yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
94 commits 1 branch 11 tags 1.7 MiB
Commit graph

94 commits

This branch
This branch
All branches
Author SHA1 Message Date
Vincent Hanquez
8aa4fdc3ea certificate upgrade to 0.4 and fixup tests 2010-12-14 23:27:02 +00:00
Vincent Hanquez
3020ba5c28 allow SSL3 in stunnel 2010-12-14 23:26:51 +00:00
Vincent Hanquez
18cf6a5392 test ciphers in a basic fashion for now. 2010-12-07 09:15:34 +00:00
Vincent Hanquez
4b3cd2c2f7 export key/iv 2010-12-07 09:15:22 +00:00
Vincent Hanquez
4b00c76e19 move supportedVersions and supportedCiphers in common 2010-12-07 09:02:38 +00:00
Vincent Hanquez
701643a863 remove old comment 2010-12-06 22:54:56 +00:00
Vincent Hanquez
4c3fe2fa64 actualize TODO 2010-12-06 22:54:18 +00:00
Vincent Hanquez
bec3255ff3 add a (non-valid) signature, otherwise test fail. 2010-12-06 08:18:16 +00:00
Vincent Hanquez
ebd5ad9937 add testing of certificates into the marshaller 2010-12-06 08:12:34 +00:00
Vincent Hanquez
06fddf5065 add a module to generate certificates 2010-12-06 08:07:05 +00:00
Vincent Hanquez
baa2baecfc Test arbitrary clientstate and serverstate for protocol initiate 
this gives a useful test coverage of possibles connections parameters
regarding versions, ciphers, etc that the user can choose, and check
that it all lead to a TLS connected state.
 2010-12-04 13:10:49 +00:00
Vincent Hanquez
ccbd2f4ca4 move liftM6 into common 2010-12-04 13:09:42 +00:00
Vincent Hanquez
9796739ce0 add some instances of show for serverparams. 2010-12-04 13:09:02 +00:00
Vincent Hanquez
b3a8c1e1d6 add an instance of Eq for Ciphers. if two cipherID are eq then it's eq. 2010-12-04 13:08:38 +00:00
Vincent Hanquez
32913e0f0f start factoring out helpers so that we can make more connection tests 2010-12-04 12:09:38 +00:00
Vincent Hanquez
a59a0d840c minor quickcheck changes 2010-12-03 07:22:48 +00:00
Vincent Hanquez
07da6e5b06 Add monadic IO test that establish connection from a client and server. 
The test establish a TLS connection on a socketpair, and then
check that by injecting arbitrary data in the client we receive
the exact same thing on the server side.

The test need more sophistication in general, as to arbitrarily test
TLS versions, different ciphers & key exchange, certificates, etc.
 2010-11-30 08:31:09 +00:00
Vincent Hanquez
bc638906f2 move the marshal test into a specific file. 2010-11-30 08:26:22 +00:00
Vincent Hanquez
c9f4cbbd70 create a common test file 2010-11-30 08:21:10 +00:00
Vincent Hanquez
2f9563b2cd increase warning levels for stunnel 2010-11-30 08:19:38 +00:00
Vincent Hanquez
c09f90316f Improve stunnel example to behave more like a stunnel program. 
The client side is behaving like a real stunnel now, waiting local connection
and relaying it through the TLS connection and back to the local connection.

The server side is improved, however it doesn't properly relay it to the local
port on the server. For now it prints the message to stdout and reply a constant
to a client. it waits for EOF from the client before finishing.
 2010-11-30 08:12:49 +00:00
Vincent Hanquez
a2896bce31 add options to bind to unix socket or file descriptor 2010-11-28 11:50:55 +00:00
Vincent Hanquez
95c94749d2 use cmdargs in stunnel instead of GetArgs 
prepare options for the implementation of an actual stunnel program,
where data are relayed from encrypted to normal connection and vice versa.
 2010-11-28 11:37:36 +00:00
Vincent Hanquez
d787160713 rename connect in client module to initiate. 
add a deprecated pragma for connect and keep it for compatibility
 2010-11-28 10:30:05 +00:00
Vincent Hanquez
e48584cbbb bump version to 0.3.1 2010-11-07 10:21:57 +00:00
Vincent Hanquez
03a5a8c3c9 certificate need at least 0.3.2 and cereal 0.3. 2010-11-07 10:21:32 +00:00
Vincent Hanquez
d061b37730 remove RandomGen generator and provide a reseed functions to regenerate the RNG. 2010-11-07 10:19:12 +00:00
Vincent Hanquez
c25f1ae72d bump version to 0.3 2010-11-04 19:12:00 +00:00
Vincent Hanquez
a95dd8f45e Generalize key exchange and use in-house RSA. 
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
 2010-11-04 19:10:00 +00:00
Vincent Hanquez
65942b945f massive change on the RNG and add support for CryptoRandomGen 
use an inline AES counter system to generate random data.
 2010-11-04 19:05:36 +00:00
Vincent Hanquez
c8d3931c83 add cereal and depends on crypto-api 2010-11-04 19:02:04 +00:00
Vincent Hanquez
e5aebd8ad5 move back to mtl 2010-11-04 19:01:38 +00:00
Vincent Hanquez
863c09e0d4 put the throwError inside the runGet instead of outside. 
related to a monad either overlapping report.
 2010-11-03 23:06:04 +00:00
Vincent Hanquez
f4841baa80 add support for quickcheck 2.3 2010-11-03 23:04:03 +00:00
Vincent Hanquez
721f07ec0a align base between library and executable 2010-11-02 08:26:50 +00:00
Vincent Hanquez
6314709a84 put back the upper limit 2010-11-02 08:06:32 +00:00
Vincent Hanquez
0d342a68f7 use monads-fd instead of mtl 2010-10-24 12:02:45 +01:00
Vincent Hanquez
7a5139c5ce depends on cryptohash 0.6 and adapt to the new modules location. 2010-10-24 12:02:41 +01:00
Vincent Hanquez
3210758258 update cabal file and bump version to 0.2 2010-10-06 09:21:20 +01:00
Vincent Hanquez
a1469322e4 don't check padding content in SSL3 mode 2010-10-06 09:15:36 +01:00
Vincent Hanquez
f54be74cc4 properly encode RSA structure without extra length when doing SSL3 2010-10-06 09:11:57 +01:00
Vincent Hanquez
cfff801bd9 properly finish SSL3 digest computation. 
change the cipher structure to contain the hash algorithm
instead of the mac algorithm.
 2010-10-06 09:07:48 +01:00
Vincent Hanquez
1bbd893e95 use modify instead of get >>= put (and same for modifyTLS) 2010-10-05 18:48:32 +01:00
Vincent Hanquez
3c2ebe5c08 more generation of SSL block/finished values. 2010-10-05 18:48:28 +01:00
Vincent Hanquez
9c4a3a0223 use the AES rng as the TLSState rng, and generate random bytes on demand 
client/premaster/secret random bytes are now generated by the TLSstate rng
on demand, simplifying the use of basic routines (connect/listen) and the
renegociation process.

also the AES rng is a CPRNG, compared to system.random PRNG, which
might gives a better warmer fuzzy random feeling.
 2010-10-03 11:23:12 +01:00
Vincent Hanquez
6a9296727b improve the regeneration of client and server rng datas 2010-10-03 11:01:22 +01:00
Vincent Hanquez
10e7329bb5 requires certificate v0.3 2010-10-03 10:32:37 +01:00
Vincent Hanquez
9641ca7c83 add prototype to processServerInfo 2010-10-03 10:32:23 +01:00
Vincent Hanquez
c1a273f5d4 bump version to 0.1.4 2010-10-02 22:42:13 +01:00
Vincent Hanquez
383cf4c021 properly handle multiple packet fragments. 
as a bonus it cleans lots of differents part since the state machine
is inside receiving/sending code
 2010-10-02 22:41:00 +01:00