Vincent Hanquez
c9f4cbbd70
create a common test file
2010-11-30 08:21:10 +00:00
Vincent Hanquez
2f9563b2cd
increase warning levels for stunnel
2010-11-30 08:19:38 +00:00
Vincent Hanquez
c09f90316f
Improve stunnel example to behave more like a stunnel program.
...
The client side is behaving like a real stunnel now, waiting local connection
and relaying it through the TLS connection and back to the local connection.
The server side is improved, however it doesn't properly relay it to the local
port on the server. For now it prints the message to stdout and reply a constant
to a client. it waits for EOF from the client before finishing.
2010-11-30 08:12:49 +00:00
Vincent Hanquez
a2896bce31
add options to bind to unix socket or file descriptor
2010-11-28 11:50:55 +00:00
Vincent Hanquez
95c94749d2
use cmdargs in stunnel instead of GetArgs
...
prepare options for the implementation of an actual stunnel program,
where data are relayed from encrypted to normal connection and vice versa.
2010-11-28 11:37:36 +00:00
Vincent Hanquez
d787160713
rename connect in client module to initiate.
...
add a deprecated pragma for connect and keep it for compatibility
2010-11-28 10:30:05 +00:00
Vincent Hanquez
e48584cbbb
bump version to 0.3.1
2010-11-07 10:21:57 +00:00
Vincent Hanquez
03a5a8c3c9
certificate need at least 0.3.2 and cereal 0.3.
2010-11-07 10:21:32 +00:00
Vincent Hanquez
d061b37730
remove RandomGen generator and provide a reseed functions to regenerate the RNG.
2010-11-07 10:19:12 +00:00
Vincent Hanquez
c25f1ae72d
bump version to 0.3
2010-11-04 19:12:00 +00:00
Vincent Hanquez
a95dd8f45e
Generalize key exchange and use in-house RSA.
...
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
2010-11-04 19:10:00 +00:00
Vincent Hanquez
65942b945f
massive change on the RNG and add support for CryptoRandomGen
...
use an inline AES counter system to generate random data.
2010-11-04 19:05:36 +00:00
Vincent Hanquez
c8d3931c83
add cereal and depends on crypto-api
2010-11-04 19:02:04 +00:00
Vincent Hanquez
e5aebd8ad5
move back to mtl
2010-11-04 19:01:38 +00:00
Vincent Hanquez
863c09e0d4
put the throwError inside the runGet instead of outside.
...
related to a monad either overlapping report.
2010-11-03 23:06:04 +00:00
Vincent Hanquez
f4841baa80
add support for quickcheck 2.3
2010-11-03 23:04:03 +00:00
Vincent Hanquez
721f07ec0a
align base between library and executable
2010-11-02 08:26:50 +00:00
Vincent Hanquez
6314709a84
put back the upper limit
2010-11-02 08:06:32 +00:00
Vincent Hanquez
0d342a68f7
use monads-fd instead of mtl
2010-10-24 12:02:45 +01:00
Vincent Hanquez
7a5139c5ce
depends on cryptohash 0.6 and adapt to the new modules location.
2010-10-24 12:02:41 +01:00
Vincent Hanquez
3210758258
update cabal file and bump version to 0.2
2010-10-06 09:21:20 +01:00
Vincent Hanquez
a1469322e4
don't check padding content in SSL3 mode
2010-10-06 09:15:36 +01:00
Vincent Hanquez
f54be74cc4
properly encode RSA structure without extra length when doing SSL3
2010-10-06 09:11:57 +01:00
Vincent Hanquez
cfff801bd9
properly finish SSL3 digest computation.
...
change the cipher structure to contain the hash algorithm
instead of the mac algorithm.
2010-10-06 09:07:48 +01:00
Vincent Hanquez
1bbd893e95
use modify instead of get >>= put (and same for modifyTLS)
2010-10-05 18:48:32 +01:00
Vincent Hanquez
3c2ebe5c08
more generation of SSL block/finished values.
2010-10-05 18:48:28 +01:00
Vincent Hanquez
9c4a3a0223
use the AES rng as the TLSState rng, and generate random bytes on demand
...
client/premaster/secret random bytes are now generated by the TLSstate rng
on demand, simplifying the use of basic routines (connect/listen) and the
renegociation process.
also the AES rng is a CPRNG, compared to system.random PRNG, which
might gives a better warmer fuzzy random feeling.
2010-10-03 11:23:12 +01:00
Vincent Hanquez
6a9296727b
improve the regeneration of client and server rng datas
2010-10-03 11:01:22 +01:00
Vincent Hanquez
10e7329bb5
requires certificate v0.3
2010-10-03 10:32:37 +01:00
Vincent Hanquez
9641ca7c83
add prototype to processServerInfo
2010-10-03 10:32:23 +01:00
Vincent Hanquez
c1a273f5d4
bump version to 0.1.4
2010-10-02 22:42:13 +01:00
Vincent Hanquez
383cf4c021
properly handle multiple packet fragments.
...
as a bonus it cleans lots of differents part since the state machine
is inside receiving/sending code
2010-10-02 22:41:00 +01:00
Vincent Hanquez
e189f37a67
new state machine
2010-10-02 22:02:37 +01:00
Vincent Hanquez
5a6ff3abe8
take in account that we can receive multiple handshakes in the same tls fragment.
2010-10-02 10:58:41 +01:00
Vincent Hanquez
8049ad6c6f
add a way to update Digest when we have a handshaket type and the content of the header
2010-10-02 10:54:49 +01:00
Vincent Hanquez
eb3ed06af1
add TLS state machine to track that we receive correct message at the correct type
2010-10-02 10:32:29 +01:00
Vincent Hanquez
d188a180cc
refactorize receiving packet thing
2010-10-02 09:09:46 +01:00
Vincent Hanquez
0c1dfe0837
bump version to 0.1.3
2010-09-27 08:14:46 +01:00
Vincent Hanquez
f033a0d973
reorganize the way we decrypt data to be nicer.
...
as a bonus, finally check if padding is valid.
2010-09-26 20:56:51 +01:00
Vincent Hanquez
6d1e38a337
add partition3 utility
2010-09-26 20:56:47 +01:00
Vincent Hanquez
07bfcd2094
typo
2010-09-26 20:54:14 +01:00
Vincent Hanquez
49a32f5e82
add util file in cabal
2010-09-26 18:52:58 +01:00
Vincent Hanquez
cd2f8f8ee2
get a util file for some bytestring stuff
2010-09-26 18:51:23 +01:00
Vincent Hanquez
148f4e467c
update TODO
2010-09-26 17:04:28 +01:00
Vincent Hanquez
349406b64a
remove data.word
2010-09-26 16:33:39 +01:00
Vincent Hanquez
2f76b2a245
add non finished method to generate finished content for protocol < TLS10
2010-09-26 16:32:28 +01:00
Vincent Hanquez
60de6551e4
add missing signature
2010-09-26 16:07:29 +01:00
Vincent Hanquez
c664f30407
add support for SSL generation of master secret
2010-09-26 16:07:14 +01:00
Vincent Hanquez
fc4c76862c
use specified version when initiating connection.
2010-09-26 15:31:46 +01:00
Vincent Hanquez
938e8db365
remove dead field
2010-09-26 15:31:35 +01:00