mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-06 21:57:36 +03:00
Code Issues Projects Releases Packages Wiki Activity
1921 commits 12 branches 6 tags 19 MiB
Commit graph

48 commits

Author SHA1 Message Date
Marten Seemann
e603715949 make handshake and crypto internal packages 2017-09-21 11:52:21 +07:00
Marten Seemann
91b7404182 implement a very basic TLS 1.3 handshake 2017-09-08 12:04:45 +03:00
Marten Seemann
8bcabe0ba9 correctly pack packets with sealers with different overheads 2017-09-08 12:04:45 +03:00
Marten Seemann
7cbef3cb1b implement the Overhead method for the AEADs 2017-09-08 12:04:45 +03:00
Marten Seemann
f1ada87dcf make the protocol package internal 2017-08-30 00:19:44 +07:00
Marten Seemann
5281d5b65d Merge pull request #792 from lucas-clemente/fix-441 
add a quic.Config option to configure the idle timeout
 2017-08-29 18:48:56 +07:00
Marten Seemann
bb670be93a make sure that the SHLO was sent before returning Listener.Accept 
This fixes a race condition: In the server crypto setup, we would send
protocol.EncryptionForwardSecure on the aeadChan as soon as the SHLO was
composed, but before it was written to the crypto stream. This lead to
Listener.Accept returning the session already. If the server was ready
to write a lot of data then, this data could be sent before the crypto
setup would write on the crypto stream, therefore sending a lot of
undecryptable packets to the client, which would eventually lead to a
connection error (too many undecryptable packets).
 2017-08-29 10:48:10 +07:00
Marten Seemann
71e82677e1 add a quic.Config option to configure the idle timeout 2017-08-28 17:58:39 +07:00
Marten Seemann
2330ac0497 introduce an utils.LittleEndian 2017-08-23 15:57:35 +07:00
Marten Seemann
be338c8389 send a Public Reset when receiving the NSTP tag in the CHLO 
We currently don't support the no STOP_WAITING experiment.
 2017-08-10 20:26:31 +07:00
Marten Seemann
f6e8ce5c67 make tests independent of the supported QUIC versions 
Now it's no longer necessary to edit the h2quic tests when adding a new
QUIC version to the slice of supported versions.
 2017-08-10 20:23:20 +07:00
Thomas De Keulenaer
4fa7b9e569 Let server and client fill the flow variables 2017-06-13 16:42:06 +02:00
Thomas De Keulenaer
89f96d1e89 Make max flow control windows configurable 2017-06-13 15:52:51 +02:00
Marten Seemann
9a55fe234f Merge pull request #648 from lucas-clemente/internalize-utils 
make utils an internal package
 2017-06-11 11:54:49 +02:00
Marten Seemann
c0b09c8646 make utils an internal package 2017-06-09 22:28:40 +02:00
Lucas Clemente
e43b91f633 Fix encryption of stream data 
This commit splits up handling of the crypto stream and the other streams in the framer, crypto setup, and the packer.

- Crypto stream data is handled separately and should never be sent unencrypted or FW-secure. Fixes #544.
- Non-crypto stream data is only sent with FW encryption on the server and only with non-FW or FW encryption on the client. Fixes #611.

The crypto stream is current excluded from flow control (#657), but that shouldn't be an issue in practice for now.
 2017-06-09 19:12:10 +02:00
Marten Seemann
ef4699adef
use ASN1 to marshal source address tokens 2017-05-25 11:49:24 +08:00
Marten Seemann
afc9b11715
use a prefix to distinguish IPs and net.Addrs in source address tokens 2017-05-25 11:49:24 +08:00
Marten Seemann
87df63dd5f
add a quic.Config option to verify source address tokes 2017-05-25 11:49:19 +08:00
Marten Seemann
eb72b494b2
generate valid tokens for remote addresses that are not UDP addresses 2017-05-20 23:27:40 +08:00
Marten Seemann
8e01921495
move comparison of the source address in the STK to the STKGenerator 2017-05-20 23:27:40 +08:00
Marten Seemann
9562df5838
move the STK generation from the ServerConfig to a separate struct 2017-05-20 23:27:40 +08:00
Marten Seemann
6cc6d49a10
save the STK expiry time as a time.Duration 2017-05-20 23:27:40 +08:00
Marten Seemann
81985f44bd
move the STK expiration check to the cryptoSetup 2017-05-20 23:27:39 +08:00
Marten Seemann
e68e2d287a pass remote address to cryptoSetupServer 2017-05-20 23:27:38 +08:00
Marten Seemann
8c4fe4ff80
fix race when setting the diversification nonce in clientCryptoSetup 2017-05-11 21:56:35 +08:00
Marten Seemann
acbd14f940
implement a HandshakeMessage struct 
This makes passing handshake messages around easier, since it’s now one
struct instead of one message tag and one data map.
 2017-05-11 21:31:31 +08:00
Marten Seemann
3a357369b0
use a directed aeadChanged chan in the crypto setups 2017-05-09 18:41:40 +08:00
Marten Seemann
0a6a9551f8
close the aeadChanged chan when the handshake completes 
This allows us to remove HandshakeComplete() from the CryptoSetup
interface. It also provides a signal to the session when the handshake
completes.
 2017-05-09 18:40:23 +08:00
Marten Seemann
b305cd674f
make it possible to configure the QUIC versions for the server 2017-05-05 18:05:57 +08:00
Marten Seemann
0a2c37d42a
add QUIC 37 to supported versions 
fixes #375
Chrome tests are disabled for QUIC 37, since the Chrome version in the
docker image doesn’t support this version yet.
 2017-04-29 16:59:32 +07:00
Lucas Clemente
e2a0d9f77c Remove several unused fields and symbols 
Detected with `unused -exports=true ./...`
 2017-04-05 21:46:33 +01:00
Marten Seemann
584fc021bf
add tests for incorrect nullAEAD signatures in both cryptoSetups 2017-03-22 19:32:54 +07:00
Marten Seemann
19aad731ed
improve logging and tests of cryptoSetupServer 2017-03-22 19:23:48 +07:00
Marten Seemann
2903f9b238
return a lambda to for sealing a packet in the CryptoSetup 2017-03-22 16:52:00 +07:00
Marten Seemann
6d5c9776e9
send a Public Reset when receiving a CHLO with the FHL2 tag 
Fixes #411.

Chrome sends the FHL2 when it wants to perform a head-of-line blocking
experiment, introduced in QUIC version 36 (see
https://codereview.chromium.org/2115033002). We don’t support this
experiment. By sending a Public Reset when receiving this tag we force
Chrome to use the TCP fallback.
 2017-03-20 12:35:34 +07:00
Marten Seemann
8c5e7818a0
retransmit the diversification nonce in the packet carrying the SHLO 
The packet containing the SHLO is the only packet that is sent with
initial encryption. If it is lost, we need to make sure that the
diversification nonce is included in the PublicHeader, otherwise the
client will not be able to derive the keys for the forward-secure
encryption.
 2017-03-01 15:11:01 +07:00
Marten Seemann
b5c8c11c0c
switch to forward-secure encryption after sending the SHLO 2017-03-01 14:11:25 +07:00
Marten Seemann
9e147714ac
pack smaller packets as long as the encryption is not forward secure 2017-03-01 14:01:52 +07:00
Marten Seemann
599926e3cb
add a method to force the encryption level when sealing a packet 2017-03-01 14:01:51 +07:00
Marten Seemann
6cb19e42a5
explicitly pass encryption level in the aeadChanges channel 2017-02-25 21:38:08 +07:00
Marten Seemann
0c20f5e9b3
return the encryption level used for Sealing 2017-02-25 08:27:14 +07:00
Marten Seemann
a972c7a21e
return the encryption level of a packet when decrypting it 2017-02-25 08:27:08 +07:00
Marten Seemann
7fe2a37c76
use byte-slice instead of net.IP for generating source address tokens 2017-02-22 23:03:07 +07:00
Marten Seemann
f72fbc57a9
send connection parameters in CHLO 2017-01-14 18:52:24 +07:00
Marten Seemann
0535491f30
rename crypto.Signer to crypto.CertChain 2017-01-14 18:52:18 +07:00
Marten Seemann
731dd87872
also keys for the client in AESGCM key derivation 2017-01-14 18:52:15 +07:00
Marten Seemann
2b7c67d297
create handshake.CryptoSetup interface 2017-01-14 18:45:14 +07:00
Renamed from handshake/crypto_setup_test.go (Browse further)