Vincent Hanquez
a95dd8f45e
Generalize key exchange and use in-house RSA.
...
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
2010-11-04 19:10:00 +00:00
Vincent Hanquez
65942b945f
massive change on the RNG and add support for CryptoRandomGen
...
use an inline AES counter system to generate random data.
2010-11-04 19:05:36 +00:00
Vincent Hanquez
a1469322e4
don't check padding content in SSL3 mode
2010-10-06 09:15:36 +01:00
Vincent Hanquez
f54be74cc4
properly encode RSA structure without extra length when doing SSL3
2010-10-06 09:11:57 +01:00
Vincent Hanquez
383cf4c021
properly handle multiple packet fragments.
...
as a bonus it cleans lots of differents part since the state machine
is inside receiving/sending code
2010-10-02 22:41:00 +01:00
Vincent Hanquez
e189f37a67
new state machine
2010-10-02 22:02:37 +01:00
Vincent Hanquez
5a6ff3abe8
take in account that we can receive multiple handshakes in the same tls fragment.
2010-10-02 10:58:41 +01:00
Vincent Hanquez
d188a180cc
refactorize receiving packet thing
2010-10-02 09:09:46 +01:00
Vincent Hanquez
f033a0d973
reorganize the way we decrypt data to be nicer.
...
as a bonus, finally check if padding is valid.
2010-09-26 20:56:51 +01:00
Vincent Hanquez
cd2f8f8ee2
get a util file for some bytestring stuff
2010-09-26 18:51:23 +01:00
Vincent Hanquez
f37b2e3bce
support TLS1.1 explicit block IV
...
despite the fact that it works, it's missing a step at key block set time,
so that we don't use the computed IV, but use a random generated one seeded by
the computed IV.
2010-09-26 14:57:35 +01:00
Vincent Hanquez
b71ea6729c
remove few more unpacking/packing
2010-09-26 10:37:20 +01:00
Vincent Hanquez
8f91009884
use strict bytestring instead of lazy bytestring.
...
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
2010-09-26 10:34:47 +01:00
Vincent Hanquez
2fe1d7e99a
use <$> instead of fmap
2010-09-19 10:49:42 +01:00
Vincent Hanquez
b289546721
gives all certificate to processCertificate, so that we can check the chain later.
2010-09-18 11:00:07 +01:00
Vincent Hanquez
f4f4968a82
change clientkeyxchg data to be a specific type
2010-09-13 21:10:25 +01:00
Vincent Hanquez
0b5a0dc548
initial import
2010-09-09 22:47:19 +01:00