Copyright | (c) Yoshikuni Jujo, 2014 |
---|---|
License | BSD3 |
Maintainer | PAF01143@nifty.ne.jp |
Stability | Experimental |
Safe Haskell | None |
Language | Haskell98 |
- type PeyotlsM = TlsM Handle SystemRNG
- type PeyotlsHandle = TlsHandle Handle SystemRNG
- type TlsM h g = ErrorT Alert (StateT (TlsState h g) (HandleMonad h))
- data TlsHandle h g
- data Alert :: *
- run :: HandleLike h => TlsM h g a -> g -> HandleMonad h a
- open :: (ValidateHandle h, CPRG g) => h -> [CipherSuite] -> [(CertSecretKey, CertificateChain)] -> CertificateStore -> TlsM h g (TlsHandle h g)
- open' :: (ValidateHandle h, CPRG g) => h -> String -> [CipherSuite] -> [(CertSecretKey, CertificateChain)] -> CertificateStore -> TlsM h g (TlsHandle h g)
- getNames :: HandleLike h => TlsHandle h g -> TlsM h g [String]
- getCertificate :: HandleLike h => TlsHandle h g -> TlsM h g SignedCertificate
- checkName :: HandleLike h => TlsHandle h g -> String -> TlsM h g Bool
- renegotiate :: (ValidateHandle h, CPRG g) => TlsHandle h g -> TlsM h g ()
- setCipherSuites :: (ValidateHandle h, CPRG g) => TlsHandle h g -> [CipherSuite] -> TlsM h g ()
- setKeyCerts :: (ValidateHandle h, CPRG g) => TlsHandle h g -> [(CertSecretKey, CertificateChain)] -> TlsM h g ()
- setCertificateStore :: (ValidateHandle h, CPRG g) => TlsHandle h g -> CertificateStore -> TlsM h g ()
- data CipherSuite :: *
- data KeyEx :: *
- = RSA
- | DHE_RSA
- | ECDHE_RSA
- | ECDHE_ECDSA
- | KE_NULL
- data BulkEnc :: *
- class HandleLike h => ValidateHandle h where
- validate :: h -> CertificateStore -> CertificateChain -> HandleMonad h [FailedReason]
- data CertSecretKey
- = RsaKey {
- rsaKey :: PrivateKey
- | EcdsaKey { }
- = RsaKey {
Basic
type PeyotlsHandle = TlsHandle Handle SystemRNG Source
Show h => Show (TlsHandle h g) | |
(ValidateHandle h, CPRG g) => HandleLike (TlsHandle h g) | |
type DebugLevel (TlsHandle h g) = DebugLevel h | |
type HandleMonad (TlsHandle h g) = TlsM h g |
data Alert :: *
RFC 5246 7.2. Alert Protocol
struct { AlertLevel level; AlertDescription description; } Alert;
run :: HandleLike h => TlsM h g a -> g -> HandleMonad h a Source
open :: (ValidateHandle h, CPRG g) => h -> [CipherSuite] -> [(CertSecretKey, CertificateChain)] -> CertificateStore -> TlsM h g (TlsHandle h g) Source
Don't forget check server name by checkName.
open' :: (ValidateHandle h, CPRG g) => h -> String -> [CipherSuite] -> [(CertSecretKey, CertificateChain)] -> CertificateStore -> TlsM h g (TlsHandle h g) Source
This function open and check server name. Use this so as not to forget to check server name.
getCertificate :: HandleLike h => TlsHandle h g -> TlsM h g SignedCertificate Source
Renegotiation
renegotiate :: (ValidateHandle h, CPRG g) => TlsHandle h g -> TlsM h g () Source
setCipherSuites :: (ValidateHandle h, CPRG g) => TlsHandle h g -> [CipherSuite] -> TlsM h g () Source
setKeyCerts :: (ValidateHandle h, CPRG g) => TlsHandle h g -> [(CertSecretKey, CertificateChain)] -> TlsM h g () Source
setCertificateStore :: (ValidateHandle h, CPRG g) => TlsHandle h g -> CertificateStore -> TlsM h g () Source
Cipher Suite
data CipherSuite :: *
RFC 5246 7.4.1.2. Client Hello
uint8 CipherSuite[2];
RFC 5246 A.5. The Cipher Suite
CipherSuite TLS_NULL_WITH_NULL_NULL = { 0x00, 0x00 }; CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00, 0x01 }; CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00, 0x02 }; CipherSuite TLS_RSA_WITH_NULL_SHA256 = { 0x00, 0x3B }; CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00, 0x04 }; CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00, 0x05 }; CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0A }; CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x2F }; CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x35 }; CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = { 0x00, 0x3C }; CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = { 0x00, 0x3D };
CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0D }; CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x10 }; CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x13 }; CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x16 }; CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x30 }; CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x31 }; CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x32 }; CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x33 }; CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00, 0x36 }; CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x37 }; CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00, 0x38 }; CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x39 }; CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = { 0x00, 0x3E }; CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = { 0x00, 0x3F }; CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256= { 0x00, 0x40 }; CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256= { 0x00, 0x67 }; CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = { 0x00, 0x68 }; CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = { 0x00, 0x69 }; CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA256= { 0x00, 0x6A }; CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256= { 0x00, 0x6B };
CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA256= { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA256= { 0x00, 0x00 };
RFC 4492 6. Cipher Suites
CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0xC0, 0x01 }; CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x02 }; CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x03 }; CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x04 }; CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x05 };
CipyherSuite TLS_ECDHE_ECDSA_WITH_NULL_SHA = { 0xC0, 0x06 }; CipyherSuite TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x07}; CipyherSuite TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x08 }; CipyherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x09 }; CipyherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x0A };
CipherSuite TLS_ECDH_RSA_WITH_NULL_SHA = { 0xC0, 0x0B }; CipherSuite TLS_ECDH_RSA_WITH_RC4_128_SHA = { 0xC0, 0x0C }; CipherSuite TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x0D }; CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x0E }; CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x0F };
CipherSuite TLS_ECDHE_RSA_WITH_NULL_SHA = { 0xC0, 0x10 }; CipherSuite TLS_ECDHE_RSA_WITH_RC4_128_SHA = { 0xC0, 0x11 }; CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x12 }; CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x13 }; CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x14 };
CipherSuite TLS_ECDH_anon_WITH_NULL_SHA = { 0xC0, 0x15 }; CipherSuite TLS_ECDH_anon_WITH_RC4_128_SHA = { 0xC0, 0x16 }; CipherSuite TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x17 }; CipherSuite TLS_ECDH_anon_WITH_AES_128_CBC_SHA = { 0xC0, 0x18 }; CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA = { 0xC0, 0x19 };
RFC 5746 3.3. Renegotiation Protection Request Signaling Cipher Suite Value
CipherSuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV = {0x00, 0xFF}
Others
class HandleLike h => ValidateHandle h where Source
validate :: h -> CertificateStore -> CertificateChain -> HandleMonad h [FailedReason] Source