Vincent Hanquez
c17aa30599
prepare source for NPN.
2012-02-07 21:24:30 +00:00
Vincent Hanquez
08ddc1523c
make recvData use strict bytestring as this more natural to the tls code.
...
also add a recvData' to get the same behavior as before.
2012-02-07 20:45:22 +00:00
Vincent Hanquez
8f706d8a56
only import necessary bits from X509.
2012-02-07 20:39:46 +00:00
Vincent Hanquez
64202c2748
refined wire helper function to support TLS opaque types directly.
...
opaque type are length prefix bytestring and are used everywhere.
the helper simplify their marshalling/unmarshalling and make it less
error prone and semantically better.
2012-02-07 07:48:11 +00:00
Vincent Hanquez
db362230ec
more documentation
2012-02-07 06:26:26 +00:00
Vincent Hanquez
4f450935f5
reorganize sendData slightly
2012-01-25 16:03:31 +00:00
Vincent Hanquez
80998d0bb5
track in the context if the tls pipe is established or not.
...
raise exception ConnectionNotEstablished in sendData and recvData if
trying to use an invalid Context.
2012-01-25 16:01:55 +00:00
Vincent Hanquez
d387959195
documentation correction
2012-01-25 09:32:53 +00:00
Vincent Hanquez
3e7a6c5c17
export the content of HandshakeFailed
2012-01-19 05:31:31 +00:00
Vincent Hanquez
c846d9a360
Switch handshake to exception instead of returning a bool.
...
Bool return value doesn't provide any information on why the handshake failed,
hence remove the Bool value, and return (), and in case of handshake failure,
raise a HandshakeFailed exception with the TLSError associated with it.
2012-01-18 06:29:29 +00:00
Vincent Hanquez
aad62f89a7
catch exception during certificate callback and returns a certificate rejection on exception.
2012-01-16 12:36:45 +00:00
Vincent Hanquez
f3e5603bc8
trivial code movement for decryptRSA
2011-12-20 07:51:12 +00:00
Vincent Hanquez
89ad99004b
properly call/switch things in server when trying to resume session.
2011-12-20 07:51:12 +00:00
Vincent Hanquez
98427b4fae
switch client to process Server hello explicitely.
...
also switch everything properly when receiving a server hello with session.
2011-12-20 07:51:07 +00:00
Vincent Hanquez
8ff0d85a0e
send session if the user says so (through sessionResumeWith) in client.
...
and properly switch to session resuming packet flow if resuming.
2011-12-20 07:43:43 +00:00
Vincent Hanquez
13b3873b82
add an helper to create a new session.
2011-12-20 07:42:13 +00:00
Vincent Hanquez
be3ab515de
rename processServerHello to onServerHello.
2011-12-20 07:41:53 +00:00
Vincent Hanquez
6f02bb8548
generate key block when setting the master secret.
2011-12-20 07:41:15 +00:00
Vincent Hanquez
b3b7051129
callback to user when a session has been successfully established.
...
it's up to the user to store the session id + session data for later recovery.
2011-12-20 07:39:24 +00:00
Vincent Hanquez
53a7b48c15
add new state for session tracking.
2011-12-20 07:38:35 +00:00
Vincent Hanquez
83b860726d
add parameters for session resuming
...
mostly callbacks during the handshake, and a parameter to enable session usage.
2011-12-20 07:34:52 +00:00
Vincent Hanquez
34b186b852
differentiate set master secret from a premaster secret or an already existing master secret
2011-12-20 07:30:19 +00:00
Vincent Hanquez
5601170a1f
clean up handshake states after handshake is done.
2011-12-12 08:43:52 +00:00
Vincent Hanquez
a3890e959d
add a sessionData type to bundle everything required for a session.
2011-12-12 08:25:45 +00:00
Vincent Hanquez
eb8a00ef67
add a session ID type.
2011-12-12 08:25:21 +00:00
Vincent Hanquez
dace1096cf
remove old comment
2011-12-12 08:24:39 +00:00
Vincent Hanquez
ccb94cea50
Merge branch 'master' into session
2011-12-06 00:23:18 +00:00
Vincent Hanquez
86335f18ce
split context structure and accessor out of Core.
2011-12-06 00:15:00 +00:00
Vincent Hanquez
a269d84256
fix client side encoding of client key exchange on RSA.
2011-12-06 00:12:00 +00:00
Vincent Hanquez
726d301e6f
fix TLS key exchange with version >= 1.0.
2011-12-05 20:10:28 +00:00
Vincent Hanquez
4ef7b0098f
Merge branch 'master' into session
...
Conflicts:
Network/TLS/Core.hs
2011-12-01 22:33:53 +00:00
Vincent Hanquez
9ec505a59a
Merge branch 'hsm'
...
Conflicts:
Network/TLS/Core.hs
2011-12-01 08:55:44 +00:00
Vincent Hanquez
13812b80f5
Merge branch 'measurements'
2011-12-01 08:54:15 +00:00
Vincent Hanquez
a16bdbba86
remove old readPacket.
2011-12-01 08:42:59 +00:00
Vincent Hanquez
adf45a537d
handle digest update after processing the packet
2011-12-01 08:42:43 +00:00
Vincent Hanquez
e1fea031af
consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer.
2011-12-01 08:41:01 +00:00
Vincent Hanquez
eba62f6f74
append actual raised exception in the error.
2011-12-01 08:36:56 +00:00
Vincent Hanquez
3bdad41e21
consume ServerKeyExchange if it show up.
2011-12-01 08:34:41 +00:00
Vincent Hanquez
d6a198dad5
split recvRecord out of recvPacket.
2011-11-30 22:01:31 +00:00
Vincent Hanquez
2b4db87a7e
cleanup the record layer properly from other layer on top.
...
simplify and make the code much more straighforward.
2011-11-30 21:51:22 +00:00
Vincent Hanquez
2a685b2601
remove the state machine is favor of a straightforward pattern matching state machine.
...
simplify code massively and make it easy to support other packet flow later.
2011-11-29 08:59:41 +00:00
Vincent Hanquez
0f4c6a0c47
refactor to be able to modify state machine mechanism
2011-11-28 08:01:19 +00:00
Vincent Hanquez
23113e3d3b
separate code path on client to be able to handle session resume
2011-11-13 11:12:26 +00:00
Vincent Hanquez
63110fb5ce
add a wrapper to recvPacket to only receive handshake types.
2011-11-13 11:11:39 +00:00
Vincent Hanquez
7a1c6808b7
add some cases and cleanup a bit the server key exchange message parsing.
2011-11-13 09:16:52 +00:00
Vincent Hanquez
0f4c448bf2
move comment where it should be.
2011-11-13 08:53:00 +00:00
Vincent Hanquez
ba4a2de730
separate code path on server when doing a session resume.
2011-11-12 16:15:05 +00:00
Vincent Hanquez
297f0d351b
Check handshake policy on server during a new client handshake.
...
It allows server to detect clients that want to abuse single handledly
the server resources by issuing handshakes.
The callback get some measurements on the number of bytes received and sent
since last handshake and also the number of handshake on this context.
2011-11-12 11:05:12 +00:00
Vincent Hanquez
63fabf9956
add some measurements of bytes received/sent and number of handshakes per context.
2011-11-11 19:05:17 +00:00
Vincent Hanquez
9a0b4e0bd7
update to new cryptocipher and new certificate.
2011-10-31 22:10:32 +00:00
Vincent Hanquez
98ded9d6f4
only import X509 from the X509 module.
2011-10-11 05:36:15 +01:00
Vincent Hanquez
905aff7564
fix typo in error message
2011-10-08 09:41:09 +01:00
Vincent Hanquez
09e32f10c7
use strict time constant version of and and bytestring == during Reception.
2011-10-02 22:15:42 +01:00
Vincent Hanquez
bb9d46447f
add strict version of and, && and bytestring equality
2011-10-02 22:15:21 +01:00
Vincent Hanquez
273d5285c2
allow definition of client and server with different connection/operations type
2011-09-29 09:22:27 +01:00
Vincent Hanquez
dff8e03476
curry the connection
2011-09-29 09:14:02 +01:00
Vincent Hanquez
9b099fd0ff
vectorized the actual connection type, so one could use Socket or Fd as long as handles.
2011-09-29 08:29:28 +01:00
Vincent Hanquez
7d6116c20b
put TLS12 in default allowed versions
2011-09-29 08:27:55 +01:00
Vincent Hanquez
7d24f39c50
directly put the hash in the new empty handshake instead of using a maybe.
2011-08-17 20:50:30 +01:00
Vincent Hanquez
ba942d0c24
separate the function to get one from multiple signature hash
2011-08-17 20:47:36 +01:00
Vincent Hanquez
46f89fcb15
add a type alias for HMAC
2011-08-14 17:51:20 +01:00
Vincent Hanquez
4a54c807e0
define hashSHA256.
2011-08-14 16:18:22 +01:00
Vincent Hanquez
6d5585c74a
switch to one hashctx that can contains 2 hashctx, and add a special updateSSL for SSL3.
2011-08-14 16:18:09 +01:00
Vincent Hanquez
68be94060e
update hash interface to hide the state through typeclass and existentialquantification.
2011-08-14 14:34:34 +01:00
Vincent Hanquez
d5ebf32b7f
in the SSL3 case, we hardcode SHA1.hash and MD5.hash instead of using the hash abstraction.
2011-08-14 14:33:26 +01:00
Vincent Hanquez
394381a2f5
define more stuff for TLS1.2 related to PRF.
2011-08-14 12:21:54 +01:00
Vincent Hanquez
77efb1076a
remove commented code
2011-08-14 10:27:15 +01:00
Vincent Hanquez
a3b7419f8b
Define hash structure to save some repetition
2011-08-13 12:30:36 +01:00
Vincent Hanquez
b72c6328b0
remove the keyblocksize that is redundant and easily calculated from other fields.
2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b
rename bulk functions to be prefixed by bulk not cipher
2011-08-13 11:17:51 +01:00
Vincent Hanquez
647dcb02aa
set some size to int instead of pointlessly using word8/word16
2011-08-13 11:08:29 +01:00
Vincent Hanquez
7522d87ca3
introduce a bulk object to separate the cipher object creation by chunks
...
limit code movement by reusing the same name
2011-08-13 11:06:23 +01:00
Vincent Hanquez
b6a1b3ed14
misc cleanup
2011-08-13 07:56:17 +01:00
Vincent Hanquez
e4a4d99528
add some TLS12 prf related defs
2011-08-12 21:57:30 +01:00
Vincent Hanquez
58e758a1ab
misc cleanup
2011-08-12 20:59:14 +01:00
Vincent Hanquez
3c02e9acfc
Create a record type to help type safety
2011-08-12 18:41:49 +01:00
Vincent Hanquez
06baeecea7
remove space.
2011-08-12 18:33:43 +01:00
Vincent Hanquez
84ace35a7e
add an helper to use the compression context easily
2011-08-12 18:33:28 +01:00
Vincent Hanquez
abc571223a
Change compression API to work properly.
...
- distinguish compression from decompression
- add a context
- move from a record structure to typeclass + wrapping data for hiding the existential quantification.
2011-08-12 18:31:58 +01:00
Vincent Hanquez
b34af4195f
fix compilation error
2011-08-07 10:03:34 +01:00
Vincent Hanquez
9591a395a9
use functor <$> instead of maybe
2011-07-07 22:21:23 +01:00
Vincent Hanquez
28e04f8849
Use the encode function to encode the secure renegotiation extension.
...
fix a bug on the client side when secure renegotiation is enabled on client and server.
2011-06-19 21:23:01 +01:00
Vincent Hanquez
c27fc6187d
properly encode/decode secure renegotiation extension
2011-06-13 08:33:14 +01:00
Vincent Hanquez
d2e6235410
throw proper error with partial packets and EOF
2011-06-13 08:19:29 +01:00
Vincent Hanquez
1b8474d388
create a sendClientKeyXchg
2011-06-12 21:55:22 +01:00
Vincent Hanquez
02f77a1225
set server and client parameter directly in core, not in the sending processing layer.
2011-06-12 21:42:55 +01:00
Vincent Hanquez
2d33ea3fad
separate the IO operation from the decoding.
2011-06-12 21:40:02 +01:00
Vincent Hanquez
69a40eb656
use throwCore instead of error
2011-06-12 21:39:34 +01:00
Vincent Hanquez
30d52f0398
fix comment
2011-06-12 21:39:17 +01:00
Vincent Hanquez
6945147122
add label to serialize get operations
2011-06-12 21:38:42 +01:00
Vincent Hanquez
1358a2ef56
throw error if recvPacket errors instead of ignoring it.
2011-06-12 21:38:18 +01:00
Vincent Hanquez
5207a41a57
reflect the fact in types that the record layer record returns list of same header type.
2011-06-10 21:24:46 +01:00
Vincent Hanquez
f56f5d6e41
add more handling of server key xchg and dh_anon
2011-06-07 08:59:20 +01:00
Vincent Hanquez
8329187394
fill the server hello in the server and check the return value in the client.
2011-06-07 08:28:02 +01:00
Vincent Hanquez
96e6979ed4
misc change and start to trickle through the support for secure renegotiation
2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd
add way to store verified data and to activate/deactivate the feature
2011-06-07 07:41:31 +01:00
Vincent Hanquez
093cd2c9fb
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
2011-06-06 08:16:24 +01:00
Vincent Hanquez
cead67c558
add secure renegociation flag in state
2011-06-06 08:03:18 +01:00
Vincent Hanquez
03c07ce173
hello extensions can be present since SSL3
2011-06-06 07:56:10 +01:00
Vincent Hanquez
a2059de7c0
simplify decoding by just getting the remaining content
2011-06-06 07:55:09 +01:00