yogsototh/hs-tls
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
881 commits 1 branch 11 tags 1.7 MiB
Commit graph

166 commits

Author SHA1 Message Date
Vincent Hanquez
a9e6d6c0bf add comment, and reindent recvRecord 2013-07-28 07:41:20 +01:00
Vincent Hanquez
07c5d41fd8 add a TLSSt wrapper for RNG operations 2013-07-28 07:32:44 +01:00
Vincent Hanquez
c252ed8f49 cleanup record layer 2013-07-27 08:32:27 +01:00
Vincent Hanquez
e2d5170af7 Separate tx/rx state from a single RecordState 
unroll a reader/state/error monad into a single simple monad,
and move back version and client context in state.
 2013-07-25 21:53:32 +01:00
Vincent Hanquez
e3b3483560 move random gen back into state 2013-07-24 17:35:57 +01:00
Vincent Hanquez
4a9389c5c2 remove the need to pass the RNG in record engage. 2013-07-24 07:19:13 +00:00
Vincent Hanquez
bcc53155f1 create pure function with explicit parameter for computeDigest 2013-07-24 06:41:31 +00:00
Vincent Hanquez
4a337378d8 remove commented import 2013-07-24 06:40:08 +00:00
Vincent Hanquez
f59804f459 move processServerHello in Handshake 2013-07-24 05:50:56 +00:00
Vincent Hanquez
f9ae636351 move getHandshakeDigest in HandshakeM 2013-07-23 07:39:52 +00:00
Vincent Hanquez
37ef6af6e8 use more Role type instead of Bool 2013-07-23 07:14:48 +00:00
Vincent Hanquez
acc670e30e more cleanup / separation with handshake state. 2013-07-23 07:30:13 +00:00
Vincent Hanquez
1b530dc5f4 remove getMasterSecret accessor 2013-07-23 05:51:44 +00:00
Vincent Hanquez
0728bd86d8 move setMasterSecret and setKeyBlock to the handshake layer. 2013-07-23 05:36:42 +00:00
Vincent Hanquez
0e11f63033 move pending cipher and compression in the handshake state 
adjust code to cope
 2013-07-22 07:35:53 +00:00
Vincent Hanquez
7489fdbbec explicitly pass role and version to setMasterSecret and derivative 2013-07-22 07:54:35 +01:00
Vincent Hanquez
5ca744a8bf move to a proper role type for client|server 2013-07-21 10:16:01 +01:00
Vincent Hanquez
dd30cc05b0 remove commented code. 2013-07-21 09:35:44 +01:00
Vincent Hanquez
219599f392 update doc and comments, and reorganize slightly code 2013-07-21 06:54:12 +01:00
Vincent Hanquez
ab79b29b22 inline postprocessRecord 2013-07-20 16:09:16 +01:00
Vincent Hanquez
323e51c04e remove preprocessPacket and inline the content when the content is Handshakes 2013-07-20 16:07:07 +01:00
Vincent Hanquez
199de057c3 separate more handshake state from other state. 
reorganize pending state in record state.
 2013-07-20 08:21:52 +01:00
Vincent Hanquez
7ecc341af6 move more stuff in the HandshakeM 2013-07-20 07:18:16 +01:00
Vincent Hanquez
849f87c8ea move some handshake function to HandshakeM 2013-07-19 07:47:54 +01:00
Vincent Hanquez
fc693ee99f add accessor from context and state to HandshakeM 2013-07-19 07:47:33 +01:00
Vincent Hanquez
065cc4b43d remove Error monad in handshake state. 2013-07-19 07:46:09 +01:00
Vincent Hanquez
f2203d55df remove alias TLSHandshakeState 2013-07-19 07:05:37 +01:00
Vincent Hanquez
590cd35e4e add signatures 2013-07-19 07:05:31 +01:00
Vincent Hanquez
660f15f616 better separate tx/rx into transmission state objects 2013-07-19 06:45:02 +01:00
Vincent Hanquez
c498b95512 reorder fields 2013-07-18 07:53:57 +01:00
Vincent Hanquez
c5d10c527c re-align fields in handshake state stuff 2013-07-18 07:34:05 +01:00
Vincent Hanquez
f231253d6f rename CryptState and MACState 2013-07-18 07:32:08 +01:00
Vincent Hanquez
8f83319fae separate handshake state from state. 2013-07-18 07:19:05 +01:00
Vincent Hanquez
8f99c325fb separate tx/rx compression and pending compression. 
Fix issue with compression being turn on for tx and rx at the same time,
and also at too early at the hello message instead of change cipher.
 2013-07-18 07:18:38 +01:00
Vincent Hanquez
78535ff8c3 set MacState as a newtype 2013-07-13 09:11:03 +01:00
Vincent Hanquez
4f66742d8b more too much flexibility 2013-07-13 08:37:37 +01:00
Vincent Hanquez
4e86ffee28 split record state from state. 2013-07-13 08:03:25 +01:00
Vincent Hanquez
62a1b29fbe remove old commented code 2013-07-12 07:45:16 +01:00
Vincent Hanquez
fb8629a807 re-indent 2013-07-12 07:27:28 +01:00
Vincent Hanquez
67f01872dd re-indent 2013-07-12 06:54:47 +01:00
Vincent Hanquez
5d69715a50 correct mismerge 2013-07-11 10:27:24 +01:00
Vincent Hanquez
df524de618 add some locks. unused for now 2013-07-11 09:06:10 +01:00
Vincent Hanquez
c132b4cb8b first stab at separating record state from other state. 2013-07-11 09:03:33 +01:00
Vincent Hanquez
b025e616e4 re-indent record layer 2013-07-10 08:48:49 +00:00
Vincent Hanquez
6d4b167864 re-indent 2013-07-10 08:04:47 +01:00
Vincent Hanquez
290d98d95b re-indent 2013-07-10 07:37:52 +01:00
Vincent Hanquez
02c445a102 re-indent 2013-07-10 07:20:58 +01:00
Vincent Hanquez
7269382b48 re-indent 2013-07-10 07:14:22 +01:00
Vincent Hanquez
e6d2a1d7f1 re-indent 2013-07-10 07:13:10 +01:00
Vincent Hanquez
37eb3dab6e export the function to set the hook. 2013-07-10 07:10:01 +01:00
Vincent Hanquez
b21d4af85c add hook for received handshake message 2013-07-09 09:13:17 +01:00
Vincent Hanquez
1d6946e12e re-indent 2013-07-09 07:30:29 +01:00
Vincent Hanquez
3c61512c0c re-indent 2013-07-09 07:19:16 +01:00
Vincent Hanquez
939b9c5a95 re-indent. 2013-07-09 07:15:54 +01:00
Vincent Hanquez
ec93924cab re-indent where properly 2013-06-27 08:06:01 +01:00
Vincent Hanquez
0b170e624d proper separation of NPN callback in server and client params. 
need further cleanup for client/server role separation instead of
the getClientParams and getServerParams.

fix #34.
 2013-06-03 08:37:56 +01:00
Vincent Hanquez
3288ed97b4 add a better description for onCipherChoosing. 2013-06-03 08:36:54 +01:00
Vincent Hanquez
86df11a16a Merge https://github.com/knrafto/hs-tls into x509 
Conflicts:
	core/Network/TLS/Context.hs
 2013-06-03 08:12:10 +01:00
Kyle Raftogianis
347ebdaaf1 Rename nullSessionManager to noSessionManager 2013-06-01 23:52:38 -07:00
Vincent Hanquez
8468556fe8 use x509 public key and private key instead of defining our own in tls. 2013-05-30 07:21:25 +01:00
Vincent Hanquez
b1478dd618 some exporting deprecated aliases. 2013-05-26 08:02:20 +01:00
Vincent Hanquez
02b2f01515 move certificate stuff in x509 module. 2013-05-26 08:02:06 +01:00
Vincent Hanquez
59d61067b0 add X509 file. 2013-05-26 07:19:59 +01:00
Vincent Hanquez
fc9c6a407d update for x509 2013-05-19 08:05:46 +01:00
Kyle Raftogianis
2c9fa01197 Replace existential session manager with concrete data type 2013-05-14 22:42:09 -07:00
Vincent Hanquez
83c1e247e6 add extra check for minimum size and being a blocksize multiple for block ciphers. 2013-02-09 16:57:22 +00:00
Vincent Hanquez
66cf59c054 remove BulkNoneF which only duplicate case for no reason. 2013-02-09 16:56:47 +00:00
Vincent Hanquez
339d2ca33a reorganize the disengage decryptData function for further change. 2013-02-09 08:10:13 +00:00
Vincent Hanquez
5afd866070 add SNI extension if it has been specified in the ClientUseServerName 2013-01-27 16:09:08 +00:00
Vincent Hanquez
510dcdd752 fix encoding of ServerName extension. 2013-01-27 16:08:39 +00:00
Vincent Hanquez
8c9bff15e3 remove old definition 2013-01-04 09:01:12 +00:00
Vincent Hanquez
5a4b194848 bump version to crypto-random-api 0.2 2013-01-04 08:38:11 +00:00
Vincent Hanquez
0f0471a0d5 in a nice closing alert, we try to reply as well before closing connections 2012-12-31 15:55:22 +00:00
Vincent Hanquez
a2355f33ee handle early termination and bad remote side more effectively. 
mark the session has invalid and also try to
reply to the other side that we're closing the connection.

Finally a new terminated exception is raised to userspace to notify
the failure.
 2012-12-31 15:49:34 +00:00
Vincent Hanquez
fd922e90d3 define a new Terminated exception 2012-12-31 15:48:04 +00:00
Vincent Hanquez
6f5804bb2d typo 2012-12-31 14:43:15 +00:00
Vincent Hanquez
17c5de82b3 spring cleanup errors that are not used anymore 2012-12-31 14:42:41 +00:00
Vincent Hanquez
02a50fc142 reorganize the recvData function to be nicer. 2012-12-31 14:08:51 +00:00
Vincent Hanquez
7c6815b738 only send packet if we are in the client context. 2012-12-31 13:37:33 +00:00
Vincent Hanquez
ea06a793b7 add SHA1 and remove unneeded import 2012-12-31 13:37:19 +00:00
Vincent Hanquez
f80f2e5dec re-indent 2012-12-31 13:37:03 +00:00
Vincent Hanquez
a14b37d528 use new crypto-pubkey 2012-12-30 15:31:13 +00:00
Vincent Hanquez
141e6fc491 use the {decrypt,sign}Safer alternative. 2012-12-05 08:22:47 +00:00
Vincent Hanquez
68e45d829f use a CPRG when signing with RSA. 2012-12-05 08:19:40 +00:00
Vincent Hanquez
bd2883683b use a CPRG when using decrypt RSA. 2012-12-05 08:16:32 +00:00
Vincent Hanquez
cedd5b2c86 switch to CPRG instead of CryptoRandomGen 2012-12-05 07:48:11 +00:00
Vincent Hanquez
cfa2c2e1dc Merge branch 'SSLv2Hello' 2012-12-04 08:33:02 +00:00
Vincent Hanquez
1e690cf8fb add a SSLv2 compat flag to enable reception of compat Client Hello only 
for the first packet received in a server context.

The client side never try to use the compat code.
 2012-12-04 08:31:22 +00:00
Vincent Hanquez
c048a97d1b Add a flag to recvRecord to enable SSLv2 compat reception. 2012-12-03 18:56:14 +00:00
Vincent Hanquez
b8e3000ef9 remove warning for useless binding 2012-12-03 18:55:30 +00:00
Vincent Hanquez
db1232aea8 remove warnings, add some more #ifdef. 2012-12-03 17:26:50 +00:00
Vincent Hanquez
3e82cc744a fix issue when re-handshaking with a different cipher. 
tls was correctly accounting for the difference between pending state
and active state in most place except for the actual cipher
encryption/decryption functions in use.

Hence when re-negociating with a different cipher than the current
cipher, which is fairly unusual but perfectly allowed, the lowlevel
function were switch at the server hello instead of being switch at the
switch(Tx/Rx).
 2012-11-19 09:39:35 +00:00
notogawa
1605c4bd00 add flag to reject SSLv2 compatible handshake. 2012-11-17 01:01:41 +09:00
notogawa
d41c53f6b5 reject SSLv2 re-handshaking message. 2012-11-17 00:37:05 +09:00
notogawa
a4f06256fe accept SSLv2 format 'ClientHello' Handshake message. 2012-11-10 19:34:37 +09:00
Vincent Hanquez
513d13029f use gets where possible and make thing nicer 2012-10-30 04:46:19 +00:00
Vincent Hanquez
0eb95ab9a7 do not returns empty app data to the user as it might be confused with EOF. 2012-10-29 21:23:44 +00:00
Vincent Hanquez
1c90962e9a tweak how things are exported. simplify code. 
use correct type alias
 2012-10-21 20:35:32 +01:00
Vincent Hanquez
60f7197b0a export everything required. 2012-10-21 18:32:07 +01:00
Vincent Hanquez
78a0e36397 remove semicolon and useless parens 2012-10-20 09:00:55 +01:00