Martin Grabmueller
2b101b6fa7
Add function for retrieving certificate verify digest.
2012-07-13 21:18:05 +02:00
Martin Grabmueller
e9abea6cb2
Extend state to hold information about ongoing client certificate exchange.
2012-07-13 21:16:46 +02:00
Martin Grabmueller
797f7822e4
Extend state to hold client private/public keys and add
...
functions for signing and verifying with these keys.
2012-07-13 21:08:23 +02:00
Felipe Lessa
cb0cb14732
Define 'state' only for mtl >= 2.1.
...
Conflicts:
Network/TLS/State.hs
2012-04-20 21:08:53 +01:00
Felipe Lessa
3f280e2d70
Define MonadState TLSSt's state function.
...
For some reason that I still don't know, when using state's
default definition with libraries
base-4.5.0.0-40b99d05fae6a4eea95ea69e6e0c9702
bytestring-0.9.2.1-18f26186028d7c0e92e78edc9071d376
cereal-0.3.5.1-c85af6bc266354ac7b256440db39e874
certificate-1.2.1-c61f160cdafc328081aeb08858403878
crypto-api-0.10.1-a0c00402b73cec065108abe95d6cfaf2
cryptocipher-0.3.0-d1785d4907a85f72ffd670491df324f2
cryptohash-0.7.4-f6e253339d77757de756f81f77755b35
mtl-2.1-e90c46af21f3870cee46f6218510d29d
I get <<loop>> for anything that uses the 'modify' function
(which in turn is defined in terms of 'state'). In particular, I
get it for 'startHandshakeClient' which is used in the beginning
by all tls clients. For example,
$ tls-simpleclient graph.facebook.com 443
tls-simpleclient: <<loop>>
This commit fixes this bug.
(This is a harmless commit in the sense that even if I don't know
why this bug was happenning, it doesn't hurt to have an explicit
definition of 'state' -- it may actually save a few nanoseconds
here and there.)
Conflicts:
Network/TLS/State.hs
2012-04-20 21:07:08 +01:00
Vincent Hanquez
9da6b9c8c8
expand tabs.
2012-03-27 08:57:51 +01:00
Lennart Kolmodin
2ed8c777b6
Add client side of Next Protocol Negotiation.
2012-02-16 12:13:13 +04:00
Lennart Kolmodin
ab2a28ada6
Use callback instead of static state for supported NPN protocols.
...
onSuggestNextProtocols in TLSParams.
Expose getNegotiatedProtocol to users.
Fix condition for when to understand NPN messages.
2012-02-12 22:59:19 +04:00
Lennart Kolmodin
e3e7e3c02a
Partial, but working, implementation of serverside NPN.
2012-02-08 13:20:28 +04:00
Vincent Hanquez
c17aa30599
prepare source for NPN.
2012-02-07 21:24:30 +00:00
Vincent Hanquez
6f02bb8548
generate key block when setting the master secret.
2011-12-20 07:41:15 +00:00
Vincent Hanquez
53a7b48c15
add new state for session tracking.
2011-12-20 07:38:35 +00:00
Vincent Hanquez
34b186b852
differentiate set master secret from a premaster secret or an already existing master secret
2011-12-20 07:30:19 +00:00
Vincent Hanquez
adf45a537d
handle digest update after processing the packet
2011-12-01 08:42:43 +00:00
Vincent Hanquez
2a685b2601
remove the state machine is favor of a straightforward pattern matching state machine.
...
simplify code massively and make it easy to support other packet flow later.
2011-11-29 08:59:41 +00:00
Vincent Hanquez
7d24f39c50
directly put the hash in the new empty handshake instead of using a maybe.
2011-08-17 20:50:30 +01:00
Vincent Hanquez
6d5585c74a
switch to one hashctx that can contains 2 hashctx, and add a special updateSSL for SSL3.
2011-08-14 16:18:09 +01:00
Vincent Hanquez
68be94060e
update hash interface to hide the state through typeclass and existentialquantification.
2011-08-14 14:34:34 +01:00
Vincent Hanquez
a3b7419f8b
Define hash structure to save some repetition
2011-08-13 12:30:36 +01:00
Vincent Hanquez
b72c6328b0
remove the keyblocksize that is redundant and easily calculated from other fields.
2011-08-13 12:04:23 +01:00
Vincent Hanquez
bd2a00782b
rename bulk functions to be prefixed by bulk not cipher
2011-08-13 11:17:51 +01:00
Vincent Hanquez
7522d87ca3
introduce a bulk object to separate the cipher object creation by chunks
...
limit code movement by reusing the same name
2011-08-13 11:06:23 +01:00
Vincent Hanquez
84ace35a7e
add an helper to use the compression context easily
2011-08-12 18:33:28 +01:00
Vincent Hanquez
abc571223a
Change compression API to work properly.
...
- distinguish compression from decompression
- add a context
- move from a record structure to typeclass + wrapping data for hiding the existential quantification.
2011-08-12 18:31:58 +01:00
Vincent Hanquez
b34af4195f
fix compilation error
2011-08-07 10:03:34 +01:00
Vincent Hanquez
9591a395a9
use functor <$> instead of maybe
2011-07-07 22:21:23 +01:00
Vincent Hanquez
96e6979ed4
misc change and start to trickle through the support for secure renegotiation
2011-06-07 08:13:43 +01:00
Vincent Hanquez
d3de5de4cd
add way to store verified data and to activate/deactivate the feature
2011-06-07 07:41:31 +01:00
Vincent Hanquez
cead67c558
add secure renegociation flag in state
2011-06-06 08:03:18 +01:00
Vincent Hanquez
f464927a0b
add a structure to parametrize decoding encoding related to version, key exchange type, ...
2011-05-12 09:13:53 +01:00
Vincent Hanquez
a7aaa3eee7
Remove the hardcoded srandomgen in favor of any cryptorandomgen instance.
...
srandomgen is available separately in the cprng-aes package as Crypto.Random.AESCtr
2011-04-11 19:56:43 +01:00
Vincent Hanquez
9083c53453
style change and use modify instead of get/put
2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c
simplify state manipulation
...
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
693891ad0c
add a dedicated fromJust
...
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.
at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
2011-02-20 08:37:19 +00:00
Vincent Hanquez
857a4a06b8
add some assertion checking
2011-01-05 09:24:58 +00:00
Vincent Hanquez
cfff801bd9
properly finish SSL3 digest computation.
...
change the cipher structure to contain the hash algorithm
instead of the mac algorithm.
2010-10-06 09:07:48 +01:00
Vincent Hanquez
1bbd893e95
use modify instead of get >>= put (and same for modifyTLS)
2010-10-05 18:48:32 +01:00
Vincent Hanquez
3c2ebe5c08
more generation of SSL block/finished values.
2010-10-05 18:48:28 +01:00
Vincent Hanquez
6a9296727b
improve the regeneration of client and server rng datas
2010-10-03 11:01:22 +01:00
Vincent Hanquez
383cf4c021
properly handle multiple packet fragments.
...
as a bonus it cleans lots of differents part since the state machine
is inside receiving/sending code
2010-10-02 22:41:00 +01:00
Vincent Hanquez
e189f37a67
new state machine
2010-10-02 22:02:37 +01:00
Vincent Hanquez
8049ad6c6f
add a way to update Digest when we have a handshaket type and the content of the header
2010-10-02 10:54:49 +01:00
Vincent Hanquez
eb3ed06af1
add TLS state machine to track that we receive correct message at the correct type
2010-10-02 10:32:29 +01:00
Vincent Hanquez
cd2f8f8ee2
get a util file for some bytestring stuff
2010-09-26 18:51:23 +01:00
Vincent Hanquez
2f76b2a245
add non finished method to generate finished content for protocol < TLS10
2010-09-26 16:32:28 +01:00
Vincent Hanquez
c664f30407
add support for SSL generation of master secret
2010-09-26 16:07:14 +01:00
Vincent Hanquez
938e8db365
remove dead field
2010-09-26 15:31:35 +01:00
Vincent Hanquez
8f91009884
use strict bytestring instead of lazy bytestring.
...
the API stays mostly similar except for clientkeyxchg that need a bytes instead of [word8].
remove lots of unnessary packing/unpacking when setting up ciphers.
2010-09-26 10:34:47 +01:00
Vincent Hanquez
0b5a0dc548
initial import
2010-09-09 22:47:19 +01:00