Vincent Hanquez
77efb1076a
remove commented code
2011-08-14 10:27:15 +01:00
Vincent Hanquez
a3b7419f8b
Define hash structure to save some repetition
2011-08-13 12:30:36 +01:00
Vincent Hanquez
48165081a1
add Bulk to the list of exposed structure
2011-08-13 12:06:54 +01:00
Vincent Hanquez
b72c6328b0
remove the keyblocksize that is redundant and easily calculated from other fields.
2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b
rename bulk functions to be prefixed by bulk not cipher
2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa
set some size to int instead of pointlessly using word8/word16
2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3
introduce a bulk object to separate the cipher object creation by chunks
...
limit code movement by reusing the same name
2011-08-13 11:06:23 +01:00
Vincent Hanquez
b6a1b3ed14
misc cleanup
2011-08-13 07:56:17 +01:00
Vincent Hanquez
e4a4d99528
add some TLS12 prf related defs
2011-08-12 21:57:30 +01:00
Vincent Hanquez
58e758a1ab
misc cleanup
2011-08-12 20:59:14 +01:00
Vincent Hanquez
3c02e9acfc
Create a record type to help type safety
2011-08-12 18:41:49 +01:00
Vincent Hanquez
06baeecea7
remove space.
2011-08-12 18:33:43 +01:00
Vincent Hanquez
84ace35a7e
add an helper to use the compression context easily
2011-08-12 18:33:28 +01:00
Vincent Hanquez
d4ca9e0d9d
export Cipher constructor.
2011-08-12 18:32:18 +01:00
Vincent Hanquez
abc571223a
Change compression API to work properly.
...
- distinguish compression from decompression
- add a context
- move from a record structure to typeclass + wrapping data for hiding the existential quantification.
2011-08-12 18:31:58 +01:00
Vincent Hanquez
b34af4195f
fix compilation error
2011-08-07 10:03:34 +01:00
Vincent Hanquez
9591a395a9
use functor <$> instead of maybe
2011-07-07 22:21:23 +01:00
Vincent Hanquez
28e04f8849
Use the encode function to encode the secure renegotiation extension.
...
fix a bug on the client side when secure renegotiation is enabled on client and server.
2011-06-19 21:23:01 +01:00
Vincent Hanquez
c27fc6187d
properly encode/decode secure renegotiation extension
2011-06-13 08:33:14 +01:00
Vincent Hanquez
d2e6235410
throw proper error with partial packets and EOF
2011-06-13 08:19:29 +01:00
Vincent Hanquez
1b8474d388
create a sendClientKeyXchg
2011-06-12 21:55:22 +01:00
Vincent Hanquez
02f77a1225
set server and client parameter directly in core, not in the sending processing layer.
2011-06-12 21:42:55 +01:00
Vincent Hanquez
2d33ea3fad
separate the IO operation from the decoding.
2011-06-12 21:40:02 +01:00
Vincent Hanquez
69a40eb656
use throwCore instead of error
2011-06-12 21:39:34 +01:00
Vincent Hanquez
30d52f0398
fix comment
2011-06-12 21:39:17 +01:00
Vincent Hanquez
6945147122
add label to serialize get operations
2011-06-12 21:38:42 +01:00
Vincent Hanquez
1358a2ef56
throw error if recvPacket errors instead of ignoring it.
2011-06-12 21:38:18 +01:00
Vincent Hanquez
5207a41a57
reflect the fact in types that the record layer record returns list of same header type.
2011-06-10 21:24:46 +01:00
Vincent Hanquez
f56f5d6e41
add more handling of server key xchg and dh_anon
2011-06-07 08:59:20 +01:00
Vincent Hanquez
8329187394
fill the server hello in the server and check the return value in the client.
2011-06-07 08:28:02 +01:00
Vincent Hanquez
96e6979ed4
misc change and start to trickle through the support for secure renegotiation
2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd
add way to store verified data and to activate/deactivate the feature
2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
2011-06-06 08:16:24 +01:00
Vincent Hanquez
cead67c558
add secure renegociation flag in state
2011-06-06 08:03:18 +01:00
Vincent Hanquez
03c07ce173
hello extensions can be present since SSL3
2011-06-06 07:56:10 +01:00
Vincent Hanquez
a2059de7c0
simplify decoding by just getting the remaining content
2011-06-06 07:55:09 +01:00
Vincent Hanquez
0710d44f3d
code alignment
2011-06-06 07:54:40 +01:00
Vincent Hanquez
f74626e065
throw proper error if we receive an unexpected transition.
2011-05-13 21:40:11 +01:00
Vincent Hanquez
9cd0ed0515
handle exception in handshake and report to the user if the handshake has been successful or not.
2011-05-13 08:39:15 +01:00
Vincent Hanquez
6eef56c60f
[SECURITY] fix TLS1.1 block cipher IV usage.
...
In TLS1.1 and above, the IV is explicitely carried to the other side and
is generated from random. It doesn't come from the CBC residue.
2011-05-13 08:10:13 +01:00
Vincent Hanquez
432639688f
properly handle the mvar to put the st back if an exception happens.
2011-05-13 07:12:54 +01:00
Vincent Hanquez
8434cb24e2
use proper protocol error in the server during clienthello
2011-05-13 07:08:27 +01:00
Vincent Hanquez
f7ed7f541a
throw a proper protocol error in case the version is not supported
2011-05-13 07:03:16 +01:00
Vincent Hanquez
f140e1c579
change onRecvCertificate callback to be able to track the reason of rejection, and returns the proper alert to the other side.
2011-05-13 07:02:44 +01:00
Vincent Hanquez
f1222ece5d
add placeholder code to handle alerts during recvData.
2011-05-12 09:13:53 +01:00
Vincent Hanquez
fa384d87c7
raise a proper HandshakeFailure if no cipher works
2011-05-12 09:13:53 +01:00
Vincent Hanquez
3b76a3ed7c
raise a ProtocolVersion error if version negociated is SSL2
2011-05-12 09:13:53 +01:00
Vincent Hanquez
eac638bc27
if we received a packet too big, raise a RecordOverflow error
2011-05-12 09:13:53 +01:00
Vincent Hanquez
f569440782
add throw IO ability to core
2011-05-12 09:13:53 +01:00
Vincent Hanquez
0582234934
cleanup for not having to use fromJust
2011-05-12 09:13:53 +01:00
Vincent Hanquez
9db7ccbfca
throw proper error for bad record mac
2011-05-12 09:13:53 +01:00
Vincent Hanquez
a435a9add1
remove unnecessary import
2011-05-12 09:13:53 +01:00
Vincent Hanquez
bdba471ebe
define a more generic protocol error, and remove the digest error
2011-05-12 09:13:53 +01:00
Vincent Hanquez
e4f40cf55e
comment
2011-05-12 09:13:53 +01:00
Vincent Hanquez
277e39b931
define TLSError as Exception material
2011-05-12 09:13:53 +01:00
Vincent Hanquez
8ee6f728bd
add signature
2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b
add a structure to parametrize decoding encoding related to version, key exchange type, ...
2011-05-12 09:13:53 +01:00
Vincent Hanquez
4b5812529b
derive Show and Eq from CipherKeyExchangeType
2011-05-12 09:13:53 +01:00
Vincent Hanquez
1e294bbbff
rename cipherkeyexchange types
2011-05-12 09:13:49 +01:00
Vincent Hanquez
c111389b30
capitalize DH
2011-05-11 07:34:15 +01:00
Vincent Hanquez
969a62b79a
bump certificate version to 0.8.1
2011-05-09 09:15:36 +01:00
Vincent Hanquez
7f6f511839
Add a way to show packet sent and received at the protocol level. very useful for debugging.
2011-05-04 08:41:16 +01:00
Vincent Hanquez
69d3604a64
do not call new variable state. it's already defined by the state module.
2011-04-24 13:43:57 +01:00
Vincent Hanquez
ad226f7fb9
usless import in wire module
2011-04-24 13:43:27 +01:00
Vincent Hanquez
4a84e9415f
comment fixup
2011-04-24 13:43:18 +01:00
Vincent Hanquez
d983d4ebc8
remove now useless extension
2011-04-24 13:43:08 +01:00
Vincent Hanquez
7cce3fca0c
use functor's <$> instead of a return construct
2011-04-24 13:39:52 +01:00
Vincent Hanquez
a1524bf673
refactor processclientkeyxchg
2011-04-24 11:34:11 +01:00
Vincent Hanquez
9f3714dd1c
simplify parsing of packets
...
- use fail instead of throwerror, since cereal do not raise but return an either.
- remove the get monad definition
- add some helper
- remove dependency on binary and use cereal exclusively.
2011-04-24 09:44:18 +01:00
Vincent Hanquez
b472d891c4
set the error instance of TLSError with the definition of TLSError. prevent orphan instance
2011-04-24 09:32:49 +01:00
Vincent Hanquez
a7aaa3eee7
Remove the hardcoded srandomgen in favor of any cryptorandomgen instance.
...
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
2011-04-11 19:56:43 +01:00
Vincent Hanquez
55b7490102
a packet can contain multiple appdata, process it as such.
2011-03-23 21:48:58 +00:00
Vincent Hanquez
74633cd68f
add internal module as backdoor for hidden function/definition.
...
also export core sendPacket/recvPacket
2011-03-19 21:45:43 +00:00
Vincent Hanquez
476b0a8f82
remove commented description of ciphers
2011-03-19 21:42:59 +00:00
Vincent Hanquez
a4b4d54821
move default ciphers to tls-extra
2011-03-19 09:22:12 +00:00
Vincent Hanquez
da6e72ba7e
correct comment
2011-03-19 08:37:47 +00:00
Vincent Hanquez
9d6f8e3fa6
add a single TLS module to rules them all.
2011-03-02 08:43:14 +00:00
Vincent Hanquez
5ab032b3c9
add more haddock related stuff
2011-03-02 08:43:05 +00:00
Vincent Hanquez
14f635cf3e
Fix documentation and cleanup remaining bits
2011-03-02 07:56:37 +00:00
Vincent Hanquez
a8d1e05179
fold remaining bit of client/server in core. cleanup
2011-03-02 07:41:59 +00:00
Vincent Hanquez
7237bec83e
fold handshake stuff from server to core.
2011-03-02 07:35:25 +00:00
Vincent Hanquez
fc598287ad
remove fromJust
2011-03-01 23:18:09 +00:00
Vincent Hanquez
73979e9db4
move initiate into handshake in core.
2011-03-01 23:09:17 +00:00
Vincent Hanquez
9083c53453
style change and use modify instead of get/put
2011-03-01 20:01:40 +00:00
Vincent Hanquez
c1a20efe74
move sendData to core
2011-03-01 20:01:40 +00:00
Vincent Hanquez
43a2ae9dae
remove language extensions not needed anymore
2011-03-01 20:01:40 +00:00
Vincent Hanquez
353783abdf
put server/client in core
2011-03-01 20:01:40 +00:00
Vincent Hanquez
f4cc8999db
move 'close' api to core and rename to 'bye' to avoid a meaning conflict with unix close.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
f260c5b9cf
modify client API to be like the server API.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
5481816e0e
remove old import
2011-03-01 20:01:40 +00:00
Vincent Hanquez
5e8d2fa776
move server to the new split API and have the server function in a monadIO monad.
...
the state mvar is for now mostly useless, although completly harmeless; it will
be useful to be able to use the ctx in a threaded context.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
c997045372
remove old code
2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c
simplify state manipulation
...
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
9586b05395
unify clientparams and serverparams
2011-03-01 20:01:40 +00:00
Vincent Hanquez
fc420e13f8
add nullCompression and an instance of show for compression data.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
d592c7aad7
update for latest certificate 0.7
2011-02-20 17:43:10 +00:00
Vincent Hanquez
c6154ae126
fix a bug with SSL3 during the creation of crypt state.
...
The test for partition was too strict, and the SSL3 generator
is quite likely to generate more data whereas the TLS generator
generate the correct amount every time.
now bigger bytestring than necessary are now valid as well.
2011-02-20 08:49:23 +00:00
Vincent Hanquez
693891ad0c
add a dedicated fromJust
...
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.
at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
2011-02-20 08:37:19 +00:00
Vincent Hanquez
22ea02ffe4
move to certificate >= 0.6
2011-02-20 08:35:14 +00:00
Vincent Hanquez
a3ea15886f
use AES in cryptocipher 0.2.5
2011-02-20 08:13:53 +00:00