hs-tls/Network/TLS/MAC.hs

module Network.TLS.MAC
	( hmacMD5
	, hmacSHA1
	, hmacSHA256
	, macSSL
	, hmac
	, prf_MD5
	, prf_SHA1
	, prf_SHA256
	, prf_MD5SHA1
	) where

import qualified Crypto.Hash.MD5 as MD5
import qualified Crypto.Hash.SHA1 as SHA1
import qualified Crypto.Hash.SHA256 as SHA256
import qualified Data.ByteString as B
import Data.ByteString (ByteString)
import Data.Bits (xor)

macSSL :: (ByteString -> ByteString) -> ByteString -> ByteString -> ByteString
macSSL f secret msg = f $! B.concat [ secret, B.replicate padlen 0x5c,
			f $! B.concat [ secret, B.replicate padlen 0x36, msg ] ]
	where
		-- get the type of algorithm out of the digest length by using the hash fct.
		padlen = if (B.length $ f B.empty) == 16 then 48 else 40

hmac :: (ByteString -> ByteString) -> Int -> ByteString -> ByteString -> ByteString
hmac f bl secret msg =
	f $! B.append opad (f $! B.append ipad msg)
	where
		opad = B.map (xor 0x5c) k'
		ipad = B.map (xor 0x36) k'

		k' = B.append kt pad
			where
			kt  = if B.length secret > fromIntegral bl then f secret else secret
			pad = B.replicate (fromIntegral bl - B.length kt) 0

hmacMD5 :: ByteString -> ByteString -> ByteString
hmacMD5 secret msg = hmac MD5.hash 64 secret msg

hmacSHA1 :: ByteString -> ByteString -> ByteString
hmacSHA1 secret msg = hmac SHA1.hash 64 secret msg

hmacSHA256 :: ByteString -> ByteString -> ByteString
hmacSHA256 secret msg = hmac SHA256.hash 64 secret msg

hmacIter :: (ByteString -> ByteString -> ByteString) -> ByteString -> ByteString -> ByteString -> Int -> [ByteString]
hmacIter f secret seed aprev len =
	let an = f secret aprev in
	let out = f secret (B.concat [an, seed]) in
	let digestsize = fromIntegral $ B.length out in
	if digestsize >= len
		then [ B.take (fromIntegral len) out ]
		else out : hmacIter f secret seed an (len - digestsize)

prf_SHA1 :: ByteString -> ByteString -> Int -> ByteString
prf_SHA1 secret seed len = B.concat $ hmacIter hmacSHA1 secret seed seed len

prf_MD5 :: ByteString -> ByteString -> Int -> ByteString
prf_MD5 secret seed len = B.concat $ hmacIter hmacMD5 secret seed seed len

prf_MD5SHA1 :: ByteString -> ByteString -> Int -> ByteString
prf_MD5SHA1 secret seed len =
	B.pack $ B.zipWith xor (prf_MD5 s1 seed len) (prf_SHA1 s2 seed len)
	where
		slen  = B.length secret
		s1    = B.take (slen `div` 2 + slen `mod` 2) secret
		s2    = B.drop (slen `div` 2) secret

prf_SHA256 :: ByteString -> ByteString -> Int -> ByteString
prf_SHA256 secret seed len = B.concat $ hmacIter hmacSHA256 secret seed seed len
initial import 2010-09-09 21:47:19 +00:00			`module Network.TLS.MAC`
			`( hmacMD5`
			`, hmacSHA1`
			`, hmacSHA256`
properly finish SSL3 digest computation. change the cipher structure to contain the hash algorithm instead of the mac algorithm. 2010-10-06 08:07:48 +00:00			`, macSSL`
			`, hmac`
initial import 2010-09-09 21:47:19 +00:00			`, prf_MD5`
			`, prf_SHA1`
add some TLS12 prf related defs 2011-08-12 20:57:30 +00:00			`, prf_SHA256`
initial import 2010-09-09 21:47:19 +00:00			`, prf_MD5SHA1`
			`) where`

depends on cryptohash 0.6 and adapt to the new modules location. 2010-10-24 10:36:36 +00:00			`import qualified Crypto.Hash.MD5 as MD5`
			`import qualified Crypto.Hash.SHA1 as SHA1`
			`import qualified Crypto.Hash.SHA256 as SHA256`
initial import 2010-09-09 21:47:19 +00:00			`import qualified Data.ByteString as B`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`import Data.ByteString (ByteString)`
initial import 2010-09-09 21:47:19 +00:00			`import Data.Bits (xor)`

properly finish SSL3 digest computation. change the cipher structure to contain the hash algorithm instead of the mac algorithm. 2010-10-06 08:07:48 +00:00			`macSSL :: (ByteString -> ByteString) -> ByteString -> ByteString -> ByteString`
			`macSSL f secret msg = f $! B.concat [ secret, B.replicate padlen 0x5c,`
			`f $! B.concat [ secret, B.replicate padlen 0x36, msg ] ]`
			`where`
			`-- get the type of algorithm out of the digest length by using the hash fct.`
			`padlen = if (B.length $ f B.empty) == 16 then 48 else 40`

initial import 2010-09-09 21:47:19 +00:00			`hmac :: (ByteString -> ByteString) -> Int -> ByteString -> ByteString -> ByteString`
			`hmac f bl secret msg =`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`f $! B.append opad (f $! B.append ipad msg)`
initial import 2010-09-09 21:47:19 +00:00			`where`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`opad = B.map (xor 0x5c) k'`
			`ipad = B.map (xor 0x36) k'`
initial import 2010-09-09 21:47:19 +00:00
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`k' = B.append kt pad`
initial import 2010-09-09 21:47:19 +00:00			`where`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`kt = if B.length secret > fromIntegral bl then f secret else secret`
			`pad = B.replicate (fromIntegral bl - B.length kt) 0`
initial import 2010-09-09 21:47:19 +00:00
			`hmacMD5 :: ByteString -> ByteString -> ByteString`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`hmacMD5 secret msg = hmac MD5.hash 64 secret msg`
initial import 2010-09-09 21:47:19 +00:00
			`hmacSHA1 :: ByteString -> ByteString -> ByteString`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`hmacSHA1 secret msg = hmac SHA1.hash 64 secret msg`
initial import 2010-09-09 21:47:19 +00:00
			`hmacSHA256 :: ByteString -> ByteString -> ByteString`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`hmacSHA256 secret msg = hmac SHA256.hash 64 secret msg`
initial import 2010-09-09 21:47:19 +00:00
			`hmacIter :: (ByteString -> ByteString -> ByteString) -> ByteString -> ByteString -> ByteString -> Int -> [ByteString]`
			`hmacIter f secret seed aprev len =`
			`let an = f secret aprev in`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`let out = f secret (B.concat [an, seed]) in`
			`let digestsize = fromIntegral $ B.length out in`
initial import 2010-09-09 21:47:19 +00:00			`if digestsize >= len`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`then [ B.take (fromIntegral len) out ]`
initial import 2010-09-09 21:47:19 +00:00			`else out : hmacIter f secret seed an (len - digestsize)`

			`prf_SHA1 :: ByteString -> ByteString -> Int -> ByteString`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`prf_SHA1 secret seed len = B.concat $ hmacIter hmacSHA1 secret seed seed len`
initial import 2010-09-09 21:47:19 +00:00
			`prf_MD5 :: ByteString -> ByteString -> Int -> ByteString`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`prf_MD5 secret seed len = B.concat $ hmacIter hmacMD5 secret seed seed len`
initial import 2010-09-09 21:47:19 +00:00
			`prf_MD5SHA1 :: ByteString -> ByteString -> Int -> ByteString`
			`prf_MD5SHA1 secret seed len =`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`B.pack $ B.zipWith xor (prf_MD5 s1 seed len) (prf_SHA1 s2 seed len)`
initial import 2010-09-09 21:47:19 +00:00			`where`
use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers. 2010-09-26 09:34:47 +00:00			`slen = B.length secret`
			s1 = B.take (slen `div` 2 + slen `mod` 2) secret
			s2 = B.drop (slen `div` 2) secret
add some TLS12 prf related defs 2011-08-12 20:57:30 +00:00
			`prf_SHA256 :: ByteString -> ByteString -> Int -> ByteString`
			`prf_SHA256 secret seed len = B.concat $ hmacIter hmacSHA256 secret seed seed len`