-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | TLS protocol for Server and Client sides
--   
--   Implementation of the TLS protocol, focusing on purity and more
--   type-checking.
--   
--   Currently implement only partially the TLS1.0 protocol. Not yet
--   properly secure. Do not yet use as replacement to more mature
--   implementation.
@package tls
@version 0.1.2

module Network.TLS.MAC
hmacMD5 :: ByteString -> ByteString -> ByteString
hmacSHA1 :: ByteString -> ByteString -> ByteString
hmacSHA256 :: ByteString -> ByteString -> ByteString
prf_MD5 :: ByteString -> ByteString -> Int -> ByteString
prf_SHA1 :: ByteString -> ByteString -> Int -> ByteString
prf_MD5SHA1 :: ByteString -> ByteString -> Int -> ByteString

module Network.TLS.SRandom
type SRandomGen = StdGen
makeSRandomGen :: Int -> SRandomGen
getRandomByte :: SRandomGen -> (Word8, SRandomGen)
getRandomBytes :: SRandomGen -> Int -> ([Word8], SRandomGen)


-- | the Struct module contains all definitions and values of the TLS
--   protocol
module Network.TLS.Struct
data Version
SSL2 :: Version
SSL3 :: Version
TLS10 :: Version
TLS11 :: Version
TLS12 :: Version
data ConnectionEnd
ConnectionServer :: ConnectionEnd
ConnectionClient :: ConnectionEnd
data CipherType
CipherStream :: CipherType
CipherBlock :: CipherType
CipherAEAD :: CipherType
type Extension = (Word16, [Word8])
newtype EncryptedData
EncryptedData :: ByteString -> EncryptedData
data CertificateType
CertificateType_RSA_Sign :: CertificateType
CertificateType_DSS_Sign :: CertificateType
CertificateType_RSA_Fixed_DH :: CertificateType
CertificateType_DSS_Fixed_DH :: CertificateType
CertificateType_RSA_Ephemeral_dh :: CertificateType
CertificateType_DSS_Ephemeral_dh :: CertificateType
CertificateType_fortezza_dms :: CertificateType
CertificateType_Unknown :: Word8 -> CertificateType
data HashAlgorithm
HashNone :: HashAlgorithm
HashMD5 :: HashAlgorithm
HashSHA1 :: HashAlgorithm
HashSHA224 :: HashAlgorithm
HashSHA256 :: HashAlgorithm
HashSHA384 :: HashAlgorithm
HashSHA512 :: HashAlgorithm
HashOther :: Word8 -> HashAlgorithm
data SignatureAlgorithm
SignatureAnonymous :: SignatureAlgorithm
SignatureRSA :: SignatureAlgorithm
SignatureDSS :: SignatureAlgorithm
SignatureECDSA :: SignatureAlgorithm
SignatureOther :: Word8 -> SignatureAlgorithm
data ProtocolType
ProtocolType_ChangeCipherSpec :: ProtocolType
ProtocolType_Alert :: ProtocolType
ProtocolType_Handshake :: ProtocolType
ProtocolType_AppData :: ProtocolType
data TLSError
Error_Misc :: String -> TLSError
Error_Certificate :: String -> TLSError
Error_Digest :: ([Word8], [Word8]) -> TLSError
Error_Packet :: String -> TLSError
Error_Packet_Size_Mismatch :: (Int, Int) -> TLSError
Error_Internal_Packet_Remaining :: Int -> TLSError
Error_Internal_Packet_ByteProcessed :: Int -> Int -> Int -> TLSError
Error_Unknown_Version :: Word8 -> Word8 -> TLSError
Error_Unknown_Type :: String -> TLSError
data ServerDHParams
ServerDHParams :: Integer -> Integer -> Integer -> ServerDHParams

-- | prime modulus
dh_p :: ServerDHParams -> Integer

-- | generator
dh_g :: ServerDHParams -> Integer

-- | public value (g^X mod p)
dh_Ys :: ServerDHParams -> Integer
data ServerRSAParams
ServerRSAParams :: Integer -> Integer -> ServerRSAParams
rsa_modulus :: ServerRSAParams -> Integer
rsa_exponent :: ServerRSAParams -> Integer
data ServerKeyXchgAlgorithmData
SKX_DH_Anon :: ServerDHParams -> ServerKeyXchgAlgorithmData
SKX_DHE_DSS :: ServerDHParams -> [Word8] -> ServerKeyXchgAlgorithmData
SKX_DHE_RSA :: ServerDHParams -> [Word8] -> ServerKeyXchgAlgorithmData
SKX_RSA :: (Maybe ServerRSAParams) -> ServerKeyXchgAlgorithmData
SKX_DH_DSS :: (Maybe ServerRSAParams) -> ServerKeyXchgAlgorithmData
SKX_DH_RSA :: (Maybe ServerRSAParams) -> ServerKeyXchgAlgorithmData
data Packet
Handshake :: Handshake -> Packet
Alert :: (AlertLevel, AlertDescription) -> Packet
ChangeCipherSpec :: Packet
AppData :: ByteString -> Packet
data Header
Header :: ProtocolType -> Version -> Word16 -> Header
newtype ServerRandom
ServerRandom :: [Word8] -> ServerRandom
newtype ClientRandom
ClientRandom :: [Word8] -> ClientRandom
newtype ClientKeyData
ClientKeyData :: [Word8] -> ClientKeyData
serverRandom :: [Word8] -> Maybe ServerRandom
clientRandom :: [Word8] -> Maybe ClientRandom
type FinishedData = [Word8]
newtype Session
Session :: (Maybe [Word8]) -> Session
data AlertLevel
AlertLevel_Warning :: AlertLevel
AlertLevel_Fatal :: AlertLevel
data AlertDescription
CloseNotify :: AlertDescription
UnexpectedMessage :: AlertDescription
BadRecordMac :: AlertDescription
DecryptionFailed :: AlertDescription
RecordOverflow :: AlertDescription
DecompressionFailure :: AlertDescription
HandshakeFailure :: AlertDescription
BadCertificate :: AlertDescription
UnsupportedCertificate :: AlertDescription
CertificateRevoked :: AlertDescription
CertificateExpired :: AlertDescription
CertificateUnknown :: AlertDescription
IllegalParameter :: AlertDescription
UnknownCa :: AlertDescription
AccessDenied :: AlertDescription
DecodeError :: AlertDescription
DecryptError :: AlertDescription
ExportRestriction :: AlertDescription
ProtocolVersion :: AlertDescription
InsufficientSecurity :: AlertDescription
InternalError :: AlertDescription
UserCanceled :: AlertDescription
NoRenegotiation :: AlertDescription
data HandshakeType
HandshakeType_HelloRequest :: HandshakeType
HandshakeType_ClientHello :: HandshakeType
HandshakeType_ServerHello :: HandshakeType
HandshakeType_Certificate :: HandshakeType
HandshakeType_ServerKeyXchg :: HandshakeType
HandshakeType_CertRequest :: HandshakeType
HandshakeType_ServerHelloDone :: HandshakeType
HandshakeType_CertVerify :: HandshakeType
HandshakeType_ClientKeyXchg :: HandshakeType
HandshakeType_Finished :: HandshakeType
data Handshake
ClientHello :: !Version -> !ClientRandom -> !Session -> ![CipherID] -> ![CompressionID] -> (Maybe [Extension]) -> Handshake
ServerHello :: !Version -> !ServerRandom -> !Session -> !CipherID -> !CompressionID -> (Maybe [Extension]) -> Handshake
Certificates :: [Certificate] -> Handshake
HelloRequest :: Handshake
ServerHelloDone :: Handshake
ClientKeyXchg :: Version -> ClientKeyData -> Handshake
ServerKeyXchg :: ServerKeyXchgAlgorithmData -> Handshake
CertRequest :: [CertificateType] -> (Maybe [(HashAlgorithm, SignatureAlgorithm)]) -> [Word8] -> Handshake
CertVerify :: [Word8] -> Handshake
Finished :: FinishedData -> Handshake
numericalVer :: Version -> (Word8, Word8)
verOfNum :: (Word8, Word8) -> Maybe Version
class TypeValuable a
valOfType :: (TypeValuable a) => a -> Word8
valToType :: (TypeValuable a) => Word8 -> Maybe a
packetType :: Packet -> ProtocolType
typeOfHandshake :: Handshake -> HandshakeType
instance Show Handshake
instance Eq Handshake
instance Show ServerKeyXchgAlgorithmData
instance Eq ServerKeyXchgAlgorithmData
instance Show ServerRSAParams
instance Eq ServerRSAParams
instance Show ServerDHParams
instance Eq ServerDHParams
instance Show HandshakeType
instance Eq HandshakeType
instance Show AlertDescription
instance Eq AlertDescription
instance Show AlertLevel
instance Eq AlertLevel
instance Show EncryptedData
instance Show Session
instance Eq Session
instance Show ClientKeyData
instance Eq ClientKeyData
instance Show ClientRandom
instance Eq ClientRandom
instance Show ServerRandom
instance Eq ServerRandom
instance Show Header
instance Eq Header
instance Show Packet
instance Eq Packet
instance Eq TLSError
instance Show TLSError
instance Eq ProtocolType
instance Show ProtocolType
instance Show SignatureAlgorithm
instance Eq SignatureAlgorithm
instance Show HashAlgorithm
instance Eq HashAlgorithm
instance Show CertificateType
instance Eq CertificateType
instance Show Version
instance Eq Version
instance Ord Version
instance TypeValuable SignatureAlgorithm
instance TypeValuable HashAlgorithm
instance TypeValuable CertificateType
instance TypeValuable AlertDescription
instance TypeValuable AlertLevel
instance TypeValuable HandshakeType
instance TypeValuable ProtocolType
instance TypeValuable CipherType
instance TypeValuable ConnectionEnd


module Network.TLS.Cipher
data CipherTypeFunctions
CipherNoneF :: CipherTypeFunctions
CipherBlockF :: (Key -> IV -> ByteString -> ByteString) -> (Key -> IV -> ByteString -> ByteString) -> CipherTypeFunctions
CipherStreamF :: (Key -> IV) -> (IV -> ByteString -> (ByteString, IV)) -> (IV -> ByteString -> (ByteString, IV)) -> CipherTypeFunctions
data CipherKeyExchangeType
CipherKeyExchangeRSA :: CipherKeyExchangeType
CipherKeyExchangeDHE_RSA :: CipherKeyExchangeType
CipherKeyExchangeECDHE_RSA :: CipherKeyExchangeType
CipherKeyExchangeDHE_DSS :: CipherKeyExchangeType
CipherKeyExchangeDH_DSS :: CipherKeyExchangeType
CipherKeyExchangeDH_RSA :: CipherKeyExchangeType
CipherKeyExchangeECDH_ECDSA :: CipherKeyExchangeType
CipherKeyExchangeECDH_RSA :: CipherKeyExchangeType
CipherKeyExchangeECDHE_ECDSA :: CipherKeyExchangeType
data Cipher
Cipher :: Word16 -> String -> Word8 -> Word8 -> Word8 -> Word8 -> Word8 -> CipherKeyExchangeType -> (ByteString -> ByteString -> ByteString) -> CipherTypeFunctions -> Maybe Version -> Cipher
cipherID :: Cipher -> Word16
cipherName :: Cipher -> String
cipherDigestSize :: Cipher -> Word8
cipherKeySize :: Cipher -> Word8
cipherIVSize :: Cipher -> Word8
cipherKeyBlockSize :: Cipher -> Word8
cipherPaddingSize :: Cipher -> Word8
cipherKeyExchange :: Cipher -> CipherKeyExchangeType
cipherHMAC :: Cipher -> ByteString -> ByteString -> ByteString
cipherF :: Cipher -> CipherTypeFunctions
cipherMinVer :: Cipher -> Maybe Version
cipherExchangeNeedMoreData :: CipherKeyExchangeType -> Bool
cipher_null_null :: Cipher
cipher_RC4_128_MD5 :: Cipher
cipher_RC4_128_SHA1 :: Cipher
cipher_AES128_SHA1 :: Cipher
cipher_AES256_SHA1 :: Cipher
cipher_AES128_SHA256 :: Cipher
cipher_AES256_SHA256 :: Cipher
instance Show Cipher


-- | the Server module contains the necessary calls to create a listening
--   TLS socket aka. a server socket.
module Network.TLS.Server
data TLSServerParams
TLSServerParams :: [Version] -> [[Word8]] -> [Cipher] -> Maybe TLSServerCert -> Bool -> TLSServerCallbacks -> TLSServerParams

-- | allowed versions that we can use
spAllowedVersions :: TLSServerParams -> [Version]

-- | placeholder for futur known sessions
spSessions :: TLSServerParams -> [[Word8]]

-- | all ciphers that the server side support
spCiphers :: TLSServerParams -> [Cipher]

-- | the certificate we serve to the client
spCertificate :: TLSServerParams -> Maybe TLSServerCert

-- | configure if we do a cert request to the client
spWantClientCert :: TLSServerParams -> Bool

-- | user callbacks
spCallbacks :: TLSServerParams -> TLSServerCallbacks
data TLSServerCallbacks
TLSServerCallbacks :: Maybe ([Certificate] -> IO Bool) -> TLSServerCallbacks

-- | optional callback to verify certificates
cbCertificates :: TLSServerCallbacks -> Maybe ([Certificate] -> IO Bool)
data TLSStateServer
runTLSServer :: TLSServer m a -> TLSServerParams -> SRandomGen -> m (a, TLSStateServer)

-- | receive a single TLS packet or on error a TLSError
recvPacket :: Handle -> TLSServer IO (Either TLSError Packet)

-- | send a single TLS packet
sendPacket :: Handle -> Packet -> TLSServer IO ()

-- | listen on a handle to a new TLS connection.
listen :: Handle -> ServerRandom -> TLSServer IO ()

-- | sendData sends a bunch of data
sendData :: Handle -> ByteString -> TLSServer IO ()

-- | recvData get data out of Data packet, and automatically renegociate if
--   - a Handshake ClientHello is received
recvData :: Handle -> TLSServer IO ByteString

-- | close a TLS connection. - note that it doesn't close the handle, but
--   just signal we're going to close - the connection to the other side
close :: Handle -> TLSServer IO ()
instance (Monad m) => Monad (TLSServer m)
instance (Monad m) => MonadState TLSStateServer (TLSServer m)
instance (Monad m) => Functor (TLSServer m)
instance MonadTrans TLSServer
instance (Monad m) => MonadTLSState (TLSServer m)
instance Show TLSServerCallbacks


-- | the Client module contains the necessary calls to create a connecting
--   TLS socket aka. a client socket.
module Network.TLS.Client
data TLSClientParams
TLSClientParams :: Version -> [Version] -> Maybe [Word8] -> [Cipher] -> Maybe Certificate -> TLSClientCallbacks -> TLSClientParams

-- | client version we're sending by default
cpConnectVersion :: TLSClientParams -> Version

-- | allowed versions from the server
cpAllowedVersions :: TLSClientParams -> [Version]

-- | session for this connection
cpSession :: TLSClientParams -> Maybe [Word8]

-- | all ciphers for this connection
cpCiphers :: TLSClientParams -> [Cipher]

-- | an optional client certificate
cpCertificate :: TLSClientParams -> Maybe Certificate

-- | user callbacks
cpCallbacks :: TLSClientParams -> TLSClientCallbacks
data TLSClientCallbacks
TLSClientCallbacks :: Maybe ([Certificate] -> IO Bool) -> TLSClientCallbacks

-- | optional callback to verify certificates
cbCertificates :: TLSClientCallbacks -> Maybe ([Certificate] -> IO Bool)
data TLSStateClient
newtype TLSClient m a
TLSClient :: StateT TLSStateClient m a -> TLSClient m a
runTLSC :: TLSClient m a -> StateT TLSStateClient m a
runTLSClient :: TLSClient m a -> TLSClientParams -> SRandomGen -> m (a, TLSStateClient)

-- | receive a single TLS packet or on error a TLSError
recvPacket :: Handle -> TLSClient IO (Either TLSError Packet)

-- | send a single TLS packet
sendPacket :: Handle -> Packet -> TLSClient IO ()

-- | connect through a handle as a new TLS connection.
connect :: Handle -> ClientRandom -> ClientKeyData -> TLSClient IO ()

-- | sendData sends a bunch of data
sendData :: Handle -> ByteString -> TLSClient IO ()

-- | recvData get data out of Data packet, and automatically try to
--   renegociate if - a Handshake HelloRequest is received
recvData :: Handle -> TLSClient IO ByteString

-- | close a TLS connection. - note that it doesn't close the handle, but
--   just signal we're going to close - the connection to the other side
close :: Handle -> TLSClient IO ()
instance (Monad m) => Monad (TLSClient m)
instance (Monad m) => MonadState TLSStateClient (TLSClient m)
instance Show TLSStateClient
instance Show TLSClientParams
instance (Monad m) => Functor (TLSClient m)
instance MonadTrans TLSClient
instance (Monad m) => MonadTLSState (TLSClient m)
instance Show TLSClientCallbacks