Skip to content

Instantly share code, notes, and snippets.

Martin Thomson martinthomson

  • Mozilla
  • Australia
Block or report user

Report or block martinthomson

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile

The TLS key schedule looks like this:

TLS Key Schedule

QUIC effectively exports the various traffic secrets, so I had assumed that its use of the different base label in HKDF-Expand-Label() would be limited to those uses that were after that export. I forgot key update when writing this up, but that was fixed in #1899.

QUIC Key Schedule

However, in looking at what people implemented, it appears that the base label they use was used for the entirety of the TLS key schedule.

martinthomson / pn_test.go
Last active Aug 2, 2018
Test of different packet number recovery options
View pn_test.go
package minq_test
import "testing"
func recoverMinq(expected uint64, pn uint64, size int) uint64 {
// Mask off the top of the expected sequence number
mask := uint64(1)
mask = (mask << (uint8(size) * 8)) - 1
expectedLow := mask & expected
high := ^mask & expected
martinthomson / example.js
Last active Dec 24, 2018
minimal node.js implementation for QUIC test vector
View example.js
var buffer = require('buffer');
var crypto = require('crypto');
var assert = require('assert');
var INITIAL_SECRET = Buffer.from('ef4fb0abb47470c41befcf8031334fae485e09a0', 'hex');
var SHA256 = 'sha256';
var AES_GCM = 'aes-128-gcm';
var AES_ECB = 'aes-128-ecb';
function log(m, k) {

Keybase proof

I hereby claim:

  • I am martinthomson on github.
  • I am martinthomson ( on keybase.
  • I have a public key ASDuem6wah9reI_8gyoUXVgD_mzE5F_JqofPsxvhEKvHFwo

To claim this, I am signing this object:

martinthomson / minq_test.go
Created Feb 26, 2018
Compare minq and golang TCP IO discipline
View minq_test.go
package minhq_test
import (
martinthomson /
Last active Feb 9, 2017
QUIC header format proposal

There are two forms of QUIC common header: long and short. Long form packets are used for the initial exchange - until both 1-RTT packet protection can be started AND version negotiation is complete. Short form packets carry the bulk of the data.

This removes a lot of the flexibility that was the source of most of the objections to the current format. Fields are aligned on four octet boundaries. All long-form header variations have the exact same form. The connection ID is in the same place in both short and long form. The long form clearly identifies the role of the sender in the first octet and it identifies the

View gist:18eea6c74e1c940616f1
absoluteURI = /[A-Za-z](?:[\+\-\.]|[A-Za-z]|\d)*:(?:\/\/(?:(?::|(?:[\-\._~]|[A-Za-z]|\d)|%(?:(?:[A-Fa-f]|\d)){2}|[!$&'\(\)\*\+,;=])*@)?(?:\[(?:(?:(?:(?:(?:[A-Fa-f]|\d)){1,4}:){6}(?:(?:(?:[A-Fa-f]|\d)){1,4}:(?:(?:[A-Fa-f]|\d)){1,4}|(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5]))|::(?:(?:(?:[A-Fa-f]|\d)){1,4}:){5}(?:(?:(?:[A-Fa-f]|\d)){1,4}:(?:(?:[A-Fa-f]|\d)){1,4}|(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5]))|(?:(?:(?:[A-Fa-f]|\d)){1,4})?::(?:(?:(?:[A-Fa-f]|\d)){1,4}:){4}(?:(?:(?:[A-Fa-f]|\d)){1,4}:(?:(?:[A-Fa-f]|\d)){1,4}|(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5])\.(?:\d|[1-9]\d|1(?:\d){2}|2[0-4]\d|25[0-5]))|(?:(?:(?:(?:[A-Fa-f]|\d)){1,4}:)?(?:(?:[A-Fa-f]|\d)){1,4})?::(
You can’t perform that action at this time.