yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
225 commits 1 branch 11 tags 1.7 MiB
Commit graph

149 commits

Author SHA1 Message Date
Vincent Hanquez
8ee6f728bd add signature 2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b add a structure to parametrize decoding encoding related to version, key exchange type, ... 2011-05-12 09:13:53 +01:00
Vincent Hanquez
4b5812529b derive Show and Eq from CipherKeyExchangeType 2011-05-12 09:13:53 +01:00
Vincent Hanquez
1e294bbbff rename cipherkeyexchange types 2011-05-12 09:13:49 +01:00
Vincent Hanquez
c111389b30 capitalize DH 2011-05-11 07:34:15 +01:00
Vincent Hanquez
969a62b79a bump certificate version to 0.8.1 2011-05-09 09:15:36 +01:00
Vincent Hanquez
7f6f511839 Add a way to show packet sent and received at the protocol level. very useful for debugging. 2011-05-04 08:41:16 +01:00
Vincent Hanquez
69d3604a64 do not call new variable state. it's already defined by the state module. 2011-04-24 13:43:57 +01:00
Vincent Hanquez
ad226f7fb9 usless import in wire module 2011-04-24 13:43:27 +01:00
Vincent Hanquez
4a84e9415f comment fixup 2011-04-24 13:43:18 +01:00
Vincent Hanquez
d983d4ebc8 remove now useless extension 2011-04-24 13:43:08 +01:00
Vincent Hanquez
7cce3fca0c use functor's <$> instead of a return construct 2011-04-24 13:39:52 +01:00
Vincent Hanquez
a1524bf673 refactor processclientkeyxchg 2011-04-24 11:34:11 +01:00
Vincent Hanquez
9f3714dd1c simplify parsing of packets 
- use fail instead of throwerror, since cereal do not raise but return an either.
- remove the get monad definition
- add some helper
- remove dependency on binary and use cereal exclusively.
 2011-04-24 09:44:18 +01:00
Vincent Hanquez
b472d891c4 set the error instance of TLSError with the definition of TLSError. prevent orphan instance 2011-04-24 09:32:49 +01:00
Vincent Hanquez
a7aaa3eee7 Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. 
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
 2011-04-11 19:56:43 +01:00
Vincent Hanquez
55b7490102 a packet can contain multiple appdata, process it as such. 2011-03-23 21:48:58 +00:00
Vincent Hanquez
74633cd68f add internal module as backdoor for hidden function/definition. 
also export core sendPacket/recvPacket
 2011-03-19 21:45:43 +00:00
Vincent Hanquez
476b0a8f82 remove commented description of ciphers 2011-03-19 21:42:59 +00:00
Vincent Hanquez
a4b4d54821 move default ciphers to tls-extra 2011-03-19 09:22:12 +00:00
Vincent Hanquez
da6e72ba7e correct comment 2011-03-19 08:37:47 +00:00
Vincent Hanquez
9d6f8e3fa6 add a single TLS module to rules them all. 2011-03-02 08:43:14 +00:00
Vincent Hanquez
5ab032b3c9 add more haddock related stuff 2011-03-02 08:43:05 +00:00
Vincent Hanquez
14f635cf3e Fix documentation and cleanup remaining bits 2011-03-02 07:56:37 +00:00
Vincent Hanquez
a8d1e05179 fold remaining bit of client/server in core. cleanup 2011-03-02 07:41:59 +00:00
Vincent Hanquez
7237bec83e fold handshake stuff from server to core. 2011-03-02 07:35:25 +00:00
Vincent Hanquez
fc598287ad remove fromJust 2011-03-01 23:18:09 +00:00
Vincent Hanquez
73979e9db4 move initiate into handshake in core. 2011-03-01 23:09:17 +00:00
Vincent Hanquez
9083c53453 style change and use modify instead of get/put 2011-03-01 20:01:40 +00:00
Vincent Hanquez
c1a20efe74 move sendData to core 2011-03-01 20:01:40 +00:00
Vincent Hanquez
43a2ae9dae remove language extensions not needed anymore 2011-03-01 20:01:40 +00:00
Vincent Hanquez
353783abdf put server/client in core 2011-03-01 20:01:40 +00:00
Vincent Hanquez
f4cc8999db move 'close' api to core and rename to 'bye' to avoid a meaning conflict with unix close. 2011-03-01 20:01:40 +00:00
Vincent Hanquez
f260c5b9cf modify client API to be like the server API. 2011-03-01 20:01:40 +00:00
Vincent Hanquez
5481816e0e remove old import 2011-03-01 20:01:40 +00:00
Vincent Hanquez
5e8d2fa776 move server to the new split API and have the server function in a monadIO monad. 
the state mvar is for now mostly useless, although completly harmeless; it will
be useful to be able to use the ctx in a threaded context.
 2011-03-01 20:01:40 +00:00
Vincent Hanquez
c997045372 remove old code 2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c simplify state manipulation 
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
 2011-03-01 20:01:40 +00:00
Vincent Hanquez
9586b05395 unify clientparams and serverparams 2011-03-01 20:01:40 +00:00
Vincent Hanquez
fc420e13f8 add nullCompression and an instance of show for compression data. 2011-03-01 20:01:40 +00:00
Vincent Hanquez
d592c7aad7 update for latest certificate 0.7 2011-02-20 17:43:10 +00:00
Vincent Hanquez
c6154ae126 fix a bug with SSL3 during the creation of crypt state. 
The test for partition was too strict, and the SSL3 generator
is quite likely to generate more data whereas the TLS generator
generate the correct amount every time.

now bigger bytestring than necessary are now valid as well.
 2011-02-20 08:49:23 +00:00
Vincent Hanquez
693891ad0c add a dedicated fromJust 
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.

at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
 2011-02-20 08:37:19 +00:00
Vincent Hanquez
22ea02ffe4 move to certificate >= 0.6 2011-02-20 08:35:14 +00:00
Vincent Hanquez
a3ea15886f use AES in cryptocipher 0.2.5 2011-02-20 08:13:53 +00:00
Vincent Hanquez
af02dd0839 add stricter partition(3|6) utils that doesn't use wire (and thus no binary) 2011-01-05 09:24:58 +00:00
Vincent Hanquez
857a4a06b8 add some assertion checking 2011-01-05 09:24:58 +00:00
Vincent Hanquez
a78162e298 add support for ciphers without encryption. 2011-01-05 09:24:58 +00:00
Vincent Hanquez
54640db618 add cipher 0x1 and 0x2 (no encryption with RSA) 2011-01-05 09:24:46 +00:00
Vincent Hanquez
e5e331fdf1 move to certificate 0.5 2011-01-02 09:49:21 +00:00
Vincent Hanquez
4b3cd2c2f7 export key/iv 2010-12-07 09:15:22 +00:00
Vincent Hanquez
701643a863 remove old comment 2010-12-06 22:54:56 +00:00
Vincent Hanquez
9796739ce0 add some instances of show for serverparams. 2010-12-04 13:09:02 +00:00
Vincent Hanquez
b3a8c1e1d6 add an instance of Eq for Ciphers. if two cipherID are eq then it's eq. 2010-12-04 13:08:38 +00:00
Vincent Hanquez
d787160713 rename connect in client module to initiate. 
add a deprecated pragma for connect and keep it for compatibility
 2010-11-28 10:30:05 +00:00
Vincent Hanquez
d061b37730 remove RandomGen generator and provide a reseed functions to regenerate the RNG. 2010-11-07 10:19:12 +00:00
Vincent Hanquez
a95dd8f45e Generalize key exchange and use in-house RSA. 
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
 2010-11-04 19:10:00 +00:00
Vincent Hanquez
65942b945f massive change on the RNG and add support for CryptoRandomGen 
use an inline AES counter system to generate random data.
 2010-11-04 19:05:36 +00:00
Vincent Hanquez
863c09e0d4 put the throwError inside the runGet instead of outside. 
related to a monad either overlapping report.
 2010-11-03 23:06:04 +00:00
Vincent Hanquez
0d342a68f7 use monads-fd instead of mtl 2010-10-24 12:02:45 +01:00
Vincent Hanquez
7a5139c5ce depends on cryptohash 0.6 and adapt to the new modules location. 2010-10-24 12:02:41 +01:00
Vincent Hanquez
a1469322e4 don't check padding content in SSL3 mode 2010-10-06 09:15:36 +01:00
Vincent Hanquez
f54be74cc4 properly encode RSA structure without extra length when doing SSL3 2010-10-06 09:11:57 +01:00
Vincent Hanquez
cfff801bd9 properly finish SSL3 digest computation. 
change the cipher structure to contain the hash algorithm
instead of the mac algorithm.
 2010-10-06 09:07:48 +01:00
Vincent Hanquez
1bbd893e95 use modify instead of get >>= put (and same for modifyTLS) 2010-10-05 18:48:32 +01:00
Vincent Hanquez
3c2ebe5c08 more generation of SSL block/finished values. 2010-10-05 18:48:28 +01:00
Vincent Hanquez
9c4a3a0223 use the AES rng as the TLSState rng, and generate random bytes on demand 
client/premaster/secret random bytes are now generated by the TLSstate rng
on demand, simplifying the use of basic routines (connect/listen) and the
renegociation process.

also the AES rng is a CPRNG, compared to system.random PRNG, which
might gives a better warmer fuzzy random feeling.
 2010-10-03 11:23:12 +01:00
Vincent Hanquez
6a9296727b improve the regeneration of client and server rng datas 2010-10-03 11:01:22 +01:00
Vincent Hanquez
9641ca7c83 add prototype to processServerInfo 2010-10-03 10:32:23 +01:00
Vincent Hanquez
383cf4c021 properly handle multiple packet fragments. 
as a bonus it cleans lots of differents part since the state machine
is inside receiving/sending code
 2010-10-02 22:41:00 +01:00
Vincent Hanquez
e189f37a67 new state machine 2010-10-02 22:02:37 +01:00
Vincent Hanquez
5a6ff3abe8 take in account that we can receive multiple handshakes in the same tls fragment. 2010-10-02 10:58:41 +01:00
Vincent Hanquez
8049ad6c6f add a way to update Digest when we have a handshaket type and the content of the header 2010-10-02 10:54:49 +01:00
Vincent Hanquez
eb3ed06af1 add TLS state machine to track that we receive correct message at the correct type 2010-10-02 10:32:29 +01:00
Vincent Hanquez
d188a180cc refactorize receiving packet thing 2010-10-02 09:09:46 +01:00
Vincent Hanquez
f033a0d973 reorganize the way we decrypt data to be nicer. 
as a bonus, finally check if padding is valid.
 2010-09-26 20:56:51 +01:00
Vincent Hanquez
6d1e38a337 add partition3 utility 2010-09-26 20:56:47 +01:00
Vincent Hanquez
07bfcd2094 typo 2010-09-26 20:54:14 +01:00
Vincent Hanquez
cd2f8f8ee2 get a util file for some bytestring stuff 2010-09-26 18:51:23 +01:00
Vincent Hanquez
349406b64a remove data.word 2010-09-26 16:33:39 +01:00
Vincent Hanquez
2f76b2a245 add non finished method to generate finished content for protocol < TLS10 2010-09-26 16:32:28 +01:00
Vincent Hanquez
60de6551e4 add missing signature 2010-09-26 16:07:29 +01:00
Vincent Hanquez
c664f30407 add support for SSL generation of master secret 2010-09-26 16:07:14 +01:00
Vincent Hanquez
fc4c76862c use specified version when initiating connection. 2010-09-26 15:31:46 +01:00
Vincent Hanquez
938e8db365 remove dead field 2010-09-26 15:31:35 +01:00
Vincent Hanquez
f37b2e3bce support TLS1.1 explicit block IV 
despite the fact that it works, it's missing a step at key block set time,
so that we don't use the computed IV, but use a random generated one seeded by
the computed IV.
 2010-09-26 14:57:35 +01:00
Vincent Hanquez
b71ea6729c remove few more unpacking/packing 2010-09-26 10:37:20 +01:00
Vincent Hanquez
8f91009884 use strict bytestring instead of lazy bytestring. 
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
 2010-09-26 10:34:47 +01:00
Vincent Hanquez
c70736cf19 add a cap file to differenciate protocol version capabilities. 
define 2 capabilities for hello extensions and explicit IV.
use hello extensions checking in decode / encode of clientHello
 2010-09-26 08:46:09 +01:00
Vincent Hanquez
2fd8087211 remove the haskell98 dependency and switch to the random package. 2010-09-24 08:30:25 +01:00
Vincent Hanquez
663436a3cb expose some needed modules and expose TLSClient type 
(noticed by Michael Snoyman)
 2010-09-22 18:31:42 +01:00
Vincent Hanquez
cb850131da add a server callbacks when receiving Certificates 2010-09-20 08:45:41 +01:00
Vincent Hanquez
2fe1d7e99a use <$> instead of fmap 2010-09-19 10:49:42 +01:00
Vincent Hanquez
8c20758158 use client callback to callback on certificate verification 2010-09-19 10:42:29 +01:00
Vincent Hanquez
31fac5df44 introduce Client Callbacks structure 2010-09-19 10:42:02 +01:00
Vincent Hanquez
abf299db36 don't try to send an empty string when there's no rsa key to encrypt with. 2010-09-18 11:00:30 +01:00
Vincent Hanquez
b289546721 gives all certificate to processCertificate, so that we can check the chain later. 2010-09-18 11:00:07 +01:00
Vincent Hanquez
f4f4968a82 change clientkeyxchg data to be a specific type 2010-09-13 21:10:25 +01:00
Vincent Hanquez
0b5a0dc548 initial import 2010-09-09 22:47:19 +01:00