diff --git a/tls/Network/TLS/Extra/Cipher.hs b/tls/Network/TLS/Extra/Cipher.hs index ff35aef31..e11ecb6ea 100644 --- a/tls/Network/TLS/Extra/Cipher.hs +++ b/tls/Network/TLS/Extra/Cipher.hs @@ -192,7 +192,7 @@ ciphersuite_dhe_rsa = cipher_DHE_RSA_WITH_AES_128_GCM_SHA256 :: Cipher cipher_DHE_RSA_WITH_AES_128_GCM_SHA256 = Cipher - { cipherID = CipherID 0x009E + { cipherID = 0x009E , cipherName = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 @@ -212,7 +212,7 @@ cipher_DHE_RSA_AES128GCM_SHA256 = cipher_DHE_RSA_WITH_AES_128_GCM_SHA256 cipher_DHE_RSA_WITH_AES_256_GCM_SHA384 :: Cipher cipher_DHE_RSA_WITH_AES_256_GCM_SHA384 = Cipher - { cipherID = CipherID 0x009F + { cipherID = 0x009F , cipherName = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 @@ -235,7 +235,7 @@ cipher_DHE_RSA_AES256GCM_SHA384 = cipher_DHE_RSA_WITH_AES_256_GCM_SHA384 cipher13_AES_128_GCM_SHA256 :: Cipher cipher13_AES_128_GCM_SHA256 = Cipher - { cipherID = CipherID 0x1301 + { cipherID = 0x1301 , cipherName = "TLS_AES_128_GCM_SHA256" , cipherBulk = bulk_aes128gcm_13 , cipherHash = SHA256 @@ -255,7 +255,7 @@ cipher_TLS13_AES128GCM_SHA256 = cipher13_AES_128_GCM_SHA256 cipher13_AES_256_GCM_SHA384 :: Cipher cipher13_AES_256_GCM_SHA384 = Cipher - { cipherID = CipherID 0x1302 + { cipherID = 0x1302 , cipherName = "TLS_AES_256_GCM_SHA384" , cipherBulk = bulk_aes256gcm_13 , cipherHash = SHA384 @@ -275,7 +275,7 @@ cipher_TLS13_AES256GCM_SHA384 = cipher13_AES_256_GCM_SHA384 cipher13_CHACHA20_POLY1305_SHA256 :: Cipher cipher13_CHACHA20_POLY1305_SHA256 = Cipher - { cipherID = CipherID 0x1303 + { cipherID = 0x1303 , cipherName = "TLS_CHACHA20_POLY1305_SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 @@ -295,7 +295,7 @@ cipher_TLS13_CHACHA20POLY1305_SHA256 = cipher13_CHACHA20_POLY1305_SHA256 cipher13_AES_128_CCM_SHA256 :: Cipher cipher13_AES_128_CCM_SHA256 = Cipher - { cipherID = CipherID 0x1304 + { cipherID = 0x1304 , cipherName = "TLS_AES_128_CCM_SHA256" , cipherBulk = bulk_aes128ccm_13 , cipherHash = SHA256 @@ -315,7 +315,7 @@ cipher_TLS13_AES128CCM_SHA256 = cipher13_AES_128_CCM_SHA256 cipher13_AES_128_CCM_8_SHA256 :: Cipher cipher13_AES_128_CCM_8_SHA256 = Cipher - { cipherID = CipherID 0x1305 + { cipherID = 0x1305 , cipherName = "TLS_AES_128_CCM_8_SHA256" , cipherBulk = bulk_aes128ccm8_13 , cipherHash = SHA256 @@ -338,7 +338,7 @@ cipher_TLS13_AES128CCM8_SHA256 = cipher13_AES_128_CCM_8_SHA256 cipher_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :: Cipher cipher_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = Cipher - { cipherID = CipherID 0xC02B + { cipherID = 0xC02B , cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 @@ -358,7 +358,7 @@ cipher_ECDHE_ECDSA_AES128GCM_SHA256 = cipher_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :: Cipher cipher_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = Cipher - { cipherID = CipherID 0xC02C + { cipherID = 0xC02C , cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 @@ -378,7 +378,7 @@ cipher_ECDHE_ECDSA_AES256GCM_SHA384 = cipher_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :: Cipher cipher_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = Cipher - { cipherID = CipherID 0xC02F + { cipherID = 0xC02F , cipherName = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" , cipherBulk = bulk_aes128gcm , cipherHash = SHA256 @@ -398,7 +398,7 @@ cipher_ECDHE_RSA_AES128GCM_SHA256 = cipher_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :: Cipher cipher_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = Cipher - { cipherID = CipherID 0xC030 + { cipherID = 0xC030 , cipherName = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" , cipherBulk = bulk_aes256gcm , cipherHash = SHA384 @@ -421,7 +421,7 @@ cipher_ECDHE_RSA_AES256GCM_SHA384 = cipher_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher_ECDHE_ECDSA_WITH_AES_128_CCM :: Cipher cipher_ECDHE_ECDSA_WITH_AES_128_CCM = Cipher - { cipherID = CipherID 0xC0AC + { cipherID = 0xC0AC , cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM" , cipherBulk = bulk_aes128ccm , cipherHash = SHA256 @@ -441,7 +441,7 @@ cipher_ECDHE_ECDSA_AES128CCM_SHA256 = cipher_ECDHE_ECDSA_WITH_AES_128_CCM cipher_ECDHE_ECDSA_WITH_AES_256_CCM :: Cipher cipher_ECDHE_ECDSA_WITH_AES_256_CCM = Cipher - { cipherID = CipherID 0xC0AD + { cipherID = 0xC0AD , cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM" , cipherBulk = bulk_aes256ccm , cipherHash = SHA256 @@ -461,7 +461,7 @@ cipher_ECDHE_ECDSA_AES256CCM_SHA256 = cipher_ECDHE_ECDSA_WITH_AES_256_CCM cipher_ECDHE_ECDSA_WITH_AES_128_CCM_8 :: Cipher cipher_ECDHE_ECDSA_WITH_AES_128_CCM_8 = Cipher - { cipherID = CipherID 0xC0AE + { cipherID = 0xC0AE , cipherName = "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8" , cipherBulk = bulk_aes128ccm8 , cipherHash = SHA256 @@ -481,7 +481,7 @@ cipher_ECDHE_ECDSA_AES128CCM8_SHA256 = cipher_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher_ECDHE_ECDSA_WITH_AES_256_CCM_8 :: Cipher cipher_ECDHE_ECDSA_WITH_AES_256_CCM_8 = Cipher - { cipherID = CipherID 0xC0AF + { cipherID = 0xC0AF , cipherName = "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8" , cipherBulk = bulk_aes256ccm8 , cipherHash = SHA256 @@ -504,7 +504,7 @@ cipher_ECDHE_ECDSA_AES256CCM8_SHA256 = cipher_ECDHE_ECDSA_WITH_AES_256_CCM_8 cipher_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :: Cipher cipher_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = Cipher - { cipherID = CipherID 0xCCA8 + { cipherID = 0xCCA8 , cipherName = "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 @@ -524,7 +524,7 @@ cipher_ECDHE_RSA_CHACHA20POLY1305_SHA256 = cipher_ECDHE_RSA_WITH_CHACHA20_POLY13 cipher_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :: Cipher cipher_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = Cipher - { cipherID = CipherID 0xCCA9 + { cipherID = 0xCCA9 , cipherName = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 @@ -544,7 +544,7 @@ cipher_ECDHE_ECDSA_CHACHA20POLY1305_SHA256 = cipher_ECDHE_ECDSA_WITH_CHACHA20_PO cipher_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :: Cipher cipher_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = Cipher - { cipherID = CipherID 0xCCAA + { cipherID = 0xCCAA , cipherName = "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256" , cipherBulk = bulk_chacha20poly1305 , cipherHash = SHA256 diff --git a/tls/Network/TLS/Handshake/Client/ClientHello.hs b/tls/Network/TLS/Handshake/Client/ClientHello.hs index 3b9057828..d49644435 100644 --- a/tls/Network/TLS/Handshake/Client/ClientHello.hs +++ b/tls/Network/TLS/Handshake/Client/ClientHello.hs @@ -86,7 +86,7 @@ sendClientHello' cparams ctx groups crand (pskInfo, rtt0info, rtt0) = do hrr <- usingState_ ctx getTLS13HRR unless hrr $ startHandshake ctx ver crand usingState_ ctx $ setVersionIfUnset highestVer - let cipherIds = map cipherID ciphers + let cipherIds = map (CipherId . cipherID) ciphers compIds = map compressionID compressions mkClientHello exts = ClientHello ver crand compIds $ CH clientSession cipherIds exts extensions0 <- catMaybes <$> getExtensions diff --git a/tls/Network/TLS/Handshake/Client/ServerHello.hs b/tls/Network/TLS/Handshake/Client/ServerHello.hs index e1f640779..cf919837f 100644 --- a/tls/Network/TLS/Handshake/Client/ServerHello.hs +++ b/tls/Network/TLS/Handshake/Client/ServerHello.hs @@ -76,7 +76,8 @@ processServerHello cparams ctx (ServerHello rver serverRan serverSession cipher -- find the compression and cipher methods that the server want to use. clientSession <- tls13stSession <$> getTLS13State ctx sentExts <- tls13stSentExtensions <$> getTLS13State ctx - cipherAlg <- case find ((==) cipher . cipherID) (supportedCiphers $ ctxSupported ctx) of + let eqCipher c = CipherId (cipherID c) == cipher + cipherAlg <- case find eqCipher (supportedCiphers $ ctxSupported ctx) of Nothing -> throwCore $ Error_Protocol "server choose unknown cipher" IllegalParameter Just alg -> return alg compressAlg <- case find diff --git a/tls/Network/TLS/Handshake/Server/ClientHello.hs b/tls/Network/TLS/Handshake/Server/ClientHello.hs index aa97f0e34..8fe8aa974 100644 --- a/tls/Network/TLS/Handshake/Server/ClientHello.hs +++ b/tls/Network/TLS/Handshake/Server/ClientHello.hs @@ -52,7 +52,7 @@ processClientHello sparams ctx clientHello@(ClientHello legacyVersion cran compr -- TLS_FALLBACK_SCSV: {0x56, 0x00} when ( supportedFallbackScsv (ctxSupported ctx) - && (CipherID 0x5600 `elem` chCiphers) + && (CipherId 0x5600 `elem` chCiphers) && legacyVersion < TLS12 ) $ throwCore diff --git a/tls/Network/TLS/Handshake/Server/ClientHello12.hs b/tls/Network/TLS/Handshake/Server/ClientHello12.hs index 29f321ad2..30b4a2777 100644 --- a/tls/Network/TLS/Handshake/Server/ClientHello12.hs +++ b/tls/Network/TLS/Handshake/Server/ClientHello12.hs @@ -17,7 +17,7 @@ import Network.TLS.Imports import Network.TLS.Parameters import Network.TLS.State import Network.TLS.Struct -import Network.TLS.Types (CipherID (..), Role (..)) +import Network.TLS.Types (CipherId (..), Role (..)) ---------------------------------------------------------------- @@ -51,7 +51,7 @@ checkSecureRenegotiation :: Context -> CH -> IO () checkSecureRenegotiation ctx CH{..} = do -- RFC 5746: secure renegotiation -- TLS_EMPTY_RENEGOTIATION_INFO_SCSV: {0x00, 0xFF} - when (CipherID 0xff `elem` chCiphers) $ + when (CipherId 0xff `elem` chCiphers) $ usingState_ ctx $ setSecureRenegotiation True case extensionLookup EID_SecureRenegotiation chExtensions of @@ -82,7 +82,7 @@ credsTriple sparams CH{..} extraCreds commonCiphers creds sigCreds = filter elemCipher availableCiphers where - elemCipher c = cipherID c `elem` chCiphers + elemCipher c = CipherId (cipherID c) `elem` chCiphers availableCiphers = getCiphers ciphers creds sigCreds allCreds = diff --git a/tls/Network/TLS/Handshake/Server/ClientHello13.hs b/tls/Network/TLS/Handshake/Server/ClientHello13.hs index e6c384a89..3db0f5c1e 100644 --- a/tls/Network/TLS/Handshake/Server/ClientHello13.hs +++ b/tls/Network/TLS/Handshake/Server/ClientHello13.hs @@ -20,6 +20,7 @@ import Network.TLS.Parameters import Network.TLS.State import Network.TLS.Struct import Network.TLS.Struct13 +import Network.TLS.Types -- TLS 1.3 or later processClientHello13 @@ -65,7 +66,8 @@ processClientHello13 sparams ctx CH{..} = do mshare <- findKeyShare keyShares serverGroups return (mshare, (usedCipher, usedHash, rtt0)) where - ciphersFilteredVersion = filter ((`elem` chCiphers) . cipherID) serverCiphers + elemCipher c = CipherId (cipherID c) `elem` chCiphers + ciphersFilteredVersion = filter elemCipher serverCiphers serverCiphers = filter (cipherAllowedForVersion TLS13) @@ -113,7 +115,7 @@ sendHRR ctx (usedCipher, _, _) CH{..} = do [ ExtensionRaw EID_KeyShare serverKeyShare , ExtensionRaw EID_SupportedVersions selectedVersion ] - hrr = ServerHello13 hrrRandom chSession (cipherID usedCipher) extensions + hrr = ServerHello13 hrrRandom chSession (CipherId $ cipherID usedCipher) extensions usingHState ctx $ setTLS13HandshakeMode HelloRetryRequest runPacketFlight ctx $ do loadPacket13 ctx $ Handshake13 [hrr] diff --git a/tls/Network/TLS/Handshake/Server/ServerHello12.hs b/tls/Network/TLS/Handshake/Server/ServerHello12.hs index 319c74c8b..8c6707cb0 100644 --- a/tls/Network/TLS/Handshake/Server/ServerHello12.hs +++ b/tls/Network/TLS/Handshake/Server/ServerHello12.hs @@ -78,7 +78,7 @@ recoverSessionData ctx CH{..} = do validateSession :: Context - -> [CipherID] + -> [CipherId] -> Maybe HostName -> Bool -> Maybe SessionData @@ -90,7 +90,7 @@ validateSession ctx ciphers sni ems m@(Just sd) -- uses the same server_name than full handshake so the same -- credentials (and thus ciphers) are available. | TLS12 < sessionVersion sd = return Nothing -- fixme - | sessionCipher sd `notElem` ciphers = + | CipherId (sessionCipher sd) `notElem` ciphers = throwCore $ Error_Protocol "new cipher is diffrent from the old one" IllegalParameter | isJust sni && sessionClientSNI sd /= sni = do @@ -298,7 +298,7 @@ makeServerHello sparams ctx usedCipher mcred chExts session = do TLS12 srand session - (cipherID usedCipher) + (CipherId (cipherID usedCipher)) (compressionID nullCompression) shExts diff --git a/tls/Network/TLS/Handshake/Server/ServerHello13.hs b/tls/Network/TLS/Handshake/Server/ServerHello13.hs index f46a6c1de..db96cc96f 100644 --- a/tls/Network/TLS/Handshake/Server/ServerHello13.hs +++ b/tls/Network/TLS/Handshake/Server/ServerHello13.hs @@ -233,7 +233,7 @@ sendServerHello13 sparams ctx clientKeyShare (usedCipher, usedHash, rtt0) CH{..} toExtensionRaw (KeyShareServerHello keyShare) : toExtensionRaw (SupportedVersionsServerHello TLS13) : extensions - helo = ServerHello13 srand chSession (cipherID usedCipher) extensions' + helo = ServerHello13 srand chSession (CipherId (cipherID usedCipher)) extensions' loadPacket13 ctx $ Handshake13 [helo] sendCertAndVerify cred@(certChain, _) hashSig = do diff --git a/tls/Network/TLS/Packet.hs b/tls/Network/TLS/Packet.hs index 545e7861a..c9b53e4ba 100644 --- a/tls/Network/TLS/Packet.hs +++ b/tls/Network/TLS/Packet.hs @@ -167,7 +167,7 @@ decodeClientHello = do ver <- getBinaryVersion random <- getClientRandom32 session <- getSession - ciphers <- map CipherID <$> getWords16 + ciphers <- map CipherId <$> getWords16 compressions <- getWords8 r <- remaining exts <- @@ -184,7 +184,7 @@ decodeServerHello = do ver <- getBinaryVersion random <- getServerRandom32 session <- getSession - cipherid <- CipherID <$> getWord16 + cipherid <- CipherId <$> getWord16 compressionid <- getWord8 r <- remaining exts <- @@ -319,7 +319,7 @@ encodeHandshake' (ClientHello version random compressionIDs CH{..}) = runPut $ d putBinaryVersion version putClientRandom32 random putSession chSession - putWords16 $ map getCipherID chCiphers + putWords16 $ map fromCipherId chCiphers putWords8 compressionIDs putExtensions chExtensions return () @@ -327,7 +327,7 @@ encodeHandshake' (ServerHello version random session cipherid compressionID exts putBinaryVersion version putServerRandom32 random putSession session - putWord16 $ getCipherID cipherid + putWord16 $ fromCipherId cipherid putWord8 compressionID putExtensions exts return () diff --git a/tls/Network/TLS/Packet13.hs b/tls/Network/TLS/Packet13.hs index 1edb7f590..10e7ee3eb 100644 --- a/tls/Network/TLS/Packet13.hs +++ b/tls/Network/TLS/Packet13.hs @@ -42,7 +42,7 @@ encodeHandshake13' (ServerHello13 random session cipherId exts) = runPut $ do putBinaryVersion TLS12 putServerRandom32 random putSession session - putWord16 $ getCipherID cipherId + putWord16 $ fromCipherId cipherId putWord8 0 -- compressionID nullCompression putExtensions exts encodeHandshake13' (EncryptedExtensions13 exts) = runPut $ putExtensions exts @@ -105,7 +105,7 @@ decodeServerHello13 = do _ver <- getBinaryVersion random <- getServerRandom32 session <- getSession - cipherid <- CipherID <$> getWord16 + cipherid <- CipherId <$> getWord16 _comp <- getWord8 exts <- fromIntegral <$> getWord16 >>= getExtensions return $ ServerHello13 random session cipherid exts diff --git a/tls/Network/TLS/Struct.hs b/tls/Network/TLS/Struct.hs index ff0799e87..7ec95c8b8 100644 --- a/tls/Network/TLS/Struct.hs +++ b/tls/Network/TLS/Struct.hs @@ -392,7 +392,7 @@ instance Show ClientKeyXchgAlgorithmData where data CH = CH { chSession :: Session - , chCiphers :: [CipherID] + , chCiphers :: [CipherId] , chExtensions :: [ExtensionRaw] } deriving (Show, Eq) @@ -411,7 +411,7 @@ data Handshake Version ServerRandom Session - CipherID + CipherId CompressionID [ExtensionRaw] | Certificate TLSCertificateChain diff --git a/tls/Network/TLS/Struct13.hs b/tls/Network/TLS/Struct13.hs index 7c2a6a347..d51600ebf 100644 --- a/tls/Network/TLS/Struct13.hs +++ b/tls/Network/TLS/Struct13.hs @@ -27,7 +27,7 @@ type TicketNonce = ByteString -- fixme: convert Word32 to proper data type data Handshake13 - = ServerHello13 ServerRandom Session CipherID [ExtensionRaw] + = ServerHello13 ServerRandom Session CipherId [ExtensionRaw] | NewSessionTicket13 Second Word32 TicketNonce SessionIDorTicket [ExtensionRaw] | EndOfEarlyData13 | EncryptedExtensions13 [ExtensionRaw] diff --git a/tls/Network/TLS/Types/Cipher.hs b/tls/Network/TLS/Types/Cipher.hs index 1785cf575..eb6e85e52 100644 --- a/tls/Network/TLS/Types/Cipher.hs +++ b/tls/Network/TLS/Types/Cipher.hs @@ -4,7 +4,6 @@ module Network.TLS.Types.Cipher where -import Codec.Serialise import Crypto.Cipher.Types (AuthTag) import Data.IORef import GHC.Generics @@ -18,16 +17,18 @@ import Network.TLS.Types.Version ---------------------------------------------------------------- -- | Cipher identification -newtype CipherID = CipherID {getCipherID :: Word16} +type CipherID = Word16 + +newtype CipherId = CipherId {fromCipherId :: Word16} deriving (Eq, Ord, Enum, Num, Integral, Real, Read, Generic) -instance Show CipherID where - show (CipherID 0x00FF) = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" - show (CipherID n) = case find eqID dict of +instance Show CipherId where + show (CipherId 0x00FF) = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV" + show (CipherId n) = case find eqID dict of Just c -> cipherName c Nothing -> printf "0x%04X" n where - eqID c = cipherID c == CipherID n + eqID c = cipherID c == n dict = unsafePerformIO $ readIORef globalCipherDict -- "ciphersuite" is designed extensible. @@ -117,5 +118,3 @@ newtype BulkStream = BulkStream (ByteString -> (ByteString, BulkStream)) type BulkAEAD = BulkNonce -> ByteString -> BulkAdditionalData -> (ByteString, AuthTag) - -instance Serialise CipherID diff --git a/tls/test/Arbitrary.hs b/tls/test/Arbitrary.hs index a89045d4a..b9ba5d640 100644 --- a/tls/test/Arbitrary.hs +++ b/tls/test/Arbitrary.hs @@ -70,8 +70,8 @@ instance Arbitrary CertificateType where , CertificateType_ECDSA_Sign ] -instance Arbitrary CipherID where - arbitrary = CipherID <$> arbitrary +instance Arbitrary CipherId where + arbitrary = CipherId <$> arbitrary instance Arbitrary Handshake where arbitrary = @@ -80,7 +80,7 @@ instance Arbitrary Handshake where ClientHello ver <$> arbitrary <*> arbitraryCompressionIDs - <*> (CH <$> arbitrary <*> arbitraryCiphersIDs <*> arbitraryHelloExtensions ver) + <*> (CH <$> arbitrary <*> arbitraryCiphersIds <*> arbitraryHelloExtensions ver) , arbitrary >>= \ver -> ServerHello ver <$> arbitrary @@ -134,8 +134,8 @@ instance Arbitrary Handshake13 where ---------------------------------------------------------------- -arbitraryCiphersIDs :: Gen [CipherID] -arbitraryCiphersIDs = map CipherID <$> (choose (0, 200) >>= vector) +arbitraryCiphersIds :: Gen [CipherId] +arbitraryCiphersIds = map CipherId <$> (choose (0, 200) >>= vector) arbitraryCompressionIDs :: Gen [Word8] arbitraryCompressionIDs = choose (0, 200) >>= vector diff --git a/tls/util/Common.hs b/tls/util/Common.hs index 179bfd9f4..5e26ad1dc 100644 --- a/tls/util/Common.hs +++ b/tls/util/Common.hs @@ -3,11 +3,9 @@ {-# OPTIONS_GHC -fno-warn-warnings-deprecations #-} module Common ( - printCiphers, printDHParams, printGroups, readNumber, - readCiphers, readDHParams, readGroups, getCertificateStore, @@ -17,14 +15,10 @@ module Common ( printHandshakeInfo, ) where -import Crypto.System.CPU import Data.Char (isDigit) import Data.X509.CertificateStore import Network.TLS hiding (HostName) -import Network.TLS.Extra.Cipher import Network.TLS.Extra.FFDHE -import Network.TLS.Internal -import Numeric (showHex) import System.Exit import System.X509 @@ -39,13 +33,6 @@ namedDHParams = , ("ffdhe8192", ffdhe8192) ] -namedCiphersuites :: [(String, [CipherID])] -namedCiphersuites = - [ ("all", map cipherID ciphersuite_all) - , ("default", map cipherID ciphersuite_default) - , ("strong", map cipherID ciphersuite_strong) - ] - namedGroups :: [(String, Group)] namedGroups = [ ("ffdhe2048", FFDHE2048) @@ -65,12 +52,6 @@ readNumber s | all isDigit s = Just $ read s | otherwise = Nothing -readCiphers :: String -> Maybe [CipherID] -readCiphers s = - case lookup s namedCiphersuites of - Nothing -> (: []) `fmap` (CipherID <$> readNumber s) - just -> just - readDHParams :: String -> IO (Maybe DHParams) readDHParams s = case lookup s namedDHParams of @@ -82,34 +63,6 @@ readGroups s = case traverse (`lookup` namedGroups) (split ',' s) of Nothing -> [] Just gs -> gs -printCiphers :: IO () -printCiphers = do - putStrLn "Supported ciphers" - putStrLn "=====================================" - forM_ ciphersuite_all_det $ \c -> - putStrLn - ( pad 50 (cipherName c) - ++ " = " - ++ pad 5 (show $ cipherID c) - ++ " 0x" - ++ showHex (getCipherID (cipherID c)) "" - ) - putStrLn "" - putStrLn "Ciphersuites" - putStrLn "=====================================" - forM_ namedCiphersuites $ \(name, _) -> putStrLn name - putStrLn "" - putStrLn - ("Using crypton-" ++ VERSION_crypton ++ " with CPU support for: " ++ cpuSupport) - where - pad n s - | length s < n = s ++ replicate (n - length s) ' ' - | otherwise = s - - cpuSupport - | null processorOptions = "(nothing)" - | otherwise = intercalate ", " (map show processorOptions) - printDHParams :: IO () printDHParams = do putStrLn "DH Parameters"