hs-tls/Network/TLS/Cipher.hs

{-# OPTIONS_HADDOCK hide #-}
{-# LANGUAGE ExistentialQuantification #-}
-- |
-- Module      : Network.TLS.Cipher
-- License     : BSD-style
-- Maintainer  : Vincent Hanquez <vincent@snarc.org>
-- Stability   : experimental
-- Portability : unknown
--
module Network.TLS.Cipher
        ( BulkFunctions(..)
        , CipherKeyExchangeType(..)
        , Bulk(..)
        , Hash(..)
        , Cipher(..)
        , cipherKeyBlockSize
        , Key
        , IV
        , cipherExchangeNeedMoreData
        ) where

import Data.Word
import Network.TLS.Struct (Version(..))

import qualified Data.ByteString as B

-- FIXME convert to newtype
type Key = B.ByteString
type IV = B.ByteString

data BulkFunctions =
          BulkNoneF -- special value for 0
        | BulkBlockF (Key -> IV -> B.ByteString -> B.ByteString)
                     (Key -> IV -> B.ByteString -> B.ByteString)
        | BulkStreamF (Key -> IV)
                      (IV -> B.ByteString -> (B.ByteString, IV))
                      (IV -> B.ByteString -> (B.ByteString, IV))

data CipherKeyExchangeType =
          CipherKeyExchange_RSA
        | CipherKeyExchange_DH_Anon
        | CipherKeyExchange_DHE_RSA
        | CipherKeyExchange_ECDHE_RSA
        | CipherKeyExchange_DHE_DSS
        | CipherKeyExchange_DH_DSS
        | CipherKeyExchange_DH_RSA
        | CipherKeyExchange_ECDH_ECDSA
        | CipherKeyExchange_ECDH_RSA
        | CipherKeyExchange_ECDHE_ECDSA
        deriving (Show,Eq)

data Bulk = Bulk
        { bulkName         :: String
        , bulkKeySize      :: Int
        , bulkIVSize       :: Int
        , bulkBlockSize    :: Int
        , bulkF            :: BulkFunctions
        }

data Hash = Hash
        { hashName         :: String
        , hashSize         :: Int
        , hashF            :: B.ByteString -> B.ByteString
        }

-- | Cipher algorithm
data Cipher = Cipher
        { cipherID           :: Word16
        , cipherName         :: String
        , cipherHash         :: Hash
        , cipherBulk         :: Bulk
        , cipherKeyExchange  :: CipherKeyExchangeType
        , cipherMinVer       :: Maybe Version
        }

cipherKeyBlockSize :: Cipher -> Int
cipherKeyBlockSize cipher = 2 * (hashSize (cipherHash cipher) + bulkIVSize bulk + bulkKeySize bulk)
        where bulk = cipherBulk cipher

instance Show Cipher where
        show c = cipherName c

instance Eq Cipher where
        (==) c1 c2 = cipherID c1 == cipherID c2

cipherExchangeNeedMoreData :: CipherKeyExchangeType -> Bool
cipherExchangeNeedMoreData CipherKeyExchange_RSA         = False
cipherExchangeNeedMoreData CipherKeyExchange_DH_Anon     = True
cipherExchangeNeedMoreData CipherKeyExchange_DHE_RSA     = True
cipherExchangeNeedMoreData CipherKeyExchange_ECDHE_RSA   = True
cipherExchangeNeedMoreData CipherKeyExchange_DHE_DSS     = True
cipherExchangeNeedMoreData CipherKeyExchange_DH_DSS      = False
cipherExchangeNeedMoreData CipherKeyExchange_DH_RSA      = False
cipherExchangeNeedMoreData CipherKeyExchange_ECDH_ECDSA  = True
cipherExchangeNeedMoreData CipherKeyExchange_ECDH_RSA    = True
cipherExchangeNeedMoreData CipherKeyExchange_ECDHE_ECDSA = True
add more haddock related stuff 2011-03-02 08:43:05 +00:00			`{-# OPTIONS_HADDOCK hide #-}`
misc cleanup 2011-08-13 06:56:17 +00:00			`{-# LANGUAGE ExistentialQuantification #-}`
initial import 2010-09-09 21:47:19 +00:00			`-- \|`
			`-- Module : Network.TLS.Cipher`
			`-- License : BSD-style`
			`-- Maintainer : Vincent Hanquez <vincent@snarc.org>`
			`-- Stability : experimental`
			`-- Portability : unknown`
			`--`
			`module Network.TLS.Cipher`
expand tabs. 2012-03-27 07:57:51 +00:00			`( BulkFunctions(..)`
			`, CipherKeyExchangeType(..)`
			`, Bulk(..)`
			`, Hash(..)`
			`, Cipher(..)`
			`, cipherKeyBlockSize`
			`, Key`
			`, IV`
			`, cipherExchangeNeedMoreData`
			`) where`
initial import 2010-09-09 21:47:19 +00:00
			`import Data.Word`
			`import Network.TLS.Struct (Version(..))`
properly finish SSL3 digest computation. change the cipher structure to contain the hash algorithm instead of the mac algorithm. 2010-10-06 08:07:48 +00:00
initial import 2010-09-09 21:47:19 +00:00			`import qualified Data.ByteString as B`

			`-- FIXME convert to newtype`
			`type Key = B.ByteString`
			`type IV = B.ByteString`

rename bulk functions to be prefixed by bulk not cipher 2011-08-13 10:17:51 +00:00			`data BulkFunctions =`
expand tabs. 2012-03-27 07:57:51 +00:00			`BulkNoneF -- special value for 0`
			`\| BulkBlockF (Key -> IV -> B.ByteString -> B.ByteString)`
			`(Key -> IV -> B.ByteString -> B.ByteString)`
			`\| BulkStreamF (Key -> IV)`
			`(IV -> B.ByteString -> (B.ByteString, IV))`
			`(IV -> B.ByteString -> (B.ByteString, IV))`
initial import 2010-09-09 21:47:19 +00:00
			`data CipherKeyExchangeType =`
expand tabs. 2012-03-27 07:57:51 +00:00			`CipherKeyExchange_RSA`
			`\| CipherKeyExchange_DH_Anon`
			`\| CipherKeyExchange_DHE_RSA`
			`\| CipherKeyExchange_ECDHE_RSA`
			`\| CipherKeyExchange_DHE_DSS`
			`\| CipherKeyExchange_DH_DSS`
			`\| CipherKeyExchange_DH_RSA`
			`\| CipherKeyExchange_ECDH_ECDSA`
			`\| CipherKeyExchange_ECDH_RSA`
			`\| CipherKeyExchange_ECDHE_ECDSA`
			`deriving (Show,Eq)`
initial import 2010-09-09 21:47:19 +00:00
introduce a bulk object to separate the cipher object creation by chunks limit code movement by reusing the same name 2011-08-13 10:06:23 +00:00			`data Bulk = Bulk`
expand tabs. 2012-03-27 07:57:51 +00:00			`{ bulkName :: String`
			`, bulkKeySize :: Int`
			`, bulkIVSize :: Int`
			`, bulkBlockSize :: Int`
			`, bulkF :: BulkFunctions`
			`}`
introduce a bulk object to separate the cipher object creation by chunks limit code movement by reusing the same name 2011-08-13 10:06:23 +00:00
Define hash structure to save some repetition 2011-08-13 11:30:36 +00:00			`data Hash = Hash`
expand tabs. 2012-03-27 07:57:51 +00:00			`{ hashName :: String`
			`, hashSize :: Int`
			`, hashF :: B.ByteString -> B.ByteString`
			`}`
Define hash structure to save some repetition 2011-08-13 11:30:36 +00:00
add more haddock related stuff 2011-03-02 08:43:05 +00:00			`-- \| Cipher algorithm`
initial import 2010-09-09 21:47:19 +00:00			`data Cipher = Cipher`
expand tabs. 2012-03-27 07:57:51 +00:00			`{ cipherID :: Word16`
			`, cipherName :: String`
			`, cipherHash :: Hash`
			`, cipherBulk :: Bulk`
			`, cipherKeyExchange :: CipherKeyExchangeType`
			`, cipherMinVer :: Maybe Version`
			`}`
initial import 2010-09-09 21:47:19 +00:00
remove the keyblocksize that is redundant and easily calculated from other fields. 2011-08-13 11:04:23 +00:00			`cipherKeyBlockSize :: Cipher -> Int`
Define hash structure to save some repetition 2011-08-13 11:30:36 +00:00			`cipherKeyBlockSize cipher = 2 * (hashSize (cipherHash cipher) + bulkIVSize bulk + bulkKeySize bulk)`
expand tabs. 2012-03-27 07:57:51 +00:00			`where bulk = cipherBulk cipher`
remove the keyblocksize that is redundant and easily calculated from other fields. 2011-08-13 11:04:23 +00:00
initial import 2010-09-09 21:47:19 +00:00			`instance Show Cipher where`
expand tabs. 2012-03-27 07:57:51 +00:00			`show c = cipherName c`
initial import 2010-09-09 21:47:19 +00:00
add an instance of Eq for Ciphers. if two cipherID are eq then it's eq. 2010-12-04 13:08:38 +00:00			`instance Eq Cipher where`
expand tabs. 2012-03-27 07:57:51 +00:00			`(==) c1 c2 = cipherID c1 == cipherID c2`
add an instance of Eq for Ciphers. if two cipherID are eq then it's eq. 2010-12-04 13:08:38 +00:00
initial import 2010-09-09 21:47:19 +00:00			`cipherExchangeNeedMoreData :: CipherKeyExchangeType -> Bool`
rename cipherkeyexchange types 2011-05-12 07:18:56 +00:00			`cipherExchangeNeedMoreData CipherKeyExchange_RSA = False`
add more handling of server key xchg and dh_anon 2011-06-07 07:59:20 +00:00			`cipherExchangeNeedMoreData CipherKeyExchange_DH_Anon = True`
rename cipherkeyexchange types 2011-05-12 07:18:56 +00:00			`cipherExchangeNeedMoreData CipherKeyExchange_DHE_RSA = True`
			`cipherExchangeNeedMoreData CipherKeyExchange_ECDHE_RSA = True`
			`cipherExchangeNeedMoreData CipherKeyExchange_DHE_DSS = True`
			`cipherExchangeNeedMoreData CipherKeyExchange_DH_DSS = False`
			`cipherExchangeNeedMoreData CipherKeyExchange_DH_RSA = False`
			`cipherExchangeNeedMoreData CipherKeyExchange_ECDH_ECDSA = True`
			`cipherExchangeNeedMoreData CipherKeyExchange_ECDH_RSA = True`
			`cipherExchangeNeedMoreData CipherKeyExchange_ECDHE_ECDSA = True`