hs-tls

Author	SHA1	Message	Date
Vincent Hanquez	d787160713	rename connect in client module to initiate. add a deprecated pragma for connect and keep it for compatibility	2010-11-28 10:30:05 +00:00
Vincent Hanquez	d061b37730	remove RandomGen generator and provide a reseed functions to regenerate the RNG.	2010-11-07 10:19:12 +00:00
Vincent Hanquez	a95dd8f45e	Generalize key exchange and use in-house RSA. Remove need for spoon, since RSA will fails gracefully. Add support for full private key format for fast decryption. Generalization of key exchange to add future support for DH, etc.	2010-11-04 19:10:00 +00:00
Vincent Hanquez	65942b945f	massive change on the RNG and add support for CryptoRandomGen use an inline AES counter system to generate random data.	2010-11-04 19:05:36 +00:00
Vincent Hanquez	863c09e0d4	put the throwError inside the runGet instead of outside. related to a monad either overlapping report.	2010-11-03 23:06:04 +00:00
Vincent Hanquez	0d342a68f7	use monads-fd instead of mtl	2010-10-24 12:02:45 +01:00
Vincent Hanquez	7a5139c5ce	depends on cryptohash 0.6 and adapt to the new modules location.	2010-10-24 12:02:41 +01:00
Vincent Hanquez	a1469322e4	don't check padding content in SSL3 mode	2010-10-06 09:15:36 +01:00
Vincent Hanquez	f54be74cc4	properly encode RSA structure without extra length when doing SSL3	2010-10-06 09:11:57 +01:00
Vincent Hanquez	cfff801bd9	properly finish SSL3 digest computation. change the cipher structure to contain the hash algorithm instead of the mac algorithm.	2010-10-06 09:07:48 +01:00
Vincent Hanquez	1bbd893e95	use modify instead of get >>= put (and same for modifyTLS)	2010-10-05 18:48:32 +01:00
Vincent Hanquez	3c2ebe5c08	more generation of SSL block/finished values.	2010-10-05 18:48:28 +01:00
Vincent Hanquez	9c4a3a0223	use the AES rng as the TLSState rng, and generate random bytes on demand client/premaster/secret random bytes are now generated by the TLSstate rng on demand, simplifying the use of basic routines (connect/listen) and the renegociation process. also the AES rng is a CPRNG, compared to system.random PRNG, which might gives a better warmer fuzzy random feeling.	2010-10-03 11:23:12 +01:00
Vincent Hanquez	6a9296727b	improve the regeneration of client and server rng datas	2010-10-03 11:01:22 +01:00
Vincent Hanquez	9641ca7c83	add prototype to processServerInfo	2010-10-03 10:32:23 +01:00
Vincent Hanquez	383cf4c021	properly handle multiple packet fragments. as a bonus it cleans lots of differents part since the state machine is inside receiving/sending code	2010-10-02 22:41:00 +01:00
Vincent Hanquez	e189f37a67	new state machine	2010-10-02 22:02:37 +01:00
Vincent Hanquez	5a6ff3abe8	take in account that we can receive multiple handshakes in the same tls fragment.	2010-10-02 10:58:41 +01:00
Vincent Hanquez	8049ad6c6f	add a way to update Digest when we have a handshaket type and the content of the header	2010-10-02 10:54:49 +01:00
Vincent Hanquez	eb3ed06af1	add TLS state machine to track that we receive correct message at the correct type	2010-10-02 10:32:29 +01:00
Vincent Hanquez	d188a180cc	refactorize receiving packet thing	2010-10-02 09:09:46 +01:00
Vincent Hanquez	f033a0d973	reorganize the way we decrypt data to be nicer. as a bonus, finally check if padding is valid.	2010-09-26 20:56:51 +01:00
Vincent Hanquez	6d1e38a337	add partition3 utility	2010-09-26 20:56:47 +01:00
Vincent Hanquez	07bfcd2094	typo	2010-09-26 20:54:14 +01:00
Vincent Hanquez	cd2f8f8ee2	get a util file for some bytestring stuff	2010-09-26 18:51:23 +01:00
Vincent Hanquez	349406b64a	remove data.word	2010-09-26 16:33:39 +01:00
Vincent Hanquez	2f76b2a245	add non finished method to generate finished content for protocol < TLS10	2010-09-26 16:32:28 +01:00
Vincent Hanquez	60de6551e4	add missing signature	2010-09-26 16:07:29 +01:00
Vincent Hanquez	c664f30407	add support for SSL generation of master secret	2010-09-26 16:07:14 +01:00
Vincent Hanquez	fc4c76862c	use specified version when initiating connection.	2010-09-26 15:31:46 +01:00
Vincent Hanquez	938e8db365	remove dead field	2010-09-26 15:31:35 +01:00
Vincent Hanquez	f37b2e3bce	support TLS1.1 explicit block IV despite the fact that it works, it's missing a step at key block set time, so that we don't use the computed IV, but use a random generated one seeded by the computed IV.	2010-09-26 14:57:35 +01:00
Vincent Hanquez	b71ea6729c	remove few more unpacking/packing	2010-09-26 10:37:20 +01:00
Vincent Hanquez	8f91009884	use strict bytestring instead of lazy bytestring. the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8]. remove lots of unnessary packing/unpacking when setting up ciphers.	2010-09-26 10:34:47 +01:00
Vincent Hanquez	c70736cf19	add a cap file to differenciate protocol version capabilities. define 2 capabilities for hello extensions and explicit IV. use hello extensions checking in decode / encode of clientHello	2010-09-26 08:46:09 +01:00
Vincent Hanquez	2fd8087211	remove the haskell98 dependency and switch to the random package.	2010-09-24 08:30:25 +01:00
Vincent Hanquez	663436a3cb	expose some needed modules and expose TLSClient type (noticed by Michael Snoyman)	2010-09-22 18:31:42 +01:00
Vincent Hanquez	cb850131da	add a server callbacks when receiving Certificates	2010-09-20 08:45:41 +01:00
Vincent Hanquez	2fe1d7e99a	use <$> instead of fmap	2010-09-19 10:49:42 +01:00
Vincent Hanquez	8c20758158	use client callback to callback on certificate verification	2010-09-19 10:42:29 +01:00
Vincent Hanquez	31fac5df44	introduce Client Callbacks structure	2010-09-19 10:42:02 +01:00
Vincent Hanquez	abf299db36	don't try to send an empty string when there's no rsa key to encrypt with.	2010-09-18 11:00:30 +01:00
Vincent Hanquez	b289546721	gives all certificate to processCertificate, so that we can check the chain later.	2010-09-18 11:00:07 +01:00
Vincent Hanquez	f4f4968a82	change clientkeyxchg data to be a specific type	2010-09-13 21:10:25 +01:00
Vincent Hanquez	0b5a0dc548	initial import	2010-09-09 22:47:19 +01:00

45 commits