Martin Grabmueller
|
f08eb43055
|
Add comments and FIXMEs.
|
2012-07-14 16:49:46 +02:00 |
|
Martin Grabmueller
|
9e710b5e88
|
Accept empty client certificate list. Will error on verification.
|
2012-07-13 22:29:36 +02:00 |
|
Martin Grabmueller
|
e617a1bbec
|
Store public key from client certificate in server mode.
|
2012-07-13 21:33:45 +02:00 |
|
Martin Grabmueller
|
797f7822e4
|
Extend state to hold client private/public keys and add
functions for signing and verifying with these keys.
|
2012-07-13 21:08:23 +02:00 |
|
Vincent Hanquez
|
b57ef66d28
|
move extension decoding and encoding in a separate file.
|
2012-05-14 06:39:20 +01:00 |
|
Vincent Hanquez
|
5844120e4c
|
rename NextProtocolNegotiation as HsNextProtocolNegotiation
|
2012-05-14 06:35:55 +01:00 |
|
Vincent Hanquez
|
9b32e6d5f4
|
[SECURITY] use constant equality testing to prevent timing determination of the expected value.
it doesn't seems to be in an usable context though.
|
2012-05-14 06:32:14 +01:00 |
|
Vincent Hanquez
|
9da6b9c8c8
|
expand tabs.
|
2012-03-27 08:57:51 +01:00 |
|
Vincent Hanquez
|
e9a97bedb1
|
Merge branch 'npn' into next
Conflicts:
Network/TLS/Core.hs
|
2012-03-15 08:59:04 +00:00 |
|
Joey Adams
|
3d0071d952
|
Fix spelling of negotiate/negotiation in documentation
|
2012-03-10 16:04:44 -05:00 |
|
Lennart Kolmodin
|
1bd53d9790
|
Spell 'negotiation' as in the spec.
|
2012-02-13 22:54:04 +04:00 |
|
Lennart Kolmodin
|
ab2a28ada6
|
Use callback instead of static state for supported NPN protocols.
onSuggestNextProtocols in TLSParams.
Expose getNegotiatedProtocol to users.
Fix condition for when to understand NPN messages.
|
2012-02-12 22:59:19 +04:00 |
|
Lennart Kolmodin
|
e3e7e3c02a
|
Partial, but working, implementation of serverside NPN.
|
2012-02-08 13:20:28 +04:00 |
|
Vincent Hanquez
|
c17aa30599
|
prepare source for NPN.
|
2012-02-07 21:24:30 +00:00 |
|
Vincent Hanquez
|
f3e5603bc8
|
trivial code movement for decryptRSA
|
2011-12-20 07:51:12 +00:00 |
|
Vincent Hanquez
|
98427b4fae
|
switch client to process Server hello explicitely.
also switch everything properly when receiving a server hello with session.
|
2011-12-20 07:51:07 +00:00 |
|
Vincent Hanquez
|
6f02bb8548
|
generate key block when setting the master secret.
|
2011-12-20 07:41:15 +00:00 |
|
Vincent Hanquez
|
34b186b852
|
differentiate set master secret from a premaster secret or an already existing master secret
|
2011-12-20 07:30:19 +00:00 |
|
Vincent Hanquez
|
726d301e6f
|
fix TLS key exchange with version >= 1.0.
|
2011-12-05 20:10:28 +00:00 |
|
Vincent Hanquez
|
a16bdbba86
|
remove old readPacket.
|
2011-12-01 08:42:59 +00:00 |
|
Vincent Hanquez
|
adf45a537d
|
handle digest update after processing the packet
|
2011-12-01 08:42:43 +00:00 |
|
Vincent Hanquez
|
e1fea031af
|
consider clientkeyxchg as an opaque structure in internal layers, and make/process the content in higher layer.
|
2011-12-01 08:41:01 +00:00 |
|
Vincent Hanquez
|
d6a198dad5
|
split recvRecord out of recvPacket.
|
2011-11-30 22:01:31 +00:00 |
|
Vincent Hanquez
|
2b4db87a7e
|
cleanup the record layer properly from other layer on top.
simplify and make the code much more straighforward.
|
2011-11-30 21:51:22 +00:00 |
|
Vincent Hanquez
|
2a685b2601
|
remove the state machine is favor of a straightforward pattern matching state machine.
simplify code massively and make it easy to support other packet flow later.
|
2011-11-29 08:59:41 +00:00 |
|
Vincent Hanquez
|
9a0b4e0bd7
|
update to new cryptocipher and new certificate.
|
2011-10-31 22:10:32 +00:00 |
|
Vincent Hanquez
|
09e32f10c7
|
use strict time constant version of and and bytestring == during Reception.
|
2011-10-02 22:15:42 +01:00 |
|
Vincent Hanquez
|
a3b7419f8b
|
Define hash structure to save some repetition
|
2011-08-13 12:30:36 +01:00 |
|
Vincent Hanquez
|
b72c6328b0
|
remove the keyblocksize that is redundant and easily calculated from other fields.
|
2011-08-13 12:04:23 +01:00 |
|
Vincent Hanquez
|
bd2a00782b
|
rename bulk functions to be prefixed by bulk not cipher
|
2011-08-13 11:17:51 +01:00 |
|
Vincent Hanquez
|
647dcb02aa
|
set some size to int instead of pointlessly using word8/word16
|
2011-08-13 11:08:29 +01:00 |
|
Vincent Hanquez
|
7522d87ca3
|
introduce a bulk object to separate the cipher object creation by chunks
limit code movement by reusing the same name
|
2011-08-13 11:06:23 +01:00 |
|
Vincent Hanquez
|
3c02e9acfc
|
Create a record type to help type safety
|
2011-08-12 18:41:49 +01:00 |
|
Vincent Hanquez
|
c27fc6187d
|
properly encode/decode secure renegotiation extension
|
2011-06-13 08:33:14 +01:00 |
|
Vincent Hanquez
|
5207a41a57
|
reflect the fact in types that the record layer record returns list of same header type.
|
2011-06-10 21:24:46 +01:00 |
|
Vincent Hanquez
|
8329187394
|
fill the server hello in the server and check the return value in the client.
|
2011-06-07 08:28:02 +01:00 |
|
Vincent Hanquez
|
96e6979ed4
|
misc change and start to trickle through the support for secure renegotiation
|
2011-06-07 08:13:43 +01:00 |
|
Vincent Hanquez
|
d3de5de4cd
|
add way to store verified data and to activate/deactivate the feature
|
2011-06-07 07:41:31 +01:00 |
|
Vincent Hanquez
|
093cd2c9fb
|
use bytes directly instead of pointlessly unpacking it for extensions and finishedData
|
2011-06-06 08:16:24 +01:00 |
|
Vincent Hanquez
|
f74626e065
|
throw proper error if we receive an unexpected transition.
|
2011-05-13 21:40:11 +01:00 |
|
Vincent Hanquez
|
0582234934
|
cleanup for not having to use fromJust
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
9db7ccbfca
|
throw proper error for bad record mac
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
a435a9add1
|
remove unnecessary import
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
f464927a0b
|
add a structure to parametrize decoding encoding related to version, key exchange type, ...
|
2011-05-12 09:13:53 +01:00 |
|
Vincent Hanquez
|
969a62b79a
|
bump certificate version to 0.8.1
|
2011-05-09 09:15:36 +01:00 |
|
Vincent Hanquez
|
7cce3fca0c
|
use functor's <$> instead of a return construct
|
2011-04-24 13:39:52 +01:00 |
|
Vincent Hanquez
|
a1524bf673
|
refactor processclientkeyxchg
|
2011-04-24 11:34:11 +01:00 |
|
Vincent Hanquez
|
a7aaa3eee7
|
Remove the hardcoded srandomgen in favor of any cryptorandomgen instance.
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
|
2011-04-11 19:56:43 +01:00 |
|
Vincent Hanquez
|
43a2ae9dae
|
remove language extensions not needed anymore
|
2011-03-01 20:01:40 +00:00 |
|
Vincent Hanquez
|
6a0578ad0c
|
simplify state manipulation
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
|
2011-03-01 20:01:40 +00:00 |
|