-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | TLS/SSL protocol native implementation (Server and Client)
--   
--   Native Haskell TLS and SSL protocol implementation for server and
--   client.
--   
--   This provides a high-level implementation of a sensitive security
--   protocol, eliminating a common set of security issues through the use
--   of the advanced type system, high level constructions and common
--   Haskell features.
--   
--   Currently implement the SSL3.0, TLS1.0, TLS1.1 and TLS1.2 protocol,
--   with only RSA supported for Key Exchange.
--   
--   Only core protocol available here, have a look at the
--   <a>http://hackage.haskell.org/package/tls-extra/</a> package for
--   default ciphers, compressions and certificates functions.
@package tls
@version 0.9.4


module Network.TLS
data TLSParams
TLSParams :: Version -> [Version] -> [Cipher] -> [Compression] -> Bool -> Bool -> Bool -> [(X509, Maybe PrivateKey)] -> TLSLogging -> (Measurement -> IO Bool) -> ([X509] -> IO TLSCertificateUsage) -> (SessionID -> IO (Maybe SessionData)) -> (SessionID -> SessionData -> IO ()) -> (SessionID -> IO ()) -> Maybe (SessionID, SessionData) -> TLSParams

-- | version to use on client connection.
pConnectVersion :: TLSParams -> Version

-- | allowed versions that we can use.
pAllowedVersions :: TLSParams -> [Version]

-- | all ciphers supported ordered by priority.
pCiphers :: TLSParams -> [Cipher]

-- | all compression supported ordered by priority.
pCompressions :: TLSParams -> [Compression]

-- | request a certificate from client. use by server only.
pWantClientCert :: TLSParams -> Bool
pUseSecureRenegotiation :: TLSParams -> Bool
pUseSession :: TLSParams -> Bool

-- | the cert chain for this context with the associated keys if any.
pCertificates :: TLSParams -> [(X509, Maybe PrivateKey)]

-- | callback for logging
pLogging :: TLSParams -> TLSLogging

-- | callback on a beggining of handshake
onHandshake :: TLSParams -> Measurement -> IO Bool

-- | callback to verify received cert chain.
onCertificatesRecv :: TLSParams -> [X509] -> IO TLSCertificateUsage

-- | callback to maybe resume session on server.
onSessionResumption :: TLSParams -> SessionID -> IO (Maybe SessionData)

-- | callback when session have been established
onSessionEstablished :: TLSParams -> SessionID -> SessionData -> IO ()

-- | callback when session is invalidated by error
onSessionInvalidated :: TLSParams -> SessionID -> IO ()

-- | try to establish a connection using this session.
sessionResumeWith :: TLSParams -> Maybe (SessionID, SessionData)
data TLSLogging
TLSLogging :: (String -> IO ()) -> (String -> IO ()) -> (ByteString -> IO ()) -> (Header -> ByteString -> IO ()) -> TLSLogging
loggingPacketSent :: TLSLogging -> String -> IO ()
loggingPacketRecv :: TLSLogging -> String -> IO ()
loggingIOSent :: TLSLogging -> ByteString -> IO ()
loggingIORecv :: TLSLogging -> Header -> ByteString -> IO ()

-- | Certificate Usage callback possible returns values.
data TLSCertificateUsage

-- | usage of certificate accepted
CertificateUsageAccept :: TLSCertificateUsage

-- | usage of certificate rejected
CertificateUsageReject :: TLSCertificateRejectReason -> TLSCertificateUsage

-- | Certificate and Chain rejection reason
data TLSCertificateRejectReason
CertificateRejectExpired :: TLSCertificateRejectReason
CertificateRejectRevoked :: TLSCertificateRejectReason
CertificateRejectUnknownCA :: TLSCertificateRejectReason
CertificateRejectOther :: String -> TLSCertificateRejectReason
defaultParams :: TLSParams
defaultLogging :: TLSLogging

-- | A TLS Context is a handle augmented by tls specific state and
--   parameters
data TLSCtx a

-- | return the connection object associated with this context
ctxConnection :: TLSCtx a -> a

-- | Create a new Client context with a configuration, a RNG, and a Handle.
--   It reconfigures the handle's <a>BufferMode</a> to
--   <tt>NoBuffering</tt>.
client :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m (TLSCtx Handle)

-- | Create a new Server context with a configuration, a RNG, and a Handle.
--   It reconfigures the handle's <a>BufferMode</a> to
--   <tt>NoBuffering</tt>.
server :: (MonadIO m, CryptoRandomGen g) => TLSParams -> g -> Handle -> m (TLSCtx Handle)

-- | notify the context that this side wants to close connection. this is
--   important that it is called before closing the handle, otherwise the
--   session might not be resumable (for version &lt; TLS1.2).
--   
--   this doesn't actually close the handle
bye :: MonadIO m => TLSCtx c -> m ()

-- | Handshake for a new TLS connection This is to be called at the
--   beginning of a connection, and during renegotiation
handshake :: MonadIO m => TLSCtx c -> m ()

-- | sendData sends a bunch of data. It will automatically chunk data to
--   acceptable packet size
sendData :: MonadIO m => TLSCtx c -> ByteString -> m ()

-- | recvData get data out of Data packet, and automatically renegotiate if
--   a Handshake ClientHello is received
recvData :: MonadIO m => TLSCtx c -> m ByteString
recvData' :: MonadIO m => TLSCtx c -> m ByteString
data PrivateKey
PrivRSA :: PrivateKey -> PrivateKey

-- | supported compression algorithms need to be part of this class
class CompressionC a
compressionCID :: CompressionC a => a -> Word8
compressionCDeflate :: CompressionC a => a -> ByteString -> (a, ByteString)
compressionCInflate :: CompressionC a => a -> ByteString -> (a, ByteString)

-- | every compression need to be wrapped in this, to fit in structure
data Compression
Compression :: a -> Compression

-- | default null compression
nullCompression :: Compression

-- | Cipher algorithm
data Cipher
Cipher :: Word16 -> String -> Hash -> Bulk -> CipherKeyExchangeType -> Maybe Version -> Cipher
cipherID :: Cipher -> Word16
cipherName :: Cipher -> String
cipherHash :: Cipher -> Hash
cipherBulk :: Cipher -> Bulk
cipherKeyExchange :: Cipher -> CipherKeyExchangeType
cipherMinVer :: Cipher -> Maybe Version
data Bulk
Bulk :: String -> Int -> Int -> Int -> BulkFunctions -> Bulk
bulkName :: Bulk -> String
bulkKeySize :: Bulk -> Int
bulkIVSize :: Bulk -> Int
bulkBlockSize :: Bulk -> Int
bulkF :: Bulk -> BulkFunctions

-- | Versions known to TLS
--   
--   SSL2 is just defined, but this version is and will not be supported.
data Version
SSL2 :: Version
SSL3 :: Version
TLS10 :: Version
TLS11 :: Version
TLS12 :: Version

-- | TLSError that might be returned through the TLS stack
data TLSError

-- | mainly for instance of Error
Error_Misc :: String -> TLSError
Error_Protocol :: (String, Bool, AlertDescription) -> TLSError
Error_Certificate :: String -> TLSError

-- | handshake policy failed.
Error_HandshakePolicy :: String -> TLSError
Error_Random :: String -> TLSError
Error_EOF :: TLSError
Error_Packet :: String -> TLSError
Error_Packet_Size_Mismatch :: (Int, Int) -> TLSError
Error_Packet_unexpected :: String -> String -> TLSError
Error_Packet_Parsing :: String -> TLSError
Error_Internal_Packet_ByteProcessed :: Int -> Int -> Int -> TLSError
Error_Unknown_Version :: Word8 -> Word8 -> TLSError
Error_Unknown_Type :: String -> TLSError
data HandshakeFailed
HandshakeFailed :: TLSError -> HandshakeFailed
data ConnectionNotEstablished
ConnectionNotEstablished :: ConnectionNotEstablished