yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
398 commits 1 branch 11 tags 1.7 MiB
Commit graph

68 commits

Author SHA1 Message Date
Martin Grabmueller
797f7822e4 Extend state to hold client private/public keys and add 
functions for signing and verifying with these keys.
 2012-07-13 21:08:23 +02:00
Vincent Hanquez
b57ef66d28 move extension decoding and encoding in a separate file. 2012-05-14 06:39:20 +01:00
Vincent Hanquez
5844120e4c rename NextProtocolNegotiation as HsNextProtocolNegotiation 2012-05-14 06:35:55 +01:00
Vincent Hanquez
9b32e6d5f4 [SECURITY] use constant equality testing to prevent timing determination of the expected value. 
it doesn't seems to be in an usable context though.
 2012-05-14 06:32:14 +01:00
Vincent Hanquez
9da6b9c8c8 expand tabs. 2012-03-27 08:57:51 +01:00
Vincent Hanquez
e9a97bedb1 Merge branch 'npn' into next 
Conflicts:
	Network/TLS/Core.hs
 2012-03-15 08:59:04 +00:00
Joey Adams
3d0071d952 Fix spelling of negotiate/negotiation in documentation 2012-03-10 16:04:44 -05:00
Lennart Kolmodin
1bd53d9790 Spell 'negotiation' as in the spec. 2012-02-13 22:54:04 +04:00
Lennart Kolmodin
ab2a28ada6 Use callback instead of static state for supported NPN protocols. 
onSuggestNextProtocols in TLSParams.
Expose getNegotiatedProtocol to users.
Fix condition for when to understand NPN messages.
 2012-02-12 22:59:19 +04:00
Lennart Kolmodin
e3e7e3c02a Partial, but working, implementation of serverside NPN. 2012-02-08 13:20:28 +04:00
Vincent Hanquez
c17aa30599 prepare source for NPN. 2012-02-07 21:24:30 +00:00
Vincent Hanquez
f3e5603bc8 trivial code movement for decryptRSA 2011-12-20 07:51:12 +00:00
Vincent Hanquez
98427b4fae switch client to process Server hello explicitely. 
also switch everything properly when receiving a server hello with session.
 2011-12-20 07:51:07 +00:00
Vincent Hanquez
6f02bb8548 generate key block when setting the master secret. 2011-12-20 07:41:15 +00:00
Vincent Hanquez
34b186b852 differentiate set master secret from a premaster secret or an already existing master secret 2011-12-20 07:30:19 +00:00
Vincent Hanquez
726d301e6f fix TLS key exchange with version >= 1.0. 2011-12-05 20:10:28 +00:00
Vincent Hanquez
a16bdbba86 remove old readPacket. 2011-12-01 08:42:59 +00:00
Vincent Hanquez
adf45a537d handle digest update after processing the packet 2011-12-01 08:42:43 +00:00
Vincent Hanquez
e1fea031af consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer. 2011-12-01 08:41:01 +00:00
Vincent Hanquez
d6a198dad5 split recvRecord out of recvPacket. 2011-11-30 22:01:31 +00:00
Vincent Hanquez
2b4db87a7e cleanup the record layer properly from other layer on top. 
simplify and make the code much more straighforward.
 2011-11-30 21:51:22 +00:00
Vincent Hanquez
2a685b2601 remove the state machine is favor of a straightforward pattern matching state machine. 
simplify code massively and make it easy to support other packet flow later.
 2011-11-29 08:59:41 +00:00
Vincent Hanquez
9a0b4e0bd7 update to new cryptocipher and new certificate. 2011-10-31 22:10:32 +00:00
Vincent Hanquez
09e32f10c7 use strict time constant version of and and bytestring == during Reception. 2011-10-02 22:15:42 +01:00
Vincent Hanquez
a3b7419f8b Define hash structure to save some repetition 2011-08-13 12:30:36 +01:00
Vincent Hanquez
b72c6328b0 remove the keyblocksize that is redundant and easily calculated from other fields. 2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b rename bulk functions to be prefixed by bulk not cipher 2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa set some size to int instead of pointlessly using word8/word16 2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3 introduce a bulk object to separate the cipher object creation by chunks 
limit code movement by reusing the same name
 2011-08-13 11:06:23 +01:00
Vincent Hanquez
3c02e9acfc Create a record type to help type safety 2011-08-12 18:41:49 +01:00
Vincent Hanquez
c27fc6187d properly encode/decode secure renegotiation extension 2011-06-13 08:33:14 +01:00
Vincent Hanquez
5207a41a57 reflect the fact in types that the record layer record returns list of same header type. 2011-06-10 21:24:46 +01:00
Vincent Hanquez
8329187394 fill the server hello in the server and check the return value in the client. 2011-06-07 08:28:02 +01:00
Vincent Hanquez
96e6979ed4 misc change and start to trickle through the support for secure renegotiation 2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd add way to store verified data and to activate/deactivate the feature 2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb use bytes directly instead of pointlessly unpacking it for extensions and finishedData 2011-06-06 08:16:24 +01:00
Vincent Hanquez
f74626e065 throw proper error if we receive an unexpected transition. 2011-05-13 21:40:11 +01:00
Vincent Hanquez
0582234934 cleanup for not having to use fromJust 2011-05-12 09:13:53 +01:00
Vincent Hanquez
9db7ccbfca throw proper error for bad record mac 2011-05-12 09:13:53 +01:00
Vincent Hanquez
a435a9add1 remove unnecessary import 2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b add a structure to parametrize decoding encoding related to version, key exchange type, ... 2011-05-12 09:13:53 +01:00
Vincent Hanquez
969a62b79a bump certificate version to 0.8.1 2011-05-09 09:15:36 +01:00
Vincent Hanquez
7cce3fca0c use functor's <$> instead of a return construct 2011-04-24 13:39:52 +01:00
Vincent Hanquez
a1524bf673 refactor processclientkeyxchg 2011-04-24 11:34:11 +01:00
Vincent Hanquez
a7aaa3eee7 Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. 
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
 2011-04-11 19:56:43 +01:00
Vincent Hanquez
43a2ae9dae remove language extensions not needed anymore 2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c simplify state manipulation 
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
 2011-03-01 20:01:40 +00:00
Vincent Hanquez
d592c7aad7 update for latest certificate 0.7 2011-02-20 17:43:10 +00:00
Vincent Hanquez
693891ad0c add a dedicated fromJust 
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.

at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
 2011-02-20 08:37:19 +00:00
Vincent Hanquez
22ea02ffe4 move to certificate >= 0.6 2011-02-20 08:35:14 +00:00