Vincent Hanquez
1bbd893e95
use modify instead of get >>= put (and same for modifyTLS)
2010-10-05 18:48:32 +01:00
Vincent Hanquez
3c2ebe5c08
more generation of SSL block/finished values.
2010-10-05 18:48:28 +01:00
Vincent Hanquez
9c4a3a0223
use the AES rng as the TLSState rng, and generate random bytes on demand
...
client/premaster/secret random bytes are now generated by the TLSstate rng
on demand, simplifying the use of basic routines (connect/listen) and the
renegociation process.
also the AES rng is a CPRNG, compared to system.random PRNG, which
might gives a better warmer fuzzy random feeling.
2010-10-03 11:23:12 +01:00
Vincent Hanquez
6a9296727b
improve the regeneration of client and server rng datas
2010-10-03 11:01:22 +01:00
Vincent Hanquez
9641ca7c83
add prototype to processServerInfo
2010-10-03 10:32:23 +01:00
Vincent Hanquez
383cf4c021
properly handle multiple packet fragments.
...
as a bonus it cleans lots of differents part since the state machine
is inside receiving/sending code
2010-10-02 22:41:00 +01:00
Vincent Hanquez
e189f37a67
new state machine
2010-10-02 22:02:37 +01:00
Vincent Hanquez
5a6ff3abe8
take in account that we can receive multiple handshakes in the same tls fragment.
2010-10-02 10:58:41 +01:00
Vincent Hanquez
8049ad6c6f
add a way to update Digest when we have a handshaket type and the content of the header
2010-10-02 10:54:49 +01:00
Vincent Hanquez
eb3ed06af1
add TLS state machine to track that we receive correct message at the correct type
2010-10-02 10:32:29 +01:00
Vincent Hanquez
d188a180cc
refactorize receiving packet thing
2010-10-02 09:09:46 +01:00
Vincent Hanquez
f033a0d973
reorganize the way we decrypt data to be nicer.
...
as a bonus, finally check if padding is valid.
2010-09-26 20:56:51 +01:00
Vincent Hanquez
6d1e38a337
add partition3 utility
2010-09-26 20:56:47 +01:00
Vincent Hanquez
07bfcd2094
typo
2010-09-26 20:54:14 +01:00
Vincent Hanquez
cd2f8f8ee2
get a util file for some bytestring stuff
2010-09-26 18:51:23 +01:00
Vincent Hanquez
349406b64a
remove data.word
2010-09-26 16:33:39 +01:00
Vincent Hanquez
2f76b2a245
add non finished method to generate finished content for protocol < TLS10
2010-09-26 16:32:28 +01:00
Vincent Hanquez
60de6551e4
add missing signature
2010-09-26 16:07:29 +01:00
Vincent Hanquez
c664f30407
add support for SSL generation of master secret
2010-09-26 16:07:14 +01:00
Vincent Hanquez
fc4c76862c
use specified version when initiating connection.
2010-09-26 15:31:46 +01:00
Vincent Hanquez
938e8db365
remove dead field
2010-09-26 15:31:35 +01:00
Vincent Hanquez
f37b2e3bce
support TLS1.1 explicit block IV
...
despite the fact that it works, it's missing a step at key block set time,
so that we don't use the computed IV, but use a random generated one seeded by
the computed IV.
2010-09-26 14:57:35 +01:00
Vincent Hanquez
b71ea6729c
remove few more unpacking/packing
2010-09-26 10:37:20 +01:00
Vincent Hanquez
8f91009884
use strict bytestring instead of lazy bytestring.
...
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
2010-09-26 10:34:47 +01:00
Vincent Hanquez
c70736cf19
add a cap file to differenciate protocol version capabilities.
...
define 2 capabilities for hello extensions and explicit IV.
use hello extensions checking in decode / encode of clientHello
2010-09-26 08:46:09 +01:00
Vincent Hanquez
2fd8087211
remove the haskell98 dependency and switch to the random package.
2010-09-24 08:30:25 +01:00
Vincent Hanquez
663436a3cb
expose some needed modules and expose TLSClient type
...
(noticed by Michael Snoyman)
2010-09-22 18:31:42 +01:00
Vincent Hanquez
cb850131da
add a server callbacks when receiving Certificates
2010-09-20 08:45:41 +01:00
Vincent Hanquez
2fe1d7e99a
use <$> instead of fmap
2010-09-19 10:49:42 +01:00
Vincent Hanquez
8c20758158
use client callback to callback on certificate verification
2010-09-19 10:42:29 +01:00
Vincent Hanquez
31fac5df44
introduce Client Callbacks structure
2010-09-19 10:42:02 +01:00
Vincent Hanquez
abf299db36
don't try to send an empty string when there's no rsa key to encrypt with.
2010-09-18 11:00:30 +01:00
Vincent Hanquez
b289546721
gives all certificate to processCertificate, so that we can check the chain later.
2010-09-18 11:00:07 +01:00
Vincent Hanquez
f4f4968a82
change clientkeyxchg data to be a specific type
2010-09-13 21:10:25 +01:00
Vincent Hanquez
0b5a0dc548
initial import
2010-09-09 22:47:19 +01:00