Vincent Hanquez
c1e67f6015
add some comment about the expected values.
2013-11-29 18:45:05 +08:00
Vincent Hanquez
30fe1a8fb6
make the error message a bit more precise related to which side it happen.
2013-11-29 18:44:44 +08:00
Vincent Hanquez
245748f109
add a helper to check if a cipher is allowed to be used with some version
2013-11-29 17:01:40 +08:00
Vincent Hanquez
e5e96fb157
report a more useful error than undefined when trying to use HashSHA256 in SSL3 mode.
2013-11-29 17:00:09 +08:00
Vincent Hanquez
9883b8644f
move single exceptions into a one type to rule them all.
...
HandshakeFailed, ConnectionNotEstablished, and Terminated are now
a TLSException type. it should allow easier catching for users.
2013-11-27 15:31:45 +08:00
Vincent Hanquez
5ff812b3fa
provide a helper for catching exception without doing a catchall.
...
As a side effect, let AsyncException propagate
2013-11-27 15:08:22 +08:00
Vincent Hanquez
0870189689
add a contextNewWithSocket
2013-10-11 08:01:38 +01:00
Vincent Hanquez
e1d8e026f5
add -fwarn-tabs to tls.
2013-09-18 07:20:48 +01:00
Vincent Hanquez
5b13cfe38a
adapt tests to new crypto-random
2013-09-18 07:20:28 +01:00
Vincent Hanquez
982a484598
move to crypto-random
2013-09-01 07:42:43 +01:00
Vincent Hanquez
77abffceb3
add some reading and rw locks.
2013-09-01 07:36:08 +01:00
Vincent Hanquez
5836669878
remove unnecessary MonadIO parametrization
2013-08-01 07:52:42 +00:00
Vincent Hanquez
be34ed350e
remove unnecessary parametrization
2013-08-01 07:49:20 +00:00
Vincent Hanquez
bd0ad2169e
move handshake state out of state
2013-08-01 07:47:40 +00:00
Vincent Hanquez
896832d93d
separate state from handshake state
2013-08-01 07:43:48 +00:00
Vincent Hanquez
d69c9190b5
push down the context to key operation
2013-08-01 07:35:42 +00:00
Vincent Hanquez
64f60bb715
repair getSessionData and move to handshake layer
2013-08-01 07:32:27 +00:00
Vincent Hanquez
0b6e6ef0e3
move startHandshake in the handshake layer
2013-08-01 07:24:18 +00:00
Vincent Hanquez
e78dccb635
use HandshakeState directly without grabbing the TLSState
2013-08-01 07:12:54 +00:00
Vincent Hanquez
0bd12162d3
remove assert and cleanup imports
2013-08-01 08:06:31 +01:00
Vincent Hanquez
7994f4ba27
move tx state into a mvar in the context.
2013-08-01 08:05:03 +01:00
Vincent Hanquez
49ff6e933c
remove Rx state from general state.
...
move RxState as a mutable mvar in the context directly.
2013-07-30 08:58:58 +01:00
Vincent Hanquez
6ff5e692d0
remove unnecessary imports
2013-07-30 08:58:26 +01:00
Vincent Hanquez
dc5fd93f6b
add fmapEither for cleaning some boilerplate.
...
Don't use fmap directly as some older version of base has not defined
fmap for either. remove in couple of years.
2013-07-30 08:57:14 +01:00
Vincent Hanquez
7eaf8c316e
move more context in processHandshake
2013-07-30 06:14:09 +01:00
Vincent Hanquez
8735cbba4f
move some functions out of line of handshakeClient
2013-07-29 07:19:13 +01:00
Vincent Hanquez
4b2f07c7fa
simplify the number of usingState call by grouping stuff.
...
also remove pointless and confusing processing helper
2013-07-28 15:22:17 +01:00
Vincent Hanquez
c2aed77413
add comment for onServerHello
2013-07-28 15:07:06 +01:00
Vincent Hanquez
4b48f2042a
correct module description
2013-07-28 09:20:45 +01:00
Vincent Hanquez
a7724353f4
move handshake stuff in Handshake layer.
2013-07-28 09:19:28 +01:00
Vincent Hanquez
00dcd06dc1
disable sslv2 flag when it's on, not all the time unnecessarily
2013-07-28 07:41:36 +01:00
Vincent Hanquez
a9e6d6c0bf
add comment, and reindent recvRecord
2013-07-28 07:41:20 +01:00
Vincent Hanquez
07c5d41fd8
add a TLSSt wrapper for RNG operations
2013-07-28 07:32:44 +01:00
Vincent Hanquez
c252ed8f49
cleanup record layer
2013-07-27 08:32:27 +01:00
Vincent Hanquez
e2d5170af7
Separate tx/rx state from a single RecordState
...
unroll a reader/state/error monad into a single simple monad,
and move back version and client context in state.
2013-07-25 21:53:32 +01:00
Vincent Hanquez
e3b3483560
move random gen back into state
2013-07-24 17:35:57 +01:00
Vincent Hanquez
4a9389c5c2
remove the need to pass the RNG in record engage.
2013-07-24 07:19:13 +00:00
Vincent Hanquez
bcc53155f1
create pure function with explicit parameter for computeDigest
2013-07-24 06:41:31 +00:00
Vincent Hanquez
4a337378d8
remove commented import
2013-07-24 06:40:08 +00:00
Vincent Hanquez
f59804f459
move processServerHello in Handshake
2013-07-24 05:50:56 +00:00
Vincent Hanquez
f9ae636351
move getHandshakeDigest in HandshakeM
2013-07-23 07:39:52 +00:00
Vincent Hanquez
37ef6af6e8
use more Role type instead of Bool
2013-07-23 07:14:48 +00:00
Vincent Hanquez
acc670e30e
more cleanup / separation with handshake state.
2013-07-23 07:30:13 +00:00
Vincent Hanquez
1b530dc5f4
remove getMasterSecret accessor
2013-07-23 05:51:44 +00:00
Vincent Hanquez
0728bd86d8
move setMasterSecret and setKeyBlock to the handshake layer.
2013-07-23 05:36:42 +00:00
Vincent Hanquez
0e11f63033
move pending cipher and compression in the handshake state
...
adjust code to cope
2013-07-22 07:35:53 +00:00
Vincent Hanquez
7489fdbbec
explicitly pass role and version to setMasterSecret and derivative
2013-07-22 07:54:35 +01:00
Vincent Hanquez
a2c062c772
remove useless import
2013-07-22 07:05:30 +01:00
Vincent Hanquez
5ca744a8bf
move to a proper role type for client|server
2013-07-21 10:16:01 +01:00
Vincent Hanquez
dd30cc05b0
remove commented code.
2013-07-21 09:35:44 +01:00
Vincent Hanquez
f3f0b5ea70
add some comparaison between versions
2013-07-21 09:33:23 +01:00
Vincent Hanquez
0de63528ba
add simple benchmark
2013-07-21 08:57:56 +01:00
Vincent Hanquez
fb187622c7
move establish data pipe in Connection
2013-07-21 07:37:58 +01:00
Vincent Hanquez
d6ab57bf6f
move marshalling test in own module
2013-07-21 07:24:51 +01:00
Vincent Hanquez
498dc07daa
re-indent
2013-07-21 07:00:35 +01:00
Vincent Hanquez
5c989623d4
re-indent
2013-07-21 06:57:26 +01:00
Vincent Hanquez
219599f392
update doc and comments, and reorganize slightly code
2013-07-21 06:54:12 +01:00
Vincent Hanquez
ab79b29b22
inline postprocessRecord
2013-07-20 16:09:16 +01:00
Vincent Hanquez
323e51c04e
remove preprocessPacket and inline the content when the content is Handshakes
2013-07-20 16:07:07 +01:00
Vincent Hanquez
199de057c3
separate more handshake state from other state.
...
reorganize pending state in record state.
2013-07-20 08:21:52 +01:00
Vincent Hanquez
7ecc341af6
move more stuff in the HandshakeM
2013-07-20 07:18:16 +01:00
Vincent Hanquez
849f87c8ea
move some handshake function to HandshakeM
2013-07-19 07:47:54 +01:00
Vincent Hanquez
fc693ee99f
add accessor from context and state to HandshakeM
2013-07-19 07:47:33 +01:00
Vincent Hanquez
065cc4b43d
remove Error monad in handshake state.
2013-07-19 07:46:09 +01:00
Vincent Hanquez
f2203d55df
remove alias TLSHandshakeState
2013-07-19 07:05:37 +01:00
Vincent Hanquez
590cd35e4e
add signatures
2013-07-19 07:05:31 +01:00
Vincent Hanquez
660f15f616
better separate tx/rx into transmission state objects
2013-07-19 06:45:02 +01:00
Vincent Hanquez
c498b95512
reorder fields
2013-07-18 07:53:57 +01:00
Vincent Hanquez
c5d10c527c
re-align fields in handshake state stuff
2013-07-18 07:34:05 +01:00
Vincent Hanquez
f231253d6f
rename CryptState and MACState
2013-07-18 07:32:08 +01:00
Vincent Hanquez
8f83319fae
separate handshake state from state.
2013-07-18 07:19:05 +01:00
Vincent Hanquez
8f99c325fb
separate tx/rx compression and pending compression.
...
Fix issue with compression being turn on for tx and rx at the same time,
and also at too early at the hello message instead of change cipher.
2013-07-18 07:18:38 +01:00
Vincent Hanquez
78535ff8c3
set MacState as a newtype
2013-07-13 09:11:03 +01:00
Vincent Hanquez
4f66742d8b
more too much flexibility
2013-07-13 08:37:37 +01:00
Vincent Hanquez
ef8206c4ff
add benchmark section (empty for now)
2013-07-13 08:04:26 +01:00
Vincent Hanquez
f5f25a7754
add helper for tests
2013-07-13 08:03:59 +01:00
Vincent Hanquez
4e86ffee28
split record state from state.
2013-07-13 08:03:25 +01:00
Vincent Hanquez
62a1b29fbe
remove old commented code
2013-07-12 07:45:16 +01:00
Vincent Hanquez
fb8629a807
re-indent
2013-07-12 07:27:28 +01:00
Vincent Hanquez
67f01872dd
re-indent
2013-07-12 06:54:47 +01:00
Vincent Hanquez
5d69715a50
correct mismerge
2013-07-11 10:27:24 +01:00
Vincent Hanquez
df524de618
add some locks. unused for now
2013-07-11 09:06:10 +01:00
Vincent Hanquez
c132b4cb8b
first stab at separating record state from other state.
2013-07-11 09:03:33 +01:00
Vincent Hanquez
b025e616e4
re-indent record layer
2013-07-10 08:48:49 +00:00
Vincent Hanquez
6d4b167864
re-indent
2013-07-10 08:04:47 +01:00
Vincent Hanquez
290d98d95b
re-indent
2013-07-10 07:37:52 +01:00
Vincent Hanquez
02c445a102
re-indent
2013-07-10 07:20:58 +01:00
Vincent Hanquez
7269382b48
re-indent
2013-07-10 07:14:22 +01:00
Vincent Hanquez
e6d2a1d7f1
re-indent
2013-07-10 07:13:10 +01:00
Vincent Hanquez
37eb3dab6e
export the function to set the hook.
2013-07-10 07:10:01 +01:00
Vincent Hanquez
b21d4af85c
add hook for received handshake message
2013-07-09 09:13:17 +01:00
Vincent Hanquez
1d6946e12e
re-indent
2013-07-09 07:30:29 +01:00
Vincent Hanquez
3c61512c0c
re-indent
2013-07-09 07:19:16 +01:00
Vincent Hanquez
939b9c5a95
re-indent.
2013-07-09 07:15:54 +01:00
Vincent Hanquez
ec93924cab
re-indent where properly
2013-06-27 08:06:01 +01:00
Vincent Hanquez
669980c946
fix compilation with recent client/server params change.
2013-06-03 08:41:42 +01:00
Vincent Hanquez
0b170e624d
proper separation of NPN callback in server and client params.
...
need further cleanup for client/server role separation instead of
the getClientParams and getServerParams.
fix #34 .
2013-06-03 08:37:56 +01:00
Vincent Hanquez
3288ed97b4
add a better description for onCipherChoosing.
2013-06-03 08:36:54 +01:00
Vincent Hanquez
86df11a16a
Merge https://github.com/knrafto/hs-tls into x509
...
Conflicts:
core/Network/TLS/Context.hs
2013-06-03 08:12:10 +01:00
Kyle Raftogianis
347ebdaaf1
Rename nullSessionManager to noSessionManager
2013-06-01 23:52:38 -07:00
Vincent Hanquez
b3e3a2d648
fix compilation
2013-06-02 07:12:26 +01:00
Vincent Hanquez
8468556fe8
use x509 public key and private key instead of defining our own in tls.
2013-05-30 07:21:25 +01:00
Vincent Hanquez
b1478dd618
some exporting deprecated aliases.
2013-05-26 08:02:20 +01:00
Vincent Hanquez
02b2f01515
move certificate stuff in x509 module.
2013-05-26 08:02:06 +01:00
Vincent Hanquez
af29b3dc3f
prepare for 1.2 branch
2013-05-26 07:24:02 +01:00
Vincent Hanquez
59d61067b0
add X509 file.
2013-05-26 07:19:59 +01:00
Vincent Hanquez
fc9c6a407d
update for x509
2013-05-19 08:05:46 +01:00
Kyle Raftogianis
2c9fa01197
Replace existential session manager with concrete data type
2013-05-14 22:42:09 -07:00
Vincent Hanquez
83c1e247e6
add extra check for minimum size and being a blocksize multiple for block ciphers.
2013-02-09 16:57:22 +00:00
Vincent Hanquez
66cf59c054
remove BulkNoneF which only duplicate case for no reason.
2013-02-09 16:56:47 +00:00
Vincent Hanquez
339d2ca33a
reorganize the disengage decryptData function for further change.
2013-02-09 08:10:13 +00:00
Vincent Hanquez
0e628cf2c1
bump tls version
2013-01-27 16:09:49 +00:00
Vincent Hanquez
5afd866070
add SNI extension if it has been specified in the ClientUseServerName
2013-01-27 16:09:08 +00:00
Vincent Hanquez
510dcdd752
fix encoding of ServerName extension.
2013-01-27 16:08:39 +00:00
Vincent Hanquez
8553074677
bump version
2013-01-13 06:54:06 +00:00
Vincent Hanquez
a1815c8fb2
remove -fhpc by default in cabal file.
2013-01-13 06:54:03 +00:00
Vincent Hanquez
dab21da9d0
remove cryptocipher dependency
2013-01-06 09:41:40 +00:00
Vincent Hanquez
8c9bff15e3
remove old definition
2013-01-04 09:01:12 +00:00
Vincent Hanquez
5a4b194848
bump version to crypto-random-api 0.2
2013-01-04 08:38:11 +00:00
Vincent Hanquez
0f0471a0d5
in a nice closing alert, we try to reply as well before closing connections
2012-12-31 15:55:22 +00:00
Vincent Hanquez
a2355f33ee
handle early termination and bad remote side more effectively.
...
mark the session has invalid and also try to
reply to the other side that we're closing the connection.
Finally a new terminated exception is raised to userspace to notify
the failure.
2012-12-31 15:49:34 +00:00
Vincent Hanquez
fd922e90d3
define a new Terminated exception
2012-12-31 15:48:04 +00:00
Vincent Hanquez
6f5804bb2d
typo
2012-12-31 14:43:15 +00:00
Vincent Hanquez
17c5de82b3
spring cleanup errors that are not used anymore
2012-12-31 14:42:41 +00:00
Vincent Hanquez
02a50fc142
reorganize the recvData function to be nicer.
2012-12-31 14:08:51 +00:00
Vincent Hanquez
7c6815b738
only send packet if we are in the client context.
2012-12-31 13:37:33 +00:00
Vincent Hanquez
ea06a793b7
add SHA1 and remove unneeded import
2012-12-31 13:37:19 +00:00
Vincent Hanquez
f80f2e5dec
re-indent
2012-12-31 13:37:03 +00:00
Vincent Hanquez
0dd4a97d29
bump core version
2012-12-30 15:31:25 +00:00
Vincent Hanquez
a14b37d528
use new crypto-pubkey
2012-12-30 15:31:13 +00:00
Vincent Hanquez
141e6fc491
use the {decrypt,sign}Safer alternative.
2012-12-05 08:22:47 +00:00
Vincent Hanquez
68e45d829f
use a CPRG when signing with RSA.
2012-12-05 08:19:40 +00:00
Vincent Hanquez
bd2883683b
use a CPRG when using decrypt RSA.
2012-12-05 08:16:32 +00:00
Vincent Hanquez
7a03dc1834
create a test-suite that use tls as a library instead of using directly.
...
use the secret Network.TLS.Internal module, and as a result,
compile tls modules once now instead of twice each.
2012-12-05 07:57:13 +00:00
Vincent Hanquez
cedd5b2c86
switch to CPRG instead of CryptoRandomGen
2012-12-05 07:48:11 +00:00
Vincent Hanquez
3282b61e02
bump version
2012-12-04 08:58:14 +00:00
Vincent Hanquez
d614eb09e2
requires cprng-aes >= 0.3.0 and fix api change.
2012-12-04 08:35:21 +00:00
Vincent Hanquez
cfa2c2e1dc
Merge branch 'SSLv2Hello'
2012-12-04 08:33:02 +00:00
Vincent Hanquez
1e690cf8fb
add a SSLv2 compat flag to enable reception of compat Client Hello only
...
for the first packet received in a server context.
The client side never try to use the compat code.
2012-12-04 08:31:22 +00:00
Vincent Hanquez
cf63849c9d
add the SSLv2_COMPATIBLE flag to the tests.
...
add flag default to true.
2012-12-04 08:13:54 +00:00
Vincent Hanquez
c048a97d1b
Add a flag to recvRecord to enable SSLv2 compat reception.
2012-12-03 18:56:14 +00:00
Vincent Hanquez
b8e3000ef9
remove warning for useless binding
2012-12-03 18:55:30 +00:00
Vincent Hanquez
db1232aea8
remove warnings, add some more #ifdef.
2012-12-03 17:26:50 +00:00
Vincent Hanquez
ee92845b03
bump version
2012-11-19 09:55:07 +00:00
Vincent Hanquez
3e82cc744a
fix issue when re-handshaking with a different cipher.
...
tls was correctly accounting for the difference between pending state
and active state in most place except for the actual cipher
encryption/decryption functions in use.
Hence when re-negociating with a different cipher than the current
cipher, which is fairly unusual but perfectly allowed, the lowlevel
function were switch at the server hello instead of being switch at the
switch(Tx/Rx).
2012-11-19 09:39:35 +00:00
notogawa
1605c4bd00
add flag to reject SSLv2 compatible handshake.
2012-11-17 01:01:41 +09:00
notogawa
d41c53f6b5
reject SSLv2 re-handshaking message.
2012-11-17 00:37:05 +09:00
notogawa
a4f06256fe
accept SSLv2 format 'ClientHello' Handshake message.
2012-11-10 19:34:37 +09:00
Vincent Hanquez
9bc41f62c4
bump version
2012-10-30 04:52:32 +00:00
Vincent Hanquez
513d13029f
use gets where possible and make thing nicer
2012-10-30 04:46:19 +00:00