hs-tls

Author	SHA1	Message	Date
Vincent Hanquez	09e32f10c7	use strict time constant version of and and bytestring == during Reception.	2011-10-02 22:15:42 +01:00
Vincent Hanquez	a3b7419f8b	Define hash structure to save some repetition	2011-08-13 12:30:36 +01:00
Vincent Hanquez	b72c6328b0	remove the keyblocksize that is redundant and easily calculated from other fields.	2011-08-13 12:04:23 +01:00
Vincent Hanquez	bd2a00782b	rename bulk functions to be prefixed by bulk not cipher	2011-08-13 11:17:51 +01:00
Vincent Hanquez	647dcb02aa	set some size to int instead of pointlessly using word8/word16	2011-08-13 11:08:29 +01:00
Vincent Hanquez	7522d87ca3	introduce a bulk object to separate the cipher object creation by chunks limit code movement by reusing the same name	2011-08-13 11:06:23 +01:00
Vincent Hanquez	3c02e9acfc	Create a record type to help type safety	2011-08-12 18:41:49 +01:00
Vincent Hanquez	c27fc6187d	properly encode/decode secure renegotiation extension	2011-06-13 08:33:14 +01:00
Vincent Hanquez	5207a41a57	reflect the fact in types that the record layer record returns list of same header type.	2011-06-10 21:24:46 +01:00
Vincent Hanquez	8329187394	fill the server hello in the server and check the return value in the client.	2011-06-07 08:28:02 +01:00
Vincent Hanquez	96e6979ed4	misc change and start to trickle through the support for secure renegotiation	2011-06-07 08:13:43 +01:00
Vincent Hanquez	d3de5de4cd	add way to store verified data and to activate/deactivate the feature	2011-06-07 07:41:31 +01:00
Vincent Hanquez	093cd2c9fb	use bytes directly instead of pointlessly unpacking it for extensions and finishedData	2011-06-06 08:16:24 +01:00
Vincent Hanquez	f74626e065	throw proper error if we receive an unexpected transition.	2011-05-13 21:40:11 +01:00
Vincent Hanquez	0582234934	cleanup for not having to use fromJust	2011-05-12 09:13:53 +01:00
Vincent Hanquez	9db7ccbfca	throw proper error for bad record mac	2011-05-12 09:13:53 +01:00
Vincent Hanquez	a435a9add1	remove unnecessary import	2011-05-12 09:13:53 +01:00
Vincent Hanquez	f464927a0b	add a structure to parametrize decoding encoding related to version, key exchange type, ...	2011-05-12 09:13:53 +01:00
Vincent Hanquez	969a62b79a	bump certificate version to 0.8.1	2011-05-09 09:15:36 +01:00
Vincent Hanquez	7cce3fca0c	use functor's <$> instead of a return construct	2011-04-24 13:39:52 +01:00
Vincent Hanquez	a1524bf673	refactor processclientkeyxchg	2011-04-24 11:34:11 +01:00
Vincent Hanquez	a7aaa3eee7	Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr	2011-04-11 19:56:43 +01:00
Vincent Hanquez	43a2ae9dae	remove language extensions not needed anymore	2011-03-01 20:01:40 +00:00
Vincent Hanquez	6a0578ad0c	simplify state manipulation separate the pure state manipulation from the monad doing the IO. add some duplicate helpers to use the new monad.	2011-03-01 20:01:40 +00:00
Vincent Hanquez	d592c7aad7	update for latest certificate 0.7	2011-02-20 17:43:10 +00:00
Vincent Hanquez	693891ad0c	add a dedicated fromJust compared to the normal fromJust, it take an extra string to report what kind of fromJust we were doing. it's quite valuable when shuffling code and assertion break. at some point, it need to be removed completely in favor of better types that better reflect the actual state on the connection.	2011-02-20 08:37:19 +00:00
Vincent Hanquez	22ea02ffe4	move to certificate >= 0.6	2011-02-20 08:35:14 +00:00
Vincent Hanquez	a78162e298	add support for ciphers without encryption.	2011-01-05 09:24:58 +00:00
Vincent Hanquez	a95dd8f45e	Generalize key exchange and use in-house RSA. Remove need for spoon, since RSA will fails gracefully. Add support for full private key format for fast decryption. Generalization of key exchange to add future support for DH, etc.	2010-11-04 19:10:00 +00:00
Vincent Hanquez	65942b945f	massive change on the RNG and add support for CryptoRandomGen use an inline AES counter system to generate random data.	2010-11-04 19:05:36 +00:00
Vincent Hanquez	a1469322e4	don't check padding content in SSL3 mode	2010-10-06 09:15:36 +01:00
Vincent Hanquez	f54be74cc4	properly encode RSA structure without extra length when doing SSL3	2010-10-06 09:11:57 +01:00
Vincent Hanquez	383cf4c021	properly handle multiple packet fragments. as a bonus it cleans lots of differents part since the state machine is inside receiving/sending code	2010-10-02 22:41:00 +01:00
Vincent Hanquez	e189f37a67	new state machine	2010-10-02 22:02:37 +01:00
Vincent Hanquez	5a6ff3abe8	take in account that we can receive multiple handshakes in the same tls fragment.	2010-10-02 10:58:41 +01:00
Vincent Hanquez	d188a180cc	refactorize receiving packet thing	2010-10-02 09:09:46 +01:00
Vincent Hanquez	f033a0d973	reorganize the way we decrypt data to be nicer. as a bonus, finally check if padding is valid.	2010-09-26 20:56:51 +01:00
Vincent Hanquez	cd2f8f8ee2	get a util file for some bytestring stuff	2010-09-26 18:51:23 +01:00
Vincent Hanquez	f37b2e3bce	support TLS1.1 explicit block IV despite the fact that it works, it's missing a step at key block set time, so that we don't use the computed IV, but use a random generated one seeded by the computed IV.	2010-09-26 14:57:35 +01:00
Vincent Hanquez	b71ea6729c	remove few more unpacking/packing	2010-09-26 10:37:20 +01:00
Vincent Hanquez	8f91009884	use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers.	2010-09-26 10:34:47 +01:00
Vincent Hanquez	2fe1d7e99a	use <$> instead of fmap	2010-09-19 10:49:42 +01:00
Vincent Hanquez	b289546721	gives all certificate to processCertificate, so that we can check the chain later.	2010-09-18 11:00:07 +01:00
Vincent Hanquez	f4f4968a82	change clientkeyxchg data to be a specific type	2010-09-13 21:10:25 +01:00
Vincent Hanquez	0b5a0dc548	initial import	2010-09-09 22:47:19 +01:00

45 commits