14 18:52:24 +07:00
Marten Seemann
f72fbc57a9
send connection parameters in CHLO 2017-01-14 18:52:24 +07:00
Marten Seemann
dde5ce465c
enforce presence of version list in SHLO 2017-01-14 18:52:23 +07:00
Marten Seemann
2589a6eff9
reject unencrypted SHLOs 2017-01-14 18:52:23 +07:00
Marten Seemann
e19416a43b
use server nonce in key derivation for initial encryption, if available 2017-01-14 18:52:23 +07:00
Marten Seemann
b8e11d6e67
improve tests for key derivation 2017-01-14 18:52:23 +07:00
Marten Seemann
fdd0fdf90d
send KEXS and AEAD value in full client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
63f2faec85
send common certificate sets in the client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
86da7dce81
send leaf certificate hash (XLCT) in client hello 2017-01-14 18:52:22 +07:00
Marten Seemann
2131e8fa6d
don’t send more than 3 CHLOs 
makes sure that the server allows the client to make progress in the handshake
 2017-01-14 18:52:20 +07:00
Marten Seemann
8161e1f4a1
simplify server proof verification function signature 2017-01-14 18:52:20 +07:00
Marten Seemann
865aed07d8
verify certificate chain when receiving it, return correct errors 2017-01-14 18:52:19 +07:00
Marten Seemann
014315d3c7
parse hostname from address and pass it to the client cryptoSetup 2017-01-14 18:52:19 +07:00
Marten Seemann
4b8508c017
verify certificate chain in certManager 2017-01-14 18:52:19 +07:00
Marten Seemann
bb1af0db1e
move server proof verification to crypto package 2017-01-14 18:52:18 +07:00
Marten Seemann
0535491f30
rename crypto.Signer to crypto.CertChain 2017-01-14 18:52:18 +07:00
Marten Seemann
c8b3189caf
validate server config signature, for ECDSA certificates 2017-01-14 18:52:18 +07:00
Marten Seemann
3063cab7cc
only escalate crypto when the server config has been verified 2017-01-14 18:52:18 +07:00
Marten Seemann
58b905e636
validate server config signature, for RSA certificates 2017-01-14 18:52:17 +07:00
Marten Seemann
5aae3fbafe
save the proof in client CryptoSetup 2017-01-14 18:52:17 +07:00
Marten Seemann
f9013edb77
check if the received server config is expired 2017-01-14 18:52:17 +07:00
Marten Seemann
0b736b2cce
create forwardSecureAEAD after receiving all necessary values 2017-01-14 18:52:16 +07:00
Marten Seemann
2e0eae1a1d
calculate required padding size in CHLOs 2017-01-14 18:52:16 +07:00
Marten Seemann
8bcad17297
create secureAEAD after receiving all necessary values 2017-01-14 18:52:16 +07:00
Marten Seemann
5a1c94ba7b
send client nonce and public value after receiving the certificate chain 2017-01-14 18:52:16 +07:00
Marten Seemann
f6cef67c3d
create interface for crypto.CertManager 2017-01-14 18:52:16 +07:00
Marten Seemann
992678b9d7
save last sent CHLO in client CryptoSetup 2017-01-14 18:52:16 +07:00
Marten Seemann
4b67aefb83
generate a client nonce once, when reading a server config multiple times 2017-01-14 18:52:15 +07:00
Marten Seemann
f1810ae82d
generate a client nonce after receiving a server config 2017-01-14 18:52:15 +07:00