Martin Grabmueller
7182653638
Harmonize code for pre-1.2 and 1.2 versions.
2012-07-26 23:06:08 +02:00
Martin Grabmueller
9aa9675d0c
Use correct version number, simplify code.
2012-07-26 22:46:59 +02:00
Martin Grabmueller
c772ee22d5
Start client certificate support for TLS1.2.
...
Add some checks for matching cert types, sig/hash algorithms, etc.
Remove some obsolete FIXMEs and comments.
2012-07-18 22:19:11 +02:00
Martin Grabmueller
c799b18c4c
Fix encoding of CertRequest, so that encoding and decoding are inverses.
2012-07-17 17:33:11 +02:00
Martin Grabmueller
039c7d254e
Separate finish from certificate verify digests. Will make it easier to support TLS1.2.
2012-07-16 16:19:48 +02:00
Martin Grabmueller
f08eb43055
Add comments and FIXMEs.
2012-07-14 16:49:46 +02:00
Martin Grabmueller
ef90cda757
Ensure that the same handshake packets are included
...
in the handshake digest for sending and receiving.
2012-07-13 21:23:01 +02:00
Martin Grabmueller
797f7822e4
Extend state to hold client private/public keys and add
...
functions for signing and verifying with these keys.
2012-07-13 21:08:23 +02:00
Vincent Hanquez
9da6b9c8c8
expand tabs.
2012-03-27 08:57:51 +01:00
Vincent Hanquez
6f02bb8548
generate key block when setting the master secret.
2011-12-20 07:41:15 +00:00
Vincent Hanquez
e1fea031af
consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer.
2011-12-01 08:41:01 +00:00
Vincent Hanquez
2b4db87a7e
cleanup the record layer properly from other layer on top.
...
simplify and make the code much more straighforward.
2011-11-30 21:51:22 +00:00
Vincent Hanquez
2a685b2601
remove the state machine is favor of a straightforward pattern matching state machine.
...
simplify code massively and make it easy to support other packet flow later.
2011-11-29 08:59:41 +00:00
Vincent Hanquez
b72c6328b0
remove the keyblocksize that is redundant and easily calculated from other fields.
2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b
rename bulk functions to be prefixed by bulk not cipher
2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa
set some size to int instead of pointlessly using word8/word16
2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3
introduce a bulk object to separate the cipher object creation by chunks
...
limit code movement by reusing the same name
2011-08-13 11:06:23 +01:00
Vincent Hanquez
3c02e9acfc
Create a record type to help type safety
2011-08-12 18:41:49 +01:00
Vincent Hanquez
02f77a1225
set server and client parameter directly in core, not in the sending processing layer.
2011-06-12 21:42:55 +01:00
Vincent Hanquez
5207a41a57
reflect the fact in types that the record layer record returns list of same header type.
2011-06-10 21:24:46 +01:00
Vincent Hanquez
d3de5de4cd
add way to store verified data and to activate/deactivate the feature
2011-06-07 07:41:31 +01:00
Vincent Hanquez
6eef56c60f
[SECURITY] fix TLS1.1 block cipher IV usage.
...
In TLS1.1 and above, the IV is explicitely carried to the other side and
is generated from random. It doesn't come from the CBC residue.
2011-05-13 08:10:13 +01:00
Vincent Hanquez
a7aaa3eee7
Remove the hardcoded srandomgen in favor of any cryptorandomgen instance.
...
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
2011-04-11 19:56:43 +01:00
Vincent Hanquez
43a2ae9dae
remove language extensions not needed anymore
2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c
simplify state manipulation
...
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
693891ad0c
add a dedicated fromJust
...
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.
at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
2011-02-20 08:37:19 +00:00
Vincent Hanquez
a78162e298
add support for ciphers without encryption.
2011-01-05 09:24:58 +00:00
Vincent Hanquez
a95dd8f45e
Generalize key exchange and use in-house RSA.
...
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
2010-11-04 19:10:00 +00:00
Vincent Hanquez
f54be74cc4
properly encode RSA structure without extra length when doing SSL3
2010-10-06 09:11:57 +01:00
Vincent Hanquez
e189f37a67
new state machine
2010-10-02 22:02:37 +01:00
Vincent Hanquez
cd2f8f8ee2
get a util file for some bytestring stuff
2010-09-26 18:51:23 +01:00
Vincent Hanquez
f37b2e3bce
support TLS1.1 explicit block IV
...
despite the fact that it works, it's missing a step at key block set time,
so that we don't use the computed IV, but use a random generated one seeded by
the computed IV.
2010-09-26 14:57:35 +01:00
Vincent Hanquez
b71ea6729c
remove few more unpacking/packing
2010-09-26 10:37:20 +01:00
Vincent Hanquez
8f91009884
use strict bytestring instead of lazy bytestring.
...
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
2010-09-26 10:34:47 +01:00
Vincent Hanquez
abf299db36
don't try to send an empty string when there's no rsa key to encrypt with.
2010-09-18 11:00:30 +01:00
Vincent Hanquez
0b5a0dc548
initial import
2010-09-09 22:47:19 +01:00