yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
991 commits 1 branch 11 tags 1.7 MiB
Commit graph

219 commits

Author SHA1 Message Date
Vincent Hanquez
6d63cde8cb change ServerDHParams to re-use the DH abstraction in Crypto.DH. 2013-12-11 16:01:55 +08:00
Vincent Hanquez
1e62ddd53f properly account for difference of methods in key exchange. 
still only RSA supported.
 2013-12-11 16:01:07 +08:00
Vincent Hanquez
6fb2108b63 add SHA512 as defined hash 2013-12-11 15:55:58 +08:00
Vincent Hanquez
798a4b5787 move logging and hooks into a Hooks module 2013-12-11 15:55:24 +08:00
Vincent Hanquez
b234f1377f automatically add Crypto.DH in Crypto. 2013-12-11 15:54:32 +08:00
Vincent Hanquez
0236445101 add some wrapper for DH operations. 2013-12-11 15:53:55 +08:00
Vincent Hanquez
c805734abd use the new Crypto.Random instead of the compat Crypto.Random.API 2013-12-11 15:53:11 +08:00
Vincent Hanquez
96ae52e4cd make clear what we're talking about in the header. 2013-12-11 15:50:35 +08:00
Vincent Hanquez
9ea497adf6 add a function to generate digitally signed structure for DHParams. 2013-12-07 17:51:57 +08:00
Vincent Hanquez
b43ef69988 rename ServerDHParams marshalling functions 2013-12-07 17:51:28 +08:00
Vincent Hanquez
12c32816bc add HashSHA1 for DSS signature for < TLS12. 2013-12-07 14:50:07 +08:00
Vincent Hanquez
d05c7a4be1 comment the reason of the existence of hashUpdateSSL. 2013-12-07 14:49:34 +08:00
Vincent Hanquez
50b56ff2cf use the new digitallySigned structure for CertVerify. 2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac abstract signature creation/verification 2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523 cleanup CertificateVerify signature data generation 2013-12-07 13:10:17 +08:00
Vincent Hanquez
0a032bbc27 factor some code in client certificate verify message generation. 2013-12-07 12:44:45 +08:00
Vincent Hanquez
14fe8102c8 marshall signature as digitally-signed 2013-12-07 12:10:01 +08:00
Vincent Hanquez
99608782dc misc: remove spaces 2013-12-07 12:09:36 +08:00
Vincent Hanquez
23f4377f31 add the DigitallySigned structure to the list. 
the structure is compatible with older "digitally-signed" constructions
of tls 1.1 and older.
 2013-12-07 12:09:13 +08:00
Vincent Hanquez
1ac0cc9485 add putSignatureHashAlgorithm 2013-12-07 12:07:21 +08:00
Vincent Hanquez
887c69b6e5 move getSignatureHashAlgorithm 2013-12-07 12:07:04 +08:00
Vincent Hanquez
7e3077d23c rewrite SKX methods to use getInteger16 and applicative style. 2013-12-07 12:06:34 +08:00
Vincent Hanquez
a03b22024b export getInteger16/putInteger16 to serialize Integer in opaque16. 2013-12-07 12:05:41 +08:00
Vincent Hanquez
dea7eb32cf separate some helpers and add new one. 2013-12-07 12:04:53 +08:00
Vincent Hanquez
1b905f0377 don't unpack signature. use the bytestring representation. 2013-12-05 15:36:52 +08:00
Vincent Hanquez
9ce0da72ce add a helper module for ASN1 2013-12-05 14:51:23 +08:00
Vincent Hanquez
ef92b6c96f Fix version usage related to downgrading 
* properly chose the highest version supported on the server, instead of
  chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
  is done after the server chose the version.
 2013-12-03 15:17:27 +08:00
Vincent Hanquez
c1e67f6015 add some comment about the expected values. 2013-11-29 18:45:05 +08:00
Vincent Hanquez
30fe1a8fb6 make the error message a bit more precise related to which side it happen. 2013-11-29 18:44:44 +08:00
Vincent Hanquez
245748f109 add a helper to check if a cipher is allowed to be used with some version 2013-11-29 17:01:40 +08:00
Vincent Hanquez
e5e96fb157 report a more useful error than undefined when trying to use HashSHA256 in SSL3 mode. 2013-11-29 17:00:09 +08:00
Vincent Hanquez
9883b8644f move single exceptions into a one type to rule them all. 
HandshakeFailed, ConnectionNotEstablished, and Terminated are now
a TLSException type. it should allow easier catching for users.
 2013-11-27 15:31:45 +08:00
Vincent Hanquez
5ff812b3fa provide a helper for catching exception without doing a catchall. 
As a side effect, let AsyncException propagate
 2013-11-27 15:08:22 +08:00
Vincent Hanquez
0870189689 add a contextNewWithSocket 2013-10-11 08:01:38 +01:00
Vincent Hanquez
982a484598 move to crypto-random 2013-09-01 07:42:43 +01:00
Vincent Hanquez
77abffceb3 add some reading and rw locks. 2013-09-01 07:36:08 +01:00
Vincent Hanquez
5836669878 remove unnecessary MonadIO parametrization 2013-08-01 07:52:42 +00:00
Vincent Hanquez
be34ed350e remove unnecessary parametrization 2013-08-01 07:49:20 +00:00
Vincent Hanquez
bd0ad2169e move handshake state out of state 2013-08-01 07:47:40 +00:00
Vincent Hanquez
896832d93d separate state from handshake state 2013-08-01 07:43:48 +00:00
Vincent Hanquez
d69c9190b5 push down the context to key operation 2013-08-01 07:35:42 +00:00
Vincent Hanquez
64f60bb715 repair getSessionData and move to handshake layer 2013-08-01 07:32:27 +00:00
Vincent Hanquez
0b6e6ef0e3 move startHandshake in the handshake layer 2013-08-01 07:24:18 +00:00
Vincent Hanquez
e78dccb635 use HandshakeState directly without grabbing the TLSState 2013-08-01 07:12:54 +00:00
Vincent Hanquez
0bd12162d3 remove assert and cleanup imports 2013-08-01 08:06:31 +01:00
Vincent Hanquez
7994f4ba27 move tx state into a mvar in the context. 2013-08-01 08:05:03 +01:00
Vincent Hanquez
49ff6e933c remove Rx state from general state. 
move RxState as a mutable mvar in the context directly.
 2013-07-30 08:58:58 +01:00
Vincent Hanquez
6ff5e692d0 remove unnecessary imports 2013-07-30 08:58:26 +01:00
Vincent Hanquez
dc5fd93f6b add fmapEither for cleaning some boilerplate. 
Don't use fmap directly as some older version of base has not defined
fmap for either. remove in couple of years.
 2013-07-30 08:57:14 +01:00
Vincent Hanquez
7eaf8c316e move more context in processHandshake 2013-07-30 06:14:09 +01:00
Vincent Hanquez
8735cbba4f move some functions out of line of handshakeClient 2013-07-29 07:19:13 +01:00
Vincent Hanquez
4b2f07c7fa simplify the number of usingState call by grouping stuff. 
also remove pointless and confusing processing helper
 2013-07-28 15:22:17 +01:00
Vincent Hanquez
c2aed77413 add comment for onServerHello 2013-07-28 15:07:06 +01:00
Vincent Hanquez
4b48f2042a correct module description 2013-07-28 09:20:45 +01:00
Vincent Hanquez
a7724353f4 move handshake stuff in Handshake layer. 2013-07-28 09:19:28 +01:00
Vincent Hanquez
00dcd06dc1 disable sslv2 flag when it's on, not all the time unnecessarily 2013-07-28 07:41:36 +01:00
Vincent Hanquez
a9e6d6c0bf add comment, and reindent recvRecord 2013-07-28 07:41:20 +01:00
Vincent Hanquez
07c5d41fd8 add a TLSSt wrapper for RNG operations 2013-07-28 07:32:44 +01:00
Vincent Hanquez
c252ed8f49 cleanup record layer 2013-07-27 08:32:27 +01:00
Vincent Hanquez
e2d5170af7 Separate tx/rx state from a single RecordState 
unroll a reader/state/error monad into a single simple monad,
and move back version and client context in state.
 2013-07-25 21:53:32 +01:00
Vincent Hanquez
e3b3483560 move random gen back into state 2013-07-24 17:35:57 +01:00
Vincent Hanquez
4a9389c5c2 remove the need to pass the RNG in record engage. 2013-07-24 07:19:13 +00:00
Vincent Hanquez
bcc53155f1 create pure function with explicit parameter for computeDigest 2013-07-24 06:41:31 +00:00
Vincent Hanquez
4a337378d8 remove commented import 2013-07-24 06:40:08 +00:00
Vincent Hanquez
f59804f459 move processServerHello in Handshake 2013-07-24 05:50:56 +00:00
Vincent Hanquez
f9ae636351 move getHandshakeDigest in HandshakeM 2013-07-23 07:39:52 +00:00
Vincent Hanquez
37ef6af6e8 use more Role type instead of Bool 2013-07-23 07:14:48 +00:00
Vincent Hanquez
acc670e30e more cleanup / separation with handshake state. 2013-07-23 07:30:13 +00:00
Vincent Hanquez
1b530dc5f4 remove getMasterSecret accessor 2013-07-23 05:51:44 +00:00
Vincent Hanquez
0728bd86d8 move setMasterSecret and setKeyBlock to the handshake layer. 2013-07-23 05:36:42 +00:00
Vincent Hanquez
0e11f63033 move pending cipher and compression in the handshake state 
adjust code to cope
 2013-07-22 07:35:53 +00:00
Vincent Hanquez
7489fdbbec explicitly pass role and version to setMasterSecret and derivative 2013-07-22 07:54:35 +01:00
Vincent Hanquez
5ca744a8bf move to a proper role type for client|server 2013-07-21 10:16:01 +01:00
Vincent Hanquez
dd30cc05b0 remove commented code. 2013-07-21 09:35:44 +01:00
Vincent Hanquez
219599f392 update doc and comments, and reorganize slightly code 2013-07-21 06:54:12 +01:00
Vincent Hanquez
ab79b29b22 inline postprocessRecord 2013-07-20 16:09:16 +01:00
Vincent Hanquez
323e51c04e remove preprocessPacket and inline the content when the content is Handshakes 2013-07-20 16:07:07 +01:00
Vincent Hanquez
199de057c3 separate more handshake state from other state. 
reorganize pending state in record state.
 2013-07-20 08:21:52 +01:00
Vincent Hanquez
7ecc341af6 move more stuff in the HandshakeM 2013-07-20 07:18:16 +01:00
Vincent Hanquez
849f87c8ea move some handshake function to HandshakeM 2013-07-19 07:47:54 +01:00
Vincent Hanquez
fc693ee99f add accessor from context and state to HandshakeM 2013-07-19 07:47:33 +01:00
Vincent Hanquez
065cc4b43d remove Error monad in handshake state. 2013-07-19 07:46:09 +01:00
Vincent Hanquez
f2203d55df remove alias TLSHandshakeState 2013-07-19 07:05:37 +01:00
Vincent Hanquez
590cd35e4e add signatures 2013-07-19 07:05:31 +01:00
Vincent Hanquez
660f15f616 better separate tx/rx into transmission state objects 2013-07-19 06:45:02 +01:00
Vincent Hanquez
c498b95512 reorder fields 2013-07-18 07:53:57 +01:00
Vincent Hanquez
c5d10c527c re-align fields in handshake state stuff 2013-07-18 07:34:05 +01:00
Vincent Hanquez
f231253d6f rename CryptState and MACState 2013-07-18 07:32:08 +01:00
Vincent Hanquez
8f83319fae separate handshake state from state. 2013-07-18 07:19:05 +01:00
Vincent Hanquez
8f99c325fb separate tx/rx compression and pending compression. 
Fix issue with compression being turn on for tx and rx at the same time,
and also at too early at the hello message instead of change cipher.
 2013-07-18 07:18:38 +01:00
Vincent Hanquez
78535ff8c3 set MacState as a newtype 2013-07-13 09:11:03 +01:00
Vincent Hanquez
4f66742d8b more too much flexibility 2013-07-13 08:37:37 +01:00
Vincent Hanquez
4e86ffee28 split record state from state. 2013-07-13 08:03:25 +01:00
Vincent Hanquez
62a1b29fbe remove old commented code 2013-07-12 07:45:16 +01:00
Vincent Hanquez
fb8629a807 re-indent 2013-07-12 07:27:28 +01:00
Vincent Hanquez
67f01872dd re-indent 2013-07-12 06:54:47 +01:00
Vincent Hanquez
5d69715a50 correct mismerge 2013-07-11 10:27:24 +01:00
Vincent Hanquez
df524de618 add some locks. unused for now 2013-07-11 09:06:10 +01:00
Vincent Hanquez
c132b4cb8b first stab at separating record state from other state. 2013-07-11 09:03:33 +01:00
Vincent Hanquez
b025e616e4 re-indent record layer 2013-07-10 08:48:49 +00:00