yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
245 commits 1 branch 11 tags 1.7 MiB
Commit graph

163 commits

Author SHA1 Message Date
Vincent Hanquez
273d5285c2 allow definition of client and server with different connection/operations type 2011-09-29 09:22:27 +01:00
Vincent Hanquez
dff8e03476 curry the connection 2011-09-29 09:14:02 +01:00
Vincent Hanquez
9b099fd0ff vectorized the actual connection type, so one could use Socket or Fd as long as handles. 2011-09-29 08:29:28 +01:00
Vincent Hanquez
7d6116c20b put TLS12 in default allowed versions 2011-09-29 08:27:55 +01:00
Vincent Hanquez
7d24f39c50 directly put the hash in the new empty handshake instead of using a maybe. 2011-08-17 20:50:30 +01:00
Vincent Hanquez
ba942d0c24 separate the function to get one from multiple signature hash 2011-08-17 20:47:36 +01:00
Vincent Hanquez
46f89fcb15 add a type alias for HMAC 2011-08-14 17:51:20 +01:00
Vincent Hanquez
4a54c807e0 define hashSHA256. 2011-08-14 16:18:22 +01:00
Vincent Hanquez
6d5585c74a switch to one hashctx that can contains 2 hashctx, and add a special updateSSL for SSL3. 2011-08-14 16:18:09 +01:00
Vincent Hanquez
68be94060e update hash interface to hide the state through typeclass and existentialquantification. 2011-08-14 14:34:34 +01:00
Vincent Hanquez
d5ebf32b7f in the SSL3 case, we hardcode SHA1.hash and MD5.hash instead of using the hash abstraction. 2011-08-14 14:33:26 +01:00
Vincent Hanquez
394381a2f5 define more stuff for TLS1.2 related to PRF. 2011-08-14 12:21:54 +01:00
Vincent Hanquez
77efb1076a remove commented code 2011-08-14 10:27:15 +01:00
Vincent Hanquez
a3b7419f8b Define hash structure to save some repetition 2011-08-13 12:30:36 +01:00
Vincent Hanquez
b72c6328b0 remove the keyblocksize that is redundant and easily calculated from other fields. 2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b rename bulk functions to be prefixed by bulk not cipher 2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa set some size to int instead of pointlessly using word8/word16 2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3 introduce a bulk object to separate the cipher object creation by chunks 
limit code movement by reusing the same name
 2011-08-13 11:06:23 +01:00
Vincent Hanquez
b6a1b3ed14 misc cleanup 2011-08-13 07:56:17 +01:00
Vincent Hanquez
e4a4d99528 add some TLS12 prf related defs 2011-08-12 21:57:30 +01:00
Vincent Hanquez
58e758a1ab misc cleanup 2011-08-12 20:59:14 +01:00
Vincent Hanquez
3c02e9acfc Create a record type to help type safety 2011-08-12 18:41:49 +01:00
Vincent Hanquez
06baeecea7 remove space. 2011-08-12 18:33:43 +01:00
Vincent Hanquez
84ace35a7e add an helper to use the compression context easily 2011-08-12 18:33:28 +01:00
Vincent Hanquez
abc571223a Change compression API to work properly. 
- distinguish compression from decompression
- add a context
- move from a record structure to typeclass + wrapping data for hiding the existential quantification.
 2011-08-12 18:31:58 +01:00
Vincent Hanquez
b34af4195f fix compilation error 2011-08-07 10:03:34 +01:00
Vincent Hanquez
9591a395a9 use functor <$> instead of maybe 2011-07-07 22:21:23 +01:00
Vincent Hanquez
28e04f8849 Use the encode function to encode the secure renegotiation extension. 
fix a bug on the client side when secure renegotiation is enabled on client and server.
 2011-06-19 21:23:01 +01:00
Vincent Hanquez
c27fc6187d properly encode/decode secure renegotiation extension 2011-06-13 08:33:14 +01:00
Vincent Hanquez
d2e6235410 throw proper error with partial packets and EOF 2011-06-13 08:19:29 +01:00
Vincent Hanquez
1b8474d388 create a sendClientKeyXchg 2011-06-12 21:55:22 +01:00
Vincent Hanquez
02f77a1225 set server and client parameter directly in core, not in the sending processing layer. 2011-06-12 21:42:55 +01:00
Vincent Hanquez
2d33ea3fad separate the IO operation from the decoding. 2011-06-12 21:40:02 +01:00
Vincent Hanquez
69a40eb656 use throwCore instead of error 2011-06-12 21:39:34 +01:00
Vincent Hanquez
30d52f0398 fix comment 2011-06-12 21:39:17 +01:00
Vincent Hanquez
6945147122 add label to serialize get operations 2011-06-12 21:38:42 +01:00
Vincent Hanquez
1358a2ef56 throw error if recvPacket errors instead of ignoring it. 2011-06-12 21:38:18 +01:00
Vincent Hanquez
5207a41a57 reflect the fact in types that the record layer record returns list of same header type. 2011-06-10 21:24:46 +01:00
Vincent Hanquez
f56f5d6e41 add more handling of server key xchg and dh_anon 2011-06-07 08:59:20 +01:00
Vincent Hanquez
8329187394 fill the server hello in the server and check the return value in the client. 2011-06-07 08:28:02 +01:00
Vincent Hanquez
96e6979ed4 misc change and start to trickle through the support for secure renegotiation 2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd add way to store verified data and to activate/deactivate the feature 2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb use bytes directly instead of pointlessly unpacking it for extensions and finishedData 2011-06-06 08:16:24 +01:00
Vincent Hanquez
cead67c558 add secure renegociation flag in state 2011-06-06 08:03:18 +01:00
Vincent Hanquez
03c07ce173 hello extensions can be present since SSL3 2011-06-06 07:56:10 +01:00
Vincent Hanquez
a2059de7c0 simplify decoding by just getting the remaining content 2011-06-06 07:55:09 +01:00
Vincent Hanquez
0710d44f3d code alignment 2011-06-06 07:54:40 +01:00
Vincent Hanquez
f74626e065 throw proper error if we receive an unexpected transition. 2011-05-13 21:40:11 +01:00
Vincent Hanquez
9cd0ed0515 handle exception in handshake and report to the user if the handshake has been successful or not. 2011-05-13 08:39:15 +01:00
Vincent Hanquez
6eef56c60f [SECURITY] fix TLS1.1 block cipher IV usage. 
In TLS1.1 and above, the IV is explicitely carried to the other side and
is generated from random. It doesn't come from the CBC residue.
 2011-05-13 08:10:13 +01:00