yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
950 commits 1 branch 11 tags 1.7 MiB
Commit graph

950 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Hanquez
a111d703a4 simplify the handshake key state. 
we don't need to differentiate client/server, as a remote key will always be public and
the private key always local.
 2013-12-28 15:17:42 +00:00
Vincent Hanquez
64946c8fb8 error in serverKeyXchg with RSA. 2013-12-28 15:15:06 +00:00
Vincent Hanquez
761ba1ac5c add support for DSS signature. 2013-12-28 15:14:09 +00:00
Vincent Hanquez
b3068deec8 add support for DSA signing and verification. 2013-12-28 15:13:43 +00:00
Vincent Hanquez
8e6a6d9456 add a credentials module 2013-12-28 15:12:14 +00:00
Vincent Hanquez
08997c96f0 default the version if not set which allow to report very early error (e.g. no cipher in common) properly 2013-12-28 15:09:25 +00:00
Vincent Hanquez
891cf168ac add simple method to get the certificate leaf. 2013-12-28 15:07:20 +00:00
Vincent Hanquez
541d440a29 make README uptodate with the DHE-RSA support. 2013-12-14 07:12:49 +00:00
Vincent Hanquez
4bc8156372 add tests for DHE_RSA. 2013-12-11 16:40:24 +08:00
Vincent Hanquez
02dd7b8aa7 add support for DHE (only with RSA signing so far) 2013-12-11 16:39:25 +08:00
Vincent Hanquez
a223673eed make HandshakeM an instance of Applicative. 2013-12-11 16:36:35 +08:00
Vincent Hanquez
2a09d51ba5 cleanup imports 2013-12-11 16:36:16 +08:00
Vincent Hanquez
64d2ba9cd7 add better methods for making DigitallySigned data structure and veryfying them 2013-12-11 16:34:45 +08:00
Vincent Hanquez
6d63cde8cb change ServerDHParams to re-use the DH abstraction in Crypto.DH. 2013-12-11 16:01:55 +08:00
Vincent Hanquez
1e62ddd53f properly account for difference of methods in key exchange. 
still only RSA supported.
 2013-12-11 16:01:07 +08:00
Vincent Hanquez
6fb2108b63 add SHA512 as defined hash 2013-12-11 15:55:58 +08:00
Vincent Hanquez
798a4b5787 move logging and hooks into a Hooks module 2013-12-11 15:55:24 +08:00
Vincent Hanquez
b234f1377f automatically add Crypto.DH in Crypto. 2013-12-11 15:54:32 +08:00
Vincent Hanquez
0236445101 add some wrapper for DH operations. 2013-12-11 15:53:55 +08:00
Vincent Hanquez
c805734abd use the new Crypto.Random instead of the compat Crypto.Random.API 2013-12-11 15:53:11 +08:00
Vincent Hanquez
96ae52e4cd make clear what we're talking about in the header. 2013-12-11 15:50:35 +08:00
Vincent Hanquez
9ea497adf6 add a function to generate digitally signed structure for DHParams. 2013-12-07 17:51:57 +08:00
Vincent Hanquez
b43ef69988 rename ServerDHParams marshalling functions 2013-12-07 17:51:28 +08:00
Vincent Hanquez
692aaf01a5 add DHE-RSA ciphers and a suite. 2013-12-07 15:11:06 +08:00
Vincent Hanquez
f916fde296 add a test DHE cipher. 2013-12-07 15:10:53 +08:00
Vincent Hanquez
12c32816bc add HashSHA1 for DSS signature for < TLS12. 2013-12-07 14:50:07 +08:00
Vincent Hanquez
d05c7a4be1 comment the reason of the existence of hashUpdateSSL. 2013-12-07 14:49:34 +08:00
Vincent Hanquez
50b56ff2cf use the new digitallySigned structure for CertVerify. 2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac abstract signature creation/verification 2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523 cleanup CertificateVerify signature data generation 2013-12-07 13:10:17 +08:00
Vincent Hanquez
0a032bbc27 factor some code in client certificate verify message generation. 2013-12-07 12:44:45 +08:00
Vincent Hanquez
14fe8102c8 marshall signature as digitally-signed 2013-12-07 12:10:01 +08:00
Vincent Hanquez
99608782dc misc: remove spaces 2013-12-07 12:09:36 +08:00
Vincent Hanquez
23f4377f31 add the DigitallySigned structure to the list. 
the structure is compatible with older "digitally-signed" constructions
of tls 1.1 and older.
 2013-12-07 12:09:13 +08:00
Vincent Hanquez
1ac0cc9485 add putSignatureHashAlgorithm 2013-12-07 12:07:21 +08:00
Vincent Hanquez
887c69b6e5 move getSignatureHashAlgorithm 2013-12-07 12:07:04 +08:00
Vincent Hanquez
7e3077d23c rewrite SKX methods to use getInteger16 and applicative style. 2013-12-07 12:06:34 +08:00
Vincent Hanquez
a03b22024b export getInteger16/putInteger16 to serialize Integer in opaque16. 2013-12-07 12:05:41 +08:00
Vincent Hanquez
dea7eb32cf separate some helpers and add new one. 2013-12-07 12:04:53 +08:00
Vincent Hanquez
1b905f0377 don't unpack signature. use the bytestring representation. 2013-12-05 15:36:52 +08:00
Vincent Hanquez
9ce0da72ce add a helper module for ASN1 2013-12-05 14:51:23 +08:00
Vincent Hanquez
7ef893a45b add some ciphers numbers in comment. 2013-12-03 16:13:11 +08:00
Vincent Hanquez
bcda5611e6 add support for pem 0.2.x 2013-12-03 15:20:56 +08:00
Vincent Hanquez
c9fbe5d58f extend tests to allow for version downgrading by server 2013-12-03 15:20:28 +08:00
Vincent Hanquez
ef92b6c96f Fix version usage related to downgrading 
* properly chose the highest version supported on the server, instead of
  chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
  is done after the server chose the version.
 2013-12-03 15:17:27 +08:00
Vincent Hanquez
c1e67f6015 add some comment about the expected values. 2013-11-29 18:45:05 +08:00
Vincent Hanquez
30fe1a8fb6 make the error message a bit more precise related to which side it happen. 2013-11-29 18:44:44 +08:00
Vincent Hanquez
245748f109 add a helper to check if a cipher is allowed to be used with some version 2013-11-29 17:01:40 +08:00
Vincent Hanquez
e5e96fb157 report a more useful error than undefined when trying to use HashSHA256 in SSL3 mode. 2013-11-29 17:00:09 +08:00
Vincent Hanquez
9883b8644f move single exceptions into a one type to rule them all. 
HandshakeFailed, ConnectionNotEstablished, and Terminated are now
a TLSException type. it should allow easier catching for users.
 2013-11-27 15:31:45 +08:00