Vincent Hanquez
|
50797bae50
|
cleanup import
|
2014-01-10 08:30:30 +00:00 |
|
Vincent Hanquez
|
453fab50ed
|
split Backend and introduce a new HasBackend class
the HasBackend class allow to not have multiples contextNewOnX calls,
but instead will favor only one contextNew that can take all HasBackend types.
|
2014-01-10 07:01:34 +00:00 |
|
Vincent Hanquez
|
614b5b4c6b
|
split parameters from context
|
2014-01-05 11:14:17 +00:00 |
|
Vincent Hanquez
|
8a05317d40
|
slightly better error when no ciphers are available
|
2014-01-02 06:09:09 +00:00 |
|
Vincent Hanquez
|
323fb95fbe
|
consistent style in record structure.
|
2013-12-28 15:26:33 +00:00 |
|
Vincent Hanquez
|
3297441e0b
|
limit to crypto-pubkey > 0.2.4
|
2013-12-28 15:26:03 +00:00 |
|
Vincent Hanquez
|
56f89956d0
|
add tests related to DHE DSS
|
2013-12-28 15:25:54 +00:00 |
|
Vincent Hanquez
|
85f436afe6
|
add a system to filter cipher that we can't use because we don't have the right credentials loaded.
|
2013-12-28 15:25:13 +00:00 |
|
Vincent Hanquez
|
acf9708199
|
use the new credentials system to be able to handle RSA and DSS certificate at the same time.
|
2013-12-28 15:24:20 +00:00 |
|
Vincent Hanquez
|
9a05ac9553
|
limit the X509 import list of what we need
|
2013-12-28 15:20:07 +00:00 |
|
Vincent Hanquez
|
f72293d32f
|
properly do DSS/RSA in DHE methods.
|
2013-12-28 15:19:39 +00:00 |
|
Vincent Hanquez
|
a111d703a4
|
simplify the handshake key state.
we don't need to differentiate client/server, as a remote key will always be public and
the private key always local.
|
2013-12-28 15:17:42 +00:00 |
|
Vincent Hanquez
|
64946c8fb8
|
error in serverKeyXchg with RSA.
|
2013-12-28 15:15:06 +00:00 |
|
Vincent Hanquez
|
761ba1ac5c
|
add support for DSS signature.
|
2013-12-28 15:14:09 +00:00 |
|
Vincent Hanquez
|
b3068deec8
|
add support for DSA signing and verification.
|
2013-12-28 15:13:43 +00:00 |
|
Vincent Hanquez
|
8e6a6d9456
|
add a credentials module
|
2013-12-28 15:12:14 +00:00 |
|
Vincent Hanquez
|
08997c96f0
|
default the version if not set which allow to report very early error (e.g. no cipher in common) properly
|
2013-12-28 15:09:25 +00:00 |
|
Vincent Hanquez
|
891cf168ac
|
add simple method to get the certificate leaf.
|
2013-12-28 15:07:20 +00:00 |
|
Vincent Hanquez
|
4bc8156372
|
add tests for DHE_RSA.
|
2013-12-11 16:40:24 +08:00 |
|
Vincent Hanquez
|
02dd7b8aa7
|
add support for DHE (only with RSA signing so far)
|
2013-12-11 16:39:25 +08:00 |
|
Vincent Hanquez
|
a223673eed
|
make HandshakeM an instance of Applicative.
|
2013-12-11 16:36:35 +08:00 |
|
Vincent Hanquez
|
2a09d51ba5
|
cleanup imports
|
2013-12-11 16:36:16 +08:00 |
|
Vincent Hanquez
|
64d2ba9cd7
|
add better methods for making DigitallySigned data structure and veryfying them
|
2013-12-11 16:34:45 +08:00 |
|
Vincent Hanquez
|
6d63cde8cb
|
change ServerDHParams to re-use the DH abstraction in Crypto.DH.
|
2013-12-11 16:01:55 +08:00 |
|
Vincent Hanquez
|
1e62ddd53f
|
properly account for difference of methods in key exchange.
still only RSA supported.
|
2013-12-11 16:01:07 +08:00 |
|
Vincent Hanquez
|
6fb2108b63
|
add SHA512 as defined hash
|
2013-12-11 15:55:58 +08:00 |
|
Vincent Hanquez
|
798a4b5787
|
move logging and hooks into a Hooks module
|
2013-12-11 15:55:24 +08:00 |
|
Vincent Hanquez
|
b234f1377f
|
automatically add Crypto.DH in Crypto.
|
2013-12-11 15:54:32 +08:00 |
|
Vincent Hanquez
|
0236445101
|
add some wrapper for DH operations.
|
2013-12-11 15:53:55 +08:00 |
|
Vincent Hanquez
|
c805734abd
|
use the new Crypto.Random instead of the compat Crypto.Random.API
|
2013-12-11 15:53:11 +08:00 |
|
Vincent Hanquez
|
96ae52e4cd
|
make clear what we're talking about in the header.
|
2013-12-11 15:50:35 +08:00 |
|
Vincent Hanquez
|
9ea497adf6
|
add a function to generate digitally signed structure for DHParams.
|
2013-12-07 17:51:57 +08:00 |
|
Vincent Hanquez
|
b43ef69988
|
rename ServerDHParams marshalling functions
|
2013-12-07 17:51:28 +08:00 |
|
Vincent Hanquez
|
f916fde296
|
add a test DHE cipher.
|
2013-12-07 15:10:53 +08:00 |
|
Vincent Hanquez
|
12c32816bc
|
add HashSHA1 for DSS signature for < TLS12.
|
2013-12-07 14:50:07 +08:00 |
|
Vincent Hanquez
|
d05c7a4be1
|
comment the reason of the existence of hashUpdateSSL.
|
2013-12-07 14:49:34 +08:00 |
|
Vincent Hanquez
|
50b56ff2cf
|
use the new digitallySigned structure for CertVerify.
|
2013-12-07 14:37:14 +08:00 |
|
Vincent Hanquez
|
f6b4ee34ac
|
abstract signature creation/verification
|
2013-12-07 14:25:58 +08:00 |
|
Vincent Hanquez
|
ad37d02523
|
cleanup CertificateVerify signature data generation
|
2013-12-07 13:10:17 +08:00 |
|
Vincent Hanquez
|
0a032bbc27
|
factor some code in client certificate verify message generation.
|
2013-12-07 12:44:45 +08:00 |
|
Vincent Hanquez
|
14fe8102c8
|
marshall signature as digitally-signed
|
2013-12-07 12:10:01 +08:00 |
|
Vincent Hanquez
|
99608782dc
|
misc: remove spaces
|
2013-12-07 12:09:36 +08:00 |
|
Vincent Hanquez
|
23f4377f31
|
add the DigitallySigned structure to the list.
the structure is compatible with older "digitally-signed" constructions
of tls 1.1 and older.
|
2013-12-07 12:09:13 +08:00 |
|
Vincent Hanquez
|
1ac0cc9485
|
add putSignatureHashAlgorithm
|
2013-12-07 12:07:21 +08:00 |
|
Vincent Hanquez
|
887c69b6e5
|
move getSignatureHashAlgorithm
|
2013-12-07 12:07:04 +08:00 |
|
Vincent Hanquez
|
7e3077d23c
|
rewrite SKX methods to use getInteger16 and applicative style.
|
2013-12-07 12:06:34 +08:00 |
|
Vincent Hanquez
|
a03b22024b
|
export getInteger16/putInteger16 to serialize Integer in opaque16.
|
2013-12-07 12:05:41 +08:00 |
|
Vincent Hanquez
|
dea7eb32cf
|
separate some helpers and add new one.
|
2013-12-07 12:04:53 +08:00 |
|
Vincent Hanquez
|
1b905f0377
|
don't unpack signature. use the bytestring representation.
|
2013-12-05 15:36:52 +08:00 |
|
Vincent Hanquez
|
9ce0da72ce
|
add a helper module for ASN1
|
2013-12-05 14:51:23 +08:00 |
|