yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
406 commits 1 branch 11 tags 1.7 MiB
Commit graph

70 commits

Author SHA1 Message Date
Martin Grabmueller
9e710b5e88 Accept empty client certificate list. Will error on verification. 2012-07-13 22:29:36 +02:00
Martin Grabmueller
e617a1bbec Store public key from client certificate in server mode. 2012-07-13 21:33:45 +02:00
Martin Grabmueller
797f7822e4 Extend state to hold client private/public keys and add 
functions for signing and verifying with these keys.
 2012-07-13 21:08:23 +02:00
Vincent Hanquez
b57ef66d28 move extension decoding and encoding in a separate file. 2012-05-14 06:39:20 +01:00
Vincent Hanquez
5844120e4c rename NextProtocolNegotiation as HsNextProtocolNegotiation 2012-05-14 06:35:55 +01:00
Vincent Hanquez
9b32e6d5f4 [SECURITY] use constant equality testing to prevent timing determination of the expected value. 
it doesn't seems to be in an usable context though.
 2012-05-14 06:32:14 +01:00
Vincent Hanquez
9da6b9c8c8 expand tabs. 2012-03-27 08:57:51 +01:00
Vincent Hanquez
e9a97bedb1 Merge branch 'npn' into next 
Conflicts:
	Network/TLS/Core.hs
 2012-03-15 08:59:04 +00:00
Joey Adams
3d0071d952 Fix spelling of negotiate/negotiation in documentation 2012-03-10 16:04:44 -05:00
Lennart Kolmodin
1bd53d9790 Spell 'negotiation' as in the spec. 2012-02-13 22:54:04 +04:00
Lennart Kolmodin
ab2a28ada6 Use callback instead of static state for supported NPN protocols. 
onSuggestNextProtocols in TLSParams.
Expose getNegotiatedProtocol to users.
Fix condition for when to understand NPN messages.
 2012-02-12 22:59:19 +04:00
Lennart Kolmodin
e3e7e3c02a Partial, but working, implementation of serverside NPN. 2012-02-08 13:20:28 +04:00
Vincent Hanquez
c17aa30599 prepare source for NPN. 2012-02-07 21:24:30 +00:00
Vincent Hanquez
f3e5603bc8 trivial code movement for decryptRSA 2011-12-20 07:51:12 +00:00
Vincent Hanquez
98427b4fae switch client to process Server hello explicitely. 
also switch everything properly when receiving a server hello with session.
 2011-12-20 07:51:07 +00:00
Vincent Hanquez
6f02bb8548 generate key block when setting the master secret. 2011-12-20 07:41:15 +00:00
Vincent Hanquez
34b186b852 differentiate set master secret from a premaster secret or an already existing master secret 2011-12-20 07:30:19 +00:00
Vincent Hanquez
726d301e6f fix TLS key exchange with version >= 1.0. 2011-12-05 20:10:28 +00:00
Vincent Hanquez
a16bdbba86 remove old readPacket. 2011-12-01 08:42:59 +00:00
Vincent Hanquez
adf45a537d handle digest update after processing the packet 2011-12-01 08:42:43 +00:00
Vincent Hanquez
e1fea031af consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer. 2011-12-01 08:41:01 +00:00
Vincent Hanquez
d6a198dad5 split recvRecord out of recvPacket. 2011-11-30 22:01:31 +00:00
Vincent Hanquez
2b4db87a7e cleanup the record layer properly from other layer on top. 
simplify and make the code much more straighforward.
 2011-11-30 21:51:22 +00:00
Vincent Hanquez
2a685b2601 remove the state machine is favor of a straightforward pattern matching state machine. 
simplify code massively and make it easy to support other packet flow later.
 2011-11-29 08:59:41 +00:00
Vincent Hanquez
9a0b4e0bd7 update to new cryptocipher and new certificate. 2011-10-31 22:10:32 +00:00
Vincent Hanquez
09e32f10c7 use strict time constant version of and and bytestring == during Reception. 2011-10-02 22:15:42 +01:00
Vincent Hanquez
a3b7419f8b Define hash structure to save some repetition 2011-08-13 12:30:36 +01:00
Vincent Hanquez
b72c6328b0 remove the keyblocksize that is redundant and easily calculated from other fields. 2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b rename bulk functions to be prefixed by bulk not cipher 2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa set some size to int instead of pointlessly using word8/word16 2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3 introduce a bulk object to separate the cipher object creation by chunks 
limit code movement by reusing the same name
 2011-08-13 11:06:23 +01:00
Vincent Hanquez
3c02e9acfc Create a record type to help type safety 2011-08-12 18:41:49 +01:00
Vincent Hanquez
c27fc6187d properly encode/decode secure renegotiation extension 2011-06-13 08:33:14 +01:00
Vincent Hanquez
5207a41a57 reflect the fact in types that the record layer record returns list of same header type. 2011-06-10 21:24:46 +01:00
Vincent Hanquez
8329187394 fill the server hello in the server and check the return value in the client. 2011-06-07 08:28:02 +01:00
Vincent Hanquez
96e6979ed4 misc change and start to trickle through the support for secure renegotiation 2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd add way to store verified data and to activate/deactivate the feature 2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb use bytes directly instead of pointlessly unpacking it for extensions and finishedData 2011-06-06 08:16:24 +01:00
Vincent Hanquez
f74626e065 throw proper error if we receive an unexpected transition. 2011-05-13 21:40:11 +01:00
Vincent Hanquez
0582234934 cleanup for not having to use fromJust 2011-05-12 09:13:53 +01:00
Vincent Hanquez
9db7ccbfca throw proper error for bad record mac 2011-05-12 09:13:53 +01:00
Vincent Hanquez
a435a9add1 remove unnecessary import 2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b add a structure to parametrize decoding encoding related to version, key exchange type, ... 2011-05-12 09:13:53 +01:00
Vincent Hanquez
969a62b79a bump certificate version to 0.8.1 2011-05-09 09:15:36 +01:00
Vincent Hanquez
7cce3fca0c use functor's <$> instead of a return construct 2011-04-24 13:39:52 +01:00
Vincent Hanquez
a1524bf673 refactor processclientkeyxchg 2011-04-24 11:34:11 +01:00
Vincent Hanquez
a7aaa3eee7 Remove the hardcoded srandomgen in favor of any cryptorandomgen instance. 
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
 2011-04-11 19:56:43 +01:00
Vincent Hanquez
43a2ae9dae remove language extensions not needed anymore 2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c simplify state manipulation 
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
 2011-03-01 20:01:40 +00:00
Vincent Hanquez
d592c7aad7 update for latest certificate 0.7 2011-02-20 17:43:10 +00:00