Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS 1.3 client authentication in the client side #298

Closed
wants to merge 2 commits into from
Closed

TLS 1.3 client authentication in the client side #298

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
66abe32
Added codec for CertRequest13 and associated extension
hs-viktor Nov 5, 2018
84307ae
Added TLS 1.3 CertificateRequest support
hs-viktor Nov 5, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 41 additions & 3 deletions core/Network/TLS/Extension.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ module Network.TLS.Extension
, HeartBeat(..)
, HeartBeatMode(..)
, SignatureAlgorithms(..)
, SignatureAlgorithmsCert
, SignatureAlgorithmsCert(..)
, SupportedVersions(..)
, KeyShare(..)
, KeyShareEntry(..)
Expand All @@ -57,18 +57,29 @@ module Network.TLS.Extension
, PreSharedKey(..)
, EarlyDataIndication(..)
, Cookie(..)
, CertificateAuthorities(..)
) where

import qualified Data.ByteString as B
import qualified Data.ByteString.Char8 as BC

import Network.TLS.Struct (ExtensionID, EnumSafe8(..), EnumSafe16(..), HashAndSignatureAlgorithm)
import Network.TLS.Struct ( DistinguishedName
, ExtensionID
, EnumSafe8(..)
, EnumSafe16(..)
, HashAndSignatureAlgorithm )
import Network.TLS.Crypto.Types
import Network.TLS.Types (Version(..))

import Network.TLS.Wire
import Network.TLS.Imports
import Network.TLS.Packet (putSignatureHashAlgorithm, getSignatureHashAlgorithm, putBinaryVersion, getBinaryVersion)
import Network.TLS.Packet ( putDNames
, getDNames
, putSignatureHashAlgorithm
, getSignatureHashAlgorithm
, putBinaryVersion
, getBinaryVersion
)

type HostName = String

Expand Down Expand Up @@ -175,6 +186,14 @@ definedExtensions =
, extensionID_EncryptThenMAC
, extensionID_ExtendedMasterSecret
, extensionID_SessionTicket
, extensionID_PreSharedKey
, extensionID_EarlyData
, extensionID_SupportedVersions
, extensionID_Cookie
, extensionID_PskKeyExchangeModes
, extensionID_KeyShare
, extensionID_SignatureAlgorithmsCert
, extensionID_CertificateAuthorities
, extensionID_SecureRenegotiation
]

Expand All @@ -187,19 +206,22 @@ supportedExtensions = [ extensionID_ServerName
, extensionID_NegotiatedGroups
, extensionID_EcPointFormats
, extensionID_SignatureAlgorithms
, extensionID_SignatureAlgorithmsCert
, extensionID_KeyShare
, extensionID_PreSharedKey
, extensionID_EarlyData
, extensionID_SupportedVersions
, extensionID_Cookie
, extensionID_PskKeyExchangeModes
, extensionID_CertificateAuthorities
]

data MessageType = MsgTClientHello
| MsgTServerHello
| MsgTHelloRetryRequest
| MsgTEncryptedExtensions
| MsgTNewSessionTicket
| MsgTCertificateRequest
kazu-yamamoto marked this conversation as resolved.
Show resolved Hide resolved
deriving (Eq,Show)

-- | Extension class to transform bytes to and from a high level Extension type.
Expand Down Expand Up @@ -514,9 +536,25 @@ instance Extension EarlyDataIndication where
return (EarlyDataIndication (Just w32))
extensionDecode _ = fail "extensionDecode: EarlyDataIndication"

------------------------------------------------------------

newtype Cookie = Cookie ByteString deriving (Eq, Show)

instance Extension Cookie where
extensionID _ = extensionID_Cookie
extensionEncode (Cookie opaque) = runPut $ putOpaque16 opaque
extensionDecode _ = runGetMaybe (Cookie <$> getOpaque16)

------------------------------------------------------------

newtype CertificateAuthorities = CertificateAuthorities [DistinguishedName]
deriving (Eq, Show)

instance Extension CertificateAuthorities where
extensionID _ = extensionID_CertificateAuthorities
extensionEncode (CertificateAuthorities names) = runPut $
putDNames names
extensionDecode MsgTCertificateRequest =
kazu-yamamoto marked this conversation as resolved.
Show resolved Hide resolved
runGetMaybe (CertificateAuthorities <$> getDNames)
extensionDecode msgt =
fail $ "unexpected CertificateAuthorities extension in: " ++ show msgt
Loading