remove extra directory
This commit is contained in:
parent
7287817fae
commit
7d64ffe5a4
11 changed files with 0 additions and 635 deletions
3
extra/.gitignore
vendored
3
extra/.gitignore
vendored
|
@ -1,3 +0,0 @@
|
|||
dist
|
||||
*.o
|
||||
cabal-dev
|
|
@ -1,27 +0,0 @@
|
|||
Copyright (c) 2010-2012 Vincent Hanquez <vincent@snarc.org>
|
||||
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. Neither the name of the author nor the names of his contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
|
@ -1,17 +0,0 @@
|
|||
-- |
|
||||
-- Module : Network.TLS.Extra
|
||||
-- License : BSD-style
|
||||
-- Maintainer : Vincent Hanquez <vincent@snarc.org>
|
||||
-- Stability : experimental
|
||||
-- Portability : unknown
|
||||
--
|
||||
module Network.TLS.Extra
|
||||
(
|
||||
-- * Cipher related definition
|
||||
module Network.TLS.Extra.Cipher
|
||||
-- * File helpers
|
||||
, module Network.TLS.Extra.File
|
||||
) where
|
||||
|
||||
import Network.TLS.Extra.Cipher
|
||||
import Network.TLS.Extra.File
|
|
@ -1,388 +0,0 @@
|
|||
-- |
|
||||
-- Module : Network.TLS.Extra.Cipher
|
||||
-- License : BSD-style
|
||||
-- Maintainer : Vincent Hanquez <vincent@snarc.org>
|
||||
-- Stability : experimental
|
||||
-- Portability : unknown
|
||||
--
|
||||
{-# LANGUAGE CPP #-}
|
||||
{-# LANGUAGE PackageImports #-}
|
||||
module Network.TLS.Extra.Cipher
|
||||
(
|
||||
-- * cipher suite
|
||||
ciphersuite_all
|
||||
, ciphersuite_medium
|
||||
, ciphersuite_strong
|
||||
, ciphersuite_unencrypted
|
||||
, ciphersuite_dhe_rsa
|
||||
, ciphersuite_dhe_dss
|
||||
-- * individual ciphers
|
||||
, cipher_null_SHA1
|
||||
, cipher_null_MD5
|
||||
, cipher_RC4_128_MD5
|
||||
, cipher_RC4_128_SHA1
|
||||
, cipher_AES128_SHA1
|
||||
, cipher_AES256_SHA1
|
||||
, cipher_AES128_SHA256
|
||||
, cipher_AES256_SHA256
|
||||
, cipher_DHE_RSA_AES128_SHA1
|
||||
, cipher_DHE_RSA_AES256_SHA1
|
||||
, cipher_DHE_RSA_AES128_SHA256
|
||||
, cipher_DHE_RSA_AES256_SHA256
|
||||
, cipher_DHE_DSS_AES128_SHA1
|
||||
, cipher_DHE_DSS_AES256_SHA1
|
||||
, cipher_DHE_DSS_RC4_SHA1
|
||||
) where
|
||||
|
||||
import qualified Data.ByteString as B
|
||||
|
||||
import Network.TLS (Version(..))
|
||||
import Network.TLS.Cipher
|
||||
import qualified "cipher-rc4" Crypto.Cipher.RC4 as RC4
|
||||
|
||||
import qualified Crypto.Hash.SHA256 as SHA256
|
||||
import qualified Crypto.Hash.SHA1 as SHA1
|
||||
import qualified Crypto.Hash.MD5 as MD5
|
||||
|
||||
import qualified "cipher-aes" Crypto.Cipher.AES as AES
|
||||
|
||||
aes_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString
|
||||
aes_cbc_encrypt key iv d = AES.encryptCBC (AES.initAES key) iv d
|
||||
|
||||
aes_cbc_decrypt :: Key -> IV -> B.ByteString -> B.ByteString
|
||||
aes_cbc_decrypt key iv d = AES.decryptCBC (AES.initAES key) iv d
|
||||
|
||||
aes128_cbc_encrypt = aes_cbc_encrypt
|
||||
aes128_cbc_decrypt = aes_cbc_decrypt
|
||||
aes256_cbc_encrypt = aes_cbc_encrypt
|
||||
aes256_cbc_decrypt = aes_cbc_decrypt
|
||||
|
||||
toIV :: RC4.Ctx -> IV
|
||||
toIV (RC4.Ctx ctx) = ctx
|
||||
|
||||
toCtx :: IV -> RC4.Ctx
|
||||
toCtx iv = RC4.Ctx iv
|
||||
|
||||
initF_rc4 :: Key -> IV
|
||||
initF_rc4 key = toIV $ RC4.initCtx key
|
||||
|
||||
encryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV)
|
||||
encryptF_rc4 iv d = (\(ctx, e) -> (e, toIV ctx)) $ RC4.combine (toCtx iv) d
|
||||
|
||||
decryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV)
|
||||
decryptF_rc4 iv e = (\(ctx, d) -> (d, toIV ctx)) $ RC4.combine (toCtx iv) e
|
||||
|
||||
|
||||
-- | all encrypted ciphers supported ordered from strong to weak.
|
||||
-- this choice of ciphersuite should satisfy most normal need
|
||||
ciphersuite_all :: [Cipher]
|
||||
ciphersuite_all =
|
||||
[ cipher_DHE_RSA_AES256_SHA256, cipher_DHE_RSA_AES128_SHA256
|
||||
, cipher_DHE_RSA_AES256_SHA1, cipher_DHE_RSA_AES128_SHA1
|
||||
, cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1
|
||||
, cipher_AES128_SHA256, cipher_AES256_SHA256
|
||||
, cipher_AES128_SHA1, cipher_AES256_SHA1
|
||||
, cipher_DHE_DSS_RC4_SHA1, cipher_RC4_128_SHA1, cipher_RC4_128_MD5
|
||||
]
|
||||
|
||||
-- | list of medium ciphers.
|
||||
ciphersuite_medium :: [Cipher]
|
||||
ciphersuite_medium = [cipher_RC4_128_MD5, cipher_RC4_128_SHA1, cipher_AES128_SHA1, cipher_AES256_SHA1]
|
||||
|
||||
-- | the strongest ciphers supported.
|
||||
ciphersuite_strong :: [Cipher]
|
||||
ciphersuite_strong = [cipher_DHE_RSA_AES256_SHA256, cipher_AES256_SHA256, cipher_AES256_SHA1]
|
||||
|
||||
-- | DHE-RSA cipher suite
|
||||
ciphersuite_dhe_rsa :: [Cipher]
|
||||
ciphersuite_dhe_rsa = [cipher_DHE_RSA_AES256_SHA256, cipher_DHE_RSA_AES128_SHA256
|
||||
, cipher_DHE_RSA_AES256_SHA1, cipher_DHE_RSA_AES128_SHA1]
|
||||
|
||||
ciphersuite_dhe_dss :: [Cipher]
|
||||
ciphersuite_dhe_dss = [cipher_DHE_DSS_AES256_SHA1, cipher_DHE_DSS_AES128_SHA1, cipher_DHE_DSS_RC4_SHA1]
|
||||
|
||||
-- | all unencrypted ciphers, do not use on insecure network.
|
||||
ciphersuite_unencrypted :: [Cipher]
|
||||
ciphersuite_unencrypted = [cipher_null_MD5, cipher_null_SHA1]
|
||||
|
||||
bulk_null = Bulk
|
||||
{ bulkName = "null"
|
||||
, bulkKeySize = 0
|
||||
, bulkIVSize = 0
|
||||
, bulkBlockSize = 0
|
||||
, bulkF = BulkStreamF (const B.empty) streamId streamId
|
||||
}
|
||||
where streamId = \iv b -> (b,iv)
|
||||
|
||||
bulk_rc4 = Bulk
|
||||
{ bulkName = "RC4-128"
|
||||
, bulkKeySize = 16
|
||||
, bulkIVSize = 0
|
||||
, bulkBlockSize = 0
|
||||
, bulkF = BulkStreamF initF_rc4 encryptF_rc4 decryptF_rc4
|
||||
}
|
||||
|
||||
bulk_aes128 = Bulk
|
||||
{ bulkName = "AES128"
|
||||
, bulkKeySize = 16
|
||||
, bulkIVSize = 16
|
||||
, bulkBlockSize = 16
|
||||
, bulkF = BulkBlockF aes128_cbc_encrypt aes128_cbc_decrypt
|
||||
}
|
||||
|
||||
bulk_aes256 = Bulk
|
||||
{ bulkName = "AES256"
|
||||
, bulkKeySize = 32
|
||||
, bulkIVSize = 16
|
||||
, bulkBlockSize = 16
|
||||
, bulkF = BulkBlockF aes256_cbc_encrypt aes256_cbc_decrypt
|
||||
}
|
||||
|
||||
hash_md5 = Hash
|
||||
{ hashName = "MD5"
|
||||
, hashSize = 16
|
||||
, hashF = MD5.hash
|
||||
}
|
||||
|
||||
hash_sha1 = Hash
|
||||
{ hashName = "SHA1"
|
||||
, hashSize = 20
|
||||
, hashF = SHA1.hash
|
||||
}
|
||||
|
||||
hash_sha256 = Hash
|
||||
{ hashName = "SHA256"
|
||||
, hashSize = 32
|
||||
, hashF = SHA256.hash
|
||||
}
|
||||
|
||||
-- | unencrypted cipher using RSA for key exchange and MD5 for digest
|
||||
cipher_null_MD5 :: Cipher
|
||||
cipher_null_MD5 = Cipher
|
||||
{ cipherID = 0x1
|
||||
, cipherName = "RSA-null-MD5"
|
||||
, cipherBulk = bulk_null
|
||||
, cipherHash = hash_md5
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Nothing
|
||||
}
|
||||
|
||||
-- | unencrypted cipher using RSA for key exchange and SHA1 for digest
|
||||
cipher_null_SHA1 :: Cipher
|
||||
cipher_null_SHA1 = Cipher
|
||||
{ cipherID = 0x2
|
||||
, cipherName = "RSA-null-SHA1"
|
||||
, cipherBulk = bulk_null
|
||||
, cipherHash = hash_sha1
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Nothing
|
||||
}
|
||||
|
||||
-- | RC4 cipher, RSA key exchange and MD5 for digest
|
||||
cipher_RC4_128_MD5 :: Cipher
|
||||
cipher_RC4_128_MD5 = Cipher
|
||||
{ cipherID = 0x04
|
||||
, cipherName = "RSA-rc4-128-md5"
|
||||
, cipherBulk = bulk_rc4
|
||||
, cipherHash = hash_md5
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Nothing
|
||||
}
|
||||
|
||||
-- | RC4 cipher, RSA key exchange and SHA1 for digest
|
||||
cipher_RC4_128_SHA1 :: Cipher
|
||||
cipher_RC4_128_SHA1 = Cipher
|
||||
{ cipherID = 0x05
|
||||
, cipherName = "RSA-rc4-128-sha1"
|
||||
, cipherBulk = bulk_rc4
|
||||
, cipherHash = hash_sha1
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Nothing
|
||||
}
|
||||
|
||||
-- | AES cipher (128 bit key), RSA key exchange and SHA1 for digest
|
||||
cipher_AES128_SHA1 :: Cipher
|
||||
cipher_AES128_SHA1 = Cipher
|
||||
{ cipherID = 0x2f
|
||||
, cipherName = "RSA-aes128-sha1"
|
||||
, cipherBulk = bulk_aes128
|
||||
, cipherHash = hash_sha1
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Just SSL3
|
||||
}
|
||||
|
||||
-- | AES cipher (256 bit key), RSA key exchange and SHA1 for digest
|
||||
cipher_AES256_SHA1 :: Cipher
|
||||
cipher_AES256_SHA1 = Cipher
|
||||
{ cipherID = 0x35
|
||||
, cipherName = "RSA-aes256-sha1"
|
||||
, cipherBulk = bulk_aes256
|
||||
, cipherHash = hash_sha1
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Just SSL3
|
||||
}
|
||||
|
||||
-- | AES cipher (128 bit key), RSA key exchange and SHA256 for digest
|
||||
cipher_AES128_SHA256 :: Cipher
|
||||
cipher_AES128_SHA256 = Cipher
|
||||
{ cipherID = 0x3c
|
||||
, cipherName = "RSA-aes128-sha256"
|
||||
, cipherBulk = bulk_aes128
|
||||
, cipherHash = hash_sha256
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Just TLS12
|
||||
}
|
||||
|
||||
-- | AES cipher (256 bit key), RSA key exchange and SHA256 for digest
|
||||
cipher_AES256_SHA256 :: Cipher
|
||||
cipher_AES256_SHA256 = Cipher
|
||||
{ cipherID = 0x3d
|
||||
, cipherName = "RSA-aes256-sha256"
|
||||
, cipherBulk = bulk_aes256
|
||||
, cipherHash = hash_sha256
|
||||
, cipherKeyExchange = CipherKeyExchange_RSA
|
||||
, cipherMinVer = Just TLS12
|
||||
}
|
||||
|
||||
-- | AES cipher (128 bit key), DHE key exchanged signed by RSA and SHA1 for digest
|
||||
cipher_DHE_RSA_AES128_SHA1 :: Cipher
|
||||
cipher_DHE_RSA_AES128_SHA1 = Cipher
|
||||
{ cipherID = 0x33
|
||||
, cipherName = "DHE-RSA-AES128-SHA1"
|
||||
, cipherBulk = bulk_aes128
|
||||
, cipherHash = hash_sha1
|
||||
, cipherKeyExchange = CipherKeyExchange_DHE_RSA
|
||||
, cipherMinVer = Nothing
|
||||
}
|
||||
|
||||
-- | AES cipher (256 bit key), DHE key exchanged signed by RSA and SHA1 for digest
|
||||
cipher_DHE_RSA_AES256_SHA1 :: Cipher
|
||||
cipher_DHE_RSA_AES256_SHA1 = cipher_DHE_RSA_AES128_SHA1
|
||||
{ cipherID = 0x39
|
||||
, cipherName = "DHE-RSA-AES256-SHA1"
|
||||
, cipherBulk = bulk_aes256
|
||||
}
|
||||
|
||||
-- | AES cipher (128 bit key), DHE key exchanged signed by DSA and SHA1 for digest
|
||||
cipher_DHE_DSS_AES128_SHA1 :: Cipher
|
||||
cipher_DHE_DSS_AES128_SHA1 = Cipher
|
||||
{ cipherID = 0x32
|
||||
, cipherName = "DHE-DSA-AES128-SHA1"
|
||||
, cipherBulk = bulk_aes128
|
||||
, cipherHash = hash_sha1
|
||||
, cipherKeyExchange = CipherKeyExchange_DHE_DSS
|
||||
, cipherMinVer = Nothing
|
||||
}
|
||||
|
||||
-- | AES cipher (256 bit key), DHE key exchanged signed by DSA and SHA1 for digest
|
||||
cipher_DHE_DSS_AES256_SHA1 :: Cipher
|
||||
cipher_DHE_DSS_AES256_SHA1 = cipher_DHE_DSS_AES128_SHA1
|
||||
{ cipherID = 0x38
|
||||
, cipherName = "DHE-DSA-AES256-SHA1"
|
||||
, cipherBulk = bulk_aes256
|
||||
}
|
||||
|
||||
cipher_DHE_DSS_RC4_SHA1 :: Cipher
|
||||
cipher_DHE_DSS_RC4_SHA1 = cipher_DHE_DSS_AES128_SHA1
|
||||
{ cipherID = 0x66
|
||||
, cipherName = "DHE-DSA-RC4-SHA1"
|
||||
, cipherBulk = bulk_rc4
|
||||
}
|
||||
|
||||
cipher_DHE_RSA_AES128_SHA256 :: Cipher
|
||||
cipher_DHE_RSA_AES128_SHA256 = cipher_DHE_RSA_AES128_SHA1
|
||||
{ cipherID = 0x67
|
||||
, cipherName = "DHE-RSA-AES128-SHA256"
|
||||
, cipherHash = hash_sha256
|
||||
, cipherMinVer = Just TLS12
|
||||
}
|
||||
|
||||
cipher_DHE_RSA_AES256_SHA256 :: Cipher
|
||||
cipher_DHE_RSA_AES256_SHA256 = cipher_DHE_RSA_AES128_SHA256
|
||||
{ cipherID = 0x6b
|
||||
, cipherName = "DHE-RSA-AES256-SHA256"
|
||||
, cipherBulk = bulk_aes256
|
||||
}
|
||||
|
||||
|
||||
{-
|
||||
TLS 1.0 ciphers definition
|
||||
|
||||
CipherSuite TLS_NULL_WITH_NULL_NULL = { 0x00,0x00 };
|
||||
CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00,0x01 };
|
||||
CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00,0x02 };
|
||||
CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
|
||||
CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00,0x04 };
|
||||
CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00,0x05 };
|
||||
CipherSuite TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0x00,0x06 };
|
||||
CipherSuite TLS_RSA_WITH_IDEA_CBC_SHA = { 0x00,0x07 };
|
||||
CipherSuite TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x08 };
|
||||
CipherSuite TLS_RSA_WITH_DES_CBC_SHA = { 0x00,0x09 };
|
||||
CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0A };
|
||||
CipherSuite TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0B };
|
||||
CipherSuite TLS_DH_DSS_WITH_DES_CBC_SHA = { 0x00,0x0C };
|
||||
CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x0D };
|
||||
CipherSuite TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x0E };
|
||||
CipherSuite TLS_DH_RSA_WITH_DES_CBC_SHA = { 0x00,0x0F };
|
||||
CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x10 };
|
||||
CipherSuite TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x11 };
|
||||
CipherSuite TLS_DHE_DSS_WITH_DES_CBC_SHA = { 0x00,0x12 };
|
||||
CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00,0x13 };
|
||||
CipherSuite TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x14 };
|
||||
CipherSuite TLS_DHE_RSA_WITH_DES_CBC_SHA = { 0x00,0x15 };
|
||||
CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00,0x16 };
|
||||
CipherSuite TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x17 };
|
||||
CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00,0x18 };
|
||||
CipherSuite TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA = { 0x00,0x19 };
|
||||
CipherSuite TLS_DH_anon_WITH_DES_CBC_SHA = { 0x00,0x1A };
|
||||
CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00,0x1B };
|
||||
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA {0x00,0x33}
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA {0x00,0x39}
|
||||
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 {0x00,0x67}
|
||||
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 {0x00,0x6B}
|
||||
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 {0x00,0x9E}
|
||||
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 {0x00,0x9F}
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA {0x00,0x45}
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA {0x00,0x88}
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 {0x00,0xBE}
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 {0x00,0xC4}
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 {0x00,0x7C}
|
||||
TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA256 {0x00,0x7D}
|
||||
TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA {0x00,0x16}
|
||||
TLS-DHE-RSA-WITH-DES-CBC-SHA {0x00,0x15}
|
||||
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA {0xC0,0x13}
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA {0xC0,0x14}
|
||||
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 {0xC0,0x27}
|
||||
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 {0xC0,0x28}
|
||||
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 {0xC0,0x2F}
|
||||
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 {0xC0,0x30}
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 {0xC0,0x76}
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 {0xC0,0x77}
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 {0xC0,0x8A}
|
||||
TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 {0xC0,0x8B}
|
||||
TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA {0xC0,0x12}
|
||||
TLS-ECDHE-RSA-WITH-RC4-128-SHA {0xC0,0x11}
|
||||
TLS-ECDHE-RSA-WITH-NULL-SHA {0xC0,0x10}
|
||||
|
||||
TLS-PSK-WITH-RC4-128-SHA {0x00,0x8A}
|
||||
TLS-PSK-WITH-3DES-EDE-CBC-SHA {0x00,0x8B}
|
||||
TLS-PSK-WITH-AES-128-CBC-SHA {0x00,0x8C}
|
||||
TLS-PSK-WITH-AES-256-CBC-SHA {0x00,0x8D}
|
||||
TLS-PSK-WITH-AES-128-CBC-SHA256 {0x00,0xAE}
|
||||
TLS-PSK-WITH-AES-256-CBC-SHA384 {0x00,0xAF}
|
||||
TLS-PSK-WITH-AES-128-GCM-SHA256 {0x00,0xA8}
|
||||
TLS-PSK-WITH-AES-256-GCM-SHA384 {0x00,0xA9}
|
||||
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 {0xC0,0x94}
|
||||
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 {0xC0,0x95}
|
||||
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 {0xC0,0x8D}
|
||||
TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 {0xC0,0x8F}
|
||||
TLS-PSK-WITH-NULL-SHA {0x00,0x2C}
|
||||
TLS-PSK-WITH-NULL-SHA256 {0x00,0xB4}
|
||||
TLS-PSK-WITH-NULL-SHA384 {0x00,0xB5}
|
||||
|
||||
best ciphers suite description:
|
||||
<http://www.thesprawl.org/research/tls-and-ssl-cipher-suites/>
|
||||
|
||||
-}
|
|
@ -1,12 +0,0 @@
|
|||
-- |
|
||||
-- Module : Network.TLS.Extra.Compression
|
||||
-- License : BSD-style
|
||||
-- Maintainer : Vincent Hanquez <vincent@snarc.org>
|
||||
-- Stability : experimental
|
||||
-- Portability : unknown
|
||||
--
|
||||
module Network.TLS.Extra.Compression
|
||||
(
|
||||
) where
|
||||
|
||||
--import Network.TLS.Compression
|
|
@ -1,50 +0,0 @@
|
|||
-- |
|
||||
-- Module : Network.TLS.Extra.File
|
||||
-- License : BSD-style
|
||||
-- Maintainer : Vincent Hanquez <vincent@snarc.org>
|
||||
-- Stability : experimental
|
||||
-- Portability : unknown
|
||||
--
|
||||
-- Simple helpers to load private key and certificate files
|
||||
-- to be handled by the TLS stack
|
||||
module Network.TLS.Extra.File
|
||||
( fileReadCertificate
|
||||
, fileReadCertificateChain
|
||||
, fileReadPrivateKey
|
||||
) where
|
||||
|
||||
import Control.Applicative ((<$>))
|
||||
import Data.X509.File
|
||||
import Data.X509
|
||||
|
||||
-- | read one X509 certificate from a file.
|
||||
--
|
||||
-- the certificate must be in the usual PEM format
|
||||
--
|
||||
-- If no valid PEM encoded certificate is found in the file
|
||||
-- this function will raise an error.
|
||||
fileReadCertificate :: FilePath -> IO SignedCertificate
|
||||
fileReadCertificate filepath = headError <$> readSignedObject filepath
|
||||
where headError [] = error ("read certificate: not found in " ++ show filepath)
|
||||
headError (x:_) = x
|
||||
|
||||
-- | read a CertificateChain from a file.
|
||||
--
|
||||
-- No checks are performed on the chain itself for validity or consistency.
|
||||
--
|
||||
-- the expected format is the list of PEM encoded signed certificate,
|
||||
-- with the first one being the subject of the chain.
|
||||
--
|
||||
fileReadCertificateChain :: FilePath -> IO CertificateChain
|
||||
fileReadCertificateChain filepath = CertificateChain <$> readSignedObject filepath
|
||||
|
||||
-- | read one private key from a file.
|
||||
--
|
||||
-- the private key must be in the usual PEM format
|
||||
--
|
||||
-- If no valid PEM encoded private key is found in the file
|
||||
-- this function will raise an error.
|
||||
fileReadPrivateKey :: FilePath -> IO PrivKey
|
||||
fileReadPrivateKey filepath = headError <$> readKeyFile filepath
|
||||
where headError [] = error ("read private key: no key found in " ++ show filepath)
|
||||
headError (x:_) = x
|
|
@ -1,2 +0,0 @@
|
|||
import Distribution.Simple
|
||||
main = defaultMain
|
|
@ -1,3 +0,0 @@
|
|||
import qualified Tests.Ciphers as Ciphers
|
||||
|
||||
main = Ciphers.runTests
|
|
@ -1,40 +0,0 @@
|
|||
module Tests.Ciphers
|
||||
( runTests
|
||||
) where
|
||||
|
||||
import Data.Word
|
||||
import Control.Applicative ((<$>))
|
||||
|
||||
import Tests.Common
|
||||
import Test.QuickCheck
|
||||
|
||||
import qualified Data.ByteString as B
|
||||
import Network.TLS.Cipher
|
||||
|
||||
arbitraryKey :: Bulk -> Gen [Word8]
|
||||
arbitraryKey bulk = vector (fromIntegral $ bulkKeySize bulk)
|
||||
|
||||
arbitraryIV :: Bulk -> Gen [Word8]
|
||||
arbitraryIV bulk = vector (fromIntegral $ bulkIVSize bulk)
|
||||
|
||||
arbitraryText :: Bulk -> Gen [Word8]
|
||||
arbitraryText bulk = vector (fromIntegral $ bulkBlockSize bulk)
|
||||
|
||||
bulk_test bulk = run_test n t
|
||||
where
|
||||
n = ("bulk: " ++ bulkName bulk ++ ": decrypt . encrypt = id")
|
||||
t = case bulkF bulk of
|
||||
BulkBlockF enc dec -> do
|
||||
key <- B.pack <$> arbitraryKey bulk
|
||||
iv <- B.pack <$> arbitraryIV bulk
|
||||
t <- B.pack <$> arbitraryText bulk
|
||||
return $ block enc dec key iv t
|
||||
BulkStreamF ktoi enc dec -> do
|
||||
key <- B.pack <$> arbitraryKey bulk
|
||||
t <- B.pack <$> arbitraryText bulk
|
||||
return $ stream ktoi enc dec key t
|
||||
block e d key iv t = (d key iv . e key iv) t == t
|
||||
stream ktoi e d key t = (fst . d iv . fst . e iv) t == t
|
||||
where iv = ktoi key
|
||||
|
||||
runTests = mapM_ (bulk_test . cipherBulk) supportedCiphers
|
|
@ -1,32 +0,0 @@
|
|||
module Tests.Common where
|
||||
|
||||
import System.IO
|
||||
import Test.QuickCheck
|
||||
import Network.TLS (Version(..))
|
||||
import Network.TLS.Cipher
|
||||
import Network.TLS.Extra
|
||||
|
||||
supportedVersions :: [Version]
|
||||
supportedVersions = [SSL3, TLS10, TLS11]
|
||||
|
||||
supportedCiphers :: [Cipher]
|
||||
supportedCiphers =
|
||||
[ cipher_null_MD5
|
||||
, cipher_null_SHA1
|
||||
, cipher_AES128_SHA1
|
||||
, cipher_AES256_SHA1
|
||||
, cipher_RC4_128_MD5
|
||||
, cipher_RC4_128_SHA1
|
||||
]
|
||||
|
||||
{- main -}
|
||||
myQuickCheckArgs = stdArgs
|
||||
{ replay = Nothing
|
||||
, maxSuccess = 500
|
||||
, maxSize = 500
|
||||
}
|
||||
|
||||
run_test n t =
|
||||
putStr (" " ++ n ++ " ... ") >> hFlush stdout >> quickCheckWith myQuickCheckArgs t
|
||||
|
||||
liftM6 f m1 m2 m3 m4 m5 m6 = do { x1 <- m1; x2 <- m2; x3 <- m3; x4 <- m4; x5 <- m5; x6 <- m6; return (f x1 x2 x3 x4 x5 x6) }
|
|
@ -1,61 +0,0 @@
|
|||
Name: tls-extra
|
||||
Version: 0.7.0
|
||||
Description:
|
||||
a set of extra definitions, default values and helpers for tls.
|
||||
License: BSD3
|
||||
License-file: LICENSE
|
||||
Copyright: Vincent Hanquez <vincent@snarc.org>
|
||||
Author: Vincent Hanquez <vincent@snarc.org>
|
||||
Maintainer: Vincent Hanquez <vincent@snarc.org>
|
||||
Synopsis: TLS extra default values and helpers
|
||||
Build-Type: Simple
|
||||
Category: Network
|
||||
stability: experimental
|
||||
Cabal-Version: >=1.6
|
||||
Homepage: http://github.com/vincenthz/hs-tls
|
||||
|
||||
Flag test
|
||||
Description: Build unit test
|
||||
Default: False
|
||||
|
||||
Library
|
||||
Build-Depends: base > 3 && < 5
|
||||
, tls >= 1.2.0 && < 1.3.0
|
||||
, mtl
|
||||
, network >= 2.3
|
||||
, cryptohash >= 0.6
|
||||
, bytestring
|
||||
, x509
|
||||
, x509-store
|
||||
, cipher-rc4
|
||||
, cipher-aes >= 0.2 && < 0.3
|
||||
, crypto-pubkey >= 0.2.0
|
||||
, crypto-random
|
||||
, pem >= 0.1.0 && < 0.3.0
|
||||
, time
|
||||
Exposed-modules: Network.TLS.Extra
|
||||
other-modules: Network.TLS.Extra.Cipher
|
||||
Network.TLS.Extra.Compression
|
||||
Network.TLS.Extra.File
|
||||
ghc-options: -Wall -fno-warn-missing-signatures
|
||||
if os(windows)
|
||||
cpp-options: -DNOCERTVERIFY
|
||||
|
||||
executable Tests
|
||||
Main-is: Tests.hs
|
||||
if flag(test)
|
||||
Buildable: True
|
||||
Build-Depends: base >= 3 && < 5
|
||||
, HUnit
|
||||
, QuickCheck >= 2
|
||||
, bytestring
|
||||
, cprng-aes >= 0.5.0
|
||||
, cipher-aes >= 0.2 && < 0.3
|
||||
else
|
||||
Buildable: False
|
||||
if os(windows)
|
||||
cpp-options: -DNOCERTVERIFY
|
||||
|
||||
source-repository head
|
||||
type: git
|
||||
location: git://github.com/vincenthz/hs-tls
|
Loading…
Reference in a new issue