Vincent Hanquez
fc598287ad
remove fromJust
2011-03-01 23:18:09 +00:00
Vincent Hanquez
73979e9db4
move initiate into handshake in core.
2011-03-01 23:09:17 +00:00
Vincent Hanquez
9083c53453
style change and use modify instead of get/put
2011-03-01 20:01:40 +00:00
Vincent Hanquez
c1a20efe74
move sendData to core
2011-03-01 20:01:40 +00:00
Vincent Hanquez
43a2ae9dae
remove language extensions not needed anymore
2011-03-01 20:01:40 +00:00
Vincent Hanquez
353783abdf
put server/client in core
2011-03-01 20:01:40 +00:00
Vincent Hanquez
f4cc8999db
move 'close' api to core and rename to 'bye' to avoid a meaning conflict with unix close.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
f260c5b9cf
modify client API to be like the server API.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
5481816e0e
remove old import
2011-03-01 20:01:40 +00:00
Vincent Hanquez
5e8d2fa776
move server to the new split API and have the server function in a monadIO monad.
...
the state mvar is for now mostly useless, although completly harmeless; it will
be useful to be able to use the ctx in a threaded context.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
c997045372
remove old code
2011-03-01 20:01:40 +00:00
Vincent Hanquez
6a0578ad0c
simplify state manipulation
...
separate the pure state manipulation from the monad doing the IO.
add some duplicate helpers to use the new monad.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
9586b05395
unify clientparams and serverparams
2011-03-01 20:01:40 +00:00
Vincent Hanquez
fc420e13f8
add nullCompression and an instance of show for compression data.
2011-03-01 20:01:40 +00:00
Vincent Hanquez
d592c7aad7
update for latest certificate 0.7
2011-02-20 17:43:10 +00:00
Vincent Hanquez
c6154ae126
fix a bug with SSL3 during the creation of crypt state.
...
The test for partition was too strict, and the SSL3 generator
is quite likely to generate more data whereas the TLS generator
generate the correct amount every time.
now bigger bytestring than necessary are now valid as well.
2011-02-20 08:49:23 +00:00
Vincent Hanquez
693891ad0c
add a dedicated fromJust
...
compared to the normal fromJust, it take an extra string to report
what kind of fromJust we were doing. it's quite valuable when
shuffling code and assertion break.
at some point, it need to be removed completely in favor of better types
that better reflect the actual state on the connection.
2011-02-20 08:37:19 +00:00
Vincent Hanquez
22ea02ffe4
move to certificate >= 0.6
2011-02-20 08:35:14 +00:00
Vincent Hanquez
a3ea15886f
use AES in cryptocipher 0.2.5
2011-02-20 08:13:53 +00:00
Vincent Hanquez
af02dd0839
add stricter partition(3|6) utils that doesn't use wire (and thus no binary)
2011-01-05 09:24:58 +00:00
Vincent Hanquez
857a4a06b8
add some assertion checking
2011-01-05 09:24:58 +00:00
Vincent Hanquez
a78162e298
add support for ciphers without encryption.
2011-01-05 09:24:58 +00:00
Vincent Hanquez
54640db618
add cipher 0x1 and 0x2 (no encryption with RSA)
2011-01-05 09:24:46 +00:00
Vincent Hanquez
e5e331fdf1
move to certificate 0.5
2011-01-02 09:49:21 +00:00
Vincent Hanquez
4b3cd2c2f7
export key/iv
2010-12-07 09:15:22 +00:00
Vincent Hanquez
701643a863
remove old comment
2010-12-06 22:54:56 +00:00
Vincent Hanquez
9796739ce0
add some instances of show for serverparams.
2010-12-04 13:09:02 +00:00
Vincent Hanquez
b3a8c1e1d6
add an instance of Eq for Ciphers. if two cipherID are eq then it's eq.
2010-12-04 13:08:38 +00:00
Vincent Hanquez
d787160713
rename connect in client module to initiate.
...
add a deprecated pragma for connect and keep it for compatibility
2010-11-28 10:30:05 +00:00
Vincent Hanquez
d061b37730
remove RandomGen generator and provide a reseed functions to regenerate the RNG.
2010-11-07 10:19:12 +00:00
Vincent Hanquez
a95dd8f45e
Generalize key exchange and use in-house RSA.
...
Remove need for spoon, since RSA will fails gracefully.
Add support for full private key format for fast decryption.
Generalization of key exchange to add future support for DH, etc.
2010-11-04 19:10:00 +00:00
Vincent Hanquez
65942b945f
massive change on the RNG and add support for CryptoRandomGen
...
use an inline AES counter system to generate random data.
2010-11-04 19:05:36 +00:00
Vincent Hanquez
863c09e0d4
put the throwError inside the runGet instead of outside.
...
related to a monad either overlapping report.
2010-11-03 23:06:04 +00:00
Vincent Hanquez
0d342a68f7
use monads-fd instead of mtl
2010-10-24 12:02:45 +01:00
Vincent Hanquez
7a5139c5ce
depends on cryptohash 0.6 and adapt to the new modules location.
2010-10-24 12:02:41 +01:00
Vincent Hanquez
a1469322e4
don't check padding content in SSL3 mode
2010-10-06 09:15:36 +01:00
Vincent Hanquez
f54be74cc4
properly encode RSA structure without extra length when doing SSL3
2010-10-06 09:11:57 +01:00
Vincent Hanquez
cfff801bd9
properly finish SSL3 digest computation.
...
change the cipher structure to contain the hash algorithm
instead of the mac algorithm.
2010-10-06 09:07:48 +01:00
Vincent Hanquez
1bbd893e95
use modify instead of get >>= put (and same for modifyTLS)
2010-10-05 18:48:32 +01:00
Vincent Hanquez
3c2ebe5c08
more generation of SSL block/finished values.
2010-10-05 18:48:28 +01:00
Vincent Hanquez
9c4a3a0223
use the AES rng as the TLSState rng, and generate random bytes on demand
...
client/premaster/secret random bytes are now generated by the TLSstate rng
on demand, simplifying the use of basic routines (connect/listen) and the
renegociation process.
also the AES rng is a CPRNG, compared to system.random PRNG, which
might gives a better warmer fuzzy random feeling.
2010-10-03 11:23:12 +01:00
Vincent Hanquez
6a9296727b
improve the regeneration of client and server rng datas
2010-10-03 11:01:22 +01:00
Vincent Hanquez
9641ca7c83
add prototype to processServerInfo
2010-10-03 10:32:23 +01:00
Vincent Hanquez
383cf4c021
properly handle multiple packet fragments.
...
as a bonus it cleans lots of differents part since the state machine
is inside receiving/sending code
2010-10-02 22:41:00 +01:00
Vincent Hanquez
e189f37a67
new state machine
2010-10-02 22:02:37 +01:00
Vincent Hanquez
5a6ff3abe8
take in account that we can receive multiple handshakes in the same tls fragment.
2010-10-02 10:58:41 +01:00
Vincent Hanquez
8049ad6c6f
add a way to update Digest when we have a handshaket type and the content of the header
2010-10-02 10:54:49 +01:00
Vincent Hanquez
eb3ed06af1
add TLS state machine to track that we receive correct message at the correct type
2010-10-02 10:32:29 +01:00
Vincent Hanquez
d188a180cc
refactorize receiving packet thing
2010-10-02 09:09:46 +01:00
Vincent Hanquez
f033a0d973
reorganize the way we decrypt data to be nicer.
...
as a bonus, finally check if padding is valid.
2010-09-26 20:56:51 +01:00