Vincent Hanquez
5844120e4c
rename NextProtocolNegotiation as HsNextProtocolNegotiation
2012-05-14 06:35:55 +01:00
Vincent Hanquez
9b32e6d5f4
[SECURITY] use constant equality testing to prevent timing determination of the expected value.
...
it doesn't seems to be in an usable context though.
2012-05-14 06:32:14 +01:00
Vincent Hanquez
9da6b9c8c8
expand tabs.
2012-03-27 08:57:51 +01:00
Vincent Hanquez
e9a97bedb1
Merge branch 'npn' into next
...
Conflicts:
Network/TLS/Core.hs
2012-03-15 08:59:04 +00:00
Joey Adams
3d0071d952
Fix spelling of negotiate/negotiation in documentation
2012-03-10 16:04:44 -05:00
Lennart Kolmodin
1bd53d9790
Spell 'negotiation' as in the spec.
2012-02-13 22:54:04 +04:00
Lennart Kolmodin
ab2a28ada6
Use callback instead of static state for supported NPN protocols.
...
onSuggestNextProtocols in TLSParams.
Expose getNegotiatedProtocol to users.
Fix condition for when to understand NPN messages.
2012-02-12 22:59:19 +04:00
Lennart Kolmodin
e3e7e3c02a
Partial, but working, implementation of serverside NPN.
2012-02-08 13:20:28 +04:00
Vincent Hanquez
c17aa30599
prepare source for NPN.
2012-02-07 21:24:30 +00:00
Vincent Hanquez
f3e5603bc8
trivial code movement for decryptRSA
2011-12-20 07:51:12 +00:00
Vincent Hanquez
98427b4fae
switch client to process Server hello explicitely.
...
also switch everything properly when receiving a server hello with session.
2011-12-20 07:51:07 +00:00
Vincent Hanquez
6f02bb8548
generate key block when setting the master secret.
2011-12-20 07:41:15 +00:00
Vincent Hanquez
34b186b852
differentiate set master secret from a premaster secret or an already existing master secret
2011-12-20 07:30:19 +00:00
Vincent Hanquez
726d301e6f
fix TLS key exchange with version >= 1.0.
2011-12-05 20:10:28 +00:00
Vincent Hanquez
a16bdbba86
remove old readPacket.
2011-12-01 08:42:59 +00:00
Vincent Hanquez
adf45a537d
handle digest update after processing the packet
2011-12-01 08:42:43 +00:00
Vincent Hanquez
e1fea031af
consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer.
2011-12-01 08:41:01 +00:00
Vincent Hanquez
d6a198dad5
split recvRecord out of recvPacket.
2011-11-30 22:01:31 +00:00
Vincent Hanquez
2b4db87a7e
cleanup the record layer properly from other layer on top.
...
simplify and make the code much more straighforward.
2011-11-30 21:51:22 +00:00
Vincent Hanquez
2a685b2601
remove the state machine is favor of a straightforward pattern matching state machine.
...
simplify code massively and make it easy to support other packet flow later.
2011-11-29 08:59:41 +00:00
Vincent Hanquez
9a0b4e0bd7
update to new cryptocipher and new certificate.
2011-10-31 22:10:32 +00:00
Vincent Hanquez
09e32f10c7
use strict time constant version of and and bytestring == during Reception.
2011-10-02 22:15:42 +01:00
Vincent Hanquez
a3b7419f8b
Define hash structure to save some repetition
2011-08-13 12:30:36 +01:00
Vincent Hanquez
b72c6328b0
remove the keyblocksize that is redundant and easily calculated from other fields.
2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b
rename bulk functions to be prefixed by bulk not cipher
2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa
set some size to int instead of pointlessly using word8/word16
2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3
introduce a bulk object to separate the cipher object creation by chunks
...
limit code movement by reusing the same name
2011-08-13 11:06:23 +01:00
Vincent Hanquez
3c02e9acfc
Create a record type to help type safety
2011-08-12 18:41:49 +01:00
Vincent Hanquez
c27fc6187d
properly encode/decode secure renegotiation extension
2011-06-13 08:33:14 +01:00
Vincent Hanquez
5207a41a57
reflect the fact in types that the record layer record returns list of same header type.
2011-06-10 21:24:46 +01:00
Vincent Hanquez
8329187394
fill the server hello in the server and check the return value in the client.
2011-06-07 08:28:02 +01:00
Vincent Hanquez
96e6979ed4
misc change and start to trickle through the support for secure renegotiation
2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd
add way to store verified data and to activate/deactivate the feature
2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
2011-06-06 08:16:24 +01:00
Vincent Hanquez
f74626e065
throw proper error if we receive an unexpected transition.
2011-05-13 21:40:11 +01:00
Vincent Hanquez
0582234934
cleanup for not having to use fromJust
2011-05-12 09:13:53 +01:00
Vincent Hanquez
9db7ccbfca
throw proper error for bad record mac
2011-05-12 09:13:53 +01:00
Vincent Hanquez
a435a9add1
remove unnecessary import
2011-05-12 09:13:53 +01:00
Vincent Hanquez
f464927a0b
add a structure to parametrize decoding encoding related to version, key exchange type, ...
2011-05-12 09:13:53 +01:00
Vincent Hanquez
969a62b79a
bump certificate version to 0.8.1
2011-05-09 09:15:36 +01:00
Vincent Hanquez
7cce3fca0c
use functor's <$> instead of a return construct
2011-04-24 13:39:52 +01:00
Vincent Hanquez
a1524bf673
refactor processclientkeyxchg
2011-04-24 11:34:11 +01:00
Vincent Hanquez
a7aaa3eee7
Remove the hardcoded srandomgen in favor of any cryptorandomgen instance.
...
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
2011-04-11 19:56:43 +01:00
Vincent Hanquez
43a2ae9dae
remove language extensions not needed anymore
2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c
simplify state manipulation
...
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
d592c7aad7
update for latest certificate 0.7
2011-02-20 17:43:10 +00:00
Vincent Hanquez
693891ad0c
add a dedicated fromJust
...
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.
at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
2011-02-20 08:37:19 +00:00
Vincent Hanquez
22ea02ffe4
move to certificate >= 0.6
2011-02-20 08:35:14 +00:00
Vincent Hanquez
a78162e298
add support for ciphers without encryption.
2011-01-05 09:24:58 +00:00
Vincent Hanquez
a95dd8f45e
Generalize key exchange and use in-house RSA.
...
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
2010-11-04 19:10:00 +00:00