Safe Haskell | None |
---|---|
Language | Haskell98 |
- data ContType
- data PrtVrsn = PrtVrsn Word8 Word8
- data CipherSuite
- data KeyEx
- = RSA
- | DHE_RSA
- | ECDHE_RSA
- | ECDHE_ECDSA
- | KE_NULL
- data BulkEnc
- data CmpMtd
- data HSAlg = HSAlg HashAlg SignAlg
- data SignAlg
- data HashAlg
- data Handshake
- class HandshakeItem hi where
- fromHandshake :: Handshake -> Maybe hi
- toHandshake :: hi -> Handshake
- data CCSpec
- data ClHello
- data SvHello
- data SssnId = SssnId ByteString
- data Extension
- = ESName [SName]
- | EECrv [CurveName]
- | EEPFrmt [EPFrmt]
- | ESAlg [HSAlg]
- | ESsnTcktTls ByteString
- | ENxPrtNego ByteString
- | ERnInfo ByteString
- | ERaw EType ByteString
- isRnInfo :: Extension -> Bool
- emptyRnInfo :: Extension
- data SvKeyEx = SvKeyEx ByteString ByteString HashAlg SignAlg ByteString
- data SvKeyExDhe = SvKeyExDhe Params PublicNumber HashAlg SignAlg ByteString
- data SvKeyExEcdhe = SvKeyExEcdhe Curve Point HashAlg SignAlg ByteString
- data CertReq = CertReq [ClCertType] [(HashAlg, SignAlg)] [DistinguishedName]
- certReq :: [ClCertType] -> [(HashAlg, SignAlg)] -> CertificateStore -> CertReq
- data ClCertType
- data SHDone = SHDone
- data ClKeyEx = ClKeyEx ByteString
- data Epms = Epms ByteString
- data DigitSigned
- data Finished = Finished ByteString
Fragment
RFC 5246 6.2.1 Fragmentation
enum { change_cipher_spec(20), alert(21), handshake(22), application_data(23), (255) } ContentType;
RFC 5246 6.2.1 Fragmentation
struct { uint8 major; uint8 minor; } ProtocolVersion;
Cipher Suite, Compression Method, Signature Algorithm
data CipherSuite Source
RFC 5246 7.4.1.2. Client Hello
uint8 CipherSuite[2];
RFC 5246 A.5. The Cipher Suite
CipherSuite TLS_NULL_WITH_NULL_NULL = { 0x00, 0x00 }; CipherSuite TLS_RSA_WITH_NULL_MD5 = { 0x00, 0x01 }; CipherSuite TLS_RSA_WITH_NULL_SHA = { 0x00, 0x02 }; CipherSuite TLS_RSA_WITH_NULL_SHA256 = { 0x00, 0x3B }; CipherSuite TLS_RSA_WITH_RC4_128_MD5 = { 0x00, 0x04 }; CipherSuite TLS_RSA_WITH_RC4_128_SHA = { 0x00, 0x05 }; CipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0A }; CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x2F }; CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x35 }; CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256 = { 0x00, 0x3C }; CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256 = { 0x00, 0x3D };
CipherSuite TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x0D }; CipherSuite TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x10 }; CipherSuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x13 }; CipherSuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x16 }; CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x30 }; CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x31 }; CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x32 }; CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x33 }; CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA = { 0x00, 0x36 }; CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x37 }; CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA = { 0x00, 0x38 }; CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA = { 0x00, 0x39 }; CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = { 0x00, 0x3E }; CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = { 0x00, 0x3F }; CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256= { 0x00, 0x40 }; CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256= { 0x00, 0x67 }; CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = { 0x00, 0x68 }; CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = { 0x00, 0x69 }; CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA256= { 0x00, 0x6A }; CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256= { 0x00, 0x6B };
CipherSuite TLS_DH_anon_WITH_RC4_128_MD5 = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_3DES_EDE_CBC_SHA = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA = { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA256= { 0x00, 0x00 }; CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA256= { 0x00, 0x00 };
RFC 4492 6. Cipher Suites
CipherSuite TLS_ECDH_ECDSA_WITH_NULL_SHA = { 0xC0, 0x01 }; CipherSuite TLS_ECDH_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x02 }; CipherSuite TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x03 }; CipherSuite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x04 }; CipherSuite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x05 };
CipyherSuite TLS_ECDHE_ECDSA_WITH_NULL_SHA = { 0xC0, 0x06 }; CipyherSuite TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = { 0xC0, 0x07}; CipyherSuite TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x08 }; CipyherSuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x09 }; CipyherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x0A };
CipherSuite TLS_ECDH_RSA_WITH_NULL_SHA = { 0xC0, 0x0B }; CipherSuite TLS_ECDH_RSA_WITH_RC4_128_SHA = { 0xC0, 0x0C }; CipherSuite TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x0D }; CipherSuite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x0E }; CipherSuite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x0F };
CipherSuite TLS_ECDHE_RSA_WITH_NULL_SHA = { 0xC0, 0x10 }; CipherSuite TLS_ECDHE_RSA_WITH_RC4_128_SHA = { 0xC0, 0x11 }; CipherSuite TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x12 }; CipherSuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = { 0xC0, 0x13 }; CipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = { 0xC0, 0x14 };
CipherSuite TLS_ECDH_anon_WITH_NULL_SHA = { 0xC0, 0x15 }; CipherSuite TLS_ECDH_anon_WITH_RC4_128_SHA = { 0xC0, 0x16 }; CipherSuite TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = { 0xC0, 0x17 }; CipherSuite TLS_ECDH_anon_WITH_AES_128_CBC_SHA = { 0xC0, 0x18 }; CipherSuite TLS_ECDH_anon_WITH_AES_256_CBC_SHA = { 0xC0, 0x19 };
RFC 5746 3.3. Renegotiation Protection Request Signaling Cipher Suite Value
CipherSuite TLS_EMPTY_RENEGOTIATION_INFO_SCSV = {0x00, 0xFF}
RFC 5246 7.4.1.2. Client Hello
enum { null(0), (255) } CompressionMethod;
RFC 5246 7.4.1.4.1. Signature Algorithms
struct { HashAlgorithm hash; SignatureAlgorithm signature; } SignatureAndHashAlgorithm;
RFC 5246 7.4.1.4.1. Signature Algorithms
enum { anonymous(0), rsa(1), dsa(2), ecdsa(3), (255) }
RFC 5246 7.4.1.4.1. Signature Algorithms
enum { none(0), md5(1), sha1(2), sha224(3), sha256(4), sha384(5), sha512(6), (255) } HashAlgorithm;
Handshake
RFC 5246 7.4 Handshake Protocol
enum { hello_request(0), client_hello(1), server_hello(2), certificate(11), server_key_exchange(12), certificate_request(13), server_hello_done(14), certificate_verify(15), client_key_exchange(16), finished(20), (255) } HandshakeType; struct { HandshakeType msg_type; uint24 length; select (HandshakeType) { case hello_request: HelloRequest; case client_hello: ClientHello; case server_hello: ServerHello; case certificate: Certificate; case server_key_exchange: ServerKeyExchange; case certificate_request: CertificateRequest; case server_hello_done: ServerHelloDone; case certificate_verify: CertificateVerify; case client_key_exchange: ClientKeyExchange; case finished: Finished; } body; } Handshake;
class HandshakeItem hi where Source
fromHandshake :: Handshake -> Maybe hi Source
toHandshake :: hi -> Handshake Source
RFC 5246
struct { enum { change_cipher_spec(1), (255) } type; } ChangeCipherSpec;
Hello
RFC 5246 7.4.1.2. Client Hello
struct { uint32 gmt_unix_time; opaque random_bytes[28]; } Random opaque SessionID<0..32>; uint8 CipherSuite[2]; enum { null(0), (255) } CompressionMethod; struct { ProtocolVersion client_version; Random random; SessionID session_id; CipherSuite cipher_suites<2..2^16-2>; CompressionMethod compression_methods<1..2^8-1>; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ClientHello;
RFC 5246 7.4.1.3. Server Hello
struct { ProtocolVersion server_version; Random random; SessionID session_id; CipherSuite cipher_suite; CompressionMethod compression_method; select (extensions_present) { case false: struct {}; case true: Extension extensions<0..2^16-1>; }; } ServerHello;
RFC 5246 7.4.1.2 Client Hello
opaque SessionID<0..32>;
RFC 5246 7.4.1.4. Hello Wxtensions
struct { ExtensionType extension_type; opaque extension_data<0..2^16-1>; } Extension; enum { signature_algorithms(13), (65535) } ExtensionType
ESName [SName] | |
EECrv [CurveName] | |
EEPFrmt [EPFrmt] | |
ESAlg [HSAlg] | |
ESsnTcktTls ByteString | |
ENxPrtNego ByteString | |
ERnInfo ByteString | |
ERaw EType ByteString |
Server Key Exchange
data SvKeyExDhe Source
data SvKeyExEcdhe Source
Others
CertReq [ClCertType] [(HashAlg, SignAlg)] [DistinguishedName] |
certReq :: [ClCertType] -> [(HashAlg, SignAlg)] -> CertificateStore -> CertReq Source
data ClCertType Source
data DigitSigned Source