module Network.TLS.Parameters (
ClientParams (..),
ServerParams (..),
CommonParams,
DebugParams (..),
ClientHooks (..),
OnCertificateRequest,
OnServerCertificate,
ServerHooks (..),
Supported (..),
Shared (..),
defaultParamsClient,
MaxFragmentEnum (..),
EMSMode (..),
GroupUsage (..),
CertificateUsage (..),
CertificateRejectReason (..),
Information (..),
) where
import qualified Data.ByteString as B
import Data.Default.Class
import Network.TLS.Cipher
import Network.TLS.Compression
import Network.TLS.Credentials
import Network.TLS.Crypto
import Network.TLS.Extension
import Network.TLS.Extra.Cipher
import Network.TLS.Handshake.State
import Network.TLS.Imports
import Network.TLS.Measurement
import Network.TLS.RNG (Seed)
import Network.TLS.Session
import Network.TLS.Struct
import qualified Network.TLS.Struct as Struct
import Network.TLS.Types (HostName)
import Network.TLS.X509
type CommonParams = (Supported, Shared, DebugParams)
data DebugParams = DebugParams
{ DebugParams -> Maybe Seed
debugSeed :: Maybe Seed
, DebugParams -> Seed -> IO ()
debugPrintSeed :: Seed -> IO ()
, DebugParams -> Maybe Version
debugVersionForced :: Maybe Version
, DebugParams -> String -> IO ()
debugKeyLogger :: String -> IO ()
}
defaultDebugParams :: DebugParams
defaultDebugParams :: DebugParams
defaultDebugParams =
DebugParams
{ debugSeed :: Maybe Seed
debugSeed = Maybe Seed
forall a. Maybe a
Nothing
, debugPrintSeed :: Seed -> IO ()
debugPrintSeed = IO () -> Seed -> IO ()
forall a b. a -> b -> a
const (() -> IO ()
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return ())
, debugVersionForced :: Maybe Version
debugVersionForced = Maybe Version
forall a. Maybe a
Nothing
, debugKeyLogger :: String -> IO ()
debugKeyLogger = \String
_ -> () -> IO ()
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return ()
}
instance Show DebugParams where
show :: DebugParams -> String
show DebugParams
_ = String
"DebugParams"
instance Default DebugParams where
def :: DebugParams
def = DebugParams
defaultDebugParams
data ClientParams = ClientParams
{ ClientParams -> Maybe MaxFragmentEnum
clientUseMaxFragmentLength :: Maybe MaxFragmentEnum
, ClientParams -> (String, ByteString)
clientServerIdentification :: (HostName, ByteString)
, ClientParams -> Bool
clientUseServerNameIndication :: Bool
, ClientParams -> Maybe (ByteString, SessionData)
clientWantSessionResume :: Maybe (SessionID, SessionData)
, ClientParams -> [(ByteString, SessionData)]
clientWantSessionResumeList :: [(SessionID, SessionData)]
, ClientParams -> Shared
clientShared :: Shared
, ClientParams -> ClientHooks
clientHooks :: ClientHooks
, ClientParams -> Supported
clientSupported :: Supported
, ClientParams -> DebugParams
clientDebug :: DebugParams
, ClientParams -> Bool
clientUseEarlyData :: Bool
}
deriving (Int -> ClientParams -> ShowS
[ClientParams] -> ShowS
ClientParams -> String
(Int -> ClientParams -> ShowS)
-> (ClientParams -> String)
-> ([ClientParams] -> ShowS)
-> Show ClientParams
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> ClientParams -> ShowS
showsPrec :: Int -> ClientParams -> ShowS
$cshow :: ClientParams -> String
show :: ClientParams -> String
$cshowList :: [ClientParams] -> ShowS
showList :: [ClientParams] -> ShowS
Show)
defaultParamsClient :: HostName -> ByteString -> ClientParams
defaultParamsClient :: String -> ByteString -> ClientParams
defaultParamsClient String
serverName ByteString
serverId =
ClientParams
{ clientUseMaxFragmentLength :: Maybe MaxFragmentEnum
clientUseMaxFragmentLength = Maybe MaxFragmentEnum
forall a. Maybe a
Nothing
, clientServerIdentification :: (String, ByteString)
clientServerIdentification = (String
serverName, ByteString
serverId)
, clientUseServerNameIndication :: Bool
clientUseServerNameIndication = Bool
True
, clientWantSessionResume :: Maybe (ByteString, SessionData)
clientWantSessionResume = Maybe (ByteString, SessionData)
forall a. Maybe a
Nothing
, clientWantSessionResumeList :: [(ByteString, SessionData)]
clientWantSessionResumeList = []
, clientShared :: Shared
clientShared = Shared
forall a. Default a => a
def
, clientHooks :: ClientHooks
clientHooks = ClientHooks
forall a. Default a => a
def
, clientSupported :: Supported
clientSupported = Supported
forall a. Default a => a
def
, clientDebug :: DebugParams
clientDebug = DebugParams
defaultDebugParams
, clientUseEarlyData :: Bool
clientUseEarlyData = Bool
False
}
data ServerParams = ServerParams
{ ServerParams -> Bool
serverWantClientCert :: Bool
, ServerParams -> [SignedCertificate]
serverCACertificates :: [SignedCertificate]
, ServerParams -> Maybe DHParams
serverDHEParams :: Maybe DHParams
, ServerParams -> ServerHooks
serverHooks :: ServerHooks
, ServerParams -> Shared
serverShared :: Shared
, ServerParams -> Supported
serverSupported :: Supported
, ServerParams -> DebugParams
serverDebug :: DebugParams
, ServerParams -> Int
serverEarlyDataSize :: Int
, ServerParams -> Int
serverTicketLifetime :: Int
}
deriving (Int -> ServerParams -> ShowS
[ServerParams] -> ShowS
ServerParams -> String
(Int -> ServerParams -> ShowS)
-> (ServerParams -> String)
-> ([ServerParams] -> ShowS)
-> Show ServerParams
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> ServerParams -> ShowS
showsPrec :: Int -> ServerParams -> ShowS
$cshow :: ServerParams -> String
show :: ServerParams -> String
$cshowList :: [ServerParams] -> ShowS
showList :: [ServerParams] -> ShowS
Show)
defaultParamsServer :: ServerParams
defaultParamsServer :: ServerParams
defaultParamsServer =
ServerParams
{ serverWantClientCert :: Bool
serverWantClientCert = Bool
False
, serverCACertificates :: [SignedCertificate]
serverCACertificates = []
, serverDHEParams :: Maybe DHParams
serverDHEParams = Maybe DHParams
forall a. Maybe a
Nothing
, serverHooks :: ServerHooks
serverHooks = ServerHooks
forall a. Default a => a
def
, serverShared :: Shared
serverShared = Shared
forall a. Default a => a
def
, serverSupported :: Supported
serverSupported = Supported
forall a. Default a => a
def
, serverDebug :: DebugParams
serverDebug = DebugParams
defaultDebugParams
, serverEarlyDataSize :: Int
serverEarlyDataSize = Int
0
, serverTicketLifetime :: Int
serverTicketLifetime = Int
7200
}
instance Default ServerParams where
def :: ServerParams
def = ServerParams
defaultParamsServer
data Supported = Supported
{ Supported -> [Version]
supportedVersions :: [Version]
, Supported -> [Cipher]
supportedCiphers :: [Cipher]
, Supported -> [Compression]
supportedCompressions :: [Compression]
, Supported -> [HashAndSignatureAlgorithm]
supportedHashSignatures :: [HashAndSignatureAlgorithm]
, Supported -> Bool
supportedSecureRenegotiation :: Bool
, Supported -> Bool
supportedClientInitiatedRenegotiation :: Bool
, Supported -> EMSMode
supportedExtendedMainSecret :: EMSMode
, Supported -> Bool
supportedSession :: Bool
, Supported -> Bool
supportedFallbackScsv :: Bool
, Supported -> Bool
supportedEmptyPacket :: Bool
, Supported -> [Group]
supportedGroups :: [Group]
}
deriving (Int -> Supported -> ShowS
[Supported] -> ShowS
Supported -> String
(Int -> Supported -> ShowS)
-> (Supported -> String)
-> ([Supported] -> ShowS)
-> Show Supported
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> Supported -> ShowS
showsPrec :: Int -> Supported -> ShowS
$cshow :: Supported -> String
show :: Supported -> String
$cshowList :: [Supported] -> ShowS
showList :: [Supported] -> ShowS
Show, Supported -> Supported -> Bool
(Supported -> Supported -> Bool)
-> (Supported -> Supported -> Bool) -> Eq Supported
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: Supported -> Supported -> Bool
== :: Supported -> Supported -> Bool
$c/= :: Supported -> Supported -> Bool
/= :: Supported -> Supported -> Bool
Eq)
data EMSMode
=
NoEMS
|
AllowEMS
|
RequireEMS
deriving (Int -> EMSMode -> ShowS
[EMSMode] -> ShowS
EMSMode -> String
(Int -> EMSMode -> ShowS)
-> (EMSMode -> String) -> ([EMSMode] -> ShowS) -> Show EMSMode
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> EMSMode -> ShowS
showsPrec :: Int -> EMSMode -> ShowS
$cshow :: EMSMode -> String
show :: EMSMode -> String
$cshowList :: [EMSMode] -> ShowS
showList :: [EMSMode] -> ShowS
Show, EMSMode -> EMSMode -> Bool
(EMSMode -> EMSMode -> Bool)
-> (EMSMode -> EMSMode -> Bool) -> Eq EMSMode
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: EMSMode -> EMSMode -> Bool
== :: EMSMode -> EMSMode -> Bool
$c/= :: EMSMode -> EMSMode -> Bool
/= :: EMSMode -> EMSMode -> Bool
Eq)
defaultSupported :: Supported
defaultSupported :: Supported
defaultSupported =
Supported
{ supportedVersions :: [Version]
supportedVersions = [Version
TLS13, Version
TLS12]
, supportedCiphers :: [Cipher]
supportedCiphers = [Cipher]
ciphersuite_default
, supportedCompressions :: [Compression]
supportedCompressions = [Compression
nullCompression]
, supportedHashSignatures :: [HashAndSignatureAlgorithm]
supportedHashSignatures = [HashAndSignatureAlgorithm]
Struct.supportedSignatureSchemes
, supportedSecureRenegotiation :: Bool
supportedSecureRenegotiation = Bool
True
, supportedClientInitiatedRenegotiation :: Bool
supportedClientInitiatedRenegotiation = Bool
False
, supportedExtendedMainSecret :: EMSMode
supportedExtendedMainSecret = EMSMode
RequireEMS
, supportedSession :: Bool
supportedSession = Bool
True
, supportedFallbackScsv :: Bool
supportedFallbackScsv = Bool
True
, supportedEmptyPacket :: Bool
supportedEmptyPacket = Bool
True
, supportedGroups :: [Group]
supportedGroups = [Group]
supportedNamedGroups
}
instance Default Supported where
def :: Supported
def = Supported
defaultSupported
data Shared = Shared
{ Shared -> Credentials
sharedCredentials :: Credentials
, Shared -> SessionManager
sharedSessionManager :: SessionManager
, Shared -> CertificateStore
sharedCAStore :: CertificateStore
, Shared -> ValidationCache
sharedValidationCache :: ValidationCache
, Shared -> [ExtensionRaw]
sharedHelloExtensions :: [ExtensionRaw]
}
instance Show Shared where
show :: Shared -> String
show Shared
_ = String
"Shared"
instance Default Shared where
def :: Shared
def =
Shared
{ sharedCredentials :: Credentials
sharedCredentials = Credentials
forall a. Monoid a => a
mempty
, sharedSessionManager :: SessionManager
sharedSessionManager = SessionManager
noSessionManager
, sharedCAStore :: CertificateStore
sharedCAStore = CertificateStore
forall a. Monoid a => a
mempty
, sharedValidationCache :: ValidationCache
sharedValidationCache = ValidationCache
forall a. Default a => a
def
, sharedHelloExtensions :: [ExtensionRaw]
sharedHelloExtensions = []
}
data GroupUsage
=
GroupUsageValid
|
GroupUsageInsecure
|
GroupUsageUnsupported String
|
GroupUsageInvalidPublic
deriving (Int -> GroupUsage -> ShowS
[GroupUsage] -> ShowS
GroupUsage -> String
(Int -> GroupUsage -> ShowS)
-> (GroupUsage -> String)
-> ([GroupUsage] -> ShowS)
-> Show GroupUsage
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> GroupUsage -> ShowS
showsPrec :: Int -> GroupUsage -> ShowS
$cshow :: GroupUsage -> String
show :: GroupUsage -> String
$cshowList :: [GroupUsage] -> ShowS
showList :: [GroupUsage] -> ShowS
Show, GroupUsage -> GroupUsage -> Bool
(GroupUsage -> GroupUsage -> Bool)
-> (GroupUsage -> GroupUsage -> Bool) -> Eq GroupUsage
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: GroupUsage -> GroupUsage -> Bool
== :: GroupUsage -> GroupUsage -> Bool
$c/= :: GroupUsage -> GroupUsage -> Bool
/= :: GroupUsage -> GroupUsage -> Bool
Eq)
defaultGroupUsage :: Int -> DHParams -> DHPublic -> IO GroupUsage
defaultGroupUsage :: Int -> DHParams -> DHPublic -> IO GroupUsage
defaultGroupUsage Int
minBits DHParams
params DHPublic
public
| Integer -> Bool
forall a. Integral a => a -> Bool
even (Integer -> Bool) -> Integer -> Bool
forall a b. (a -> b) -> a -> b
$ DHParams -> Integer
dhParamsGetP DHParams
params =
GroupUsage -> IO GroupUsage
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return (GroupUsage -> IO GroupUsage) -> GroupUsage -> IO GroupUsage
forall a b. (a -> b) -> a -> b
$ String -> GroupUsage
GroupUsageUnsupported String
"invalid odd prime"
| Bool -> Bool
not (Bool -> Bool) -> Bool -> Bool
forall a b. (a -> b) -> a -> b
$ DHParams -> Integer -> Bool
dhValid DHParams
params (DHParams -> Integer
dhParamsGetG DHParams
params) =
GroupUsage -> IO GroupUsage
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return (GroupUsage -> IO GroupUsage) -> GroupUsage -> IO GroupUsage
forall a b. (a -> b) -> a -> b
$ String -> GroupUsage
GroupUsageUnsupported String
"invalid generator"
| Bool -> Bool
not (Bool -> Bool) -> Bool -> Bool
forall a b. (a -> b) -> a -> b
$ DHParams -> Integer -> Bool
dhValid DHParams
params (DHPublic -> Integer
dhUnwrapPublic DHPublic
public) =
GroupUsage -> IO GroupUsage
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return GroupUsage
GroupUsageInvalidPublic
| DHParams -> Int
dhParamsGetBits DHParams
params Int -> Int -> Bool
forall a. Ord a => a -> a -> Bool
< Int
minBits = GroupUsage -> IO GroupUsage
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return GroupUsage
GroupUsageInsecure
| Bool
otherwise = GroupUsage -> IO GroupUsage
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return GroupUsage
GroupUsageValid
type OnCertificateRequest =
( [CertificateType]
, Maybe [HashAndSignatureAlgorithm]
, [DistinguishedName]
)
-> IO (Maybe (CertificateChain, PrivKey))
type OnServerCertificate =
CertificateStore
-> ValidationCache
-> ServiceID
-> CertificateChain
-> IO [FailedReason]
data ClientHooks = ClientHooks
{ ClientHooks -> OnCertificateRequest
onCertificateRequest :: OnCertificateRequest
, ClientHooks -> OnServerCertificate
onServerCertificate :: OnServerCertificate
, ClientHooks -> IO (Maybe [ByteString])
onSuggestALPN :: IO (Maybe [B.ByteString])
, ClientHooks -> DHParams -> DHPublic -> IO GroupUsage
onCustomFFDHEGroup :: DHParams -> DHPublic -> IO GroupUsage
, ClientHooks -> Information -> IO ()
onServerFinished :: Information -> IO ()
}
defaultClientHooks :: ClientHooks
defaultClientHooks :: ClientHooks
defaultClientHooks =
ClientHooks
{ onCertificateRequest :: OnCertificateRequest
onCertificateRequest = \([CertificateType], Maybe [HashAndSignatureAlgorithm],
[DistinguishedName])
_ -> Maybe (CertificateChain, PrivKey)
-> IO (Maybe (CertificateChain, PrivKey))
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe (CertificateChain, PrivKey)
forall a. Maybe a
Nothing
, onServerCertificate :: OnServerCertificate
onServerCertificate = OnServerCertificate
validateDefault
, onSuggestALPN :: IO (Maybe [ByteString])
onSuggestALPN = Maybe [ByteString] -> IO (Maybe [ByteString])
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Maybe [ByteString]
forall a. Maybe a
Nothing
, onCustomFFDHEGroup :: DHParams -> DHPublic -> IO GroupUsage
onCustomFFDHEGroup = Int -> DHParams -> DHPublic -> IO GroupUsage
defaultGroupUsage Int
1024
, onServerFinished :: Information -> IO ()
onServerFinished = \Information
_ -> () -> IO ()
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return ()
}
instance Show ClientHooks where
show :: ClientHooks -> String
show ClientHooks
_ = String
"ClientHooks"
instance Default ClientHooks where
def :: ClientHooks
def = ClientHooks
defaultClientHooks
data ServerHooks = ServerHooks
{ ServerHooks -> CertificateChain -> IO CertificateUsage
onClientCertificate :: CertificateChain -> IO CertificateUsage
, ServerHooks -> IO Bool
onUnverifiedClientCert :: IO Bool
, ServerHooks -> Version -> [Cipher] -> Cipher
onCipherChoosing :: Version -> [Cipher] -> Cipher
, ServerHooks -> Maybe String -> IO Credentials
onServerNameIndication :: Maybe HostName -> IO Credentials
, ServerHooks -> Measurement -> IO Bool
onNewHandshake :: Measurement -> IO Bool
, ServerHooks -> Maybe ([ByteString] -> IO ByteString)
onALPNClientSuggest :: Maybe ([B.ByteString] -> IO B.ByteString)
, ServerHooks -> [ExtensionRaw] -> IO [ExtensionRaw]
onEncryptedExtensionsCreating :: [ExtensionRaw] -> IO [ExtensionRaw]
}
defaultServerHooks :: ServerHooks
defaultServerHooks :: ServerHooks
defaultServerHooks =
ServerHooks
{ onClientCertificate :: CertificateChain -> IO CertificateUsage
onClientCertificate = \CertificateChain
_ ->
CertificateUsage -> IO CertificateUsage
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return (CertificateUsage -> IO CertificateUsage)
-> CertificateUsage -> IO CertificateUsage
forall a b. (a -> b) -> a -> b
$
CertificateRejectReason -> CertificateUsage
CertificateUsageReject (CertificateRejectReason -> CertificateUsage)
-> CertificateRejectReason -> CertificateUsage
forall a b. (a -> b) -> a -> b
$
String -> CertificateRejectReason
CertificateRejectOther String
"no client certificates expected"
, onUnverifiedClientCert :: IO Bool
onUnverifiedClientCert = Bool -> IO Bool
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Bool
False
, onCipherChoosing :: Version -> [Cipher] -> Cipher
onCipherChoosing = \Version
_ -> [Cipher] -> Cipher
forall a. HasCallStack => [a] -> a
head
, onServerNameIndication :: Maybe String -> IO Credentials
onServerNameIndication = \Maybe String
_ -> Credentials -> IO Credentials
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Credentials
forall a. Monoid a => a
mempty
, onNewHandshake :: Measurement -> IO Bool
onNewHandshake = \Measurement
_ -> Bool -> IO Bool
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return Bool
True
, onALPNClientSuggest :: Maybe ([ByteString] -> IO ByteString)
onALPNClientSuggest = Maybe ([ByteString] -> IO ByteString)
forall a. Maybe a
Nothing
, onEncryptedExtensionsCreating :: [ExtensionRaw] -> IO [ExtensionRaw]
onEncryptedExtensionsCreating = [ExtensionRaw] -> IO [ExtensionRaw]
forall a. a -> IO a
forall (m :: * -> *) a. Monad m => a -> m a
return
}
instance Show ServerHooks where
show :: ServerHooks -> String
show ServerHooks
_ = String
"ServerHooks"
instance Default ServerHooks where
def :: ServerHooks
def = ServerHooks
defaultServerHooks
data Information = Information
{ Information -> Version
infoVersion :: Version
, Information -> Cipher
infoCipher :: Cipher
, Information -> Compression
infoCompression :: Compression
, Information -> Maybe ByteString
infoMainSecret :: Maybe ByteString
, Information -> Bool
infoExtendedMainSecret :: Bool
, Information -> Maybe ClientRandom
infoClientRandom :: Maybe ClientRandom
, Information -> Maybe ServerRandom
infoServerRandom :: Maybe ServerRandom
, Information -> Maybe Group
infoSupportedGroup :: Maybe Group
, Information -> Bool
infoTLS12Resumption :: Bool
, Information -> Maybe HandshakeMode13
infoTLS13HandshakeMode :: Maybe HandshakeMode13
, Information -> Bool
infoIsEarlyDataAccepted :: Bool
}
deriving (Int -> Information -> ShowS
[Information] -> ShowS
Information -> String
(Int -> Information -> ShowS)
-> (Information -> String)
-> ([Information] -> ShowS)
-> Show Information
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
$cshowsPrec :: Int -> Information -> ShowS
showsPrec :: Int -> Information -> ShowS
$cshow :: Information -> String
show :: Information -> String
$cshowList :: [Information] -> ShowS
showList :: [Information] -> ShowS
Show, Information -> Information -> Bool
(Information -> Information -> Bool)
-> (Information -> Information -> Bool) -> Eq Information
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
$c== :: Information -> Information -> Bool
== :: Information -> Information -> Bool
$c/= :: Information -> Information -> Bool
/= :: Information -> Information -> Bool
Eq)