hs-tls/core/Network/TLS/Core.hs

{-# OPTIONS_HADDOCK hide #-}
{-# LANGUAGE DeriveDataTypeable, OverloadedStrings #-}
-- |
-- Module      : Network.TLS.Core
-- License     : BSD-style
-- Maintainer  : Vincent Hanquez <vincent@snarc.org>
-- Stability   : experimental
-- Portability : unknown
--
module Network.TLS.Core
        (
        -- * Internal packet sending and receiving
          sendPacket
        , recvPacket

        -- * Initialisation and Termination of context
        , bye
        , handshake
        , HandshakeFailed(..)
        , ConnectionNotEstablished(..)

        -- * Next Protocol Negotiation
        , getNegotiatedProtocol

        -- * High level API
        , sendData
        , recvData
        , recvData'
        ) where

import Network.TLS.Context
import Network.TLS.Struct
import Network.TLS.IO
import Network.TLS.Handshake
import qualified Network.TLS.State as S
import qualified Data.ByteString as B
import Data.ByteString.Char8 ()
import qualified Data.ByteString.Lazy as L

import Control.Monad.State

-- | notify the context that this side wants to close connection.
-- this is important that it is called before closing the handle, otherwise
-- the session might not be resumable (for version < TLS1.2).
--
-- this doesn't actually close the handle
bye :: MonadIO m => Context -> m ()
bye ctx = sendPacket ctx $ Alert [(AlertLevel_Warning, CloseNotify)]

-- | If the Next Protocol Negotiation extension has been used, this will
-- return get the protocol agreed upon.
getNegotiatedProtocol :: MonadIO m => Context -> m (Maybe B.ByteString)
getNegotiatedProtocol ctx = usingState_ ctx S.getNegotiatedProtocol

-- | sendData sends a bunch of data.
-- It will automatically chunk data to acceptable packet size
sendData :: MonadIO m => Context -> L.ByteString -> m ()
sendData ctx dataToSend = checkValid ctx >> mapM_ sendDataChunk (L.toChunks dataToSend)
        where sendDataChunk d
                | B.length d > 16384 = do
                        let (sending, remain) = B.splitAt 16384 d
                        sendPacket ctx $ AppData sending
                        sendDataChunk remain
                | otherwise = sendPacket ctx $ AppData d

-- | recvData get data out of Data packet, and automatically renegotiate if
-- a Handshake ClientHello is received
recvData :: MonadIO m => Context -> m B.ByteString
recvData ctx = do
        checkValid ctx
        pkt <- recvPacket ctx
        case pkt of
                -- on server context receiving a client hello == renegotiation
                Right (Handshake [ch@(ClientHello _ _ _ _ _ _ (Just _))]) ->
                        -- reject renegotiation with SSLv2 header
                        case roleParams $ ctxParams ctx of
                            Server sparams -> error "assert, deprecated hello request in server context"
                            Client {}      -> error "assert, unexpected client hello in client context"
                Right (Handshake [ch@(ClientHello {})]) ->
                        case roleParams $ ctxParams ctx of
                            Server sparams -> handshakeServerWith sparams ctx ch >> recvData ctx
                            Client {}      -> error "assert, unexpected client hello in client context"
                -- on client context, receiving a hello request == renegotiation
                Right (Handshake [HelloRequest]) ->
                        case roleParams $ ctxParams ctx of
                            Server {}      -> error "assert, unexpected hello request in server context"
                            Client cparams -> handshakeClient cparams ctx >> recvData ctx
                Right (Alert [(AlertLevel_Fatal, _)]) -> do
                        setEOF ctx
                        return B.empty
                Right (Alert [(AlertLevel_Warning, CloseNotify)]) -> do
                        setEOF ctx
                        return B.empty
                Right (AppData "") -> recvData ctx
                Right (AppData x)  -> return x
                Right p            -> error ("error unexpected packet: " ++ show p)
                Left err           -> error ("error received: " ++ show err)

{-# DEPRECATED recvData' "use recvData that returns strict bytestring" #-}
-- | same as recvData but returns a lazy bytestring.
recvData' :: MonadIO m => Context -> m L.ByteString
recvData' ctx = recvData ctx >>= return . L.fromChunks . (:[])
add more haddock related stuff 2011-03-02 08:43:05 +00:00			`{-# OPTIONS_HADDOCK hide #-}`
Partial, but working, implementation of serverside NPN. 2012-02-08 09:20:28 +00:00			`{-# LANGUAGE DeriveDataTypeable, OverloadedStrings #-}`
unify clientparams and serverparams 2011-03-01 20:01:40 +00:00			`-- \|`
			`-- Module : Network.TLS.Core`
			`-- License : BSD-style`
			`-- Maintainer : Vincent Hanquez <vincent@snarc.org>`
			`-- Stability : experimental`
			`-- Portability : unknown`
			`--`
			`module Network.TLS.Core`
expand tabs. 2012-03-27 07:57:51 +00:00			`(`
			`-- * Internal packet sending and receiving`
			`sendPacket`
			`, recvPacket`

			`-- * Initialisation and Termination of context`
			`, bye`
			`, handshake`
			`, HandshakeFailed(..)`
			`, ConnectionNotEstablished(..)`

			`-- * Next Protocol Negotiation`
			`, getNegotiatedProtocol`

			`-- * High level API`
			`, sendData`
			`, recvData`
			`, recvData'`
			`) where`
unify clientparams and serverparams 2011-03-01 20:01:40 +00:00
split context structure and accessor out of Core. 2011-12-06 00:15:00 +00:00			`import Network.TLS.Context`
unify clientparams and serverparams 2011-03-01 20:01:40 +00:00			`import Network.TLS.Struct`
separate lowlevel IO operation in its own module. 2012-04-27 06:21:29 +00:00			`import Network.TLS.IO`
move Handshake into its own module 2012-04-27 06:28:17 +00:00			`import Network.TLS.Handshake`
Merge branch 'npn' into next Conflicts: Network/TLS/Core.hs 2012-03-15 08:59:04 +00:00			`import qualified Network.TLS.State as S`
move server to the new split API and have the server function in a monadIO monad. the state mvar is for now mostly useless, although completly harmeless; it will be useful to be able to use the ctx in a threaded context. 2011-03-01 20:01:40 +00:00			`import qualified Data.ByteString as B`
Partial, but working, implementation of serverside NPN. 2012-02-08 09:20:28 +00:00			`import Data.ByteString.Char8 ()`
move sendData to core 2011-03-01 20:01:40 +00:00			`import qualified Data.ByteString.Lazy as L`
move server to the new split API and have the server function in a monadIO monad. the state mvar is for now mostly useless, although completly harmeless; it will be useful to be able to use the ctx in a threaded context. 2011-03-01 20:01:40 +00:00
			`import Control.Monad.State`
unify clientparams and serverparams 2011-03-01 20:01:40 +00:00
add more haddock related stuff 2011-03-02 08:43:05 +00:00			`-- \| notify the context that this side wants to close connection.`
			`-- this is important that it is called before closing the handle, otherwise`
			`-- the session might not be resumable (for version < TLS1.2).`
			`--`
			`-- this doesn't actually close the handle`
more rename 2012-03-15 07:53:03 +00:00			`bye :: MonadIO m => Context -> m ()`
reflect the fact in types that the record layer record returns list of same header type. 2011-06-10 20:24:46 +00:00			`bye ctx = sendPacket ctx $ Alert [(AlertLevel_Warning, CloseNotify)]`
move sendData to core 2011-03-01 20:01:40 +00:00
Use callback instead of static state for supported NPN protocols. onSuggestNextProtocols in TLSParams. Expose getNegotiatedProtocol to users. Fix condition for when to understand NPN messages. 2012-02-12 18:59:19 +00:00			`-- \| If the Next Protocol Negotiation extension has been used, this will`
			`-- return get the protocol agreed upon.`
Merge branch 'npn' into next Conflicts: Network/TLS/Core.hs 2012-03-15 08:59:04 +00:00			`getNegotiatedProtocol :: MonadIO m => Context -> m (Maybe B.ByteString)`
Use callback instead of static state for supported NPN protocols. onSuggestNextProtocols in TLSParams. Expose getNegotiatedProtocol to users. Fix condition for when to understand NPN messages. 2012-02-12 18:59:19 +00:00			`getNegotiatedProtocol ctx = usingState_ ctx S.getNegotiatedProtocol`

add more haddock related stuff 2011-03-02 08:43:05 +00:00			`-- \| sendData sends a bunch of data.`
			`-- It will automatically chunk data to acceptable packet size`
more rename 2012-03-15 07:53:03 +00:00			`sendData :: MonadIO m => Context -> L.ByteString -> m ()`
reorganize sendData slightly 2012-01-25 16:03:31 +00:00			`sendData ctx dataToSend = checkValid ctx >> mapM_ sendDataChunk (L.toChunks dataToSend)`
expand tabs. 2012-03-27 07:57:51 +00:00			`where sendDataChunk d`
			`\| B.length d > 16384 = do`
			`let (sending, remain) = B.splitAt 16384 d`
			`sendPacket ctx $ AppData sending`
			`sendDataChunk remain`
			`\| otherwise = sendPacket ctx $ AppData d`
fold remaining bit of client/server in core. cleanup 2011-03-02 07:41:59 +00:00
Fix spelling of negotiate/negotiation in documentation 2012-03-10 21:04:44 +00:00			`-- \| recvData get data out of Data packet, and automatically renegotiate if`
add more haddock related stuff 2011-03-02 08:43:05 +00:00			`-- a Handshake ClientHello is received`
more rename 2012-03-15 07:53:03 +00:00			`recvData :: MonadIO m => Context -> m B.ByteString`
fold remaining bit of client/server in core. cleanup 2011-03-02 07:41:59 +00:00			`recvData ctx = do`
expand tabs. 2012-03-27 07:57:51 +00:00			`checkValid ctx`
			`pkt <- recvPacket ctx`
			`case pkt of`
			`-- on server context receiving a client hello == renegotiation`
reject SSLv2 re-handshaking message. 2012-11-16 15:37:05 +00:00			`Right (Handshake [ch@(ClientHello _ _ _ _ _ _ (Just _))]) ->`
			`-- reject renegotiation with SSLv2 header`
			`case roleParams $ ctxParams ctx of`
			`Server sparams -> error "assert, deprecated hello request in server context"`
			`Client {} -> error "assert, unexpected client hello in client context"`
expand tabs. 2012-03-27 07:57:51 +00:00			`Right (Handshake [ch@(ClientHello {})]) ->`
start using Client and Server distinction for want client cert and session resume with 2012-07-12 08:02:10 +00:00			`case roleParams $ ctxParams ctx of`
			`Server sparams -> handshakeServerWith sparams ctx ch >> recvData ctx`
remove semicolon and useless parens 2012-10-20 08:00:55 +00:00			`Client {} -> error "assert, unexpected client hello in client context"`
expand tabs. 2012-03-27 07:57:51 +00:00			`-- on client context, receiving a hello request == renegotiation`
			`Right (Handshake [HelloRequest]) ->`
start using Client and Server distinction for want client cert and session resume with 2012-07-12 08:02:10 +00:00			`case roleParams $ ctxParams ctx of`
remove semicolon and useless parens 2012-10-20 08:00:55 +00:00			`Server {} -> error "assert, unexpected hello request in server context"`
start using Client and Server distinction for want client cert and session resume with 2012-07-12 08:02:10 +00:00			`Client cparams -> handshakeClient cparams ctx >> recvData ctx`
expand tabs. 2012-03-27 07:57:51 +00:00			`Right (Alert [(AlertLevel_Fatal, _)]) -> do`
			`setEOF ctx`
			`return B.empty`
			`Right (Alert [(AlertLevel_Warning, CloseNotify)]) -> do`
			`setEOF ctx`
			`return B.empty`
do not returns empty app data to the user as it might be confused with EOF. 2012-10-29 21:23:44 +00:00			`Right (AppData "") -> recvData ctx`
			`Right (AppData x) -> return x`
			`Right p -> error ("error unexpected packet: " ++ show p)`
			`Left err -> error ("error received: " ++ show err)`
make recvData use strict bytestring as this more natural to the tls code. also add a recvData' to get the same behavior as before. 2012-02-07 20:41:28 +00:00
tweak how things are exported. simplify code. use correct type alias 2012-10-21 19:35:32 +00:00			`{-# DEPRECATED recvData' "use recvData that returns strict bytestring" #-}`
			`-- \| same as recvData but returns a lazy bytestring.`
more rename 2012-03-15 07:53:03 +00:00			`recvData' :: MonadIO m => Context -> m L.ByteString`
make recvData use strict bytestring as this more natural to the tls code. also add a recvData' to get the same behavior as before. 2012-02-07 20:41:28 +00:00			`recvData' ctx = recvData ctx >>= return . L.fromChunks . (:[])`