tls-extra 0.4.0 → 0.4.1
raw patch · 3 files changed
+13/−28 lines, 3 filesdep ~certificatedep ~cprng-aesdep ~cryptocipher
Dependency ranges changed: certificate, cprng-aes, cryptocipher, tls
Files
- Examples/Stunnel.hs +3/−14
- Network/TLS/Extra/Certificate.hs +4/−8
- tls-extra.cabal +6/−6
Examples/Stunnel.hs view
@@ -17,7 +17,6 @@ import Data.Certificate.PEM import Data.Certificate.X509 import qualified Data.Certificate.KeyRSA as KeyRSA-import qualified Crypto.Cipher.RSA as RSA import qualified Crypto.Random.AESCtr as RNG import Network.TLS@@ -114,19 +113,9 @@ let pkdata = case parsePEMKeyRSA content of Nothing -> error ("no valid RSA key section") Just x -> L.fromChunks [x]- let pk = case KeyRSA.decodePrivate pkdata of- Left err -> error ("cannot decode key: " ++ err)- Right x -> PrivRSA $ RSA.PrivateKey- { RSA.private_sz = fromIntegral $ KeyRSA.lenmodulus x- , RSA.private_n = KeyRSA.modulus x- , RSA.private_d = KeyRSA.private_exponant x- , RSA.private_p = KeyRSA.p1 x- , RSA.private_q = KeyRSA.p2 x- , RSA.private_dP = KeyRSA.exp1 x- , RSA.private_dQ = KeyRSA.exp2 x- , RSA.private_qinv = KeyRSA.coef x- }- return pk+ case KeyRSA.decodePrivate pkdata of+ Left err -> error ("cannot decode key: " ++ err)+ Right (_,pk) -> return $ PrivRSA pk data Stunnel = Client
Network/TLS/Extra/Certificate.hs view
@@ -121,17 +121,16 @@ -- md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } -- md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 } -- md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }-verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD2.hash asn1 (mkRSA rsak)+verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD2.hash asn1 rsak where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x02\x10" -verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD5.hash asn1 (mkRSA rsak)+verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD5.hash asn1 rsak where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10" -verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify SHA1.hash asn1 (mkRSA rsak)+verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify SHA1.hash asn1 rsak where asn1 = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14" -verifyF (SignatureALG HashSHA1 PubKeyALG_DSA) (PubKeyDSA (pub,p,q,g)) = dsaSHA1Verify pk- where pk = DSA.PublicKey { DSA.public_params = (p,g,q), DSA.public_y = pub }+verifyF (SignatureALG HashSHA1 PubKeyALG_DSA) (PubKeyDSA dsak) = dsaSHA1Verify dsak verifyF _ _ = (\_ _ -> Left "unexpected/wrong signature") @@ -139,9 +138,6 @@ where asig = (0,0) {- FIXME : need to work out how to get R/S from the bytestring a -} rsaVerify h hdesc pk a b = either (Left . show) (Right) $ RSA.verify h hdesc pk a b--mkRSA (lenmodulus, modulus, e) =- RSA.PublicKey { RSA.public_sz = lenmodulus, RSA.public_n = modulus, RSA.public_e = e } -- | Verify that the given certificate chain is application to the given fully qualified host name. certificateVerifyDomain :: String -> [X509] -> TLSCertificateUsage
tls-extra.cabal view
@@ -1,5 +1,5 @@ Name: tls-extra-Version: 0.4.0+Version: 0.4.1 Description: a set of extra definitions, default values and helpers for tls. License: BSD3@@ -28,15 +28,15 @@ Library Build-Depends: base > 3 && < 5- , tls >= 0.8 && < 0.9+ , tls >= 0.8.2 && < 0.9 , mtl , network >= 2.3 , cryptohash >= 0.6 , bytestring , vector , crypto-api >= 0.5- , cryptocipher >= 0.2.5- , certificate >= 0.9.3 && < 1.0+ , cryptocipher >= 0.3.0+ , certificate >= 1.0.0 && < 1.1.0 , text >= 0.5 && < 1.0 , time Exposed-modules: Network.TLS.Extra@@ -54,7 +54,7 @@ if flag(executable) Build-Depends: network , cmdargs- , cprng-aes+ , cprng-aes >= 0.2.3 Buildable: True else Buildable: False@@ -76,7 +76,7 @@ if flag(executable) Build-Depends: network , cmdargs- , cprng-aes+ , cprng-aes >= 0.2.3 Buildable: True else Buildable: False