packages feed

tls-extra 0.5.1 → 0.6.0

raw patch · 4 files changed

+30/−70 lines, 4 filesdep +cipher-rc4dep +crypto-pubkeydep +crypto-random-apidep −crypto-apidep −cryptocipherdep ~tls

Dependencies added: cipher-rc4, crypto-pubkey, crypto-random-api

Dependencies removed: crypto-api, cryptocipher

Dependency ranges changed: tls

Files

Network/TLS/Extra/Certificate.hs view
@@ -23,10 +23,9 @@  -- for signing/verifying certificate import qualified Crypto.Hash.SHA1 as SHA1-import qualified Crypto.Hash.MD2 as MD2-import qualified Crypto.Hash.MD5 as MD5-import qualified Crypto.Cipher.RSA as RSA-import qualified Crypto.Cipher.DSA as DSA+import qualified Crypto.PubKey.HashDescr as HD+import qualified Crypto.PubKey.RSA.PKCS15 as RSA+import qualified Crypto.PubKey.DSA as DSA  import Data.CertificateStore import Data.Certificate.X509.Cert (oidCommonName)@@ -110,15 +109,12 @@ -- | verify a certificate against another one. -- the first certificate need to be signed by the second one for this function to succeed. certificateVerifyAgainst :: X509 -> X509 -> IO Bool-certificateVerifyAgainst ux509@(X509 _ _ _ sigalg sig) (X509 scert _ _ _ _) = do-	let f = verifyF sigalg pk-	case f udata esig of-		Right True -> return True-		_          -> return False-	where-		udata = B.concat $ L.toChunks $ getSigningData ux509-		esig  = B.pack sig-		pk    = certPubKey scert+certificateVerifyAgainst ux509@(X509 _ _ _ sigalg sig) (X509 scert _ _ _ _) =+    return $ (verifyF sigalg pk) udata esig+    where+        udata = B.concat $ L.toChunks $ getSigningData ux509+        esig  = B.pack sig+        pk    = certPubKey scert  -- | Is this certificate self signed? certificateSelfSigned :: X509 -> Bool@@ -128,7 +124,7 @@ certMatchDN (X509 testedCert _ _ _ _) (X509 issuerCert _ _ _ _) = 	certSubjectDN issuerCert == certIssuerDN testedCert -verifyF :: SignatureALG -> PubKey -> B.ByteString -> B.ByteString -> Either String Bool+verifyF :: SignatureALG -> PubKey -> B.ByteString -> B.ByteString -> Bool  -- md[245]WithRSAEncryption: --@@ -137,23 +133,15 @@ --   md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } --   md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 } --   md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }-verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD2.hash asn1 rsak-	where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x02\x10"--verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD5.hash asn1 rsak-	where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10"--verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify SHA1.hash asn1 rsak-	where asn1 = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14"-+verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = RSA.verify HD.hashDescrMD2 rsak+verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = RSA.verify HD.hashDescrMD5 rsak+verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = RSA.verify HD.hashDescrSHA1 rsak verifyF (SignatureALG HashSHA1 PubKeyALG_DSA) (PubKeyDSA dsak) = dsaSHA1Verify dsak 			-verifyF _ _ = (\_ _ -> Left "unexpected/wrong signature")+verifyF _ _ = \_ _ -> False -dsaSHA1Verify pk _ b = either (Left . show) (Right) $ DSA.verify asig SHA1.hash pk b+dsaSHA1Verify pk _ b = DSA.verify SHA1.hash pk asig b 	where asig = (0,0) {- FIXME : need to work out how to get R/S from the bytestring a -}--rsaVerify h hdesc pk a b = either (Left . show) (Right) $ RSA.verify h hdesc pk a b  -- | Verify that the given certificate chain is application to the given fully qualified host name. certificateVerifyDomain :: String -> [X509] -> CertificateUsage
Network/TLS/Extra/Cipher.hs view
@@ -26,21 +26,18 @@ 	, cipher_AES256_SHA256 	) where -import qualified Data.Vector.Unboxed as Vector (fromList, toList) import qualified Data.ByteString as B  import Network.TLS (Version(..)) import Network.TLS.Cipher-import qualified Crypto.Cipher.RC4 as RC4+import qualified "cipher-rc4" Crypto.Cipher.RC4 as RC4  import qualified Crypto.Hash.SHA256 as SHA256 import qualified Crypto.Hash.SHA1 as SHA1 import qualified Crypto.Hash.MD5 as MD5 -#ifdef CIPHER_AES import qualified "cipher-aes" Crypto.Cipher.AES as AES - aes_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString aes_cbc_encrypt key iv d = AES.encryptCBC (AES.initKey key) (AES.IV iv) d @@ -52,44 +49,20 @@ aes256_cbc_encrypt = aes_cbc_encrypt aes256_cbc_decrypt = aes_cbc_decrypt -#else-import qualified "cryptocipher" Crypto.Cipher.AES as AES--aes128_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString-aes128_cbc_encrypt key iv d = AES.encryptCBC pkey iv d-	where (Right pkey) = AES.initKey128 key--aes128_cbc_decrypt :: Key -> IV -> B.ByteString -> B.ByteString-aes128_cbc_decrypt key iv d = AES.decryptCBC pkey iv d-	where (Right pkey) = AES.initKey128 key--aes256_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString-aes256_cbc_encrypt key iv d = AES.encryptCBC pkey iv d-	where (Right pkey) = AES.initKey256 key--aes256_cbc_decrypt :: Key -> IV -> B.ByteString -> B.ByteString-aes256_cbc_decrypt key iv d = AES.decryptCBC pkey iv d-	where (Right pkey) = AES.initKey256 key--#endif- toIV :: RC4.Ctx -> IV-toIV (v, x, y) = B.pack (x : y : Vector.toList v)+toIV (RC4.Ctx ctx) = ctx  toCtx :: IV -> RC4.Ctx-toCtx iv =-	case B.unpack iv of-		x:y:l -> (Vector.fromList l, x, y)-		_     -> (Vector.fromList [], 0, 0)+toCtx iv = RC4.Ctx iv  initF_rc4 :: Key -> IV-initF_rc4 key     = toIV $ RC4.initCtx (B.unpack key)+initF_rc4 key     = toIV $ RC4.initCtx key  encryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV)-encryptF_rc4 iv d = (\(ctx, e) -> (e, toIV ctx)) $ RC4.encrypt (toCtx iv) d+encryptF_rc4 iv d = (\(ctx, e) -> (e, toIV ctx)) $ RC4.combine (toCtx iv) d  decryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV)-decryptF_rc4 iv e = (\(ctx, d) -> (d, toIV ctx)) $ RC4.decrypt (toCtx iv) e+decryptF_rc4 iv e = (\(ctx, d) -> (d, toIV ctx)) $ RC4.combine (toCtx iv) e   -- | all encrypted ciphers supported ordered from strong to weak.
Network/TLS/Extra/Connection.hs view
@@ -9,7 +9,7 @@ 	( connectionClient 	) where -import Crypto.Random+import Crypto.Random.API import Control.Applicative ((<$>)) import Control.Exception import Data.Char@@ -33,7 +33,7 @@ -- -- will make a new RNG (using system entropy) and connect to IP 192.168.2.2 -- on port 7777.-connectionClient :: CryptoRandomGen g => String -> String -> TLSParams -> g -> IO Context+connectionClient :: CPRG g => String -> String -> TLSParams -> g -> IO Context connectionClient s p params rng = do 	pn <- if and $ map isDigit $ p 		then return $ fromIntegral $ (read p :: Int)
tls-extra.cabal view
@@ -1,5 +1,5 @@ Name:                tls-extra-Version:             0.5.1+Version:             0.6.0 Description:    a set of extra definitions, default values and helpers for tls. License:             BSD3@@ -24,15 +24,17 @@  Library   Build-Depends:     base > 3 && < 5-                   , tls >= 1.0.0 && < 1.1.0+                   , tls >= 1.1.0 && < 1.2.0                    , mtl                    , network >= 2.3                    , cryptohash >= 0.6                    , bytestring                    , vector-                   , crypto-api >= 0.5-                   , cryptocipher >= 0.3.0 && < 0.4.0+                   , cipher-rc4+                   , cipher-aes >= 0.1 && < 0.2                    , certificate >= 1.3.0 && < 1.4.0+                   , crypto-pubkey+                   , crypto-random-api                    , pem >= 0.1.0 && < 0.2.0                    , text >= 0.5 && < 1.0                    , time@@ -46,9 +48,6 @@   ghc-options:       -Wall -fno-warn-missing-signatures   if os(windows)     cpp-options:     -DNOCERTVERIFY-  if os(linux) && flag(fastaes) && (arch(i386) || arch(x86_64))-    cpp-options:     -DCIPHER_AES-    Build-Depends:   cipher-aes >= 0.1 && < 0.2  executable           Tests   Main-is:           Tests.hs@@ -63,7 +62,7 @@     Buildable:       False   if os(windows)     cpp-options:     -DNOCERTVERIFY-  if os(linux) && flag(fastaes)+  if flag(fastaes)     cpp-options:     -DCIPHER_AES     Build-Depends:   cipher-aes >= 0.1 && < 0.2