yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
317 commits 1 branch 11 tags 1.7 MiB
Commit graph

27 commits

Author SHA1 Message Date
Vincent Hanquez
6f02bb8548 generate key block when setting the master secret. 2011-12-20 07:41:15 +00:00
Vincent Hanquez
e1fea031af consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer. 2011-12-01 08:41:01 +00:00
Vincent Hanquez
2b4db87a7e cleanup the record layer properly from other layer on top. 
simplify and make the code much more straighforward.
 2011-11-30 21:51:22 +00:00
Vincent Hanquez
2a685b2601 remove the state machine is favor of a straightforward pattern matching state machine. 
simplify code massively and make it easy to support other packet flow later.
 2011-11-29 08:59:41 +00:00
Vincent Hanquez
b72c6328b0 remove the keyblocksize that is redundant and easily calculated from other fields. 2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b rename bulk functions to be prefixed by bulk not cipher 2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa set some size to int instead of pointlessly using word8/word16 2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3 introduce a bulk object to separate the cipher object creation by chunks 
limit code movement by reusing the same name
 2011-08-13 11:06:23 +01:00
Vincent Hanquez
3c02e9acfc Create a record type to help type safety 2011-08-12 18:41:49 +01:00
Vincent Hanquez
02f77a1225 set server and client parameter directly in core, not in the sending processing layer. 2011-06-12 21:42:55 +01:00
Vincent Hanquez
5207a41a57 reflect the fact in types that the record layer record returns list of same header type. 2011-06-10 21:24:46 +01:00
Vincent Hanquez
d3de5de4cd add way to store verified data and to activate/deactivate the feature 2011-06-07 07:41:31 +01:00
Vincent Hanquez
6eef56c60f [SECURITY] fix TLS1.1 block cipher IV usage. 
In TLS1.1 and above, the IV is explicitely carried to the other side and
is generated from random. It doesn't come from the CBC residue.
 2011-05-13 08:10:13 +01:00
Vincent Hanquez
a7aaa3eee7 Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. 
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
 2011-04-11 19:56:43 +01:00
Vincent Hanquez
43a2ae9dae remove language extensions not needed anymore 2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c simplify state manipulation 
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
 2011-03-01 20:01:40 +00:00
Vincent Hanquez
693891ad0c add a dedicated fromJust 
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.

at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
 2011-02-20 08:37:19 +00:00
Vincent Hanquez
a78162e298 add support for ciphers without encryption. 2011-01-05 09:24:58 +00:00
Vincent Hanquez
a95dd8f45e Generalize key exchange and use in-house RSA. 
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
 2010-11-04 19:10:00 +00:00
Vincent Hanquez
f54be74cc4 properly encode RSA structure without extra length when doing SSL3 2010-10-06 09:11:57 +01:00
Vincent Hanquez
e189f37a67 new state machine 2010-10-02 22:02:37 +01:00
Vincent Hanquez
cd2f8f8ee2 get a util file for some bytestring stuff 2010-09-26 18:51:23 +01:00
Vincent Hanquez
f37b2e3bce support TLS1.1 explicit block IV 
despite the fact that it works, it's missing a step at key block set time,
so that we don't use the computed IV, but use a random generated one seeded by
the computed IV.
 2010-09-26 14:57:35 +01:00
Vincent Hanquez
b71ea6729c remove few more unpacking/packing 2010-09-26 10:37:20 +01:00
Vincent Hanquez
8f91009884 use strict bytestring instead of lazy bytestring. 
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
 2010-09-26 10:34:47 +01:00
Vincent Hanquez
abf299db36 don't try to send an empty string when there's no rsa key to encrypt with. 2010-09-18 11:00:30 +01:00
Vincent Hanquez
0b5a0dc548 initial import 2010-09-09 22:47:19 +01:00