hs-tls/core/Network/TLS/Crypto.hs

{-# OPTIONS_HADDOCK hide #-}
{-# LANGUAGE ExistentialQuantification #-}
module Network.TLS.Crypto
    ( HashCtx(..)
    , hashInit
    , hashUpdate
    , hashUpdateSSL
    , hashFinal

    , module Network.TLS.Crypto.DH

    -- * constructor
    , hashMD5SHA1
    , hashSHA1
    , hashSHA256

    -- * key exchange generic interface
    , PubKey(..)
    , PrivKey(..)
    , PublicKey
    , PrivateKey
    , HashDescr(..)
    , kxEncrypt
    , kxDecrypt
    , kxSign
    , kxVerify
    , KxError(..)
    ) where

import qualified Crypto.Hash.SHA256 as SHA256
import qualified Crypto.Hash.SHA1 as SHA1
import qualified Crypto.Hash.MD5 as MD5
import qualified Data.ByteString as B
import Data.ByteString (ByteString)
import Crypto.PubKey.HashDescr
import qualified Crypto.PubKey.RSA as RSA
import qualified Crypto.PubKey.RSA.PKCS15 as RSA
import Crypto.Random
import Data.X509 (PrivKey(..), PubKey(..))
import Network.TLS.Crypto.DH

{-# DEPRECATED PublicKey "use PubKey" #-}
type PublicKey = PubKey
{-# DEPRECATED PrivateKey "use PrivKey" #-}
type PrivateKey = PrivKey

data KxError =
      RSAError RSA.Error
    | KxUnsupported
    deriving (Show)

class HashCtxC a where
    hashCName      :: a -> String
    hashCInit      :: a -> a
    hashCUpdate    :: a -> B.ByteString -> a
    hashCUpdateSSL :: a -> (B.ByteString,B.ByteString) -> a
    hashCFinal     :: a -> B.ByteString

data HashCtx = forall h . HashCtxC h => HashCtx h

instance Show HashCtx where
    show (HashCtx c) = hashCName c

{- MD5 & SHA1 joined -}
data HashMD5SHA1 = HashMD5SHA1 SHA1.Ctx MD5.Ctx

instance HashCtxC HashMD5SHA1 where
    hashCName _                  = "MD5-SHA1"
    hashCInit _                  = HashMD5SHA1 SHA1.init MD5.init
    hashCUpdate (HashMD5SHA1 sha1ctx md5ctx) b = HashMD5SHA1 (SHA1.update sha1ctx b) (MD5.update md5ctx b)
    hashCUpdateSSL (HashMD5SHA1 sha1ctx md5ctx) (b1,b2) = HashMD5SHA1 (SHA1.update sha1ctx b2) (MD5.update md5ctx b1)
    hashCFinal  (HashMD5SHA1 sha1ctx md5ctx)   = B.concat [MD5.finalize md5ctx, SHA1.finalize sha1ctx]

newtype HashSHA1 = HashSHA1 SHA1.Ctx

instance HashCtxC HashSHA1 where
    hashCName _                  = "SHA1"
    hashCInit _                  = HashSHA1 SHA1.init
    hashCUpdate (HashSHA1 ctx) b = HashSHA1 (SHA1.update ctx b)
    hashCUpdateSSL (HashSHA1 ctx) (_,b2) = HashSHA1 (SHA1.update ctx b2)
    hashCFinal  (HashSHA1 ctx)   = SHA1.finalize ctx

newtype HashSHA256 = HashSHA256 SHA256.Ctx

instance HashCtxC HashSHA256 where
    hashCName _                    = "SHA256"
    hashCInit _                    = HashSHA256 SHA256.init
    hashCUpdate (HashSHA256 ctx) b = HashSHA256 (SHA256.update ctx b)
    hashCUpdateSSL _ _             = error "CUpdateSSL with HashSHA256"
    hashCFinal  (HashSHA256 ctx)   = SHA256.finalize ctx

-- functions to use the hidden class.
hashInit :: HashCtx -> HashCtx
hashInit   (HashCtx h)   = HashCtx $ hashCInit h

hashUpdate :: HashCtx -> B.ByteString -> HashCtx
hashUpdate (HashCtx h) b = HashCtx $ hashCUpdate h b

hashUpdateSSL :: HashCtx
              -> (B.ByteString,B.ByteString) -- ^ (for the md5 context, for the sha1 context)
              -> HashCtx
hashUpdateSSL (HashCtx h) bs = HashCtx $ hashCUpdateSSL h bs

hashFinal :: HashCtx -> B.ByteString
hashFinal  (HashCtx h)   = hashCFinal h

-- real hash constructors
hashMD5SHA1, hashSHA1, hashSHA256 :: HashCtx
hashMD5SHA1 = HashCtx (HashMD5SHA1 SHA1.init MD5.init)
hashSHA1    = HashCtx (HashSHA1 SHA1.init)
hashSHA256  = HashCtx (HashSHA256 SHA256.init)

{- key exchange methods encrypt and decrypt for each supported algorithm -}

generalizeRSAWithRNG :: CPRG g => (Either RSA.Error a, g) -> (Either KxError a, g)
generalizeRSAWithRNG (Left e, g) = (Left (RSAError e), g)
generalizeRSAWithRNG (Right x, g) = (Right x, g)

kxEncrypt :: CPRG g => g -> PublicKey -> ByteString -> (Either KxError ByteString, g)
kxEncrypt g (PubKeyRSA pk) b = generalizeRSAWithRNG $ RSA.encrypt g pk b
kxEncrypt g _              _ = (Left KxUnsupported, g)

kxDecrypt :: CPRG g => g -> PrivateKey -> ByteString -> (Either KxError ByteString, g)
kxDecrypt g (PrivKeyRSA pk) b = generalizeRSAWithRNG $ RSA.decryptSafer g pk b
kxDecrypt g _               _ = (Left KxUnsupported, g)

-- Verify that the signature matches the given message, using the
-- public key.
--
kxVerify :: PublicKey -> HashDescr -> ByteString -> ByteString -> Bool
kxVerify (PubKeyRSA pk) hashDescr msg sign = RSA.verify hashDescr pk msg sign
kxVerify _              _         _   _    = False

-- Sign the given message using the private key.
--
kxSign :: CPRG g => g -> PrivateKey -> HashDescr -> ByteString -> (Either KxError ByteString, g)
kxSign g (PrivKeyRSA pk) hashDescr msg  =
    generalizeRSAWithRNG $ RSA.signSafer g hashDescr pk msg
kxSign g _               _         _    =
    (Left KxUnsupported, g)
add more haddock related stuff 2011-03-02 08:43:05 +00:00			`{-# OPTIONS_HADDOCK hide #-}`
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00			`{-# LANGUAGE ExistentialQuantification #-}`
initial import 2010-09-09 21:47:19 +00:00			`module Network.TLS.Crypto`
re-indent 2013-07-12 06:27:28 +00:00			`( HashCtx(..)`
			`, hashInit`
			`, hashUpdate`
			`, hashUpdateSSL`
			`, hashFinal`

add some wrapper for DH operations. 2013-12-11 07:53:55 +00:00			`, module Network.TLS.Crypto.DH`

re-indent 2013-07-12 06:27:28 +00:00			`-- * constructor`
			`, hashMD5SHA1`
add HashSHA1 for DSS signature for < TLS12. 2013-12-07 06:50:07 +00:00			`, hashSHA1`
re-indent 2013-07-12 06:27:28 +00:00			`, hashSHA256`

			`-- * key exchange generic interface`
			`, PubKey(..)`
			`, PrivKey(..)`
			`, PublicKey`
			`, PrivateKey`
			`, HashDescr(..)`
			`, kxEncrypt`
			`, kxDecrypt`
			`, kxSign`
			`, kxVerify`
			`, KxError(..)`
			`) where`
initial import 2010-09-09 21:47:19 +00:00
define hashSHA256. 2011-08-14 15:18:22 +00:00			`import qualified Crypto.Hash.SHA256 as SHA256`
depends on cryptohash 0.6 and adapt to the new modules location. 2010-10-24 10:36:36 +00:00			`import qualified Crypto.Hash.SHA1 as SHA1`
			`import qualified Crypto.Hash.MD5 as MD5`
initial import 2010-09-09 21:47:19 +00:00			`import qualified Data.ByteString as B`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`import Data.ByteString (ByteString)`
use new crypto-pubkey 2012-12-30 15:31:13 +00:00			`import Crypto.PubKey.HashDescr`
switch to CPRG instead of CryptoRandomGen 2012-12-05 07:47:17 +00:00			`import qualified Crypto.PubKey.RSA as RSA`
			`import qualified Crypto.PubKey.RSA.PKCS15 as RSA`
use the new Crypto.Random instead of the compat Crypto.Random.API 2013-12-11 07:53:11 +00:00			`import Crypto.Random`
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`import Data.X509 (PrivKey(..), PubKey(..))`
automatically add Crypto.DH in Crypto. 2013-12-11 07:54:32 +00:00			`import Network.TLS.Crypto.DH`
Generalize key exchange and use in-house RSA. Remove need for spoon, since RSA will fails gracefully. Add support for full private key format for fast decryption. Generalization of key exchange to add future support for DH, etc. 2010-11-04 19:10:00 +00:00
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`{-# DEPRECATED PublicKey "use PubKey" #-}`
			`type PublicKey = PubKey`
			`{-# DEPRECATED PrivateKey "use PrivKey" #-}`
			`type PrivateKey = PrivKey`
Generalize key exchange and use in-house RSA. Remove need for spoon, since RSA will fails gracefully. Add support for full private key format for fast decryption. Generalization of key exchange to add future support for DH, etc. 2010-11-04 19:10:00 +00:00
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`data KxError =`
			`RSAError RSA.Error`
			`\| KxUnsupported`
			`deriving (Show)`
initial import 2010-09-09 21:47:19 +00:00
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00			`class HashCtxC a where`
re-indent 2013-07-12 06:27:28 +00:00			`hashCName :: a -> String`
			`hashCInit :: a -> a`
			`hashCUpdate :: a -> B.ByteString -> a`
			`hashCUpdateSSL :: a -> (B.ByteString,B.ByteString) -> a`
			`hashCFinal :: a -> B.ByteString`
initial import 2010-09-09 21:47:19 +00:00
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00			`data HashCtx = forall h . HashCtxC h => HashCtx h`
initial import 2010-09-09 21:47:19 +00:00
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00			`instance Show HashCtx where`
re-indent 2013-07-12 06:27:28 +00:00			`show (HashCtx c) = hashCName c`
initial import 2010-09-09 21:47:19 +00:00
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00			`{- MD5 & SHA1 joined -}`
			`data HashMD5SHA1 = HashMD5SHA1 SHA1.Ctx MD5.Ctx`

			`instance HashCtxC HashMD5SHA1 where`
re-indent 2013-07-12 06:27:28 +00:00			`hashCName _ = "MD5-SHA1"`
			`hashCInit _ = HashMD5SHA1 SHA1.init MD5.init`
			`hashCUpdate (HashMD5SHA1 sha1ctx md5ctx) b = HashMD5SHA1 (SHA1.update sha1ctx b) (MD5.update md5ctx b)`
			`hashCUpdateSSL (HashMD5SHA1 sha1ctx md5ctx) (b1,b2) = HashMD5SHA1 (SHA1.update sha1ctx b2) (MD5.update md5ctx b1)`
			`hashCFinal (HashMD5SHA1 sha1ctx md5ctx) = B.concat [MD5.finalize md5ctx, SHA1.finalize sha1ctx]`
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00
add HashSHA1 for DSS signature for < TLS12. 2013-12-07 06:50:07 +00:00			`newtype HashSHA1 = HashSHA1 SHA1.Ctx`

			`instance HashCtxC HashSHA1 where`
			`hashCName _ = "SHA1"`
			`hashCInit _ = HashSHA1 SHA1.init`
			`hashCUpdate (HashSHA1 ctx) b = HashSHA1 (SHA1.update ctx b)`
			`hashCUpdateSSL (HashSHA1 ctx) (_,b2) = HashSHA1 (SHA1.update ctx b2)`
			`hashCFinal (HashSHA1 ctx) = SHA1.finalize ctx`

			`newtype HashSHA256 = HashSHA256 SHA256.Ctx`
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00
define hashSHA256. 2011-08-14 15:18:22 +00:00			`instance HashCtxC HashSHA256 where`
re-indent 2013-07-12 06:27:28 +00:00			`hashCName _ = "SHA256"`
			`hashCInit _ = HashSHA256 SHA256.init`
			`hashCUpdate (HashSHA256 ctx) b = HashSHA256 (SHA256.update ctx b)`
report a more useful error than undefined when trying to use HashSHA256 in SSL3 mode. 2013-11-29 09:00:09 +00:00			`hashCUpdateSSL _ _ = error "CUpdateSSL with HashSHA256"`
re-indent 2013-07-12 06:27:28 +00:00			`hashCFinal (HashSHA256 ctx) = SHA256.finalize ctx`
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00
			`-- functions to use the hidden class.`
			`hashInit :: HashCtx -> HashCtx`
			`hashInit (HashCtx h) = HashCtx $ hashCInit h`

			`hashUpdate :: HashCtx -> B.ByteString -> HashCtx`
			`hashUpdate (HashCtx h) b = HashCtx $ hashCUpdate h b`

comment the reason of the existence of hashUpdateSSL. 2013-12-07 06:49:34 +00:00			`hashUpdateSSL :: HashCtx`
			`-> (B.ByteString,B.ByteString) -- ^ (for the md5 context, for the sha1 context)`
			`-> HashCtx`
switch to one hashctx that can contains 2 hashctx, and add a special updateSSL for SSL3. 2011-08-14 15:18:09 +00:00			`hashUpdateSSL (HashCtx h) bs = HashCtx $ hashCUpdateSSL h bs`

update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00			`hashFinal :: HashCtx -> B.ByteString`
			`hashFinal (HashCtx h) = hashCFinal h`

			`-- real hash constructors`
add HashSHA1 for DSS signature for < TLS12. 2013-12-07 06:50:07 +00:00			`hashMD5SHA1, hashSHA1, hashSHA256 :: HashCtx`
update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 13:34:34 +00:00			`hashMD5SHA1 = HashCtx (HashMD5SHA1 SHA1.init MD5.init)`
add HashSHA1 for DSS signature for < TLS12. 2013-12-07 06:50:07 +00:00			`hashSHA1 = HashCtx (HashSHA1 SHA1.init)`
define hashSHA256. 2011-08-14 15:18:22 +00:00			`hashSHA256 = HashCtx (HashSHA256 SHA256.init)`
initial import 2010-09-09 21:47:19 +00:00
Generalize key exchange and use in-house RSA. Remove need for spoon, since RSA will fails gracefully. Add support for full private key format for fast decryption. Generalization of key exchange to add future support for DH, etc. 2010-11-04 19:10:00 +00:00			`{- key exchange methods encrypt and decrypt for each supported algorithm -}`
initial import 2010-09-09 21:47:19 +00:00
use the {decrypt,sign}Safer alternative. 2012-12-05 08:22:47 +00:00			`generalizeRSAWithRNG :: CPRG g => (Either RSA.Error a, g) -> (Either KxError a, g)`
			`generalizeRSAWithRNG (Left e, g) = (Left (RSAError e), g)`
			`generalizeRSAWithRNG (Right x, g) = (Right x, g)`

switch to CPRG instead of CryptoRandomGen 2012-12-05 07:47:17 +00:00			`kxEncrypt :: CPRG g => g -> PublicKey -> ByteString -> (Either KxError ByteString, g)`
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`kxEncrypt g (PubKeyRSA pk) b = generalizeRSAWithRNG $ RSA.encrypt g pk b`
			`kxEncrypt g _ _ = (Left KxUnsupported, g)`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00
use a CPRG when using decrypt RSA. 2012-12-05 08:16:32 +00:00			`kxDecrypt :: CPRG g => g -> PrivateKey -> ByteString -> (Either KxError ByteString, g)`
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`kxDecrypt g (PrivKeyRSA pk) b = generalizeRSAWithRNG $ RSA.decryptSafer g pk b`
			`kxDecrypt g _ _ = (Left KxUnsupported, g)`
Add functions for signing/verifying with private/public keys. 2012-07-13 14:33:12 +00:00
			`-- Verify that the signature matches the given message, using the`
			`-- public key.`
			`--`
use new crypto-pubkey 2012-12-30 15:31:13 +00:00			`kxVerify :: PublicKey -> HashDescr -> ByteString -> ByteString -> Bool`
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`kxVerify (PubKeyRSA pk) hashDescr msg sign = RSA.verify hashDescr pk msg sign`
			`kxVerify _ _ _ _ = False`
Add functions for signing/verifying with private/public keys. 2012-07-13 14:33:12 +00:00
			`-- Sign the given message using the private key.`
			`--`
use new crypto-pubkey 2012-12-30 15:31:13 +00:00			`kxSign :: CPRG g => g -> PrivateKey -> HashDescr -> ByteString -> (Either KxError ByteString, g)`
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`kxSign g (PrivKeyRSA pk) hashDescr msg =`
use new crypto-pubkey 2012-12-30 15:31:13 +00:00			`generalizeRSAWithRNG $ RSA.signSafer g hashDescr pk msg`
use x509 public key and private key instead of defining our own in tls. 2013-05-30 06:21:25 +00:00			`kxSign g _ _ _ =`
			`(Left KxUnsupported, g)`