Vincent Hanquez
b3068deec8
add support for DSA signing and verification.
2013-12-28 15:13:43 +00:00
Vincent Hanquez
8e6a6d9456
add a credentials module
2013-12-28 15:12:14 +00:00
Vincent Hanquez
08997c96f0
default the version if not set which allow to report very early error (e.g. no cipher in common) properly
2013-12-28 15:09:25 +00:00
Vincent Hanquez
891cf168ac
add simple method to get the certificate leaf.
2013-12-28 15:07:20 +00:00
Vincent Hanquez
541d440a29
make README uptodate with the DHE-RSA support.
2013-12-14 07:12:49 +00:00
Vincent Hanquez
4bc8156372
add tests for DHE_RSA.
2013-12-11 16:40:24 +08:00
Vincent Hanquez
02dd7b8aa7
add support for DHE (only with RSA signing so far)
2013-12-11 16:39:25 +08:00
Vincent Hanquez
a223673eed
make HandshakeM an instance of Applicative.
2013-12-11 16:36:35 +08:00
Vincent Hanquez
2a09d51ba5
cleanup imports
2013-12-11 16:36:16 +08:00
Vincent Hanquez
64d2ba9cd7
add better methods for making DigitallySigned data structure and veryfying them
2013-12-11 16:34:45 +08:00
Vincent Hanquez
6d63cde8cb
change ServerDHParams to re-use the DH abstraction in Crypto.DH.
2013-12-11 16:01:55 +08:00
Vincent Hanquez
1e62ddd53f
properly account for difference of methods in key exchange.
...
still only RSA supported.
2013-12-11 16:01:07 +08:00
Vincent Hanquez
6fb2108b63
add SHA512 as defined hash
2013-12-11 15:55:58 +08:00
Vincent Hanquez
798a4b5787
move logging and hooks into a Hooks module
2013-12-11 15:55:24 +08:00
Vincent Hanquez
b234f1377f
automatically add Crypto.DH in Crypto.
2013-12-11 15:54:32 +08:00
Vincent Hanquez
0236445101
add some wrapper for DH operations.
2013-12-11 15:53:55 +08:00
Vincent Hanquez
c805734abd
use the new Crypto.Random instead of the compat Crypto.Random.API
2013-12-11 15:53:11 +08:00
Vincent Hanquez
96ae52e4cd
make clear what we're talking about in the header.
2013-12-11 15:50:35 +08:00
Vincent Hanquez
9ea497adf6
add a function to generate digitally signed structure for DHParams.
2013-12-07 17:51:57 +08:00
Vincent Hanquez
b43ef69988
rename ServerDHParams marshalling functions
2013-12-07 17:51:28 +08:00
Vincent Hanquez
692aaf01a5
add DHE-RSA ciphers and a suite.
2013-12-07 15:11:06 +08:00
Vincent Hanquez
f916fde296
add a test DHE cipher.
2013-12-07 15:10:53 +08:00
Vincent Hanquez
12c32816bc
add HashSHA1 for DSS signature for < TLS12.
2013-12-07 14:50:07 +08:00
Vincent Hanquez
d05c7a4be1
comment the reason of the existence of hashUpdateSSL.
2013-12-07 14:49:34 +08:00
Vincent Hanquez
50b56ff2cf
use the new digitallySigned structure for CertVerify.
2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac
abstract signature creation/verification
2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523
cleanup CertificateVerify signature data generation
2013-12-07 13:10:17 +08:00
Vincent Hanquez
0a032bbc27
factor some code in client certificate verify message generation.
2013-12-07 12:44:45 +08:00
Vincent Hanquez
14fe8102c8
marshall signature as digitally-signed
2013-12-07 12:10:01 +08:00
Vincent Hanquez
99608782dc
misc: remove spaces
2013-12-07 12:09:36 +08:00
Vincent Hanquez
23f4377f31
add the DigitallySigned structure to the list.
...
the structure is compatible with older "digitally-signed" constructions
of tls 1.1 and older.
2013-12-07 12:09:13 +08:00
Vincent Hanquez
1ac0cc9485
add putSignatureHashAlgorithm
2013-12-07 12:07:21 +08:00
Vincent Hanquez
887c69b6e5
move getSignatureHashAlgorithm
2013-12-07 12:07:04 +08:00
Vincent Hanquez
7e3077d23c
rewrite SKX methods to use getInteger16 and applicative style.
2013-12-07 12:06:34 +08:00
Vincent Hanquez
a03b22024b
export getInteger16/putInteger16 to serialize Integer in opaque16.
2013-12-07 12:05:41 +08:00
Vincent Hanquez
dea7eb32cf
separate some helpers and add new one.
2013-12-07 12:04:53 +08:00
Vincent Hanquez
1b905f0377
don't unpack signature. use the bytestring representation.
2013-12-05 15:36:52 +08:00
Vincent Hanquez
9ce0da72ce
add a helper module for ASN1
2013-12-05 14:51:23 +08:00
Vincent Hanquez
7ef893a45b
add some ciphers numbers in comment.
2013-12-03 16:13:11 +08:00
Vincent Hanquez
bcda5611e6
add support for pem 0.2.x
2013-12-03 15:20:56 +08:00
Vincent Hanquez
c9fbe5d58f
extend tests to allow for version downgrading by server
2013-12-03 15:20:28 +08:00
Vincent Hanquez
ef92b6c96f
Fix version usage related to downgrading
...
* properly chose the highest version supported on the server, instead of
chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
is done after the server chose the version.
2013-12-03 15:17:27 +08:00
Vincent Hanquez
c1e67f6015
add some comment about the expected values.
2013-11-29 18:45:05 +08:00
Vincent Hanquez
30fe1a8fb6
make the error message a bit more precise related to which side it happen.
2013-11-29 18:44:44 +08:00
Vincent Hanquez
245748f109
add a helper to check if a cipher is allowed to be used with some version
2013-11-29 17:01:40 +08:00
Vincent Hanquez
e5e96fb157
report a more useful error than undefined when trying to use HashSHA256 in SSL3 mode.
2013-11-29 17:00:09 +08:00
Vincent Hanquez
9883b8644f
move single exceptions into a one type to rule them all.
...
HandshakeFailed, ConnectionNotEstablished, and Terminated are now
a TLSException type. it should allow easier catching for users.
2013-11-27 15:31:45 +08:00
Vincent Hanquez
5ff812b3fa
provide a helper for catching exception without doing a catchall.
...
As a side effect, let AsyncException propagate
2013-11-27 15:08:22 +08:00
Vincent Hanquez
0870189689
add a contextNewWithSocket
2013-10-11 08:01:38 +01:00
Vincent Hanquez
e1d8e026f5
add -fwarn-tabs to tls.
2013-09-18 07:20:48 +01:00