hs-tls/core/Network/TLS/Handshake/Process.hs

-- |
-- Module      : Network.TLS.Handshake.Process
-- License     : BSD-style
-- Maintainer  : Vincent Hanquez <vincent@snarc.org>
-- Stability   : experimental
-- Portability : unknown
--
-- process handshake message received
--
module Network.TLS.Handshake.Process
    ( processHandshake
    , startHandshake
    ) where

import Data.ByteString (ByteString)
import Data.Maybe (isNothing)

import Control.Applicative
import Control.Monad.Error
import Control.Monad.State (gets, modify)

import Network.TLS.Types (Role(..), invertRole)
import Network.TLS.Util
import Network.TLS.Packet
import Network.TLS.Struct
import Network.TLS.State
import Network.TLS.Context
import Network.TLS.Crypto
import Network.TLS.Handshake.State
import Network.TLS.Handshake.Key
import Network.TLS.Extension
import Data.X509

processHandshake :: MonadIO m => Context -> Handshake -> m ()
processHandshake ctx hs = do
    role <- usingState_ ctx isClientContext
    case hs of
        ClientHello cver ran _ _ _ ex _ -> when (role == ServerRole) $ do
            mapM_ (usingState_ ctx . processClientExtension) ex
            startHandshake ctx cver ran
        Certificates certs            -> processCertificates role certs
        ClientKeyXchg content         -> when (role == ServerRole) $ do
            processClientKeyXchg ctx content
        HsNextProtocolNegotiation selected_protocol ->
            when (role == ServerRole) $ usingState_ ctx $ setNegotiatedProtocol selected_protocol
        Finished fdata                -> processClientFinished ctx fdata
        _                             -> return ()
    let encoded = encodeHandshake hs
    when (certVerifyHandshakeMaterial hs) $ usingHState ctx $ addHandshakeMessage encoded
    when (finishHandshakeTypeMaterial $ typeOfHandshake hs) $ usingHState ctx $ updateHandshakeDigest encoded
  where -- secure renegotiation
        processClientExtension (0xff01, content) = do
            v <- getVerifiedData ClientRole
            let bs = extensionEncode (SecureRenegotiation v Nothing)
            unless (bs `bytesEq` content) $ throwError $ Error_Protocol ("client verified data not matching: " ++ show v ++ ":" ++ show content, True, HandshakeFailure)

            setSecureRenegotiation True
        -- unknown extensions
        processClientExtension _ = return ()

        processCertificates :: MonadIO m => Role -> CertificateChain -> m ()
        processCertificates ServerRole (CertificateChain []) = return ()
        processCertificates ClientRole (CertificateChain []) =
            throwCore $ Error_Protocol ("server certificate missing", True, HandshakeFailure)
        processCertificates role (CertificateChain (c:_))
            | role == ClientRole = usingHState ctx $ setPublicKey pubkey
            | otherwise          = usingHState ctx $ setClientPublicKey pubkey
          where pubkey = certPubKey $ getCertificate c

-- process the client key exchange message. the protocol expects the initial
-- client version received in ClientHello, not the negotiated version.
-- in case the version mismatch, generate a random master secret
processClientKeyXchg :: MonadIO m => Context -> ByteString -> m ()
processClientKeyXchg ctx encryptedPremaster = do
    (rver, role, random, ePremaster) <- usingState_ ctx $ do
        (,,,) <$> getVersion <*> isClientContext <*> genRandom 48 <*> decryptRSA encryptedPremaster
    usingHState ctx $ do
        expectedVer <- gets hstClientVersion
        case ePremaster of
            Left _          -> setMasterSecretFromPre rver role random
            Right premaster -> case decodePreMasterSecret premaster of
                Left _                   -> setMasterSecretFromPre rver role random
                Right (ver, _)
                    | ver /= expectedVer -> setMasterSecretFromPre rver role random
                    | otherwise          -> setMasterSecretFromPre rver role premaster

processClientFinished :: MonadIO m => Context -> FinishedData -> m ()
processClientFinished ctx fdata = do
    (cc,ver) <- usingState_ ctx $ (,) <$> isClientContext <*> getVersion
    expected <- usingHState ctx $ getHandshakeDigest ver $ invertRole cc
    when (expected /= fdata) $ do
        throwCore $ Error_Protocol("bad record mac", True, BadRecordMac)
    usingState_ ctx $ updateVerifiedData ServerRole fdata
    return ()

startHandshake :: MonadIO m => Context -> Version -> ClientRandom -> m ()
startHandshake ctx ver crand = do
    -- FIXME check if handshake is already not null
    let initCtx = if ver < TLS12 then hashMD5SHA1 else hashSHA256
    usingState_ ctx $ do
        chs <- gets stHandshake
        when (isNothing chs) $
            modify (\st -> st { stHandshake = Just $ newEmptyHandshake ver crand initCtx })
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`-- \|`
			`-- Module : Network.TLS.Handshake.Process`
			`-- License : BSD-style`
			`-- Maintainer : Vincent Hanquez <vincent@snarc.org>`
			`-- Stability : experimental`
			`-- Portability : unknown`
			`--`
correct module description 2013-07-28 08:20:45 +00:00			`-- process handshake message received`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`--`
			`module Network.TLS.Handshake.Process`
			`( processHandshake`
move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00			`, startHandshake`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`) where`

			`import Data.ByteString (ByteString)`
move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00			`import Data.Maybe (isNothing)`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`import Control.Applicative`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`import Control.Monad.Error`
move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00			`import Control.Monad.State (gets, modify)`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00
			`import Network.TLS.Types (Role(..), invertRole)`
			`import Network.TLS.Util`
			`import Network.TLS.Packet`
			`import Network.TLS.Struct`
			`import Network.TLS.State`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`import Network.TLS.Context`
move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00			`import Network.TLS.Crypto`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`import Network.TLS.Handshake.State`
			`import Network.TLS.Handshake.Key`
			`import Network.TLS.Extension`
			`import Data.X509`

move more context in processHandshake 2013-07-30 05:14:09 +00:00			`processHandshake :: MonadIO m => Context -> Handshake -> m ()`
			`processHandshake ctx hs = do`
			`role <- usingState_ ctx isClientContext`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`case hs of`
			`ClientHello cver ran _ _ _ ex _ -> when (role == ServerRole) $ do`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`mapM_ (usingState_ ctx . processClientExtension) ex`
move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00			`startHandshake ctx cver ran`
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`Certificates certs -> processCertificates role certs`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`ClientKeyXchg content -> when (role == ServerRole) $ do`
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`processClientKeyXchg ctx content`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`HsNextProtocolNegotiation selected_protocol ->`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`when (role == ServerRole) $ usingState_ ctx $ setNegotiatedProtocol selected_protocol`
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`Finished fdata -> processClientFinished ctx fdata`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`_ -> return ()`
			`let encoded = encodeHandshake hs`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`when (certVerifyHandshakeMaterial hs) $ usingHState ctx $ addHandshakeMessage encoded`
			`when (finishHandshakeTypeMaterial $ typeOfHandshake hs) $ usingHState ctx $ updateHandshakeDigest encoded`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`where -- secure renegotiation`
			`processClientExtension (0xff01, content) = do`
			`v <- getVerifiedData ClientRole`
			`let bs = extensionEncode (SecureRenegotiation v Nothing)`
			unless (bs `bytesEq` content) $ throwError $ Error_Protocol ("client verified data not matching: " ++ show v ++ ":" ++ show content, True, HandshakeFailure)

			`setSecureRenegotiation True`
			`-- unknown extensions`
			`processClientExtension _ = return ()`

use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`processCertificates :: MonadIO m => Role -> CertificateChain -> m ()`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`processCertificates ServerRole (CertificateChain []) = return ()`
			`processCertificates ClientRole (CertificateChain []) =`
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`throwCore $ Error_Protocol ("server certificate missing", True, HandshakeFailure)`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`processCertificates role (CertificateChain (c:_))`
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`\| role == ClientRole = usingHState ctx $ setPublicKey pubkey`
			`\| otherwise = usingHState ctx $ setClientPublicKey pubkey`
move more context in processHandshake 2013-07-30 05:14:09 +00:00			`where pubkey = certPubKey $ getCertificate c`

move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`-- process the client key exchange message. the protocol expects the initial`
			`-- client version received in ClientHello, not the negotiated version.`
			`-- in case the version mismatch, generate a random master secret`
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`processClientKeyXchg :: MonadIO m => Context -> ByteString -> m ()`
			`processClientKeyXchg ctx encryptedPremaster = do`
			`(rver, role, random, ePremaster) <- usingState_ ctx $ do`
			`(,,,) <$> getVersion <> isClientContext <> genRandom 48 <*> decryptRSA encryptedPremaster`
			`usingHState ctx $ do`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`expectedVer <- gets hstClientVersion`
			`case ePremaster of`
			`Left _ -> setMasterSecretFromPre rver role random`
			`Right premaster -> case decodePreMasterSecret premaster of`
			`Left _ -> setMasterSecretFromPre rver role random`
			`Right (ver, _)`
			`\| ver /= expectedVer -> setMasterSecretFromPre rver role random`
			`\| otherwise -> setMasterSecretFromPre rver role premaster`

use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`processClientFinished :: MonadIO m => Context -> FinishedData -> m ()`
			`processClientFinished ctx fdata = do`
			`(cc,ver) <- usingState_ ctx $ (,) <$> isClientContext <*> getVersion`
			`expected <- usingHState ctx $ getHandshakeDigest ver $ invertRole cc`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`when (expected /= fdata) $ do`
use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00			`throwCore $ Error_Protocol("bad record mac", True, BadRecordMac)`
			`usingState_ ctx $ updateVerifiedData ServerRole fdata`
move handshake stuff in Handshake layer. 2013-07-28 08:19:28 +00:00			`return ()`

move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00			`startHandshake :: MonadIO m => Context -> Version -> ClientRandom -> m ()`
			`startHandshake ctx ver crand = do`
			`-- FIXME check if handshake is already not null`
			`let initCtx = if ver < TLS12 then hashMD5SHA1 else hashSHA256`
			`usingState_ ctx $ do`
			`chs <- gets stHandshake`
			`when (isNothing chs) $`
			`modify (\st -> st { stHandshake = Just $ newEmptyHandshake ver crand initCtx })`