The peyotls package

[Tags:bsd3, library]

Currently implement the TLS1.2 protocol (RFC 5246, RFC 4492) only, and support the following cipher suites.

implement the following curves

And support client certificate with the following algorithms.

And support secure renegotiation (RFC 5746)

Currently not implement the following features.

Server sample

localhost.key: key file

 -----BEGIN RSA PRIVATE KEY-----
 ...
 -----END RSA PRIVATE KEY-----

localhost.crt: certificate file

 -----BEGIN CERTIFICATE-----
 ...
 -----END CERTIFICATE-----

examples/simpleServer.hs

extensions

 import Control.Applicative
 import Control.Monad
 import "monads-tf" Control.Monad.State
 import Control.Concurrent
 import Data.HandleLike
 import Network
 import Network.PeyoTLS.Server
 import Network.PeyoTLS.ReadFile
 import "crypto-random" Crypto.Random

 import qualified Data.ByteString as BS
 import qualified Data.ByteString.Char8 as BSC

 main :: IO ()
 main = do
	k <- readKey "localhost.key"
	c <- readCertificateChain ["localhost.crt"]
	g0 <- cprgCreate <$> createEntropyPool :: IO SystemRNG
	soc <- listenOn $ PortNumber 443
	void . (`runStateT` g0) . forever $ do
		(h, _, _) <- liftIO $ accept soc
		g <- StateT $ return . cprgFork
		liftIO . forkIO . (`run` g) $ do
			p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(k, c)]
				Nothing
			doUntil BS.null (hlGetLine p) >>= liftIO . mapM_ BSC.putStrLn
			hlPut p $ BS.concat [
				"HTTP/1.1 200 OK\r\n",
				"Transfer-Encoding: chunked\r\n",
				"Content-Type: text/plain\r\n\r\n",
				"5\r\nHello0\r\n\r\n" ]
			hlClose p

 doUntil :: Monad m => (a -> Bool) -> m a -> m [a]
 doUntil p rd = rd >>= \x ->
	(if p x then return . (: []) else (`liftM` doUntil p rd) . (:)) x

Client sample (only show HTTP header)

cacert.pem: self-signed root certificate to validate server

 -----BEGIN CERTIFICATE-----
 ...
 -----END CERTIFICATE-----

examples/simpleClient.hs

extensions

 import Control.Applicative
 import Control.Monad
 import "monads-tf" Control.Monad.Trans
 import Data.HandleLike
 import Network
 import Network.PeyoTLS.ReadFile
 import Network.PeyoTLS.Client
 import "crypto-random" Crypto.Random

 import qualified Data.ByteString.Char8 as BSC

 main :: IO ()
 main = do
 	ca <- readCertificateStore ["cacert.pem"]
 	h <- connectTo "localhost" $ PortNumber 443
 	g <- cprgCreate <$> createEntropyPool :: IO SystemRNG
 	(`run` g) $ do
 		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca
		nms <- getNames p
 		hlPut p "GET / HTTP/1.1 \r\n"
 		hlPut p "Host: localhost\r\n\r\n"
 		doUntil BSC.null (hlGetLine p) >>= liftIO . mapM_ BSC.putStrLn
 		hlClose p

 doUntil :: Monad m => (a -> Bool) -> m a -> m [a]
 doUntil p rd = rd >>= \x ->
 	(if p x then return . (: []) else (`liftM` doUntil p rd) . (:)) x

Client certificate server

 % diff examples/simpleServer.hs examples/clcertServer.hs
 19a20
 >	ca <- readCertificateStore ["cacert.pem"]
 27c28
 <				Nothing
 ---
 >				$ Just ca

Client certificate client (RSA certificate)

 % diff examples/simpleClient.hs examples/clcertClient.hs
 15a16,17
 >	rk <- readKey "client_rsa.key"
 >	rc <- readCertificateChain ["client_rsa.crt"]
 20c22
 <		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca
 ---
 >		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca

Client certificate client (ECDSA or RSA certificate)

 % diff examples/clcertClient.hs examples/clcertEcdsaClient.hs
 17a18,19
 >	ek <- readKey "client_ecdsa.key"
 >	ec <- readCertificateChain ["client_ecdsa.crt"]
 22c24
 <		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(rk, rc)] ca
 ---
 >		p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(ek, ec), (rk, rc)] ca

ECC server (use ECC or RSA depending on client)

 % diff examples/simpleServer.hs examples/eccServer.hs
 15a16,26
 > cipherSuites :: [CipherSuite]
 > cipherSuites = [
 >       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 >       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 >       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 >       "TLS_RSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_RSA_WITH_AES_128_CBC_SHA" ]
 >
 18,19c29,32
 <       k <- readKey "localhost.key"
 <       c <- readCertificateChain ["localhost.crt"]
 ---
 >       rk <- readKey "localhost.key"
 >       rc <- readCertificateChain ["localhost.crt"]
 >       ek <- readKey "localhost_ecdsa.key"
 >       ec <- readCertificateChain ["localhost_ecdsa.crt"]
 26c39
 <                       p <- open h ["TLS_RSA_WITH_AES_128_CBC_SHA"] [(k, c)]
 ---
 >                       p <- open h cipherSuites [(rk, rc), (ek, ec)]

ECC client (use ECC or RSA depending on server)

 % diff examples/simpleClient.hs examples/eccClient.hs
 13a14,24
 > cipherSuites :: [CipherSuite]
 > cipherSuites = [
 >       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 >       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 >       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
 >       "TLS_RSA_WITH_AES_128_CBC_SHA256",
 >       "TLS_RSA_WITH_AES_128_CBC_SHA" ]
 >
 20c31
 <               p <- open' h "localhost" ["TLS_RSA_WITH_AES_128_CBC_SHA"] [] ca
 ---
 >               p <- open' h "localhost" cipherSuites [] ca

Properties

Versions 0.0.0.0, 0.0.0.1, 0.0.0.2, 0.0.0.3, 0.0.0.4, 0.0.0.5, 0.0.0.6, 0.0.0.7, 0.0.0.8, 0.0.0.9, 0.0.0.10, 0.0.0.11, 0.0.0.12, 0.0.0.13, 0.0.0.14, 0.0.0.15, 0.0.0.16, 0.0.0.17, 0.0.0.18, 0.0.0.19, 0.0.0.20, 0.0.0.21, 0.0.0.22, 0.0.0.23, 0.0.0.24, 0.1.0.0, 0.1.1.0, 0.1.2.0, 0.1.3.0, 0.1.4.0, 0.1.4.1, 0.1.4.2, 0.1.4.3, 0.1.4.4, 0.1.4.5, 0.1.5.5, 0.1.6.0, 0.1.6.1, 0.1.6.2, 0.1.6.3, 0.1.6.4, 0.1.6.5, 0.1.6.6, 0.1.6.7, 0.1.6.8, 0.1.6.9, 0.1.6.10
Dependencies asn1-encoding (==0.9.*), asn1-types (==0.3.*), base (==4.*), bytable (==0.1.*), bytestring (==0.10.*), cipher-aes (==0.2.*), crypto-numbers (==0.2.*), crypto-pubkey (==0.2.*), crypto-pubkey-types (==0.4.*), crypto-random (==0.0.*), cryptohash (==0.11.*), handle-like (==0.1.*), monad-control (==1.0.*), monads-tf (==0.1.*), pem (==0.2.*), peyotls-codec (==0.3.*), stm (==2.4.*), transformers-base (==0.4.*), x509 (==1.5.*), x509-store (==1.5.*), x509-validation (==1.5.*) [details]
License BSD3
Author Yoshikuni Jujo <PAF01143@nifty.ne.jp>
Maintainer Yoshikuni Jujo <PAF01143@nifty.ne.jp>
Stability Experimental
Category Network
Home page https://github.com/YoshikuniJujo/peyotls/wiki
Source repository head: git clone git://github.com/YoshikuniJujo/peyotls.git
this: git clone git://github.com/YoshikuniJujo/peyotls.git(tag peyotls-0.1.6.10)
Uploaded Fri Oct 2 04:33:59 UTC 2015 by YoshikuniJujo
Distributions NixOS:0.1.6.10
Downloads 6380 total (120 in the last 30 days)
Votes
1 []
Status Docs uploaded by user [build log]
All reported builds failed as of 2015-10-03 [all 1 reports]

Modules

[Index]

Downloads

Maintainer's Corner

For package maintainers and hackage trustees