Vincent Hanquez
a223673eed
make HandshakeM an instance of Applicative.
2013-12-11 16:36:35 +08:00
Vincent Hanquez
2a09d51ba5
cleanup imports
2013-12-11 16:36:16 +08:00
Vincent Hanquez
64d2ba9cd7
add better methods for making DigitallySigned data structure and veryfying them
2013-12-11 16:34:45 +08:00
Vincent Hanquez
6d63cde8cb
change ServerDHParams to re-use the DH abstraction in Crypto.DH.
2013-12-11 16:01:55 +08:00
Vincent Hanquez
1e62ddd53f
properly account for difference of methods in key exchange.
...
still only RSA supported.
2013-12-11 16:01:07 +08:00
Vincent Hanquez
6fb2108b63
add SHA512 as defined hash
2013-12-11 15:55:58 +08:00
Vincent Hanquez
798a4b5787
move logging and hooks into a Hooks module
2013-12-11 15:55:24 +08:00
Vincent Hanquez
b234f1377f
automatically add Crypto.DH in Crypto.
2013-12-11 15:54:32 +08:00
Vincent Hanquez
0236445101
add some wrapper for DH operations.
2013-12-11 15:53:55 +08:00
Vincent Hanquez
c805734abd
use the new Crypto.Random instead of the compat Crypto.Random.API
2013-12-11 15:53:11 +08:00
Vincent Hanquez
96ae52e4cd
make clear what we're talking about in the header.
2013-12-11 15:50:35 +08:00
Vincent Hanquez
9ea497adf6
add a function to generate digitally signed structure for DHParams.
2013-12-07 17:51:57 +08:00
Vincent Hanquez
b43ef69988
rename ServerDHParams marshalling functions
2013-12-07 17:51:28 +08:00
Vincent Hanquez
f916fde296
add a test DHE cipher.
2013-12-07 15:10:53 +08:00
Vincent Hanquez
12c32816bc
add HashSHA1 for DSS signature for < TLS12.
2013-12-07 14:50:07 +08:00
Vincent Hanquez
d05c7a4be1
comment the reason of the existence of hashUpdateSSL.
2013-12-07 14:49:34 +08:00
Vincent Hanquez
50b56ff2cf
use the new digitallySigned structure for CertVerify.
2013-12-07 14:37:14 +08:00
Vincent Hanquez
f6b4ee34ac
abstract signature creation/verification
2013-12-07 14:25:58 +08:00
Vincent Hanquez
ad37d02523
cleanup CertificateVerify signature data generation
2013-12-07 13:10:17 +08:00
Vincent Hanquez
0a032bbc27
factor some code in client certificate verify message generation.
2013-12-07 12:44:45 +08:00
Vincent Hanquez
14fe8102c8
marshall signature as digitally-signed
2013-12-07 12:10:01 +08:00
Vincent Hanquez
99608782dc
misc: remove spaces
2013-12-07 12:09:36 +08:00
Vincent Hanquez
23f4377f31
add the DigitallySigned structure to the list.
...
the structure is compatible with older "digitally-signed" constructions
of tls 1.1 and older.
2013-12-07 12:09:13 +08:00
Vincent Hanquez
1ac0cc9485
add putSignatureHashAlgorithm
2013-12-07 12:07:21 +08:00
Vincent Hanquez
887c69b6e5
move getSignatureHashAlgorithm
2013-12-07 12:07:04 +08:00
Vincent Hanquez
7e3077d23c
rewrite SKX methods to use getInteger16 and applicative style.
2013-12-07 12:06:34 +08:00
Vincent Hanquez
a03b22024b
export getInteger16/putInteger16 to serialize Integer in opaque16.
2013-12-07 12:05:41 +08:00
Vincent Hanquez
dea7eb32cf
separate some helpers and add new one.
2013-12-07 12:04:53 +08:00
Vincent Hanquez
1b905f0377
don't unpack signature. use the bytestring representation.
2013-12-05 15:36:52 +08:00
Vincent Hanquez
9ce0da72ce
add a helper module for ASN1
2013-12-05 14:51:23 +08:00
Vincent Hanquez
c9fbe5d58f
extend tests to allow for version downgrading by server
2013-12-03 15:20:28 +08:00
Vincent Hanquez
ef92b6c96f
Fix version usage related to downgrading
...
* properly chose the highest version supported on the server, instead of
chosing the first that match.
* use the client version in the RSA client exchange instead of the negotiated version
* delay hashing mechanism to serverHello message so that choosing MD5SHA1 or SHA256
is done after the server chose the version.
2013-12-03 15:17:27 +08:00
Vincent Hanquez
c1e67f6015
add some comment about the expected values.
2013-11-29 18:45:05 +08:00
Vincent Hanquez
30fe1a8fb6
make the error message a bit more precise related to which side it happen.
2013-11-29 18:44:44 +08:00
Vincent Hanquez
245748f109
add a helper to check if a cipher is allowed to be used with some version
2013-11-29 17:01:40 +08:00
Vincent Hanquez
e5e96fb157
report a more useful error than undefined when trying to use HashSHA256 in SSL3 mode.
2013-11-29 17:00:09 +08:00
Vincent Hanquez
9883b8644f
move single exceptions into a one type to rule them all.
...
HandshakeFailed, ConnectionNotEstablished, and Terminated are now
a TLSException type. it should allow easier catching for users.
2013-11-27 15:31:45 +08:00
Vincent Hanquez
5ff812b3fa
provide a helper for catching exception without doing a catchall.
...
As a side effect, let AsyncException propagate
2013-11-27 15:08:22 +08:00
Vincent Hanquez
0870189689
add a contextNewWithSocket
2013-10-11 08:01:38 +01:00
Vincent Hanquez
e1d8e026f5
add -fwarn-tabs to tls.
2013-09-18 07:20:48 +01:00
Vincent Hanquez
5b13cfe38a
adapt tests to new crypto-random
2013-09-18 07:20:28 +01:00
Vincent Hanquez
982a484598
move to crypto-random
2013-09-01 07:42:43 +01:00
Vincent Hanquez
77abffceb3
add some reading and rw locks.
2013-09-01 07:36:08 +01:00
Vincent Hanquez
5836669878
remove unnecessary MonadIO parametrization
2013-08-01 07:52:42 +00:00
Vincent Hanquez
be34ed350e
remove unnecessary parametrization
2013-08-01 07:49:20 +00:00
Vincent Hanquez
bd0ad2169e
move handshake state out of state
2013-08-01 07:47:40 +00:00
Vincent Hanquez
896832d93d
separate state from handshake state
2013-08-01 07:43:48 +00:00
Vincent Hanquez
d69c9190b5
push down the context to key operation
2013-08-01 07:35:42 +00:00
Vincent Hanquez
64f60bb715
repair getSessionData and move to handshake layer
2013-08-01 07:32:27 +00:00
Vincent Hanquez
0b6e6ef0e3
move startHandshake in the handshake layer
2013-08-01 07:24:18 +00:00