diff --git a/extra/.gitignore b/extra/.gitignore deleted file mode 100644 index 9eab6a5..0000000 --- a/extra/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -dist -*.o -cabal-dev diff --git a/extra/LICENSE b/extra/LICENSE deleted file mode 100644 index ea7a846..0000000 --- a/extra/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2010-2012 Vincent Hanquez - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of the author nor the names of his contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. diff --git a/extra/Network/TLS/Extra.hs b/extra/Network/TLS/Extra.hs deleted file mode 100644 index 7c2c571..0000000 --- a/extra/Network/TLS/Extra.hs +++ /dev/null @@ -1,17 +0,0 @@ --- | --- Module : Network.TLS.Extra --- License : BSD-style --- Maintainer : Vincent Hanquez --- Stability : experimental --- Portability : unknown --- -module Network.TLS.Extra - ( - -- * Cipher related definition - module Network.TLS.Extra.Cipher - -- * File helpers - , module Network.TLS.Extra.File - ) where - -import Network.TLS.Extra.Cipher -import Network.TLS.Extra.File diff --git a/extra/Network/TLS/Extra/Cipher.hs b/extra/Network/TLS/Extra/Cipher.hs deleted file mode 100644 index e9e419e..0000000 --- a/extra/Network/TLS/Extra/Cipher.hs +++ /dev/null @@ -1,388 +0,0 @@ --- | --- Module : Network.TLS.Extra.Cipher --- License : BSD-style --- Maintainer : Vincent Hanquez --- Stability : experimental --- Portability : unknown --- -{-# LANGUAGE CPP #-} -{-# LANGUAGE PackageImports #-} -module Network.TLS.Extra.Cipher - ( - -- * cipher suite - ciphersuite_all - , ciphersuite_medium - , ciphersuite_strong - , ciphersuite_unencrypted - , ciphersuite_dhe_rsa - , ciphersuite_dhe_dss - -- * individual ciphers - , cipher_null_SHA1 - , cipher_null_MD5 - , cipher_RC4_128_MD5 - , cipher_RC4_128_SHA1 - , cipher_AES128_SHA1 - , cipher_AES256_SHA1 - , cipher_AES128_SHA256 - , cipher_AES256_SHA256 - , cipher_DHE_RSA_AES128_SHA1 - , cipher_DHE_RSA_AES256_SHA1 - , cipher_DHE_RSA_AES128_SHA256 - , cipher_DHE_RSA_AES256_SHA256 - , cipher_DHE_DSS_AES128_SHA1 - , cipher_DHE_DSS_AES256_SHA1 - , cipher_DHE_DSS_RC4_SHA1 - ) where - -import qualified Data.ByteString as B - -import Network.TLS (Version(..)) -import Network.TLS.Cipher -import qualified "cipher-rc4" Crypto.Cipher.RC4 as RC4 - -import qualified Crypto.Hash.SHA256 as SHA256 -import qualified Crypto.Hash.SHA1 as SHA1 -import qualified Crypto.Hash.MD5 as MD5 - -import qualified "cipher-aes" Crypto.Cipher.AES as AES - -aes_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString -aes_cbc_encrypt key iv d = AES.encryptCBC (AES.initAES key) iv d - -aes_cbc_decrypt :: Key -> IV -> B.ByteString -> B.ByteString -aes_cbc_decrypt key iv d = AES.decryptCBC (AES.initAES key) iv d - -aes128_cbc_encrypt = aes_cbc_encrypt -aes128_cbc_decrypt = aes_cbc_decrypt -aes256_cbc_encrypt = aes_cbc_encrypt -aes256_cbc_decrypt = aes_cbc_decrypt - -toIV :: RC4.Ctx -> IV -toIV (RC4.Ctx ctx) = ctx - -toCtx :: IV -> RC4.Ctx -toCtx iv = RC4.Ctx iv - -initF_rc4 :: Key -> IV -initF_rc4 key = toIV $ RC4.initCtx key - -encryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV) -encryptF_rc4 iv d = (\(ctx, e) -> (e, toIV ctx)) $ RC4.combine (toCtx iv) d - -decryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV) -decryptF_rc4 iv e = (\(ctx, d) -> (d, toIV ctx)) $ RC4.combine (toCtx iv) e - - --- | all encrypted ciphers supported ordered from strong to weak. --- this choice of ciphersuite should satisfy most normal need -ciphersuite_all :: [Cipher] -ciphersuite_all = - [ cipher_DHE_RSA_AES256_SHA256, cipher_DHE_RSA_AES128_SHA256 - , cipher_DHE_RSA_AES256_SHA1, cipher_DHE_RSA_AES128_SHA1 - , cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1 - , cipher_AES128_SHA256, cipher_AES256_SHA256 - , cipher_AES128_SHA1, cipher_AES256_SHA1 - , cipher_DHE_DSS_RC4_SHA1, cipher_RC4_128_SHA1, cipher_RC4_128_MD5 - ] - --- | list of medium ciphers. -ciphersuite_medium :: [Cipher] -ciphersuite_medium = [cipher_RC4_128_MD5, cipher_RC4_128_SHA1, cipher_AES128_SHA1, cipher_AES256_SHA1] - --- | the strongest ciphers supported. -ciphersuite_strong :: [Cipher] -ciphersuite_strong = [cipher_DHE_RSA_AES256_SHA256, cipher_AES256_SHA256, cipher_AES256_SHA1] - --- | DHE-RSA cipher suite -ciphersuite_dhe_rsa :: [Cipher] -ciphersuite_dhe_rsa = [cipher_DHE_RSA_AES256_SHA256, cipher_DHE_RSA_AES128_SHA256 - , cipher_DHE_RSA_AES256_SHA1, cipher_DHE_RSA_AES128_SHA1] - -ciphersuite_dhe_dss :: [Cipher] -ciphersuite_dhe_dss = [cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1, cipher_DHE_DSS_RC4_SHA1] - --- | all unencrypted ciphers, do not use on insecure network. -ciphersuite_unencrypted :: [Cipher] -ciphersuite_unencrypted = [cipher_null_MD5, cipher_null_SHA1] - -bulk_null = Bulk - { bulkName = "null" - , bulkKeySize = 0 - , bulkIVSize = 0 - , bulkBlockSize = 0 - , bulkF = BulkStreamF (const B.empty) streamId streamId - } - where streamId = \iv b -> (b,iv) - -bulk_rc4 = Bulk - { bulkName = "RC4-128" - , bulkKeySize = 16 - , bulkIVSize = 0 - , bulkBlockSize = 0 - , bulkF = BulkStreamF initF_rc4 encryptF_rc4 decryptF_rc4 - } - -bulk_aes128 = Bulk - { bulkName = "AES128" - , bulkKeySize = 16 - , bulkIVSize = 16 - , bulkBlockSize = 16 - , bulkF = BulkBlockF aes128_cbc_encrypt aes128_cbc_decrypt - } - -bulk_aes256 = Bulk - { bulkName = "AES256" - , bulkKeySize = 32 - , bulkIVSize = 16 - , bulkBlockSize = 16 - , bulkF = BulkBlockF aes256_cbc_encrypt aes256_cbc_decrypt - } - -hash_md5 = Hash - { hashName = "MD5" - , hashSize = 16 - , hashF = MD5.hash - } - -hash_sha1 = Hash - { hashName = "SHA1" - , hashSize = 20 - , hashF = SHA1.hash - } - -hash_sha256 = Hash - { hashName = "SHA256" - , hashSize = 32 - , hashF = SHA256.hash - } - --- | unencrypted cipher using RSA for key exchange and MD5 for digest -cipher_null_MD5 :: Cipher -cipher_null_MD5 = Cipher - { cipherID = 0x1 - , cipherName = "RSA-null-MD5" - , cipherBulk = bulk_null - , cipherHash = hash_md5 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Nothing - } - --- | unencrypted cipher using RSA for key exchange and SHA1 for digest -cipher_null_SHA1 :: Cipher -cipher_null_SHA1 = Cipher - { cipherID = 0x2 - , cipherName = "RSA-null-SHA1" - , cipherBulk = bulk_null - , cipherHash = hash_sha1 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Nothing - } - --- | RC4 cipher, RSA key exchange and MD5 for digest -cipher_RC4_128_MD5 :: Cipher -cipher_RC4_128_MD5 = Cipher - { cipherID = 0x04 - , cipherName = "RSA-rc4-128-md5" - , cipherBulk = bulk_rc4 - , cipherHash = hash_md5 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Nothing - } - --- | RC4 cipher, RSA key exchange and SHA1 for digest -cipher_RC4_128_SHA1 :: Cipher -cipher_RC4_128_SHA1 = Cipher - { cipherID = 0x05 - , cipherName = "RSA-rc4-128-sha1" - , cipherBulk = bulk_rc4 - , cipherHash = hash_sha1 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Nothing - } - --- | AES cipher (128 bit key), RSA key exchange and SHA1 for digest -cipher_AES128_SHA1 :: Cipher -cipher_AES128_SHA1 = Cipher - { cipherID = 0x2f - , cipherName = "RSA-aes128-sha1" - , cipherBulk = bulk_aes128 - , cipherHash = hash_sha1 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Just SSL3 - } - --- | AES cipher (256 bit key), RSA key exchange and SHA1 for digest -cipher_AES256_SHA1 :: Cipher -cipher_AES256_SHA1 = Cipher - { cipherID = 0x35 - , cipherName = "RSA-aes256-sha1" - , cipherBulk = bulk_aes256 - , cipherHash = hash_sha1 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Just SSL3 - } - --- | AES cipher (128 bit key), RSA key exchange and SHA256 for digest -cipher_AES128_SHA256 :: Cipher -cipher_AES128_SHA256 = Cipher - { cipherID = 0x3c - , cipherName = "RSA-aes128-sha256" - , cipherBulk = bulk_aes128 - , cipherHash = hash_sha256 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Just TLS12 - } - --- | AES cipher (256 bit key), RSA key exchange and SHA256 for digest -cipher_AES256_SHA256 :: Cipher -cipher_AES256_SHA256 = Cipher - { cipherID = 0x3d - , cipherName = "RSA-aes256-sha256" - , cipherBulk = bulk_aes256 - , cipherHash = hash_sha256 - , cipherKeyExchange = CipherKeyExchange_RSA - , cipherMinVer = Just TLS12 - } - --- | AES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest -cipher_DHE_RSA_AES128_SHA1 :: Cipher -cipher_DHE_RSA_AES128_SHA1 = Cipher - { cipherID = 0x33 - , cipherName = "DHE-RSA-AES128-SHA1" - , cipherBulk = bulk_aes128 - , cipherHash = hash_sha1 - , cipherKeyExchange = CipherKeyExchange_DHE_RSA - , cipherMinVer = Nothing - } - --- | AES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digest -cipher_DHE_RSA_AES256_SHA1 :: Cipher -cipher_DHE_RSA_AES256_SHA1 = cipher_DHE_RSA_AES128_SHA1 - { cipherID = 0x39 - , cipherName = "DHE-RSA-AES256-SHA1" - , cipherBulk = bulk_aes256 - } - --- | AES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digest -cipher_DHE_DSS_AES128_SHA1 :: Cipher -cipher_DHE_DSS_AES128_SHA1 = Cipher - { cipherID = 0x32 - , cipherName = "DHE-DSA-AES128-SHA1" - , cipherBulk = bulk_aes128 - , cipherHash = hash_sha1 - , cipherKeyExchange = CipherKeyExchange_DHE_DSS - , cipherMinVer = Nothing - } - --- | AES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digest -cipher_DHE_DSS_AES256_SHA1 :: Cipher -cipher_DHE_DSS_AES256_SHA1 = cipher_DHE_DSS_AES128_SHA1 - { cipherID = 0x38 - , cipherName = "DHE-DSA-AES256-SHA1" - , cipherBulk = bulk_aes256 - } - -cipher_DHE_DSS_RC4_SHA1 :: Cipher -cipher_DHE_DSS_RC4_SHA1 = cipher_DHE_DSS_AES128_SHA1 - { cipherID = 0x66 - , cipherName = "DHE-DSA-RC4-SHA1" - , cipherBulk = bulk_rc4 - } - -cipher_DHE_RSA_AES128_SHA256 :: Cipher -cipher_DHE_RSA_AES128_SHA256 = cipher_DHE_RSA_AES128_SHA1 - { cipherID = 0x67 - , cipherName = "DHE-RSA-AES128-SHA256" - , cipherHash = hash_sha256 - , cipherMinVer = Just TLS12 - } - -cipher_DHE_RSA_AES256_SHA256 :: Cipher -cipher_DHE_RSA_AES256_SHA256 = cipher_DHE_RSA_AES128_SHA256 - { cipherID = 0x6b - , cipherName = "DHE-RSA-AES256-SHA256" - , cipherBulk = bulk_aes256 - } - - -{- -TLS 1.0 ciphers definition - -CipherSuite TLS_NULL_WITH_NULL_NULL = { 0x00,0x00 }; -CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 }; -CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 }; -CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 }; -CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 }; -CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 }; -CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 }; -CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 }; -CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 }; -CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 }; -CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A }; -CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B }; -CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C }; -CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D }; -CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E }; -CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F }; -CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 }; -CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 }; -CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 }; -CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 }; -CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 }; -CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 }; -CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 }; -CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 }; -CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 }; -CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 }; -CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A }; -CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B }; - -TLS-DHE-RSA-WITH-AES-128-CBC-SHA {0x00,0x33} -TLS-DHE-RSA-WITH-AES-256-CBC-SHA {0x00,0x39} -TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 {0x00,0x67} -TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 {0x00,0x6B} -TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 {0x00,0x9E} -TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 {0x00,0x9F} -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA {0x00,0x45} -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA {0x00,0x88} -TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 {0x00,0xBE} -TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 {0x00,0xC4} -TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 {0x00,0x7C} -TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA256 {0x00,0x7D} -TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA {0x00,0x16} -TLS-DHE-RSA-WITH-DES-CBC-SHA {0x00,0x15} - -TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA {0xC0,0x13} -TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA {0xC0,0x14} -TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 {0xC0,0x27} -TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 {0xC0,0x28} -TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 {0xC0,0x2F} -TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 {0xC0,0x30} -TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 {0xC0,0x76} -TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 {0xC0,0x77} -TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 {0xC0,0x8A} -TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 {0xC0,0x8B} -TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA {0xC0,0x12} -TLS-ECDHE-RSA-WITH-RC4-128-SHA {0xC0,0x11} -TLS-ECDHE-RSA-WITH-NULL-SHA {0xC0,0x10} - -TLS-PSK-WITH-RC4-128-SHA {0x00,0x8A} -TLS-PSK-WITH-3DES-EDE-CBC-SHA {0x00,0x8B} -TLS-PSK-WITH-AES-128-CBC-SHA {0x00,0x8C} -TLS-PSK-WITH-AES-256-CBC-SHA {0x00,0x8D} -TLS-PSK-WITH-AES-128-CBC-SHA256 {0x00,0xAE} -TLS-PSK-WITH-AES-256-CBC-SHA384 {0x00,0xAF} -TLS-PSK-WITH-AES-128-GCM-SHA256 {0x00,0xA8} -TLS-PSK-WITH-AES-256-GCM-SHA384 {0x00,0xA9} -TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 {0xC0,0x94} -TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 {0xC0,0x95} -TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 {0xC0,0x8D} -TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 {0xC0,0x8F} -TLS-PSK-WITH-NULL-SHA {0x00,0x2C} -TLS-PSK-WITH-NULL-SHA256 {0x00,0xB4} -TLS-PSK-WITH-NULL-SHA384 {0x00,0xB5} - -best ciphers suite description: - - --} diff --git a/extra/Network/TLS/Extra/Compression.hs b/extra/Network/TLS/Extra/Compression.hs deleted file mode 100644 index d00c135..0000000 --- a/extra/Network/TLS/Extra/Compression.hs +++ /dev/null @@ -1,12 +0,0 @@ --- | --- Module : Network.TLS.Extra.Compression --- License : BSD-style --- Maintainer : Vincent Hanquez --- Stability : experimental --- Portability : unknown --- -module Network.TLS.Extra.Compression - ( - ) where - ---import Network.TLS.Compression diff --git a/extra/Network/TLS/Extra/File.hs b/extra/Network/TLS/Extra/File.hs deleted file mode 100644 index bd8f98f..0000000 --- a/extra/Network/TLS/Extra/File.hs +++ /dev/null @@ -1,50 +0,0 @@ --- | --- Module : Network.TLS.Extra.File --- License : BSD-style --- Maintainer : Vincent Hanquez --- Stability : experimental --- Portability : unknown --- --- Simple helpers to load private key and certificate files --- to be handled by the TLS stack -module Network.TLS.Extra.File - ( fileReadCertificate - , fileReadCertificateChain - , fileReadPrivateKey - ) where - -import Control.Applicative ((<$>)) -import Data.X509.File -import Data.X509 - --- | read one X509 certificate from a file. --- --- the certificate must be in the usual PEM format --- --- If no valid PEM encoded certificate is found in the file --- this function will raise an error. -fileReadCertificate :: FilePath -> IO SignedCertificate -fileReadCertificate filepath = headError <$> readSignedObject filepath - where headError [] = error ("read certificate: not found in " ++ show filepath) - headError (x:_) = x - --- | read a CertificateChain from a file. --- --- No checks are performed on the chain itself for validity or consistency. --- --- the expected format is the list of PEM encoded signed certificate, --- with the first one being the subject of the chain. --- -fileReadCertificateChain :: FilePath -> IO CertificateChain -fileReadCertificateChain filepath = CertificateChain <$> readSignedObject filepath - --- | read one private key from a file. --- --- the private key must be in the usual PEM format --- --- If no valid PEM encoded private key is found in the file --- this function will raise an error. -fileReadPrivateKey :: FilePath -> IO PrivKey -fileReadPrivateKey filepath = headError <$> readKeyFile filepath - where headError [] = error ("read private key: no key found in " ++ show filepath) - headError (x:_) = x diff --git a/extra/Setup.hs b/extra/Setup.hs deleted file mode 100644 index 9a994af..0000000 --- a/extra/Setup.hs +++ /dev/null @@ -1,2 +0,0 @@ -import Distribution.Simple -main = defaultMain diff --git a/extra/Tests.hs b/extra/Tests.hs deleted file mode 100644 index 0957c3b..0000000 --- a/extra/Tests.hs +++ /dev/null @@ -1,3 +0,0 @@ -import qualified Tests.Ciphers as Ciphers - -main = Ciphers.runTests diff --git a/extra/Tests/Ciphers.hs b/extra/Tests/Ciphers.hs deleted file mode 100644 index 6da7700..0000000 --- a/extra/Tests/Ciphers.hs +++ /dev/null @@ -1,40 +0,0 @@ -module Tests.Ciphers - ( runTests - ) where - -import Data.Word -import Control.Applicative ((<$>)) - -import Tests.Common -import Test.QuickCheck - -import qualified Data.ByteString as B -import Network.TLS.Cipher - -arbitraryKey :: Bulk -> Gen [Word8] -arbitraryKey bulk = vector (fromIntegral $ bulkKeySize bulk) - -arbitraryIV :: Bulk -> Gen [Word8] -arbitraryIV bulk = vector (fromIntegral $ bulkIVSize bulk) - -arbitraryText :: Bulk -> Gen [Word8] -arbitraryText bulk = vector (fromIntegral $ bulkBlockSize bulk) - -bulk_test bulk = run_test n t - where - n = ("bulk: " ++ bulkName bulk ++ ": decrypt . encrypt = id") - t = case bulkF bulk of - BulkBlockF enc dec -> do - key <- B.pack <$> arbitraryKey bulk - iv <- B.pack <$> arbitraryIV bulk - t <- B.pack <$> arbitraryText bulk - return $ block enc dec key iv t - BulkStreamF ktoi enc dec -> do - key <- B.pack <$> arbitraryKey bulk - t <- B.pack <$> arbitraryText bulk - return $ stream ktoi enc dec key t - block e d key iv t = (d key iv . e key iv) t == t - stream ktoi e d key t = (fst . d iv . fst . e iv) t == t - where iv = ktoi key - -runTests = mapM_ (bulk_test . cipherBulk) supportedCiphers diff --git a/extra/Tests/Common.hs b/extra/Tests/Common.hs deleted file mode 100644 index 3739fe4..0000000 --- a/extra/Tests/Common.hs +++ /dev/null @@ -1,32 +0,0 @@ -module Tests.Common where - -import System.IO -import Test.QuickCheck -import Network.TLS (Version(..)) -import Network.TLS.Cipher -import Network.TLS.Extra - -supportedVersions :: [Version] -supportedVersions = [SSL3, TLS10, TLS11] - -supportedCiphers :: [Cipher] -supportedCiphers = - [ cipher_null_MD5 - , cipher_null_SHA1 - , cipher_AES128_SHA1 - , cipher_AES256_SHA1 - , cipher_RC4_128_MD5 - , cipher_RC4_128_SHA1 - ] - -{- main -} -myQuickCheckArgs = stdArgs - { replay = Nothing - , maxSuccess = 500 - , maxSize = 500 - } - -run_test n t = - putStr (" " ++ n ++ " ... ") >> hFlush stdout >> quickCheckWith myQuickCheckArgs t - -liftM6 f m1 m2 m3 m4 m5 m6 = do { x1 <- m1; x2 <- m2; x3 <- m3; x4 <- m4; x5 <- m5; x6 <- m6; return (f x1 x2 x3 x4 x5 x6) } diff --git a/extra/tls-extra.cabal b/extra/tls-extra.cabal deleted file mode 100644 index 90f2ac1..0000000 --- a/extra/tls-extra.cabal +++ /dev/null @@ -1,61 +0,0 @@ -Name: tls-extra -Version: 0.7.0 -Description: - a set of extra definitions, default values and helpers for tls. -License: BSD3 -License-file: LICENSE -Copyright: Vincent Hanquez -Author: Vincent Hanquez -Maintainer: Vincent Hanquez -Synopsis: TLS extra default values and helpers -Build-Type: Simple -Category: Network -stability: experimental -Cabal-Version: >=1.6 -Homepage: http://github.com/vincenthz/hs-tls - -Flag test - Description: Build unit test - Default: False - -Library - Build-Depends: base > 3 && < 5 - , tls >= 1.2.0 && < 1.3.0 - , mtl - , network >= 2.3 - , cryptohash >= 0.6 - , bytestring - , x509 - , x509-store - , cipher-rc4 - , cipher-aes >= 0.2 && < 0.3 - , crypto-pubkey >= 0.2.0 - , crypto-random - , pem >= 0.1.0 && < 0.3.0 - , time - Exposed-modules: Network.TLS.Extra - other-modules: Network.TLS.Extra.Cipher - Network.TLS.Extra.Compression - Network.TLS.Extra.File - ghc-options: -Wall -fno-warn-missing-signatures - if os(windows) - cpp-options: -DNOCERTVERIFY - -executable Tests - Main-is: Tests.hs - if flag(test) - Buildable: True - Build-Depends: base >= 3 && < 5 - , HUnit - , QuickCheck >= 2 - , bytestring - , cprng-aes >= 0.5.0 - , cipher-aes >= 0.2 && < 0.3 - else - Buildable: False - if os(windows) - cpp-options: -DNOCERTVERIFY - -source-repository head - type: git - location: git://github.com/vincenthz/hs-tls