├── .gitignore
├── 3rdparty
├── libeay32-x64.dll
├── libeay32-x86.dll
├── licenses
│ ├── FifteenBelow.Json.txt
│ ├── OpenSSL.txt
│ └── python.txt
└── pyruntime
│ ├── ucs2-win
│ └── Python.Runtime.dll
│ └── ucs4-unix
│ └── Python.Runtime.dll
├── AUTHORS
├── CHANGELOG
├── LICENSE
├── MANIFEST
├── Makefile
├── Makefile.config
├── README.md
├── VS
└── miTLS.sln
├── apps
├── HttpServer
│ ├── App.config
│ ├── HttpCode.fs
│ ├── HttpData.fs
│ ├── HttpHeaders.fs
│ ├── HttpLogger.fs
│ ├── HttpServer.fs
│ ├── HttpServer.fsproj
│ ├── HttpStreamReader.fs
│ ├── HttpWSGI.fs
│ ├── Mime.fs
│ ├── Program.fs
│ ├── Utils.fs
│ ├── packages.config
│ ├── wsgiapp.py
│ └── wsgibridge.py
├── TLSharp
│ ├── TLSharp.fsproj
│ ├── TLStream.fs
│ └── packages.config
├── echo
│ ├── App.config
│ ├── EchoImpl.fs
│ ├── EchoImpl.fsi
│ ├── EchoTest.fs
│ ├── echo.fsproj
│ └── packages.config
├── mihttp
│ ├── MiHTTP.fs
│ ├── MiHTTPChannel.fs
│ ├── MiHTTPChannel.fs7
│ ├── MiHTTPChannel.fsi
│ ├── MiHTTPCookie.fs
│ ├── MiHTTPCookie.fs7
│ ├── MiHTTPCookie.fsi
│ ├── MiHTTPData.fs
│ ├── MiHTTPData.fs7
│ ├── MiHTTPData.fsi
│ ├── MiHTTPInstanceDB.fs
│ ├── MiHTTPInstanceDB.fsi
│ ├── MiHTTPUtils.fs
│ ├── MiHTTPUtils.fs7
│ ├── MiHTTPUtils.fsi
│ ├── MiHTTPWorker.fs
│ ├── MiHTTPWorker.fs7
│ ├── MiHTTPWorker.fsi
│ └── mihttp.fsproj
└── pwapp
│ ├── App.config
│ ├── PwApp.fs
│ ├── PwApp.fs7
│ ├── PwApp.fsi
│ ├── PwAppRun.fs
│ ├── PwToken.fs
│ ├── PwToken.fs7
│ ├── PwToken.fsi
│ ├── packages.config
│ └── pwapp.fsproj
├── data
├── dh
│ ├── default-dh.pem
│ └── dhparams-db.bin
└── logjam
│ ├── dhparam.pem
│ └── scream.txt
├── flex
├── FlexApps
│ ├── App.config
│ ├── Application.fs
│ ├── Attack_Alert.fs
│ ├── Attack_Alert_Warning.fs
│ ├── Attack_DROWN.fs
│ ├── Attack_EarlyCCS.fs
│ ├── Attack_EarlyResume.fs
│ ├── Attack_FragmentClientHello.fs
│ ├── Attack_Logjam.fs
│ ├── Attack_SKIP_EarlyFinished.fs
│ ├── Attack_SmallSubgroup_DHE.fs
│ ├── Attack_TripleHandshake.fs
│ ├── FlexApps.fsproj
│ ├── Handshake_full_DHE.fs
│ ├── Handshake_full_ECDHE.fs
│ ├── Handshake_full_RSA.fs
│ ├── Handshake_resumption.fs
│ ├── Handshake_tls13.fs
│ ├── NLog.config
│ ├── OpenSSL_tests.fs
│ ├── Parsing.fs
│ ├── README-SKIPdemo.txt
│ ├── Script.fs
│ ├── SmackTLS.fs
│ ├── Test_EarlyAppData.fs
│ ├── Test_EarlyAppDataRenego.fs
│ ├── client.java
│ └── packages.config
└── FlexTLS
│ ├── FlexAlert.fs
│ ├── FlexAppData.fs
│ ├── FlexCCS.fs
│ ├── FlexCertificate.fs
│ ├── FlexCertificateRequest.fs
│ ├── FlexCertificateVerify.fs
│ ├── FlexClientHello.fs
│ ├── FlexClientKeyExchange.fs
│ ├── FlexClientKeyShare.fs
│ ├── FlexConnection.fs
│ ├── FlexConstants.fs
│ ├── FlexFinished.fs
│ ├── FlexHandshake.fs
│ ├── FlexHelloRequest.fs
│ ├── FlexRecord.fs
│ ├── FlexSecrets.fs
│ ├── FlexServerHello.fs
│ ├── FlexServerHelloDone.fs
│ ├── FlexServerKeyExchange.fs
│ ├── FlexServerKeyShare.fs
│ ├── FlexState.fs
│ ├── FlexTLS.fsproj
│ ├── FlexTypes.fs
│ └── packages.config
├── libs
├── CoreCrypto
│ ├── BCCryptoProvider.fs
│ ├── CSPCryptoProvider.fs
│ ├── CoreACiphers.fs
│ ├── CoreACiphers.fsi
│ ├── CoreCiphers.fs
│ ├── CoreCiphers.fsi
│ ├── CoreCrypto.fsproj
│ ├── CoreDH.fs
│ ├── CoreDH.fsi
│ ├── CoreECDH.fs
│ ├── CoreECDH.fsi
│ ├── CoreHMac.fs
│ ├── CoreHMac.fsi
│ ├── CoreHash.fs
│ ├── CoreHash.fsi
│ ├── CoreKeys.fs
│ ├── CoreKeys.fsi
│ ├── CoreRandom.fs
│ ├── CoreRandom.fsi
│ ├── CoreSig.fs
│ ├── CoreSig.fsi
│ ├── CryptoProvider.fs
│ ├── DER.fs
│ ├── DER.fsi
│ ├── DHDB.fs
│ ├── DHDB.fsi
│ ├── OSSLCryptoProvider.fs
│ └── packages.config
├── DB
│ ├── DB.fs
│ ├── DB.fsi
│ ├── DB.fsproj
│ └── packages.config
├── DHDBManager
│ ├── App.config
│ ├── DHDBManager.fs
│ ├── DHDBManager.fsi
│ ├── DHDBManager.fsproj
│ └── packages.config
├── OpenSSL
│ ├── OpenSSL.cs
│ ├── OpenSSL.csproj
│ └── Properties
│ │ └── AssemblyInfo.cs
└── Platform
│ ├── Bytes.fs
│ ├── Bytes.fs7
│ ├── Bytes.fsi
│ ├── Date.fs
│ ├── Date.fs7
│ ├── Date.fsi
│ ├── Error.fs
│ ├── Error.fs7
│ ├── Error.fsi
│ ├── List.fs
│ ├── List.fs7
│ ├── List.fsi
│ ├── Platform.fsproj
│ ├── Serialization.fs
│ ├── Serialization.fsi
│ ├── Tcp.fs
│ ├── Tcp.fs7
│ ├── Tcp.fsi
│ └── packages.config
├── miTLS_icla.txt
├── scripts
└── distribution
├── src
└── tls
│ ├── AEAD_GCM.fs
│ ├── AEAD_GCM.fs7
│ ├── AEAD_GCM.fsi
│ ├── Alert.fs
│ ├── Alert.fs7
│ ├── Alert.fsi
│ ├── App.config
│ ├── AppData.fs
│ ├── AppData.fs7
│ ├── AppData.fsi
│ ├── AppFragment.fs
│ ├── AppFragment.fs7
│ ├── AppFragment.fsi
│ ├── Cert.fs
│ ├── Cert.fs7
│ ├── Cert.fsi
│ ├── CommonDH.fs
│ ├── CommonDH.fs7
│ ├── CommonDH.fsi
│ ├── DH.fs
│ ├── DH.fs7
│ ├── DH.fsi
│ ├── DHGroup.fs
│ ├── DHGroup.fs7
│ ├── DHGroup.fsi
│ ├── DataStream.fs
│ ├── DataStream.fs7
│ ├── DataStream.fsi
│ ├── Dispatch.fs
│ ├── Dispatch.fs7
│ ├── Dispatch.fsi
│ ├── ECGroup.fs
│ ├── ECGroup.fsi
│ ├── ENC.fs
│ ├── ENC.fs7
│ ├── ENC.fsi
│ ├── Encode.fs
│ ├── Encode.fs7
│ ├── Encode.fsi
│ ├── HASH.fs
│ ├── HASH.fs7
│ ├── HASH.fsi
│ ├── HMAC.fs
│ ├── HMAC.fs7
│ ├── HMAC.fsi
│ ├── HSFragment.fs
│ ├── HSFragment.fs7
│ ├── HSFragment.fsi
│ ├── Handshake.fs
│ ├── Handshake.fs7
│ ├── Handshake.fsi
│ ├── HandshakeMessages.fs
│ ├── HandshakeMessages.fs7
│ ├── KEF.fs
│ ├── KEF.fs7
│ ├── KEF.fsi
│ ├── LHAE.fs
│ ├── LHAE.fs7
│ ├── LHAE.fsi
│ ├── LHAEPlain.fs
│ ├── LHAEPlain.fs7
│ ├── LHAEPlain.fsi
│ ├── MAC.fs
│ ├── MAC.fs7
│ ├── MAC.fsi
│ ├── MAC_SHA1.fs
│ ├── MAC_SHA1.fs7
│ ├── MAC_SHA1.fsi
│ ├── MAC_SHA256.fs
│ ├── MAC_SHA256.fs7
│ ├── MAC_SHA256.fsi
│ ├── Nonce.fs
│ ├── Nonce.fs7
│ ├── Nonce.fsi
│ ├── PMS.fs
│ ├── PMS.fs7
│ ├── PMS.fsi
│ ├── PRF.fs
│ ├── PRF.fs7
│ ├── PRF.fsi
│ ├── RPC.fs
│ ├── RPC.fs7
│ ├── RPC.fsi
│ ├── RSA.fs
│ ├── RSA.fs7
│ ├── RSA.fsi
│ ├── RSAKey.fs
│ ├── RSAKey.fs7
│ ├── RSAKey.fsi
│ ├── Range.fs
│ ├── Range.fs7
│ ├── Range.fsi
│ ├── Record.fs
│ ├── Record.fs7
│ ├── Record.fsi
│ ├── SessionDB.fs
│ ├── SessionDB.fs7
│ ├── SessionDB.fsi
│ ├── Sig.fs
│ ├── Sig.fs7
│ ├── Sig.fsi
│ ├── StatefulLHAE.fs
│ ├── StatefulLHAE.fs7
│ ├── StatefulLHAE.fsi
│ ├── StatefulPlain.fs
│ ├── StatefulPlain.fs7
│ ├── StatefulPlain.fsi
│ ├── TLS.fs
│ ├── TLS.fs7
│ ├── TLS.fsi
│ ├── TLSConstants.fs
│ ├── TLSConstants.fs7
│ ├── TLSConstants.fsi
│ ├── TLSError.fs
│ ├── TLSError.fs7
│ ├── TLSError.fsi
│ ├── TLSExtensions.fs
│ ├── TLSExtensions.fs7
│ ├── TLSExtensions.fsi
│ ├── TLSFragment.fs
│ ├── TLSFragment.fs7
│ ├── TLSFragment.fsi
│ ├── TLSInfo.fs
│ ├── TLSInfo.fs7
│ ├── TLSInfo.fsi
│ ├── TLSPRF.fs
│ ├── TLSPRF.fs7
│ ├── TLSPRF.fsi
│ ├── UTLS.fs
│ ├── UTLS.fs7
│ ├── UTLS.fsi
│ ├── UntrustedCert.fs
│ ├── UntrustedCert.fs7
│ ├── UntrustedCert.fsi
│ ├── genrules
│ ├── interactive
│ └── easycrypt
│ │ └── KEM.ec
│ ├── packages.config
│ ├── pi.fs
│ └── tls.fsproj
└── tests
├── Makefile
└── pki
├── Makefile
├── config
└── ca.config
├── rsa
└── certificates
│ ├── google.com-1.crt
│ ├── google.com-2.crt
│ └── google.com-3.crt
└── support
└── mono-crt-cleanup.py
/.gitignore:
--------------------------------------------------------------------------------
1 | pythonnet
2 | sessionDB
3 |
4 | **/bin
5 | **/obj
6 |
7 | tls-*.sln
8 | tls-*.sdf
9 |
10 | *.tgz
11 | *.suo
12 | *.pyc
13 |
14 | *.tc7
15 | *.smp
16 | *.bak
17 |
18 | Backup
19 | UpgradeLog.htm
20 | tls.sln.ide
21 |
22 | src/tls/*.why
23 |
24 | VS/packages
25 |
--------------------------------------------------------------------------------
/3rdparty/libeay32-x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitls/mitls-flex/787826dd22d5253c5f4e03f9259614e6580db481/3rdparty/libeay32-x64.dll
--------------------------------------------------------------------------------
/3rdparty/libeay32-x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitls/mitls-flex/787826dd22d5253c5f4e03f9259614e6580db481/3rdparty/libeay32-x86.dll
--------------------------------------------------------------------------------
/3rdparty/licenses/FifteenBelow.Json.txt:
--------------------------------------------------------------------------------
1 | Copyright (c) 2014 15below Ltd
2 |
3 | Permission is hereby granted, free of charge, to any person obtaining
4 | a copy of this software and associated documentation files (the
5 | "Software"), to deal in the Software without restriction, including
6 | without limitation the rights to use, copy, modify, merge, publish,
7 | distribute, sublicense, and/or sell copies of the Software, and to
8 | permit persons to whom the Software is furnished to do so, subject to
9 | the following conditions:
10 |
11 | The above copyright notice and this permission notice shall be
12 | included in all copies or substantial portions of the Software.
13 |
14 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE
21 |
--------------------------------------------------------------------------------
/3rdparty/licenses/python.txt:
--------------------------------------------------------------------------------
1 | TODO
2 |
--------------------------------------------------------------------------------
/3rdparty/pyruntime/ucs2-win/Python.Runtime.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitls/mitls-flex/787826dd22d5253c5f4e03f9259614e6580db481/3rdparty/pyruntime/ucs2-win/Python.Runtime.dll
--------------------------------------------------------------------------------
/3rdparty/pyruntime/ucs4-unix/Python.Runtime.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitls/mitls-flex/787826dd22d5253c5f4e03f9259614e6580db481/3rdparty/pyruntime/ucs4-unix/Python.Runtime.dll
--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | miTLS was originally developed at the MSR-INRIA Joint Center in Paris.
2 |
3 | The following is a list of current and past contributors to the project.
4 |
5 | Benjamin Beurdouche
6 | Karthikeyan Bhargavan
7 | Antoine Delignat-Lavaud
8 | Cédric Fournet
9 | Markulf Kohlweiss
10 | Alfredo Pironti
11 | Pierre-Yves Strub
12 | Santiago Zanella-Béguelin
--------------------------------------------------------------------------------
/CHANGELOG:
--------------------------------------------------------------------------------
1 | miTLS 0.9.0 2015-04-21
2 | * FlexTLS
3 | * Add "FlexTLS" library for assembling TLS messages
4 | * Add "FlexAppls" command line tool for testing TLS scenarios
5 | * Add deviant scenario generator (aka SmackTLS)
6 | * TLS library
7 | * Add compilation flag for experimenting with TLS 1.3
8 | * Project management
9 | * Get BouncyCastle and SQLite as nuget packages
10 |
11 | miTLS 0.8.1 2014-10-03
12 | * TLS library
13 | * Use compilation flags to disable experimental extensions
14 | * Command line tools
15 | * Improve help and information messages
16 | * Fix target architecture
17 | * Remove unused options
18 |
19 | miTLS 0.8.0 2014-10-01
20 | * TLS library
21 | * Refactor some code to ease F* migration
22 | * Rework DH group and element checking
23 | Efficient cache-based checks on groups
24 | Add checks for prime and group size
25 | * Enable experimental implementation of extended master secret extension
26 | * Project management
27 | * Move to VS2013
28 |
29 | miTLS 0.7.0 2014-08-20
30 | * TLS library
31 | * Refactor handshake-related modules
32 | * Add support for session-hash and extended master secret computation
33 |
34 | miTLS 0.1.3 2013-11-21
35 | * TLS library
36 | * Added support for AEAD_GCM
37 | * More modular extension handling mechanism
38 |
39 | miTLS 0.1.2 2013-03-19
40 | * TLS library
41 | * Optimize memory usage
42 | The stream of exchanged data is truly ghost, only stored in ideal functionality
43 | * Improve cryptographic provider handling
44 | Add runtime support for different providers
45 | Add .NET and SSLeay as providers
46 | * HTTP server
47 | * Improve support for WSGI interface
48 | * Fix bugs
49 |
50 | miTLS 0.1.1 2013-02-11
51 | * Initial public release
52 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright 2015 INRIA and Microsoft Corporation
2 |
3 | Licensed under the Apache License, Version 2.0 (the "License");
4 | you may not use this file except in compliance with the License.
5 | You may obtain a copy of the License at
6 |
7 | http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | Unless required by applicable law or agreed to in writing, software
10 | distributed under the License is distributed on an "AS IS" BASIS,
11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | See the License for the specific language governing permissions and
13 | limitations under the License.
--------------------------------------------------------------------------------
/MANIFEST:
--------------------------------------------------------------------------------
1 | AUTHORS
2 | CHANGELOG
3 | LICENSE
4 | miTLS_icla.txt
5 | MANIFEST
6 | README.md
7 |
8 | Makefile
9 | Makefile.config
10 |
11 | scripts/distribution
12 |
13 | data/dh/default-dh.pem
14 | data/dh/dhparams-db.bin
15 | data/logjam/dhparam.pem
16 | data/logjam/scream.txt
17 |
18 | 3rdparty/licenses/FifteenBelow.Json.txt
19 | 3rdparty/licenses/OpenSSL.txt
20 | 3rdparty/libeay32-x86.dll
21 | 3rdparty/libeay32-x64.dll
22 | 3rdparty/licenses/python.txt
23 | 3rdparty/pyruntime/ucs2-win/Python.Runtime.dll
24 | 3rdparty/pyruntime/ucs4-unix/Python.Runtime.dll
25 |
26 | VS/miTLS.sln
27 |
28 | src/tls/interactive/easycrypt/*.ec
29 | # find:VS/packages:*
30 |
31 | # find:3rdparty:*.dll
32 | # find:libs/DB/lib:*.dll
33 |
34 | # VS Projects
35 | vs:VS/miTLS.sln:CoreCrypto,DB,DHDBManager,Platform,OpenSSL,tls,TLSharp,echo,HttpServer,pwapp,mitls,mihttp,FlexTLS,FlexApps
36 |
37 | # tests
38 | tests/Makefile
39 | tests/pki/Makefile
40 | tests/pki/config/ca.config
41 | tests/pki/support/mono-crt-cleanup.py
--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
1 | # -*- Makefile -*-
2 |
3 | # --------------------------------------------------------------------
4 | version ?= 0.9.0
5 | name = miTLS
6 | distname = $(name)-$(version)
7 | f7distname = $(name)-f7-$(version)
8 |
9 |
10 |
11 | include Makefile.config
12 |
13 | .PHONY: all build build-debug make.in prepare-dist
14 | .PHONY: do-dist-check dist dist-check
15 |
16 | # --------------------------------------------------------------------
17 | all: build
18 |
19 | build = $(msbuild) /p:Configuration=$(1) VS/miTLS.sln
20 | clean = $(msbuild) /v:minimal /p:Configuration=$(1) /t:Clean VS/miTLS.sln
21 |
22 | restore:
23 | cd VS; nuget restore
24 |
25 | build:
26 | $(call build,Release)
27 |
28 | build-debug:
29 | $(call build,Debug)
30 |
31 | clean:
32 | $(call clean,Release)
33 | $(call clean,Debug)
34 |
35 | dist-clean: clean
36 | rm -f $(distname).tgz
37 | rm -f $(f7distname).tgz
38 | rm -rf $(distname)
39 |
40 | # --------------------------------------------------------------------
41 | prepare-dist:
42 | rm -rf $(distname) && mkdir $(distname)
43 | rm -rf $(distname).tgz
44 | scripts/distribution $(distname) MANIFEST
45 | # find $(distname) \( -type f -a \! -name '*.dll' \) -exec chmod a-x '{}' \+
46 | # chmod a+x $(distname)/scripts/*
47 |
48 | dist: prepare-dist
49 | if [ -x scripts/anonymize ]; then \
50 | find $(distname) \
51 | -type f \( -name '*.fs' -o -name '*.fsi' -o -name '*.fs7' -o -name '*.ec' \) \
52 | -exec scripts/anonymize \
53 | -m release -B -P \
54 | -I wsgi -I ideal -I verify -I optimize_bytes -I tls13 \
55 | -I TLSExt_extendedPadding -I TLSExt_sessionHash \
56 | -c LICENSE '{}' \+; \
57 | fi
58 | $(tar) --format=gnu --owner=0 --group=0 -czf $(distname).tgz $(distname)
59 | rm -rf $(distname)
60 |
61 | do-dist-check:
62 | $(tar) -xof $(distname).tgz
63 | set -x; \
64 | $(MAKE) -C $(distname) restore \
65 | && $(MAKE) -C $(distname) \
66 | && $(MAKE) -C $(distname) dist \
67 | && mkdir $(distname)/dist1 $(distname)/dist2 \
68 | && ( cd $(distname)/dist1 && $(tar) -xof ../$(distname).tgz ) \
69 | && ( cd $(distname)/dist2 && $(tar) -xof ../../$(distname).tgz ) \
70 | && diff -rq $(distname)/dist1 $(distname)/dist2 \
71 | || exit 1
72 | rm -rf $(distname)
73 | @echo "$(distname).tgz is ready for distribution" | \
74 | sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
75 |
76 | dist-check: dist do-dist-check
77 |
--------------------------------------------------------------------------------
/Makefile.config:
--------------------------------------------------------------------------------
1 | # -*- Makefile -*-
2 |
3 | # --------------------------------------------------------------------
4 | arch = $(shell uname)
5 |
6 | ifneq ($(findstring CYGWIN,$(arch)),)
7 | buildtype = cygwin
8 | ifneq ($(findstring WOW64,$(arch)),)
9 | cygarch = win64
10 | else
11 | ifneq ($(findstring x86,$(PROCESSOR_ARCHITECTURE)),)
12 | cygarch = win32
13 | else
14 | cygarch = win64
15 | endif
16 | endif
17 | else
18 | buildtype = unix
19 | cygarch =
20 | endif
21 |
22 | # --------------------------------------------------------------------
23 | ifeq ($(buildtype),unix)
24 | msbuild := xbuild
25 | z3exe := z3
26 | tar := gtar
27 | endif
28 |
29 | ifeq ($(buildtype),cygwin)
30 |
31 | vs2015 := $(shell ls -d "/cygdrive/c/Program Files (x86)/MSBuild/14.0/" | tail -n 0)
32 | ifeq (,$(vs2015))
33 | msbuild := "/cygdrive/c/Program Files (x86)/MSBuild/14.0/Bin/MSBuild.exe"
34 | else
35 | msbuild := "/cygdrive/c/Program Files (x86)/MSBuild/12.0/Bin/MSBuild.exe"
36 | endif
37 |
38 | z3exe := z3-$(cygarch:win%=x%).exe
39 | tar := tar
40 | endif
41 |
42 | msbuild += /nologo
43 |
44 |
--------------------------------------------------------------------------------
/apps/HttpServer/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/apps/HttpServer/HttpData.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module HttpData
18 |
19 | open System
20 | open System.IO
21 | open System.Net
22 | open System.Text
23 |
24 | open HttpHeaders
25 |
26 | type http_version =
27 | | HTTPV_10
28 | | HTTPV_11
29 | | HTTPV_Other of string
30 |
31 | let httpversion_of_string = function
32 | | "1.0" -> HTTPV_10
33 | | "1.1" -> HTTPV_11
34 | | version -> HTTPV_Other version
35 |
36 | let string_of_httpversion = function
37 | | HTTPV_10 -> "1.0"
38 | | HTTPV_11 -> "1.1"
39 | | HTTPV_Other v -> v
40 |
41 | type HttpServerConfig = {
42 | docroot : string;
43 | mimesmap : Mime.MimeMap;
44 | localaddr : IPEndPoint;
45 | tlsoptions : TLSInfo.config option;
46 | servname : string;
47 | }
48 |
49 | type HttpBody =
50 | | HB_Raw of byte[]
51 | | HB_Stream of Stream * int64
52 |
53 | let http_body_length = function
54 | | HB_Raw bytes -> int64 bytes.Length
55 | | HB_Stream (_, length) -> length
56 |
57 | type HttpResponse = {
58 | code : HttpCode.httpcode;
59 | headers : HttpHeaders ;
60 | body : HttpBody ;
61 | }
62 |
63 | type HttpRequest = {
64 | version : http_version;
65 | mthod : string ;
66 | path : string ;
67 | headers : HttpHeaders ;
68 | }
69 |
70 | let http_response_of_code = fun code ->
71 | let message = HB_Raw (Encoding.ASCII.GetBytes (HttpCode.http_message code)) in
72 | let headers = HttpHeaders.OfList [("Content-Type", "text/plain;charset=US-ASCII")] in
73 | { code = code ;
74 | headers = headers ;
75 | body = message }
76 |
--------------------------------------------------------------------------------
/apps/HttpServer/HttpLogger.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module HttpLogger
18 |
19 | open System
20 | open System.Threading
21 |
22 | type level = DEBUG | INFO | ERROR
23 |
24 | type HttpLogger () =
25 | static let mutable loglevel : level = INFO
26 |
27 | static member private lock = new Object ()
28 |
29 | static member Level
30 | with get () = loglevel
31 | and set newlevel = loglevel <- newlevel;
32 |
33 | static member private WriteLine (s : string) =
34 | lock HttpLogger.lock (fun () -> Console.WriteLine(s))
35 |
36 | static member Log level message =
37 | if level >= loglevel then begin
38 | HttpLogger.WriteLine
39 | (sprintf "[Thread %4d] [%A] %s"
40 | Thread.CurrentThread.ManagedThreadId
41 | DateTime.Now
42 | message)
43 | end
44 |
45 | static member Debug message =
46 | HttpLogger.Log DEBUG message
47 |
48 | static member Info message =
49 | HttpLogger.Log INFO message
50 |
51 | static member Error message =
52 | HttpLogger.Log ERROR message
53 |
--------------------------------------------------------------------------------
/apps/HttpServer/Mime.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Mime
18 |
19 | open System
20 | open System.IO
21 | open System.Text
22 | open System.Text.RegularExpressions
23 |
24 | type mime = string
25 |
26 | type MimeMap () =
27 | let mutable mimes : Map = Map.empty
28 |
29 | static member CanonizeExt (ext : string) =
30 | let ext = ext.ToLowerInvariant() in
31 | if ext.StartsWith(".") then ext else "." + ext
32 |
33 | member self.Bind (ext : string) (mime : mime) =
34 | let ext = MimeMap.CanonizeExt(ext) in
35 | if ext = "." then begin
36 | raise (ArgumentException ("cannot bind empty extension"))
37 | end;
38 | mimes <- Map.add ext mime mimes
39 |
40 | member self.Lookup (ext : string) =
41 | mimes.TryFind (MimeMap.CanonizeExt ext)
42 |
43 | let of_stream (stream : Stream) =
44 | let process_line = fun line ->
45 | match Regex.Replace(line, "#.*$", "").Trim() with
46 | | "" -> None
47 | | _ ->
48 | match List.ofArray (Regex.Split(line, "\s+")) with
49 | | [] -> failwith "MimeMap.of_stream"
50 | | ctype :: exts -> Some (ctype, exts)
51 | in
52 | use reader = new StreamReader(stream, Encoding.ASCII)
53 | let mime = MimeMap () in
54 |
55 | let _ =
56 | for line in Utils.IO.ReadAllLines reader do
57 | match process_line line with
58 | | Some (ctype, exts) ->
59 | exts |> List.iter (fun ext -> mime.Bind ext ctype)
60 | | None -> ()
61 | in
62 | mime
63 |
64 | let of_file (filename : string) =
65 | use stream = File.Open(filename, FileMode.Open, FileAccess.Read)
66 | of_stream stream
67 |
--------------------------------------------------------------------------------
/apps/HttpServer/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/apps/HttpServer/wsgiapp.py:
--------------------------------------------------------------------------------
1 | # ------------------------------------------------------------------------
2 | class BaseApplication(object):
3 | @staticmethod
4 | def create():
5 | def application(environ, start_response):
6 | start_response("200 OK", [])
7 | return ['Hello World!']
8 | return application
9 |
10 | # ------------------------------------------------------------------------
11 | class miTLSApplication(object):
12 | @staticmethod
13 | def create():
14 | import sys, os, mitls, pyramid.paster as paster
15 |
16 | inifile = '/opt/mitls/bridge/development.ini'
17 | env = paster.bootstrap(inifile)
18 |
19 | return env['app']
20 |
21 | # ------------------------------------------------------------------------
22 | main = miTLSApplication.create
23 |
--------------------------------------------------------------------------------
/apps/TLSharp/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/apps/echo/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/apps/echo/EchoImpl.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module EchoImpl
18 |
19 | type options = {
20 | ciphersuite : TLSConstants.cipherSuiteName list;
21 | tlsminversion : TLSConstants.ProtocolVersion;
22 | tlsmaxversion : TLSConstants.ProtocolVersion;
23 | servername : string;
24 | clientname : string option;
25 | localaddr : System.Net.IPEndPoint;
26 | sessiondir : string;
27 | dhdir : string;
28 | insecure : bool;
29 | }
30 |
31 | val client : options -> unit
32 | val server : options -> unit
33 |
--------------------------------------------------------------------------------
/apps/echo/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTP.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | (* ------------------------------------------------------------------------ *)
18 | open System
19 |
20 | (* ------------------------------------------------------------------------ *)
21 | []
22 | let main args =
23 | if Array.length args >= 1 then
24 | let hostname = args.[0] in
25 | let requests = List.tail (List.ofArray args) in
26 |
27 | let channel = MiHTTPChannel.connect hostname in
28 | requests
29 | |> List.iter (fun request -> MiHTTPChannel.request channel None request)
30 | let rec wait () =
31 | match MiHTTPChannel.poll channel with
32 | | None -> Async.RunSynchronously (Async.Sleep 500)
33 | | Some (_, (_, d)) -> fprintfn stderr "%s\n" (Bytes.iutf8 (Bytes.abytes d))
34 | wait ()
35 | in
36 | wait (); 0
37 | else
38 | 1
39 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPChannel.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPChannel
18 |
19 | open Bytes
20 | open MiHTTPData
21 |
22 | type channelid = bytes
23 | type hostname = string
24 |
25 | type channel_infos = {
26 | channelid : bytes;
27 | hostname : hostname;
28 | }
29 |
30 | type channel
31 |
32 | (* Channels statically bound to a hostname *)
33 | type rchannel = channel
34 |
35 | type auth =
36 | | ACert of string
37 |
38 | type cstate = {
39 | c_channelid : cbytes;
40 | c_hostname : hostname;
41 | c_credentials : string option;
42 | }
43 |
44 | type request = { uri: string; }
45 |
46 | val save_channel : channel -> cstate
47 | val restore_channel : cstate -> channel
48 |
49 | val cinfos : channel -> channel_infos
50 |
51 | val connect : hostname -> channel
52 | val request : channel -> auth option -> string -> unit
53 | val poll : channel -> (request * cdocument) option
54 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPCookie.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPCookie
18 |
19 | open Bytes
20 |
21 | type cookie = {
22 | name : string;
23 | value : string;
24 | domain : string;
25 | path : string;
26 | maxage : int;
27 | secure : bool;
28 | }
29 |
30 | type ckenv = {
31 | path : string;
32 | domain : string;
33 | }
34 |
35 | val parse : ckenv -> bytes -> cookie list
36 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPCookie.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPCookie
18 |
19 | open Bytes
20 |
21 | type cookie = {
22 | name : string;
23 | value : string;
24 | domain : string;
25 | path : string;
26 | maxage : int;
27 | secure : bool;
28 | }
29 |
30 | type ckenv = {
31 | path : string;
32 | domain : string;
33 | }
34 |
35 | val parse : ckenv -> bytes -> cookie list
36 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPData.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPData
18 |
19 | open Bytes
20 | open Range
21 | open TLSInfo
22 | open DataStream
23 |
24 | type document
25 | type cdocument = (cbytes * cbytes) list * cbytes
26 |
27 | val create : unit -> document
28 | val progress : document -> cbytes -> document
29 | val finalize : document -> cdocument option
30 |
31 | val push_delta : e:epoch -> s:(;e) stream -> r:range -> d:(;e,s,r) delta -> document -> document
32 |
33 | val request : e:epoch -> s:(;e) stream -> r:range -> string -> (;e,s,r) delta
34 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPData.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPData
18 |
19 | open Bytes
20 | open Range
21 | open TLSInfo
22 | open DataStream
23 |
24 | type document
25 | type cdocument = (cbytes * cbytes) list * cbytes
26 |
27 | val create : unit -> document
28 | val progress : document -> cbytes -> document
29 | val finalize : document -> cdocument option
30 |
31 | val push_delta : epoch -> stream -> range -> delta -> document -> document
32 |
33 | val request : epoch -> stream -> range -> string -> delta
34 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPInstanceDB.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPInstanceDB
18 |
19 | open Bytes
20 | open Serialization
21 | open MiHTTPChannel
22 |
23 | let dbname = "http-instances.sqlite3"
24 |
25 | let save (c : channel) =
26 | let state = save_channel c in
27 | let key = serialize state.c_channelid in
28 | let value = serialize state in
29 |
30 | let doit (db : DB.db) =
31 | ignore (DB.remove db key);
32 | DB.put db key value
33 | in
34 |
35 | let db = DB.opendb dbname in
36 | try
37 | DB.tx db doit
38 | finally
39 | DB.closedb db
40 |
41 | let restore (id : channelid) =
42 | let key = serialize (cbytes id) in
43 |
44 | let doit (db : DB.db) =
45 | DB.get db key
46 | |> Option.map deserialize
47 | |> Option.map MiHTTPChannel.restore_channel
48 | in
49 |
50 | let db = DB.opendb dbname in
51 | try
52 | DB.tx db doit
53 | finally
54 | DB.closedb db
55 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPInstanceDB.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPInstanceDB
18 |
19 | open Bytes
20 | open MiHTTPChannel
21 |
22 | val save : channel -> unit
23 | val restore : channelid -> channel option
24 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPUtils.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPUtils
18 |
19 | let split_and_strip (c : char) (count : int) (s : string) : string list =
20 | s.Split([|c|], count, System.StringSplitOptions.None)
21 | |> List.ofArray
22 | |> List.map (fun s -> s.Trim ())
23 |
24 | let parse_date (s : string) : Date.DateTime option =
25 | None
26 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPUtils.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPUtils
18 |
19 | val split_and_strip: char -> int -> string -> string list
20 | val parse_date : string -> Date.DateTime option
21 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPUtils.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPUtils
18 |
19 | val split_and_strip: char -> int -> string -> string list
20 | val parse_date : string -> Date.DateTime option
21 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPWorker.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPWorker
18 |
19 | type lock = Lock of (unit ref)
20 |
21 | let create_lock () = Lock (ref ())
22 |
23 | let async (cb : 'a -> unit) (x : 'a) : unit =
24 | let comp = async { cb x } in
25 | Async.Start comp
26 |
27 | let critical (monitor : lock) (cb : 'a -> 'b) (x : 'a) : 'b =
28 | lock monitor (fun () -> cb x)
29 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPWorker.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPWorker
18 |
19 | type lock
20 |
21 | val create_lock : unit -> lock
22 |
--------------------------------------------------------------------------------
/apps/mihttp/MiHTTPWorker.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MiHTTPWorker
18 |
19 | type lock
20 |
21 | val create_lock : unit -> lock
22 |
23 | val async : ('a -> unit) -> 'a -> unit
24 | val critical : lock -> ('a -> 'b) -> 'a -> 'b
25 |
--------------------------------------------------------------------------------
/apps/pwapp/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/apps/pwapp/PwApp.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module PwApp
18 |
19 | open Cert
20 | open Dispatch
21 | open TLSInfo
22 | open PwToken
23 |
24 | type username = PwToken.username
25 |
26 | predicate ClientAuthenticated of username * token
27 | predicate AuthenticatedByServer of SessionInfo * username
28 |
29 | function val CN : Cert.cert list -> string
30 |
31 | val request :
32 | servname : string
33 | -> username : string
34 | -> token : token{RegisteredToken(UTK(username, token))}
35 | -> (c:Connection{
36 | CN(EpochSI(CnInfo(c).id_in).serverID) = username /\
37 | ( StrongAuth(CnInfo(c).id_in) /\
38 | ( RSAKey.Honest(RSAPKCert(EpochSI(CnInfo(c).id_in).serverID)) \/
39 | Sig.Honest(SigPKCert(EpochSI(CnInfo(c).id_in).serverID))
40 | ) =>
41 | AuthenticatedByServer(EpochSI(CnInfo(c).id_in), username)
42 | )
43 | }) option
44 |
45 | val response : string -> (uc:(username * Connection){
46 | !c, u. (u, c) = uc =>
47 | ?token. StrongAuth(CnInfo(c).id_in)
48 | => ClientAuthenticated(u, token) /\ GoodToken(u, token)
49 | }) option
50 |
--------------------------------------------------------------------------------
/apps/pwapp/PwApp.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module PwApp
18 |
19 | open Bytes
20 | open PwToken
21 | open Dispatch
22 |
23 | type username = PwToken.username
24 |
25 | val request : (*servname*)string -> username -> token -> Connection option
26 | val response : (*servname*)string -> (string * Connection) option
27 |
--------------------------------------------------------------------------------
/apps/pwapp/PwAppRun.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module PwAppRun
18 |
19 | open System
20 | open System.Threading
21 |
22 | let servname = "mitls.example.org"
23 | let my = "xxxxxxxxxxxxxxxx"
24 | let token = PwToken.create ()
25 | let _ = PwToken.register my token
26 |
27 | let server () =
28 | try
29 | printfn "S: %A" (PwApp.response servname)
30 | with e ->
31 | printfn "E: %A" e
32 |
33 | let client () =
34 | let r = (PwApp.request servname my token) in
35 | printfn "C: %A" r
36 |
37 | let program () =
38 | let tserver = new Thread(new ThreadStart(server))
39 |
40 | tserver.Name <- "Server"; tserver.Start ()
41 | Thread.Sleep 1000; client ();
42 | Thread.Sleep -1
43 |
44 | let _ =
45 | program ()
46 |
--------------------------------------------------------------------------------
/apps/pwapp/PwToken.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module PwToken
18 |
19 | // ------------------------------------------------------------------------
20 | open Bytes
21 | open TLSInfo
22 | open DataStream
23 | open Range
24 |
25 | // ------------------------------------------------------------------------
26 | type token
27 | type username = string
28 |
29 | val create : unit -> token
30 | val register : username -> token -> unit
31 | val verify : username -> token -> bool
32 | val guess : bytes -> token
33 |
34 | // ------------------------------------------------------------------------
35 | type delta = DataStream.delta
36 |
37 | val MaxTkReprLen : int
38 |
39 | val tk_repr : epoch -> stream -> username -> token -> delta
40 | val tk_plain : epoch -> stream -> range -> delta -> (username * token) option
41 |
42 | val rp_repr : epoch -> stream -> bool -> delta
43 | val rp_plain : epoch -> stream -> range -> delta -> bool
44 |
--------------------------------------------------------------------------------
/apps/pwapp/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/data/dh/default-dh.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN DH PARAMETERS-----
2 | MIIBOAKCATEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
3 | +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
4 | 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
5 | YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
6 | 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
7 | ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3
8 | 7lmMsPrBhtkcrv4TCYUzyLP//////////wIBAg==
9 | -----END DH PARAMETERS-----
10 |
--------------------------------------------------------------------------------
/data/dh/dhparams-db.bin:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitls/mitls-flex/787826dd22d5253c5f4e03f9259614e6580db481/data/dh/dhparams-db.bin
--------------------------------------------------------------------------------
/data/logjam/dhparam.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN DH PARAMETERS-----
2 | MIGKAkEA4jtBkKjjbOo86I8FOMV/GZNJWEItIXRTaezo6FGSdqHMHRfv8rzedXnu
3 | AiXuQnr/O6Bj5t20gBTR0TMAdhOhlwJBAKKLyAUgAqI0912df2pLAz53x3bix0D6
4 | dFnuC90qEj8Ijkq5GKrhEXnH/o56AyQEsigaov/leMCs2fI3Nfnh5C8CAgAB
5 | -----END DH PARAMETERS-----
6 |
--------------------------------------------------------------------------------
/data/logjam/scream.txt:
--------------------------------------------------------------------------------
1 | ---;;;;;;;-----'''''''''``' --- `' .,,ccc$$hcccccc,. `' ,;;!!!'``,;;!!'
2 | ;;;;,,.,;-------''''''' ,;;!!- .zJ$$$$$$$$$$$$$$$$$$$c,. `' ,;;!!!!' ,;
3 | ```' -;;;!'''''- `.,.. .zJ$$$$$$$$$$$$$$$$$$$$$$$$$$c, `!!'' ,;!!'
4 | !!- ' `,;;;;;;;;;;'''''```' ,c$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$c, ;!!'' ,;
5 | ,;;;!!!!!!!!''``.,;;;;!'`' z$$$$$$$$???"""""'.,,.`"?$$$$$$$$$$$ ``,;;!!!
6 | ;;.. --''```_..,;;! J$$$$$$??,zcd$$$$$$$$$$$$$$$$$$$$$$$$h ``'``'
7 | ```''' ,;;''``.,.,;;, ,$$$$$$F,z$$$$$$$$$$$$$$$$$$$c,`""?$$$$$h
8 | !!!!;;;;, --`!''''''' $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$h.`"$$$$h .
9 | `'''``.,;;;!;;;--;; zF,$$$$$$$$$$?????$$$$$$$$$$$$$?????$$r ;?$$$ $.
10 | !;.,..,.````.,;;;; ,$P'J"$$$$$$P" .,c,,.J$$$$$$$$$"',cc,_`?h.`$$$$ $L
11 | '``````' .,.. ,$$". $ $$$$P",c$$$$$$$$$$$$$$$$',$$$$$$$$$$ $$$$ $$c,
12 | !!!!!!!!!!!!!''' J$',$ $.`$$P c$$$$$$$$$$$$$$$$$$,$$$$$$$$$$$ $$$$ $$$$C
13 | `` J$ ,$P $$ ?$',$$$$???$$$$$$$$$$$$$$$??"""?$$$ <$$$ $$$$$
14 | c ;, z$F,$$ `$$ $ ?$" "$$$.?$$$ $$$P c??c, ?$.<$$',$$$$$F
15 | $$h. -!> (' $" $F ,F ?$ $ F ,="?$$c,`$$F $$"z$$',$' ,$$P $h.`$ ?$$$$$r
16 | $$$$$hc,. ``' J$ $P J$ . $$F L ",,J$$$F <$hc$$ "$L,`??????,J$$$.` z$$$$$
17 | $$$$$$$$$$c,'' ?F,$',$F.: $$ c$c,,,,,c,,J$$$$$$$ ?$$$c,,,c$$$$$$F. $$$$$$
18 | `"$$$$$$$$$$$c, $$',$$ :: $$$$$$$$F"',$$$$$$$$$$h ?$$$L;;$$$??$$$$ $$$$$$
19 | "?$$$$$$$$$$ $$$$$$ : .`F"$$$$$$$$$$$$""""?"""h $$$$$$$"$,J$$$$ $$$$$'
20 | "?$$$$$$$ $$$$$$.`.` h `$$$$$$$$$$$cccc$$c,zJ$$$$$P' $$$$$P',$$$$P
21 | $. `""?$$ $$$$$$$ ` "$c "?$$$$$$$$$$$$??$$$$$$$$" ,J$$$P",J$$$$P
22 | .. `" ?$$$$$$h ?$$c.`?$$$$$$$$$' . <$$$$$' ,$$$" ,$$$$$"
23 | !!>. . `$$$$$$$h . "$$$c,"$$$$$$$' `' `$$$P ,$$$' ,c$$$$$' ;!
24 | ``` `$$$$$$$c "$$$c`?$$$$$ : : $$$ ,$$P' z$$$$$$' ;!!
25 | $hc ```' ; `$$$$$$$. ?$$c ?$$$$ .: : $$$ $$F ,J$$$$$$' ;!!
26 | .,.. ' `$$$$$$$ "$$h`$$$$ .' ' $$$ ,$$ ,J$$$$$$' !!!
27 | ????P `$$$$$$L $$$ $$$F :.: J$$P J$F J$$$$$P ;!!
28 | -=< ?$$."$$ `$$ ?$$' `' z$$$F $P $$$$$$' !!'
29 | cc `$$$c`? ?$.`$$hc, cd$$F ,$' $$$$$$ ;!!
30 | $$$$c `$$c$$$$$$$$$",c$' $$$$$$ `!!
31 | $$$$$ `?$$$$$$$$$$$$P' $$$$$$> ..
32 | $$$$$ `"?$$$$$$$P" $$$$$$L $$c,
33 |
--------------------------------------------------------------------------------
/flex/FlexApps/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/flex/FlexApps/NLog.config:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 |
9 |
10 |
12 |
14 |
16 |
18 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/flex/FlexApps/OpenSSL_tests.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module OpenSSL_tests
20 |
21 | open FlexTLS
22 | open FlexClientHello
23 | open FlexRecord
24 | open FlexConnection
25 |
26 | let opensslTest myport dst port =
27 |
28 | // Start listening on localhost
29 | let st,_ = FlexConnection.serverOpenTcpConnection("127.0.0.1",port=myport) in
30 | // Get a client hello from a fully fledged implementation
31 | let st,_,ch = FlexClientHello.receive(st) in
32 |
33 | // Connect to victim
34 | let st,cfg = FlexConnection.clientOpenTcpConnection(dst,port=port) in
35 | // Forward the received client hello
36 | let _ = FlexRecord.send(st.ns,st.write.epoch,st.write.record,TLSConstants.Handshake,ch.payload,(FlexClientHello.getPV ch)) in
37 |
38 | // ... add here additional standard HS messages ...
39 |
40 | // Send the same client hello as before, with no extensions
41 | let ch = {ch with ext = Some([])} in
42 | let st,nsc,ch = FlexClientHello.send(st,ch) in
43 |
44 | // ... add here additional standard HS messages ...
45 |
46 | ()
47 |
--------------------------------------------------------------------------------
/flex/FlexApps/README-SKIPdemo.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mitls/mitls-flex/787826dd22d5253c5f4e03f9259614e6580db481/flex/FlexApps/README-SKIPdemo.txt
--------------------------------------------------------------------------------
/flex/FlexApps/Script.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module FlexApps.Script
20 |
21 | open Bytes
22 | open Error
23 | open TLSInfo
24 | open TLSConstants
25 |
26 | open FlexTLS
27 | open FlexTypes
28 | open FlexAlert
29 | open FlexConstants
30 | open FlexConnection
31 | open FlexClientHello
32 | open FlexServerHello
33 | open FlexCertificate
34 | open FlexCertificateRequest
35 | open FlexCertificateVerify
36 | open FlexServerHelloDone
37 | open FlexServerKeyExchange
38 | open FlexClientKeyExchange
39 | open FlexCCS
40 | open FlexFinished
41 | open FlexState
42 | open FlexSecrets
43 |
44 | type Script =
45 | class
46 |
47 | (* CLIENT - Run a full Handshake RSA with server side authentication only *)
48 | static member run () : state =
49 |
50 | // Peer information
51 | let address = "www.google.com" in
52 | let port = FlexConstants.defaultTCPPort in
53 | let timeout = 0 in
54 |
55 | Handshake_full_ECDHE.Handshake_full_ECDHE.client(address,port)
56 |
57 | end
58 |
--------------------------------------------------------------------------------
/flex/FlexApps/Test_EarlyAppData.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module FlexApps.Test_EarlyAppData
20 |
21 | open Bytes
22 | open TLSInfo
23 | open TLSConstants
24 |
25 | open FlexTLS
26 | open FlexTypes
27 | open FlexConstants
28 | open FlexConnection
29 | open FlexRecord
30 | open FlexClientHello
31 | open FlexServerHello
32 | open FlexCertificate
33 | open FlexServerHelloDone
34 | open FlexClientKeyExchange
35 | open FlexCCS
36 | open FlexFinished
37 | open FlexAppData
38 | open FlexState
39 | open FlexSecrets
40 | open FlexHandshake
41 |
42 |
43 | type Test_EarlyAppData =
44 | class
45 |
46 | /// CLIENT - Run full RSA Handshake with server authentication only
47 | static member client (address:string, ?port:int, ?st:state, ?timeout:int) : state =
48 | let port = defaultArg port FlexConstants.defaultTCPPort in
49 | let timeout = defaultArg timeout 0 in
50 |
51 | // Start TCP connection with the server if no state is provided by the user
52 | let st,_ =
53 | match st with
54 | | None -> FlexConnection.clientOpenTcpConnection(address,address,port,timeout=timeout)
55 | | Some(st) -> st,TLSInfo.defaultConfig
56 | in
57 |
58 | // Typical RSA key exchange messages
59 | let fch = {FlexConstants.nullFClientHello with
60 | ciphersuites = Some([TLS_RSA_WITH_AES_128_GCM_SHA256]) } in
61 |
62 | let st,nsc,fch = FlexClientHello.send(st,fch) in
63 | let st,nsc,fsh = FlexServerHello.receive(st,fch,nsc) in
64 | let st,nsc,fcert = FlexCertificate.receive(st,Client,nsc) in
65 | let st,fshd = FlexServerHelloDone.receive(st) in
66 |
67 | // Send inexpected application data
68 | let st = FlexAppData.send_http_get(st) in
69 |
70 | // Check if application data is returned by the peer
71 | let st,bytes = FlexAppData.receive(st) in
72 | st
73 |
74 | end
75 |
--------------------------------------------------------------------------------
/flex/FlexApps/client.java:
--------------------------------------------------------------------------------
1 | import java.net.*;
2 | import java.io.*;
3 |
4 | public class client {
5 | public static void main(String[] args) throws Exception {
6 | URL oracle = new URL(args[0]);
7 | URLConnection yc = oracle.openConnection();
8 | BufferedReader in = new BufferedReader(new InputStreamReader(yc.getInputStream()));
9 | String inputLine;
10 | while ((inputLine = in.readLine()) != null)
11 | System.out.println(inputLine);
12 | in.close();
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/flex/FlexApps/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/flex/FlexTLS/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreACiphers.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreACiphers
18 | open Bytes
19 |
20 | type sk = RSASKey of CoreKeys.rsaskey
21 | type pk = RSAPKey of CoreKeys.rsapkey
22 |
23 | type plain = bytes
24 | type ctxt = bytes
25 |
26 | val gen_key : unit -> sk * pk
27 | val encrypt_pkcs1 : pk -> plain -> ctxt
28 | val decrypt_pkcs1 : sk -> ctxt -> plain option
29 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreCiphers.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreCiphers
18 | open Bytes
19 |
20 | type key = bytes
21 | type iv = bytes
22 | type adata = bytes
23 |
24 | val aes_cbc_encrypt : key -> iv -> bytes -> bytes
25 | val aes_cbc_decrypt : key -> iv -> bytes -> bytes
26 |
27 | val aes_gcm_encrypt : key -> iv -> adata -> bytes -> bytes
28 | val aes_gcm_decrypt : key -> iv -> adata -> bytes -> bytes option
29 |
30 | val des3_cbc_encrypt : key -> iv -> bytes -> bytes
31 | val des3_cbc_decrypt : key -> iv -> bytes -> bytes
32 |
33 | type rc4engine
34 |
35 | val rc4create : key -> rc4engine
36 | val rc4process : rc4engine -> bytes -> bytes
37 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreDH.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreDH
18 |
19 | open Bytes
20 | open Error
21 | open CoreKeys
22 | open DHDB
23 |
24 | val defaultPQMinLength: (nat*nat)
25 |
26 | (* ------------------------------------------------------------------------ *)
27 | val check_p_g: nat -> nat -> nat -> bytes -> bytes -> (string,bytes) optResult
28 | val check_p_g_q: nat -> nat -> nat -> bytes -> bytes -> bytes -> (string,bool) optResult
29 |
30 | (* ------------------------------------------------------------------------ *)
31 | val check_params : dhdb -> nat -> nat * nat -> bytes -> bytes -> (string,dhdb*dhparams) optResult
32 | val check_element: dhparams -> bytes -> bool
33 | val gen_key : dhparams -> dhskey * dhpkey
34 | // less efficient implementation, in case q is not available
35 | val gen_key_pg : bytes -> bytes -> dhskey * dhpkey
36 | val agreement : bytes -> dhskey -> dhpkey -> bytes
37 |
38 | (* ------------------------------------------------------------------------ *)
39 | // Throws exceptions in case of error
40 | // (file not found, parsing error, unsafe parameters...)
41 | val load_default_params : string -> dhdb -> nat -> nat * nat -> dhdb*dhparams
42 |
43 | (* Constant groups as defined in draft-ietf-tls-negotiated-dl-dhe *)
44 | val dhe2432: dhparams
45 | val dhe3072: dhparams
46 | val dhe4096: dhparams
47 | val dhe6144: dhparams
48 | val dhe8192: dhparams
49 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreECDH.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreECDH
18 |
19 | open Bytes
20 | open CoreKeys
21 |
22 | val gen_key : ecdhparams -> ecdhskey * ecdhpkey
23 | val agreement : ecdhparams -> ecdhskey -> ecdhpkey -> bytes
24 | val serialize : ecdhpkey -> bytes
25 | val is_on_curve : ecdhparams -> ecpoint -> bool
26 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreHMac.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreHMac
18 | open Bytes
19 | open CryptoProvider
20 |
21 | type engine = HMac of CryptoProvider.HMac
22 | type key = bytes
23 |
24 | let name (HMac engine) =
25 | engine.Name
26 |
27 | let mac (HMac engine) (b : bytes) =
28 | abytes (engine.Process(cbytes b))
29 |
30 | let md5engine (k : key) = HMac (CoreCrypto.HMac "MD5" (cbytes k))
31 | let sha1engine (k : key) = HMac (CoreCrypto.HMac "SHA1" (cbytes k))
32 | let sha256engine (k : key) = HMac (CoreCrypto.HMac "SHA256" (cbytes k))
33 | let sha384engine (k : key) = HMac (CoreCrypto.HMac "SHA384" (cbytes k))
34 | let sha512engine (k : key) = HMac (CoreCrypto.HMac "SHA512" (cbytes k))
35 |
36 | let dohmac (factory : key -> engine) (k : key) (data : bytes) =
37 | mac (factory k) data
38 |
39 | let md5 (k : key) (data : bytes) = dohmac md5engine k data
40 | let sha1 (k : key) (data : bytes) = dohmac sha1engine k data
41 | let sha256 (k : key) (data : bytes) = dohmac sha256engine k data
42 | let sha384 (k : key) (data : bytes) = dohmac sha384engine k data
43 | let sha512 (k : key) (data : bytes) = dohmac sha512engine k data
44 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreHMac.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreHMac
18 | open Bytes
19 |
20 | type engine
21 | type key = bytes
22 |
23 | val name : engine -> string
24 | val mac : engine -> bytes -> bytes
25 |
26 | val md5engine : key -> engine
27 | val sha1engine : key -> engine
28 | val sha256engine : key -> engine
29 | val sha384engine : key -> engine
30 | val sha512engine : key -> engine
31 |
32 | val md5 : key -> bytes -> bytes
33 | val sha1 : key -> bytes -> bytes
34 | val sha256 : key -> bytes -> bytes
35 | val sha384 : key -> bytes -> bytes
36 | val sha512 : key -> bytes -> bytes
37 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreHash.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreHash
18 | open Bytes
19 |
20 | open CryptoProvider
21 |
22 | (* ---------------------------------------------------------------------- *)
23 | type engine = HashEngine of MessageDigest
24 |
25 | let name (HashEngine engine) =
26 | engine.Name
27 |
28 | let digest (HashEngine engine) (b : bytes) =
29 | abytes (engine.Digest (cbytes b))
30 |
31 | (* ---------------------------------------------------------------------- *)
32 | let md5engine () = HashEngine (CoreCrypto.Digest "MD5" )
33 | let sha1engine () = HashEngine (CoreCrypto.Digest "SHA1" )
34 | let sha256engine () = HashEngine (CoreCrypto.Digest "SHA256")
35 | let sha384engine () = HashEngine (CoreCrypto.Digest "SHA384")
36 | let sha512engine () = HashEngine (CoreCrypto.Digest "SHA512")
37 |
38 | (* ---------------------------------------------------------------------- *)
39 | let dohash (factory : unit -> engine) (x : bytes) =
40 | let engine = factory () in
41 | (digest engine x)
42 |
43 | let md5 x = dohash md5engine x
44 | let sha1 x = dohash sha1engine x
45 | let sha256 x = dohash sha256engine x
46 | let sha384 x = dohash sha384engine x
47 | let sha512 x = dohash sha512engine x
48 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreHash.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreHash
18 | open Bytes
19 |
20 | type engine
21 |
22 | val name : engine -> string
23 | val digest : engine -> bytes -> bytes
24 |
25 | val md5engine : unit -> engine
26 | val sha1engine : unit -> engine
27 | val sha256engine : unit -> engine
28 | val sha384engine : unit -> engine
29 | val sha512engine : unit -> engine
30 |
31 | val md5 : bytes -> bytes
32 | val sha1 : bytes -> bytes
33 | val sha256 : bytes -> bytes
34 | val sha384 : bytes -> bytes
35 | val sha512 : bytes -> bytes
36 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreKeys.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreKeys
18 | open Bytes
19 | type modulus = bytes
20 | type exponent = bytes
21 |
22 | type rsapkey = modulus * exponent
23 | type rsaskey = modulus * exponent
24 |
25 | type dsaparams = { p : bytes; q : bytes; g : bytes; }
26 |
27 | type dsapkey = bytes * dsaparams
28 | type dsaskey = bytes * dsaparams
29 |
30 | type dhparams = { dhp : bytes; dhg : bytes; dhq : bytes; safe_prime : bool }
31 |
32 | type dhpkey = bytes
33 | type dhskey = bytes
34 |
35 | type ecprime = { ecp_prime : string; ecp_order : string; ecp_a : string; ecp_b : string; ecp_gx : string; ecp_gy : string; ecp_bytelen : int; ecp_id : bytes; }
36 | type eccurve =
37 | | EC_PRIME of ecprime
38 |
39 | type ecpoint = { ecx : bytes; ecy : bytes; }
40 | type ecdhparams = { curve: eccurve; compression: bool; }
41 | type ecdhpkey = ecpoint
42 | type ecdhskey = bytes
43 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreKeys.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreKeys
18 | open Bytes
19 |
20 | (* RSA *)
21 | type modulus = bytes
22 | type exponent = bytes
23 |
24 | type rsapkey = modulus * exponent
25 | type rsaskey = modulus * exponent
26 |
27 | (* DSA *)
28 | type dsaparams = { p : bytes; q : bytes; g : bytes; }
29 |
30 | type dsapkey = bytes * dsaparams
31 | type dsaskey = bytes * dsaparams
32 |
33 | (* DH *)
34 | // A DHDB entry
35 | type dhparams = { dhp : bytes; dhg : bytes; dhq : bytes; safe_prime: bool; }
36 |
37 | type dhpkey = bytes
38 | type dhskey = bytes
39 |
40 | type ecprime = { ecp_prime : string; ecp_order : string; ecp_a : string; ecp_b : string; ecp_gx : string; ecp_gy : string; ecp_bytelen : int; ecp_id : bytes; }
41 | type eccurve =
42 | | EC_PRIME of ecprime
43 |
44 | type ecpoint = { ecx : bytes; ecy : bytes; }
45 | type ecdhparams = { curve: eccurve; compression: bool; }
46 | type ecdhpkey = ecpoint
47 | type ecdhskey = bytes
48 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreRandom.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreRandom
18 |
19 | open Org.BouncyCastle.Security
20 |
21 | let provider = new SecureRandom()
22 |
23 | let random (i : int) =
24 | if i < 0 then
25 | invalidArg "length" "must be non-negative";
26 |
27 | let bytes = Array.create i 0uy in
28 | lock provider (fun () -> provider.NextBytes(bytes, 0, i));
29 | Bytes.abytes bytes
30 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreRandom.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreRandom
18 |
19 | val random : int -> Bytes.bytes
20 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/CoreSig.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CoreSig
18 | open Bytes
19 |
20 | (* ------------------------------------------------------------------------ *)
21 | type sighash =
22 | | SH_MD5
23 | | SH_SHA1
24 | | SH_SHA256
25 | | SH_SHA384
26 |
27 | type sigalg =
28 | | CORE_SA_RSA
29 | | CORE_SA_DSA
30 | | CORE_SA_ECDSA
31 |
32 | (* ------------------------------------------------------------------------ *)
33 | type sigskey =
34 | | SK_RSA of CoreKeys.rsaskey
35 | | SK_DSA of CoreKeys.dsaskey
36 | | SK_ECDH of CoreKeys.ecdhskey
37 |
38 | type sigpkey =
39 | | PK_RSA of CoreKeys.rsapkey
40 | | PK_DSA of CoreKeys.dsapkey
41 | | PK_ECDH of CoreKeys.ecdhpkey
42 |
43 | val sigalg_of_skey : sigskey -> sigalg
44 | val sigalg_of_pkey : sigpkey -> sigalg
45 |
46 | (* ------------------------------------------------------------------------ *)
47 | type text = bytes
48 | type sigv = bytes
49 |
50 | val gen : sigalg -> sigpkey * sigskey
51 | val sign : sighash option -> sigskey -> text -> sigv
52 | val verify : sighash option -> sigpkey -> text -> sigv -> bool
53 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/DER.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module DER
18 |
19 | open Bytes
20 |
21 | type dervalue =
22 | | Bool of bool
23 | | Bytes of bytes
24 | | Utf8String of string
25 | | Sequence of dervalue list
26 |
27 | val encode : dervalue -> bytes
28 | val decode : bytes -> dervalue option
29 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/DHDB.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module DHDB
18 |
19 | open Bytes
20 |
21 | // p, g, q, true => prime(p) /\ prime(q) /\ g^q mod p = 1 /\ p = 2*q + 1
22 | // p, g, q, false => prime(p) /\ prime(q) /\ g^q mod p = 1 /\ ?j. p = j*q + 1 /\ length(q) >= threshold
23 | type Key = bytes * bytes // p, g
24 | type Value = bytes * bool // q, safe_prime?
25 |
26 | type dhdb
27 |
28 | val defaultFileName: string
29 |
30 | val create: string -> dhdb
31 | val select: dhdb -> Key -> Value option
32 | val insert: dhdb -> Key -> Value -> dhdb
33 | val remove: dhdb -> Key -> dhdb
34 | val keys : dhdb -> Key list
35 | val merge : dhdb -> string -> dhdb
36 |
--------------------------------------------------------------------------------
/libs/CoreCrypto/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/libs/DB/DB.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module DB
18 |
19 | type db
20 |
21 | type key = string
22 | type value = string
23 |
24 | exception DBError of string
25 |
26 | val opendb : string -> db
27 | val closedb : db -> unit
28 | val put : db -> key -> value -> unit
29 | val get : db -> key -> value option
30 | val remove : db -> key -> bool
31 | val all : db -> (key * value) list
32 | val keys : db -> key list
33 | val merge : db -> string -> unit
34 | val tx : db -> (db -> 'a) -> 'a
35 |
--------------------------------------------------------------------------------
/libs/DB/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/libs/DHDBManager/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/libs/DHDBManager/DHDBManager.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module DHDBManager
18 |
19 | open DHDB
20 | open Bytes
21 | open CoreKeys
22 |
23 | // Constant confidence value for primality tests
24 | val defaultDHPrimeConfidence : nat
25 |
26 | // Throws exceptions in case of error
27 | // (file not found, parsing error, unsafe parameters...)
28 | val load_default_params : string -> dhdb -> nat * nat -> dhdb * dhparams
29 |
--------------------------------------------------------------------------------
/libs/DHDBManager/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/libs/OpenSSL/OpenSSL.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Debug
5 | AnyCPU
6 | 8.0.30703
7 | 2.0
8 | {DB787D27-C33E-4D14-BF2C-B92CBDBF0C54}
9 | Library
10 | Properties
11 | OpenSSL
12 | OpenSSL
13 | v4.0
14 | 512
15 |
16 |
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 | true
25 |
26 |
27 | pdbonly
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 | true
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
56 |
--------------------------------------------------------------------------------
/libs/OpenSSL/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("OpenSSL")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("OpenSSL")]
13 | [assembly: AssemblyCopyright("Copyright © 2013")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("4bcb676e-9955-43b3-bd6f-d30f7ea0e083")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/libs/Platform/Bytes.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Bytes
18 |
19 | type nat = int
20 | type cbytes = byte[]
21 | []
22 | type bytes
23 | type lbytes = bytes
24 | val empty_bytes: bytes
25 | val abytes: byte[] -> bytes
26 | val abyte: byte -> bytes
27 | val abyte2: (byte * byte) -> bytes
28 | val cbytes: bytes -> byte[]
29 | val cbyte: bytes -> byte
30 | val cbyte2: bytes -> byte * byte
31 |
32 | val createBytes: int -> int -> bytes
33 |
34 | val bytes_of_int: int -> int -> bytes
35 |
36 | val int_of_bytes: bytes -> int
37 |
38 | val length: bytes -> int
39 |
40 | val equalBytes: bytes -> bytes -> bool
41 | val xor: bytes -> bytes -> int -> bytes
42 |
43 | (* append *)
44 | val (@|): bytes -> bytes -> bytes
45 | val split: bytes -> int -> (bytes * bytes)
46 | val split2: bytes -> int -> int -> (bytes * bytes * bytes)
47 | (* strings *)
48 | val utf8: string -> bytes
49 | val iutf8: bytes -> string
50 |
51 | val hexString: bytes -> string
52 |
--------------------------------------------------------------------------------
/libs/Platform/Date.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Date
18 |
19 | type DateTime = DT of System.DateTime
20 | type TimeSpan = TS of System.TimeSpan
21 | let now () = DT (System.DateTime.Now)
22 | let dawn = new System.DateTime(1970, 1, 1)
23 | let secondsFromDawn () = (int32) (System.DateTime.UtcNow - dawn).TotalSeconds
24 | let newTimeSpan d h m s = TS (new System.TimeSpan(d,h,m,s))
25 | let addTimeSpan (DT(a)) (TS(b)) = DT (a + b)
26 | let greaterDateTime (DT(a)) (DT(b)) = a > b
27 |
--------------------------------------------------------------------------------
/libs/Platform/Date.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Date
18 |
19 | type DateTime
20 | type TimeSpan
21 | val now: unit -> DateTime
22 | val secondsFromDawn: unit -> int
23 | val newTimeSpan: int -> int -> int -> int -> TimeSpan
24 | val addTimeSpan: DateTime -> TimeSpan -> DateTime
25 | val greaterDateTime: DateTime -> DateTime -> bool
26 |
--------------------------------------------------------------------------------
/libs/Platform/Date.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Date
18 |
19 | type DateTime
20 | type TimeSpan
21 | val now: unit -> DateTime
22 | val secondsFromDawn: unit -> int
23 | val newTimeSpan: int -> int -> int -> int -> TimeSpan
24 | val addTimeSpan: DateTime -> TimeSpan -> DateTime
25 | val greaterDateTime: DateTime -> DateTime -> bool
26 |
--------------------------------------------------------------------------------
/libs/Platform/Error.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Error
18 |
19 | type ('a,'b) optResult =
20 | | Error of 'a
21 | | Correct of 'b
22 |
23 | let perror (file:string) (line:string) (text:string) =
24 | #if verify
25 | text
26 | #else
27 | Printf.sprintf "Error at %s:%s: %s." file line (if text="" then "No reason given" else text)
28 | #endif
29 |
30 | let correct x = Correct x
31 |
32 | let unexpected info = failwith info
33 | let unreachable info = failwith info
34 |
--------------------------------------------------------------------------------
/libs/Platform/Error.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Error
18 |
19 | type ('a,'b) optResult =
20 | | Error of 'a
21 | | Correct of 'b
22 |
23 | val perror: string -> string -> string -> string
24 |
25 | val correct: x:'a -> y:('b,'a) optResult{y = Correct(x)}
26 |
27 | (* Both unexpected and unreachable are aliases for failwith;
28 | they indicate code that should never be executed at runtime.
29 | This is verified by typing only for the unreachable function;
30 | this matters e.g. when dynamic errors are security-critical *)
31 |
32 | val unexpected: string -> 'a {false}
33 | val unreachable: string {false} -> 'a
34 |
--------------------------------------------------------------------------------
/libs/Platform/Error.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Error
18 |
19 | type ('a,'b) optResult =
20 | | Error of 'a
21 | | Correct of 'b
22 |
23 | val perror: string -> string -> string -> string
24 | val correct: 'a -> ('b,'a) optResult
25 | val unexpected: string -> 'a
26 | val unreachable: string -> 'a
27 |
--------------------------------------------------------------------------------
/libs/Platform/List.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module List
18 |
19 | open Bytes
20 |
21 | let fold (op: bytes-> bytes-> bytes) state data = List.fold op state data
22 | let filter f l = List.filter f l
23 | let foldBack (f:bytes -> bytes -> bytes) bl s = List.foldBack f bl s
24 | let exists f l = List.exists f l
25 | let memr l x = List.exists (fun y -> x = y) l
26 | let choose f l = List.choose f l
27 | let tryFind f l = List.tryFind f l
28 | let listLength (l:'a list) = l.Length
29 | let listHead (l:'a list) = l.Head
30 | let find f l = List.find f l
31 | let map f l = List.map f l
32 |
--------------------------------------------------------------------------------
/libs/Platform/List.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module List
18 |
19 | open Bytes
20 |
21 | function val ListLength: 'a list -> nat
22 | assume ListLength(op_Nil()) = 0
23 | assume !x,y. ListLength(op_ColonColon(x,y)) = 1 + ListLength(y)
24 | assume !l. BLength(array_of_list(l)) = ListLength(l)
25 |
26 | val fold: (bytes -> bytes -> bytes) -> s:bytes -> bl:bytes list -> b:bytes
27 | val filter: ('a -> bool) -> 'a list -> 'a list
28 | val foldBack: (bytes -> bytes -> bytes) -> bl:bytes list -> s:bytes -> b:bytes
29 | val exists: ('a -> bool) -> 'a list -> bool
30 | val memr: 'a list -> 'a -> bool
31 | val choose: ('a -> 'b option) -> 'a list -> 'b list
32 | val tryFind: ('a -> bool) -> 'a list -> 'a option
33 | val listLength: l:('a list) -> len:nat{ListLength(l)=len}
34 | val listHead: l:('a list){ListLength(l) > 0} -> 'a
35 | val find: ('a -> bool) -> 'a list -> 'a
36 | val map: ('a -> 'b) -> 'a list -> 'b list
37 |
--------------------------------------------------------------------------------
/libs/Platform/List.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module List
18 |
19 | open Bytes
20 |
21 | // Most of these functions are not used parametrically by other modules, but required types are not defined here.
22 | val fold: (bytes -> bytes -> bytes) -> bytes -> bytes list -> bytes
23 | val filter: ('a -> bool) -> 'a list -> 'a list
24 | val foldBack: (bytes -> bytes -> bytes) -> bytes list -> bytes -> bytes
25 | val exists: ('a -> bool) -> 'a list -> bool
26 | val memr: 'a list -> 'a -> bool when 'a : equality
27 | val choose: ('a -> 'b option) -> 'a list -> 'b list
28 | val tryFind: ('a -> bool) -> 'a list -> 'a option
29 | val listLength: ('a list) -> int
30 | val listHead: ('a list) -> 'a
31 | val find: ('a -> bool) -> 'a list -> 'a
32 | val map: ('a -> 'b) -> 'a list -> 'b list
33 |
--------------------------------------------------------------------------------
/libs/Platform/Serialization.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Serialization
18 |
19 | val serialize : 'T -> string
20 | val deserialize : string -> 'T
21 |
--------------------------------------------------------------------------------
/libs/Platform/Tcp.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Tcp
18 |
19 | (* Trusted only to return bytes of the requested length *)
20 |
21 | open Bytes
22 | open Error
23 |
24 | type NetworkStream
25 | type TcpListener
26 |
27 | (* Server side *)
28 |
29 | val listen: string -> int -> TcpListener
30 | val accept: TcpListener -> NetworkStream
31 | val stop: TcpListener -> unit
32 |
33 | (* Client side *)
34 |
35 | val connect: string -> int -> NetworkStream
36 |
37 | (* Synchronous Input/Output *)
38 |
39 | val read: NetworkStream -> l:int{l>0} -> (string,(;l) lbytes) optResult
40 | val write: NetworkStream -> bytes -> (string,unit) optResult
41 | val close: NetworkStream -> unit
42 |
--------------------------------------------------------------------------------
/libs/Platform/Tcp.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Tcp
18 |
19 | open Bytes
20 | open Error
21 |
22 | type NetworkStream
23 | type TcpListener
24 |
25 | (* Create a network stream from a given stream.
26 | Only used by the application interface TLSharp. *)
27 | val create: System.IO.Stream -> NetworkStream
28 |
29 | (* Get the underlying stream.
30 | Only used by the FlexTLS application *)
31 | val getStream: NetworkStream -> System.IO.Stream
32 |
33 | (* Server side *)
34 |
35 | val listen: string -> int -> TcpListener
36 | val acceptTimeout: int -> TcpListener -> NetworkStream
37 | val accept: TcpListener -> NetworkStream
38 | val stop: TcpListener -> unit
39 |
40 | (* Client side *)
41 |
42 | val connectTimeout: int -> string -> int -> NetworkStream
43 | val connect: string -> int -> NetworkStream
44 |
45 | (* Input/Output *)
46 |
47 | val read: NetworkStream -> int -> (string,bytes) optResult
48 | val write: NetworkStream -> bytes -> (string,unit) optResult
49 | val close: NetworkStream -> unit
50 |
--------------------------------------------------------------------------------
/libs/Platform/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/src/tls/AEAD_GCM.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module AEAD_GCM
20 |
21 | open Bytes
22 | open TLSInfo
23 | open Range
24 | open TLSError
25 |
26 | type cipher = bytes
27 | type state
28 | type encryptor = state
29 | type decryptor = state
30 |
31 | val GEN: id -> encryptor * decryptor
32 | val COERCE: id -> rw -> bytes -> bytes -> state
33 | val LEAK: id -> rw -> state -> bytes
34 |
35 | val ENC: id -> encryptor -> LHAEPlain.adata -> range ->
36 | LHAEPlain.plain -> (encryptor * bytes)
37 |
38 | val DEC: id -> decryptor -> LHAEPlain.adata -> range ->
39 | bytes -> Result<(decryptor * LHAEPlain.plain)>
40 |
--------------------------------------------------------------------------------
/src/tls/Alert.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Alert
20 |
21 | open Error
22 | open TLSError
23 | open TLSInfo
24 | open Range
25 |
26 | []
27 | type pre_al_state
28 | type state = pre_al_state
29 |
30 | type ALFragReply =
31 | | EmptyALFrag
32 | | ALFrag of range * HSFragment.fragment
33 | | LastALFrag of range * HSFragment.fragment * alertDescription
34 | | LastALCloseFrag of range * HSFragment.fragment
35 |
36 | []
37 | type alert_reply =
38 | | ALAck of state
39 | | ALFatal of alertDescription * state
40 | | ALWarning of alertDescription * state
41 | | ALClose_notify of state
42 |
43 | val alertBytes: alertDescription -> Bytes.bytes
44 | val parseAlert: Bytes.bytes -> Result
45 |
46 | val init: ConnectionInfo -> state
47 |
48 | val send_alert: ConnectionInfo -> state -> alertDescription -> state
49 |
50 | val next_fragment: ConnectionInfo -> state -> (ALFragReply * state)
51 |
52 | val recv_fragment: ConnectionInfo -> state -> range -> HSFragment.fragment -> Result
53 |
54 | val is_incoming_empty: ConnectionInfo -> state -> bool
55 | val reset_incoming: ConnectionInfo -> state -> ConnectionInfo -> state
56 | val reset_outgoing: ConnectionInfo -> state -> ConnectionInfo -> state
57 |
--------------------------------------------------------------------------------
/src/tls/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/src/tls/AppData.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module AppData
20 |
21 | open TLSInfo
22 | open Bytes
23 | open Error
24 | open TLSError
25 | open DataStream
26 | open Range
27 |
28 | type app_state
29 |
30 | val inStream: ConnectionInfo -> app_state -> stream
31 | val outStream: ConnectionInfo -> app_state -> stream
32 |
33 | val init: ConnectionInfo -> app_state
34 | val writeAppData: ConnectionInfo -> app_state -> range -> AppFragment.fragment -> stream -> app_state
35 | val next_fragment: ConnectionInfo -> app_state -> option<(range * AppFragment.fragment * app_state)>
36 | val clearOutBuf: ConnectionInfo -> app_state -> app_state
37 |
38 | val recv_fragment: ConnectionInfo -> app_state -> range -> AppFragment.fragment -> delta * app_state
39 |
40 | val reset_incoming: ConnectionInfo -> app_state -> ConnectionInfo -> app_state
41 | val reset_outgoing: ConnectionInfo -> app_state -> ConnectionInfo -> app_state
42 |
--------------------------------------------------------------------------------
/src/tls/AppFragment.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module AppFragment
20 | open Bytes
21 | open TLSInfo
22 | open Range
23 | open DataStream
24 | open TLSError
25 |
26 | type preFragment
27 | type fragment = preFragment
28 | val fragment: epoch -> stream -> range -> delta -> fragment * stream
29 | val delta: epoch -> stream -> range -> fragment -> delta * stream
30 | type plain = fragment
31 |
32 | val plain: id -> range -> bytes -> fragment
33 | val repr: id -> range -> fragment -> bytes
34 |
35 | val makeExtPad: id -> range -> fragment -> fragment
36 | val parseExtPad: id -> range -> fragment -> Result
37 |
38 | #if ideal
39 | val widen: id -> range -> fragment -> fragment
40 | #endif
41 |
--------------------------------------------------------------------------------
/src/tls/Cert.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Cert
20 |
21 | open Bytes
22 | open Error
23 | open TLSError
24 | open UntrustedCert
25 |
26 | type hint = UntrustedCert.hint
27 | type cert = UntrustedCert.cert
28 |
29 | type chain = UntrustedCert.chain
30 | type sign_cert = option<(chain * Sig.alg * Sig.skey)>
31 | type enc_cert = option<(chain * RSAKey.sk)>
32 |
33 | val for_signing : list -> hint -> list -> sign_cert
34 | val for_key_encryption : list -> hint -> enc_cert
35 |
36 | val get_public_signing_key : cert -> Sig.alg -> Result
37 | val get_public_encryption_key : cert -> Result
38 |
39 | val get_chain_public_signing_key : chain -> Sig.alg -> Result
40 | val get_chain_public_encryption_key : chain -> Result
41 |
42 | val is_chain_for_signing : chain -> bool
43 | val is_chain_for_key_encryption : chain -> bool
44 |
45 | val get_hint : chain -> option
46 | val validate_cert_chain : list -> chain -> bool
47 | val parseCertificateList: bytes -> Result
48 | val certificateListBytes: chain -> bytes
49 |
--------------------------------------------------------------------------------
/src/tls/CommonDH.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CommonDH
18 |
19 | (* This modules provide agility in the groups used for Diffie-Hellman key exchanges,
20 | hiding ECGroup, DHGroup, and their representations.
21 |
22 | We could extend it to also cover (EC)DSA signing. *)
23 |
24 | open Bytes
25 | open Error
26 | open TLSConstants
27 | open CoreKeys
28 |
29 | type element = {
30 | dhe_p : DHGroup.elt option;
31 | // unverified so far: dhe_ec: ECGroup.point option
32 | }
33 |
34 | val dhe_nil : element
35 |
36 | type secret = Key of bytes
37 |
38 | type parameters =
39 | | DHP_P of dhparams
40 | | DHP_EC of ecdhparams
41 |
42 | val parse: parameters -> bytes -> element option
43 |
44 | val leak: parameters -> element -> secret -> bytes
45 | val coerce: parameters -> element -> bytes -> secret
46 |
47 | val get_p: element -> DHGroup.elt
48 |
49 | val serializeKX: parameters -> element -> bytes
50 | val checkParams: DHDB.dhdb option -> int * int -> parameters -> (DHDB.dhdb option * parameters) TLSError.Result
51 | val checkElement: parameters -> element -> element option
52 |
--------------------------------------------------------------------------------
/src/tls/CommonDH.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module CommonDH
18 |
19 | open Bytes
20 | open Error
21 | open TLSConstants
22 | open CoreKeys
23 |
24 | type element = {
25 | dhe_p : DHGroup.elt option;
26 | dhe_ec : ECGroup.point option;
27 | }
28 | val dhe_nil : element
29 |
30 | type secret = Key of bytes
31 |
32 | type parameters =
33 | | DHP_P of dhparams
34 | | DHP_EC of ecdhparams
35 |
36 | // exception Invalid_DH
37 |
38 | val leak: parameters -> element -> secret -> bytes
39 | val coerce: parameters -> element -> bytes -> secret
40 |
41 | val get_p: element -> DHGroup.elt
42 | #if verify
43 | #else
44 | val get_ec: element -> ECGroup.point
45 | #endif
46 |
47 | // (p, g, g^x) payload of ServerKeyExchange for (EC)DH, additionally signed/verified for (EC)DHE
48 | val serializeKX: parameters -> element -> bytes
49 |
50 | val checkParams: DHDB.dhdb option -> int * int -> parameters -> (DHDB.dhdb option * parameters) TLSError.Result
51 |
52 | val parse: parameters -> bytes -> element option
53 |
54 | val checkElement: parameters -> element -> element option
55 |
--------------------------------------------------------------------------------
/src/tls/DH.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module DH
20 |
21 | open Bytes
22 | // open DHGroup
23 | // open CoreKeys
24 |
25 | open CommonDH
26 |
27 | open TLSConstants
28 |
29 | val serverGenDH: string -> DHDB.dhdb -> nat * nat -> DHDB.dhdb option * parameters * element * secret
30 | val serverGenECDH: ec_curve -> DHDB.dhdb option * parameters * element * secret
31 |
32 | val clientGenExp: parameters -> element -> (element * PMS.dhpms)
33 | val serverExp: parameters -> element -> element -> secret -> PMS.dhpms
34 |
35 | val serialize: element -> bytes
36 |
--------------------------------------------------------------------------------
/src/tls/DHGroup.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module DHGroup
18 |
19 | open Bytes
20 | open DHDB
21 | open CoreKeys
22 | open TLSError
23 |
24 | // Marks "Strong" parameter generation used by compliant servers,
25 | // formally a precondition for signing them with an honest key.
26 | predicate PP of bytes * bytes
27 |
28 | // For public parameters and exchanged values.
29 | // We use an abstract predicate to ensure that elements
30 | // are bytes that have been correctly generated or checked,
31 | // e.g. Elt(p,g,b) => Num(b) in [2..p-1) /\ order(b) = order(g)
32 |
33 | predicate Elt of bytes * bytes * bytes
34 |
35 | type (;p:bytes,g:bytes) elt = b:bytes{ Elt(p,g,b) }
36 |
37 | theorem !p,g. PP(p,g) => Elt(p,g,g)
38 |
39 | private val goodPP_log: (dhparams list) ref
40 | private val pp: dhp:dhparams ->
41 | dhp':dhparams {dhp = dhp' /\ PP(dhp.dhp,dhp.dhg)}
42 | val goodPP: dhp:dhparams -> b:bool{b = true <=> PP(dhp.dhp,dhp.dhg)}
43 |
44 | val genElement: dhp:dhparams -> (;dhp.dhp,dhp.dhg) elt
45 | val checkParams: dhdb -> nat * nat -> p:bytes -> g:bytes ->
46 | ((dhdb * dhp:dhparams){PP(p,g) /\ dhp.dhp = p /\ dhp.dhg = g}) Result
47 |
48 | val checkElement: dhp:dhparams{PP(dhp.dhp,dhp.dhg)} -> b:bytes -> (b':(;dhp.dhp,dhp.dhg) elt {b = b'}) option
49 |
50 | val defaultDHparams: string -> dhdb -> nat * nat -> ((dhdb * dhp:dhparams){PP(dhp.dhp,dhp.dhg)})
51 |
--------------------------------------------------------------------------------
/src/tls/DHGroup.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module DHGroup
20 |
21 | open Bytes
22 | open CoreKeys
23 | open TLSError
24 |
25 | type elt = bytes // no need for element parsing/formatting, but we still need to check vs dhparams!
26 |
27 | #if ideal
28 | val goodPP: dhparams -> bool
29 | type preds = | Elt of bytes * bytes * elt
30 | #endif
31 |
32 | val genElement : dhparams -> elt
33 | val checkParams : DHDB.dhdb -> nat * nat -> bytes -> bytes -> Result<(DHDB.dhdb * dhparams)>
34 | val checkElement: dhparams -> bytes -> option
35 |
36 | val defaultDHparams: string -> DHDB.dhdb -> nat * nat -> (DHDB.dhdb * dhparams)
37 |
--------------------------------------------------------------------------------
/src/tls/DataStream.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module DataStream
20 | open TLSInfo
21 | open Bytes
22 | open Error
23 | open TLSError
24 | open Range
25 |
26 | val splitRange: epoch -> range -> range * range
27 |
28 | type stream
29 | type delta
30 |
31 | // The following two functions are used only by the application.
32 | // They are never called from TLS.
33 | val createDelta: epoch -> stream -> range -> rbytes -> delta
34 | val deltaBytes: epoch -> stream -> range -> delta -> rbytes
35 |
36 | val init: epoch -> stream
37 | val append: epoch -> stream -> range -> delta -> stream
38 | val split: epoch -> stream -> range -> range -> delta -> delta * delta
39 | val deltaPlain: epoch -> stream -> range -> rbytes -> delta
40 | val deltaRepr: epoch -> stream -> range -> delta -> rbytes
41 |
42 | #if ideal
43 | val widen: epoch -> stream -> range -> range -> delta -> delta
44 | #endif
45 |
--------------------------------------------------------------------------------
/src/tls/ECGroup.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module ECGroup
20 |
21 | open Bytes
22 | open CoreKeys
23 |
24 | open TLSConstants
25 |
26 | /// payload of the ec_curve extension
27 | type ec_all_curve =
28 | | EC_CORE of ec_curve
29 | | EC_UNKNOWN of int
30 | | EC_EXPLICIT_PRIME
31 | | EC_EXPLICIT_BINARY
32 |
33 | /// payload of the ec_point_format extension
34 | type point_format =
35 | | ECP_UNCOMPRESSED
36 | | ECP_UNKNOWN of int
37 |
38 | type point = ecpoint
39 |
40 | val getParams : ec_curve -> ecdhparams
41 | val parse_curve : bytes -> ecdhparams option
42 | val curve_id : ecdhparams -> bytes
43 | val curve_name : ecdhparams -> ec_curve
44 | val serialize_point : ecdhparams -> point -> bytes
45 | val parse_point : ecdhparams -> bytes -> point option
46 | val checkElement: ecdhparams -> point -> point option
47 |
--------------------------------------------------------------------------------
/src/tls/ENC.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module ENC
20 |
21 | open Bytes
22 | open TLSInfo
23 |
24 | type state
25 | type encryptor = state
26 | type decryptor = state
27 |
28 | val GEN: id -> encryptor * decryptor
29 | val LEAK: id -> rw -> state -> bytes * bytes
30 | val COERCE: id -> rw -> bytes -> bytes-> state
31 |
32 | type cipher = bytes
33 |
34 | val ENC: id -> encryptor -> LHAEPlain.adata -> Range.range -> Encode.plain -> (encryptor * cipher)
35 | val DEC: id -> decryptor -> LHAEPlain.adata -> cipher -> (decryptor * Encode.plain)
36 |
--------------------------------------------------------------------------------
/src/tls/Encode.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Encode
20 |
21 | open Bytes
22 | open Error
23 | open TLSError
24 | open TLSInfo
25 | open TLSConstants
26 | open Range
27 |
28 | type plain
29 | val plain: id -> LHAEPlain.adata -> nat -> bytes -> plain
30 | val repr: id -> LHAEPlain.adata -> range -> plain -> bytes
31 |
32 | val mac: id -> MAC.key -> LHAEPlain.adata -> range -> LHAEPlain.plain -> plain
33 | val verify: id -> MAC.key -> LHAEPlain.adata -> range -> plain -> Result
34 |
35 | val decodeNoPad_bytes: id -> LHAEPlain.adata -> range -> nat -> lbytes -> rbytes * MAC.tag
36 | val verify_MACOnly: id -> MAC.key -> LHAEPlain.adata -> range -> nat -> rbytes -> MAC.tag ->
37 | Result
38 |
39 | #if ideal
40 | val widen: id -> LHAEPlain.adata -> range -> plain -> plain
41 | #endif
42 |
--------------------------------------------------------------------------------
/src/tls/HASH.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module HASH
20 |
21 | open Bytes
22 | open TLSConstants
23 |
24 | (* Parametric hash algorithm (implements interface) *)
25 | let hash' alg data =
26 | match alg with
27 | | NULL -> data
28 | | MD5SHA1 -> (CoreHash.md5 data) @| (CoreHash.sha1 data)
29 | | MD5 -> (CoreHash.md5 data)
30 | | SHA -> (CoreHash.sha1 data)
31 | | SHA256 -> (CoreHash.sha256 data)
32 | | SHA384 -> (CoreHash.sha384 data)
33 |
34 | let hash alg data =
35 | let h = hash' alg data in
36 | let l = length h in
37 | let exp = hashSize alg in
38 | if l = exp then h
39 | else Error.unexpected "CoreHash returned a hash of an unexpected size"
40 |
--------------------------------------------------------------------------------
/src/tls/HASH.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module HASH
18 |
19 | (* Core cryptographic hash algorithms; trusted only to have the right tag length *)
20 |
21 | // the crypto assumptions are in MAC and PRF, not here
22 |
23 | open Bytes
24 | open TLSConstants
25 |
26 | private val hash': a:hashAlg -> bytes -> b:bytes
27 |
28 | val hash: a:hashAlg -> bytes -> b:bytes{Length(b)=HashSize(a)}
29 |
--------------------------------------------------------------------------------
/src/tls/HASH.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module HASH
20 |
21 | open Bytes
22 | open TLSConstants
23 |
24 | val hash: hashAlg -> bytes -> bytes
25 |
--------------------------------------------------------------------------------
/src/tls/HMAC.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module HMAC
18 |
19 | (* Core HMAC algorithms; trusted only on their tag lengths *)
20 |
21 | open Bytes
22 | open TLSConstants
23 |
24 | type key = bytes
25 | type data = bytes
26 | type mac = bytes
27 |
28 | val ssl_pad1_md5: bytes
29 | val ssl_pad2_md5: bytes
30 | val ssl_pad1_sha1: bytes
31 | val ssl_pad2_sha1: bytes
32 |
33 | private val sslKeyedHashPads: hashAlg -> bytes * bytes
34 | private val sslKeyedHash: hashAlg -> key -> data -> mac
35 | private val sslKeyedHashVerify: hashAlg -> key -> data -> mac -> bool
36 | private val hmac: hashAlg -> key -> data -> mac
37 | private val hmacVerify: hashAlg -> key -> data -> mac -> bool
38 |
39 | val tls_mac:
40 | a:macAlg -> k:key {Length(k)=MacKeySize(a)} ->
41 | data -> t:mac {Length(t)=MacSize(a)}
42 | val tls_macVerify:
43 | a:macAlg -> k:key {Length(k)=MacKeySize(a)} ->
44 | data -> t:mac {Length(k)=MacSize(a)} -> bool
45 |
--------------------------------------------------------------------------------
/src/tls/HMAC.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module HMAC
20 |
21 | open Bytes
22 | open TLSConstants
23 |
24 | type key = bytes
25 | type data = bytes
26 | type mac = bytes
27 |
28 | val tls_mac: macAlg -> key -> data -> mac
29 | val tls_macVerify: macAlg -> key -> data -> mac -> bool
30 |
31 | (* SSL/TLS Constants *)
32 |
33 | val ssl_pad1_md5: bytes
34 | val ssl_pad2_md5: bytes
35 | val ssl_pad1_sha1: bytes
36 | val ssl_pad2_sha1: bytes
37 |
--------------------------------------------------------------------------------
/src/tls/HSFragment.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module HSFragment
20 | open Bytes
21 | open TLSInfo
22 | open Range
23 | open Error
24 | open TLSError
25 |
26 | type fragment = {frag: rbytes}
27 | type stream = {sb:list}
28 | type plain = fragment
29 |
30 | let fragmentPlain (ki:id) (r:range) b = {frag = b}
31 | let fragmentRepr (ki:id) (r:range) f = f.frag
32 |
33 | let init (e:id) = {sb=[]}
34 | let extend (e:id) (s:stream) (r:range) (f:fragment) =
35 | #if ideal
36 | {sb = f.frag :: s.sb}
37 | #else
38 | s
39 | #endif
40 |
41 | let reStream (e:id) (s:stream) (r:range) (p:plain) (s':stream) = p
42 |
43 | let makeExtPad (i:id) (r:range) (p:plain) =
44 | #if TLSExt_extendedPadding
45 | if TLSExtensions.hasExtendedPadding i then
46 | let f = p.frag in
47 | let len = length f in
48 | let pad = extendedPad i r len in
49 | {frag = pad@|f}
50 | else
51 | #endif
52 | p
53 |
54 | let parseExtPad (i:id) (r:range) (p:plain) : Result =
55 | #if TLSExt_extendedPadding
56 | if TLSExtensions.hasExtendedPadding i then
57 | let f = p.frag in
58 | match TLSConstants.vlsplit 2 f with
59 | | Error(x) -> Error(x)
60 | | Correct(res) ->
61 | let (_,f) = res in
62 | correct ({frag = f})
63 | else
64 | #endif
65 | correct p
66 |
67 | #if ideal
68 | let widen (e:id) (r0:range) (r1:range) (f0:fragment) =
69 | let b = f0.frag in {frag = b}
70 | #endif
71 |
--------------------------------------------------------------------------------
/src/tls/HSFragment.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module HSFragment
18 | open Bytes
19 | open TLSInfo
20 | open Range
21 | open Error
22 | open TLSError
23 |
24 | private type (;i:id,r:range) fragment = {frag: (;r)rbytes}
25 | private type (;i:id) stream = {sb:bytes list}
26 |
27 | predicate Sent of i:id * (;i) stream * r:range * (;i,r)fragment
28 | assume !i,s,r,f. Sent(i,s,r,f)
29 |
30 | type (;i:id,s:(;i)stream,r:range)plain = f:(;i,r)fragment{AuthId(i) => Sent(i,s,r,f)}
31 |
32 | function val Payload: i:id * r:range * (;i,r)fragment -> cbytes
33 | private definition !i,r,f. Payload(i,r,f) = B(f.frag)
34 |
35 | function val EmptyStream: i:id -> (;i)stream
36 | private definition !i. EmptyStream(i) = {sb = []}
37 | val init: i:id -> s:(;i)stream{s = EmptyStream(i)}
38 |
39 | val fragmentPlain: i:id -> r:range -> b:(;r) rbytes -> f:(;i,EmptyStream(i),r) plain{B(b) = Payload(i,r,f)}
40 | val fragmentRepr: i:id -> r:range -> f:(;i,r) fragment -> b:(;r) rbytes{B(b) = Payload(i,r,f)}
41 |
42 | val reStream: i:id -> s:(;i)stream -> r:range -> p:(;i,s,r)plain -> s':(;i)stream ->
43 | p':(;i,s',r)plain{Payload(i,r,p) = Payload(i,r,p')}
44 |
45 | val makeExtPad: i:id -> r:range -> f:(;i,r)fragment -> f':(;i,r)fragment{f=f'}
46 | val parseExtPad: i:id -> r:range -> f:(;i,r)fragment -> res:((f':(;i,r)fragment{f=f'}) Result){?f. res = Correct(f)}
47 |
48 | val widen: i:id -> r0:range -> r1:range {r1 = RangeClass(i,r0)} ->
49 | f0:(;i,r0)fragment -> f1:(;i,r1)fragment{Payload(i,r0,f0) = Payload(i,r1,f1) /\ !s. Sent(i,s,r0,f0) => Sent(i,s,r1,f1)}
50 |
51 | function val Extend: i:id * s:(;i)stream * r:range * (;i,r)fragment -> 'a // (;i)stream
52 | private definition !i,s,r,f. Extend(i,s,r,f) = {sb = f.frag :: s.sb }
53 | val extend: i:id -> s:(;i)stream -> r:range -> f:(;i,r)fragment -> s':(;i)stream{s'=Extend(i,s,r,f)}
54 |
--------------------------------------------------------------------------------
/src/tls/HSFragment.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module HSFragment
20 | open Bytes
21 | open TLSInfo
22 | open Range
23 | open Error
24 | open TLSError
25 |
26 | type stream
27 |
28 | type fragment
29 | type plain = fragment
30 |
31 | val fragmentRepr: id -> range -> fragment -> bytes
32 | val fragmentPlain: id -> range -> bytes -> fragment
33 |
34 | val extend: id -> stream -> range -> fragment -> stream
35 | val init: id -> stream
36 |
37 | val reStream: id -> stream -> range -> plain -> stream -> plain
38 |
39 | val makeExtPad: id -> range -> fragment -> fragment
40 | val parseExtPad: id -> range -> fragment -> Result
41 |
42 | #if ideal
43 | val widen: id -> range -> range -> fragment -> fragment
44 | #endif
45 |
--------------------------------------------------------------------------------
/src/tls/KEF.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module KEF
18 |
19 | open Bytes
20 | open TLSConstants
21 | open TLSInfo
22 | open PMS
23 | open PRF
24 | open CoreKeys
25 |
26 | // concrete PMS --> MS derivation.
27 | // this implements the KEF call in the "generic ms-KEM construction".
28 |
29 | val extract:
30 | si:SessionInfo ->
31 | pms: pms { si.pmsId = PmsId(pms) } ->
32 | (;si) PRF.masterSecret
33 |
34 | val extract_extended:
35 | si:SessionInfo ->
36 | pms: pms { si.pmsId = PmsId(pms) } ->
37 | (;si) PRF.masterSecret
38 |
39 | private val accessRSAPMS: pk:RSAKey.pk -> cv:ProtocolVersion -> (;pk,cv) rsapms -> rsarepr
40 | private val accessDHPMS: p:bytes -> g:bytes -> gx:(;p,g)DHGroup.elt -> gy:(;p,g)DHGroup.elt -> pms: (;p,g,gx,gy)dhpms -> bytes
41 | private val accessPMS: pms -> bytes
42 |
43 | // log storing idealized master secrets
44 | type entry = i:msId * (;i) ms
45 | private val log: entry list ref
46 | private val assoc: i:msId -> entry list -> (;i) PRF.ms option
47 |
48 | //internal functions performing concrete extraction
49 | private val extractMS: si:SessionInfo {not HonestMS(MsI(si))} -> p:bytes -> (;si) PRF.masterSecret
50 | private val extractMS_extended: si:SessionInfo {not HonestMS(MsI(si))} -> p:bytes -> (;si) PRF.masterSecret
51 |
--------------------------------------------------------------------------------
/src/tls/KEF.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module KEF
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 | open Error
25 | open TLSError
26 | open PMS
27 |
28 | val extract: SessionInfo -> pms -> PRF.masterSecret
29 | val extract_extended: SessionInfo -> pms -> PRF.masterSecret
30 |
--------------------------------------------------------------------------------
/src/tls/LHAE.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module LHAE
20 |
21 | open Bytes
22 | open Error
23 | open TLSError
24 | open TLSInfo
25 | open LHAEPlain
26 | open Range
27 |
28 | type LHAEKey
29 | type encryptor = LHAEKey
30 | type decryptor = LHAEKey
31 |
32 | type cipher = bytes
33 |
34 | val GEN: id -> encryptor * decryptor
35 | val COERCE: id -> rw -> bytes -> LHAEKey
36 | val LEAK: id -> rw -> LHAEKey -> bytes
37 |
38 | val encrypt: id -> encryptor -> adata ->
39 | range -> plain -> (encryptor * cipher)
40 | val decrypt: id -> decryptor -> adata ->
41 | cipher -> Result<(decryptor * range * plain)>
42 |
--------------------------------------------------------------------------------
/src/tls/LHAEPlain.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module LHAEPlain
20 | open Bytes
21 | open Error
22 | open TLSError
23 | open TLSConstants
24 | open TLSInfo
25 | open Range
26 |
27 | type adata = bytes
28 |
29 | let makeAD (i:id) ((seqn,h):StatefulPlain.history) ad =
30 | let bn = bytes_of_seq seqn in
31 | bn @| ad
32 |
33 | // We statically know that ad is big enough
34 | let parseAD (i:id) ad =
35 | let (snb,ad) = Bytes.split ad 8 in
36 | ad
37 |
38 | type fragment = {contents:StatefulPlain.fragment}
39 | type plain = fragment
40 |
41 | let plain (i:id) (ad:adata) (rg:range) b =
42 | let ad = parseAD i ad in
43 | let h = StatefulPlain.emptyHistory i in
44 | let p = StatefulPlain.plain i h ad rg b in
45 | {contents = p}
46 |
47 | let reprFragment (i:id) (ad:adata) (rg:range) p =
48 | let ad = parseAD i ad in
49 | StatefulPlain.reprFragment i ad rg p.contents
50 |
51 | let repr i ad rg p = reprFragment i ad rg p
52 |
53 | let StatefulPlainToLHAEPlain (i:id) (h:StatefulPlain.history)
54 | (ad:StatefulPlain.adata) (ad':adata) (r:range) f = {contents = f}
55 | let LHAEPlainToStatefulPlain (i:id) (h:StatefulPlain.history)
56 | (ad:StatefulPlain.adata) (ad':adata) (r:range) f = f.contents
57 |
58 | let makeExtPad id ad rg p =
59 | let ad = parseAD id ad in
60 | let c = p.contents in
61 | let c = StatefulPlain.makeExtPad id ad rg c in
62 | {contents = c}
63 |
64 | let parseExtPad id ad rg p =
65 | let ad = parseAD id ad in
66 | let c = p.contents in
67 | match StatefulPlain.parseExtPad id ad rg c with
68 | | Error(x) -> Error(x)
69 | | Correct(c) -> correct ({contents = c})
70 |
71 | #if ideal
72 | let widen i ad r f =
73 | let ad' = parseAD i ad in
74 | let f' = StatefulPlain.widen i ad' r f.contents in
75 | {contents = f'}
76 | #endif
77 |
--------------------------------------------------------------------------------
/src/tls/LHAEPlain.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module LHAEPlain
20 | open Bytes
21 | open TLSInfo
22 | open Range
23 | open TLSError
24 |
25 | type adata = bytes
26 | type fragment
27 | type plain = fragment
28 |
29 | val plain: id -> adata -> range -> bytes -> plain
30 | val repr: id -> adata -> range -> plain -> bytes
31 |
32 | val makeAD: id -> StatefulPlain.history -> StatefulPlain.adata -> adata
33 | val parseAD: id -> adata -> StatefulPlain.adata
34 | val StatefulPlainToLHAEPlain: id -> StatefulPlain.history -> StatefulPlain.adata -> adata -> range -> StatefulPlain.plain -> plain
35 | val LHAEPlainToStatefulPlain: id -> StatefulPlain.history -> StatefulPlain.adata -> adata -> range -> plain -> StatefulPlain.plain
36 |
37 | val makeExtPad: id -> adata -> range -> plain -> plain
38 | val parseExtPad: id -> adata -> range -> plain -> Result
39 |
40 | #if ideal
41 | val widen: id -> adata -> range -> fragment -> fragment
42 | #endif
43 |
--------------------------------------------------------------------------------
/src/tls/MAC.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module MAC
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 |
25 | type text = bytes
26 | type tag = bytes
27 |
28 | type key
29 |
30 | val Mac: id -> key -> text -> tag
31 | val Verify: id -> key -> text -> tag -> bool
32 |
33 | val GEN: id -> key
34 | val LEAK: id -> key -> bytes
35 | val COERCE: id -> bytes -> key
36 |
--------------------------------------------------------------------------------
/src/tls/MAC_SHA1.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module MAC_SHA1
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 | open Error
25 | open TLSError
26 |
27 | type text = bytes
28 | type tag = bytes
29 | type keyrepr = bytes
30 | type key = {k:keyrepr}
31 |
32 | // for concreteness; the rest of the module is parametric in a
33 | let a = MA_HMAC(SHA)
34 |
35 | #if ideal
36 | // We maintain a table of MACed plaintexts
37 | type entry = id * text * tag
38 | let log:ref> =ref []
39 | let rec tmem (e:id) (t:text) (xs: list) =
40 | match xs with
41 | [] -> false
42 | | (e',t',m)::res when e = e' && t = t' -> true
43 | | (e',t',m)::res -> tmem e t res
44 | #endif
45 |
46 | let GEN (ki:id) = {k= Nonce.random (macKeySize(a))}
47 |
48 | let Mac (ki:id) key t =
49 | let m = HMAC.tls_mac a key.k t in
50 | #if ideal
51 | // We log every authenticated texts, with their index and resulting tag
52 | log := (ki, t, m)::!log;
53 | #endif
54 | m
55 |
56 | let Verify (ki:id) key t m =
57 | HMAC.tls_macVerify a key.k t m
58 | #if ideal
59 | // We use the log to correct any verification errors
60 | && tmem ki t !log
61 | #endif
62 |
--------------------------------------------------------------------------------
/src/tls/MAC_SHA1.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MAC_SHA1
18 |
19 | (* Core HMAC algorithms, idealized for INT-CMA:
20 | compared with MAC.fs7, we are still abstractly indexed (for multi-instance)
21 | but the algorithm is fixed, the keys are abstract, and security is unconditional *)
22 |
23 | open Bytes
24 | open TLSConstants
25 | open TLSInfo
26 |
27 | val a: a:macAlg{ a = MA_HMAC(SHA) } // symbolic constant
28 |
29 | type (;ki:id) keyrepr = k:bytes {Length(k) = MacKeySize(a)}
30 | private type (;ki:id) key = {k:(;ki) keyrepr}
31 |
32 | type text = bytes
33 | predicate val Msg: id * text -> bool
34 |
35 | type tag = m:bytes {Length(m) = MacSize(a)}
36 |
37 | val GEN:
38 | ki:id -> (;ki) key
39 | val Mac:
40 | ki:id -> (;ki) key ->
41 | t:text {Msg(ki,t)} -> tag
42 | val Verify:
43 | ki:id -> (;ki) key -> t:text ->
44 | tag -> b:bool { b=true => Msg(ki,t) }
45 |
46 | (* typing the log for the ideal functionality *)
47 |
48 | type entry = (ki:id * t:text * tag){Msg(ki,t)}
49 | private val log: entry list ref
50 | private val tmem: ki:id -> t:text -> entry list -> b:bool{ b=true => Msg(ki,t) }
51 |
--------------------------------------------------------------------------------
/src/tls/MAC_SHA1.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module MAC_SHA1
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 |
25 | val a: macAlg
26 | type text = bytes
27 | type tag = bytes
28 |
29 | type key
30 |
31 | val Mac: id -> key -> text -> tag
32 | val Verify: id -> key -> text -> tag -> bool
33 |
34 | val GEN: id -> key
35 |
--------------------------------------------------------------------------------
/src/tls/MAC_SHA256.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module MAC_SHA256
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 | open Error
25 | open TLSError
26 |
27 | type text = bytes
28 | type tag = bytes
29 | type keyrepr = bytes
30 | type key = {k:keyrepr}
31 |
32 | // for concreteness; the rest of the module is parametric in a
33 | let a = MA_HMAC(SHA256)
34 |
35 | #if ideal
36 | // We maintain a table of MACed plaintexts
37 | type entry = id * text * tag
38 | let log:ref> =ref []
39 | let rec tmem (e:id) (t:text) (xs: list) =
40 | match xs with
41 | [] -> false
42 | | (e',t',m)::res when e = e' && t = t' -> true
43 | | (e',t',m)::res -> tmem e t res
44 | #endif
45 |
46 | let Mac (ki:id) key t =
47 | let m = HMAC.tls_mac a key.k t in
48 | #if ideal
49 | // We log every authenticated texts, with their index and resulting tag
50 | log := (ki, t, m)::!log;
51 | #endif
52 | m
53 |
54 | let Verify (ki:id) key t m =
55 | HMAC.tls_macVerify a key.k t m
56 | #if ideal
57 | // We use the log to correct any verification errors
58 | && tmem ki t !log
59 | #endif
60 |
61 | let GEN (ki:id) = {k= Nonce.random (macKeySize(a))}
62 |
--------------------------------------------------------------------------------
/src/tls/MAC_SHA256.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module MAC_SHA256
18 |
19 | (* Core HMAC algorithms, idealized for INT-CMA:
20 | compared with MAC.fs7, we are still abstractly indexed (for multi-instance)
21 | but the algorithm is fixed, the keys are abstract, and security is unconditional *)
22 |
23 | open Bytes
24 | open TLSConstants
25 | open TLSInfo
26 |
27 | val a: a:macAlg{ a = MA_HMAC(SHA256) } // symbolic constant
28 |
29 | type (;ki:id) keyrepr = k:bytes {Length(k) = MacKeySize(a)}
30 | private type (;ki:id) key = {k:(;ki) keyrepr}
31 |
32 | type text = bytes
33 | predicate val Msg: id * text -> bool
34 |
35 | type tag = m:bytes {Length(m) = MacSize(a)}
36 |
37 | val Mac:
38 | ki:id -> (;ki) key ->
39 | t:text {Msg(ki,t)} -> tag
40 | val Verify:
41 | ki:id -> (;ki) key -> t:text ->
42 | tag -> b:bool { b=true => Msg(ki,t) }
43 |
44 | val GEN:
45 | ki:id -> (;ki) key
46 |
47 | (* typing the log for the ideal functionality *)
48 |
49 | type entry = (ki:id * t:text * tag){Msg(ki,t)}
50 | private val log: entry list ref
51 | private val tmem: ki:id -> t:text -> entry list -> b:bool{ b=true => Msg(ki,t) }
52 |
--------------------------------------------------------------------------------
/src/tls/MAC_SHA256.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module MAC_SHA256
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 |
25 | val a: macAlg
26 | type text = bytes
27 | type tag = bytes
28 |
29 | type key
30 |
31 | val Mac: id -> key -> text -> tag
32 | val Verify: id -> key -> text -> tag -> bool
33 |
34 | val GEN: id -> key
35 |
--------------------------------------------------------------------------------
/src/tls/Nonce.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Nonce
20 |
21 | open Bytes
22 | open Error
23 | open TLSConstants
24 |
25 | let timestamp () = bytes_of_int 4 (Date.secondsFromDawn ())
26 |
27 | let random (n:nat) =
28 | let r = CoreRandom.random n in
29 | let l = length r in
30 | if l = n then r
31 | else unexpected "CoreRandom.random returned incorrect number of bytes"
32 |
33 | let noCsr = random 64 // a constant value, with negligible probability of being sampled, excluded by idealization
34 |
35 | #if ideal
36 | let log = ref []
37 | #endif
38 |
39 | let mkHelloRandom_int (pv: ProtocolVersion) =
40 | #if tls13
41 | match pv with
42 | | TLS_1p3 -> random 32
43 | | TLS_1p2 | TLS_1p1
44 | | TLS_1p0 | SSL_3p0 ->
45 | #endif
46 | timestamp() @| random 28
47 |
48 | let rec mkHelloRandom pv: bytes =
49 | let cr = mkHelloRandom_int pv in
50 | //#begin-idealization
51 | #if ideal
52 | if List.memr !log cr then
53 | mkHelloRandom pv // we formally retry to exclude collisions.
54 | else
55 | (log := cr::!log;
56 | cr)
57 | #else
58 | //#end-idealization
59 | cr
60 | #endif
61 |
--------------------------------------------------------------------------------
/src/tls/Nonce.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module Nonce
18 |
19 | (* This module is typechecked. *)
20 |
21 | open Bytes
22 | open TLSConstants
23 |
24 | val random: n:nat -> (;n)lbytes
25 |
26 | private val mkHelloRandom_int : ProtocolVersion -> b:(;32)lbytes
27 |
28 | val mkHelloRandom: ProtocolVersion -> b:(;32)lbytes
29 | // the idealized code returns globally pairwise-distinct values
30 | // this is securely implemented inasmuch as random values have a negligible probability of collision
31 | // (we may additionally enforce being distinct from prior adversarial nonces)
32 |
33 | val noCsr: (;64) lbytes
34 | // null value for indexing the initial epoch
35 |
36 | private val log: (;32) lbytes list ref
37 | private val timestamp: unit -> (;4) lbytes
38 |
--------------------------------------------------------------------------------
/src/tls/Nonce.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Nonce
20 |
21 | open Bytes
22 | open TLSConstants
23 |
24 | val random: nat -> bytes
25 | val mkHelloRandom: ProtocolVersion -> bytes
26 |
27 | val noCsr: bytes
28 |
--------------------------------------------------------------------------------
/src/tls/PMS.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module PMS
20 |
21 | open Bytes
22 | open TLSConstants
23 | open Error
24 | open TLSError
25 | open DHGroup
26 | open CoreKeys
27 |
28 | type rsarepr = bytes
29 | type rsaseed = {seed: rsarepr}
30 | type rsapms =
31 | #if ideal
32 | | IdealRSAPMS of rsaseed
33 | #endif
34 | | ConcreteRSAPMS of rsarepr
35 |
36 | type dhrepr = bytes
37 | type dhseed = {seed: dhrepr}
38 |
39 | type dhpms =
40 | #if ideal
41 | | IdealDHPMS of dhseed
42 | #endif
43 | | ConcreteDHPMS of dhrepr
44 |
45 | #if ideal
46 | val honestRSAPMS: RSAKey.pk -> TLSConstants.ProtocolVersion -> rsapms -> bool
47 | #endif
48 |
49 | val genRSA: RSAKey.pk -> TLSConstants.ProtocolVersion -> rsapms
50 |
51 | val coerceRSA: RSAKey.pk -> ProtocolVersion -> rsarepr -> rsapms
52 | val leakRSA: RSAKey.pk -> ProtocolVersion -> rsapms -> rsarepr
53 |
54 | #if ideal
55 | val honestDHPMS: bytes -> bytes -> elt -> elt -> dhpms -> bool
56 | #endif
57 |
58 | val sampleDH: dhparams -> DHGroup.elt -> DHGroup.elt -> dhpms
59 |
60 | val coerceDH: dhparams -> DHGroup.elt -> DHGroup.elt -> DHGroup.elt -> dhpms
61 | val coerceECDH: ecdhparams -> ECGroup.point -> ECGroup.point -> bytes -> dhpms
62 |
63 | (* Used when generating key material from the MS.
64 | The result must still be split into the various keys.
65 | Of course this method can do the splitting internally and return a record/pair *)
66 |
67 | type pms =
68 | | RSAPMS of RSAKey.pk * ProtocolVersion * rsapms
69 | | DHPMS of CommonDH.parameters * CommonDH.element * CommonDH.element * dhpms
70 |
--------------------------------------------------------------------------------
/src/tls/PRF.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module PRF
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 |
25 | type repr = bytes
26 | type ms
27 | type masterSecret = ms
28 |
29 | #if ideal
30 | val sample: msId -> ms
31 | #endif
32 |
33 | //#begin-coerce
34 | val coerce: msId -> repr -> ms
35 | //#end-coerce
36 | val leak: msId -> ms -> repr
37 |
38 | val deriveKeys: id -> id -> ms -> Role -> StatefulLHAE.state * StatefulLHAE.state
39 |
40 | val keyCommit: csrands -> ProtocolVersion -> aeAlg -> negotiatedExtensions -> unit
41 | val keyGenClient: id -> id -> ms -> StatefulLHAE.writer * StatefulLHAE.reader
42 | val keyGenServer: id -> id -> ms -> StatefulLHAE.writer * StatefulLHAE.reader
43 |
44 | val makeVerifyData: SessionInfo -> ms -> Role -> bytes -> bytes
45 | val checkVerifyData: SessionInfo -> ms -> Role -> bytes -> bytes -> bool
46 |
47 | val ssl_certificate_verify: SessionInfo -> ms -> TLSConstants.sigAlg -> bytes -> bytes
48 |
--------------------------------------------------------------------------------
/src/tls/RPC.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module RPC
18 |
19 | open Bytes
20 |
21 | // Fixed-lengths requests and responses
22 |
23 | type principal = string
24 | type (;a:principal, b:principal) request
25 | // { Request(a,b,r) \/ Corrupt(a) \/ Corrupt(b) }
26 |
27 | type (;a:principal, b:principal, r:request) response
28 | // { (Request(a,b,r) /\ Response(a,b,r,s)) \/ Corrupt(a) \/ Corrupt(b) }
29 |
30 | val request: a:principal -> b:principal -> m:bytes -> r:(;a,b) request
31 | val response: a:principal -> b:principal -> r:(;a,b) request -> s:(;a,b,r) response
32 |
33 | val request_bytes:
34 | a:principal -> b:principal {Corrupt(a) \/ Corrupt(b)} ->
35 | r:(;a,b) request -> m:bytes
36 |
37 | val response_bytes:
38 | a:principal -> b:principal {Corrupt(a) \/ Corrupt(b)} ->
39 | r:(;a,b) request -> s:(;a,b,r) response -> m:bytes
40 |
41 | val service:
42 | a:principal -> b:principal -> (bytes -> bytes (*pure*) ) ->
43 | r:(;a,b) request -> s:(;a,b,r) response
44 |
45 | type (;i:index) plain
46 |
47 | val request_msg: i:index {Client(i)} -> (;Client(i),Server(i)) request -> (;i) plain
48 | val msg_request: i:index {Client(i)} -> (;i) plain -> (;Client(i),Server(i)) request
49 |
50 | // in RPC, we abstract Connections to
51 | // a fresh abstract ID, a pair (a,b) of optional principals, and a polarity (C or S)
52 |
53 | // Confidentiality : TLS does not access the plain bytes,
54 | // Authenticity : TLS does not forge appdata,
55 | //
56 | // Assuming mutual authentication, the precondition for coercing bytes <=> (;i) plain is:
57 | // WeakCrypto(CipherSuite(i)) \/ Corrupt(ClientID(i)) \/ Corrupt(ServerID(i))
58 |
59 | // If we treat naive principals as corrupt, we may
60 | // assume !i. WeakCrypto(i) => Corrupt(ClientID(i)) \/ Corrupt(ServerID(i))
61 | // and then the precondition above just reflects application-level corrupted principals.
62 |
--------------------------------------------------------------------------------
/src/tls/RPC.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module RPC
20 | val doclient : string -> option
21 | val doserver : unit -> bool
22 |
--------------------------------------------------------------------------------
/src/tls/RSA.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module RSA
20 |
21 | open TLSInfo
22 | open Bytes
23 | open TLSConstants
24 |
25 | val encrypt: RSAKey.pk -> ProtocolVersion -> PMS.rsapms -> bytes
26 | val decrypt: RSAKey.sk -> SessionInfo -> ProtocolVersion -> bool -> bytes -> PMS.rsapms
27 |
--------------------------------------------------------------------------------
/src/tls/RSAKey.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module RSAKey
20 |
21 | open Bytes
22 |
23 | type pk = { pk : CoreACiphers.pk }
24 | type sk = { sk : CoreACiphers.sk }
25 |
26 | type pred = | SK_PK of sk * pk
27 |
28 | #if ideal
29 |
30 | let honest_log = ref[]
31 | let honest (pk:pk): bool = failwith "only used in ideal implementation, unverified"
32 | let strong (pv:TLSConstants.ProtocolVersion): bool = failwith "only used in ideal implementation, unverified"
33 | #endif
34 |
35 | type modulus = bytes
36 | type exponent = bytes
37 |
38 | let gen () : (pk * sk) =
39 | let csk, cpk = CoreACiphers.gen_key () in
40 | let sk = {sk = csk} in
41 | let pk = {pk = cpk} in
42 | Pi.assume(SK_PK(sk,pk));
43 | pk, sk
44 |
45 | let coerce (pk:pk) (csk:CoreACiphers.sk) =
46 | let sk= {sk = csk} in
47 | Pi.assume(SK_PK(sk,pk));
48 | sk
49 |
50 | let repr_of_rsapkey ({ pk = pk }) = pk
51 | let repr_of_rsaskey ({ sk = sk }) = sk
52 |
53 | let create_rsapkey ((m, e) : modulus * exponent) = { pk = CoreACiphers.RSAPKey(m, e) }
54 | //let create_rsaskey ((m, e) : modulus * exponent) = { sk = CoreACiphers.RSASKey(m, e) }
55 |
--------------------------------------------------------------------------------
/src/tls/RSAKey.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module RSAKey
18 |
19 | // This module defines RSA keys
20 | // but not their use for public-key encryption: see RSA
21 | // (We use two modules to break a circular dependency)
22 |
23 | open Bytes
24 |
25 | private type sk = { sk : CoreACiphers.sk } (* secret (decryption) key, abstract for honest keys *)
26 | type pk = { pk : CoreACiphers.pk } (* public (encryption) key, bytes are accessible *)
27 |
28 | type modulus = bytes
29 | type exponent = bytes
30 |
31 | // marks honestly generated keys (dynamically assumed by gen).
32 | predicate Honest of pk
33 | val honest: pk:pk -> b:bool {b=true <=> Honest(pk)}
34 |
35 | predicate Strong of TLSConstants.ProtocolVersion
36 | val strong: pv:TLSConstants.ProtocolVersion -> b:bool {b=true <=> Strong(pv)}
37 |
38 | // marks relationship between secret and public keys
39 | // (dynamically assumed by gen & coerce to partially define the logical PK)
40 | predicate type pred = SK_PK of sk * pk
41 | function val PK: sk -> pk
42 | private definition !sk,pk. pk=PK(sk) <=> SK_PK(sk,pk)
43 |
44 | val gen: unit -> p:pk * s:sk{p = PK(s)}
45 | val coerce: p:pk {not Honest(p)} -> CoreACiphers.sk -> s:sk{p = PK(s)}
46 |
47 | // in a model with adversarially provided keys and static corruption, leak is not essential
48 | //val leak: s:sk {not Honest(PK(s))} -> CoreACiphers.sk
49 |
50 | // shouldn't be needed as representation of pk need not be private
51 | val repr_of_rsapkey : pk -> CoreACiphers.pk
52 |
53 | // morally private, used only in RSA.fs
54 | val repr_of_rsaskey : sk -> CoreACiphers.sk
55 |
56 | // shouldn't be needed as representation of pk need not be private
57 | val create_rsapkey : modulus * exponent -> pk
58 |
59 | // replaced by coerce
60 | // val create_rsaskey : modulus * exponent -> sk
61 |
--------------------------------------------------------------------------------
/src/tls/RSAKey.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module RSAKey
20 |
21 | type sk
22 | type pk = { pk : CoreACiphers.pk }
23 |
24 | type modulus = Bytes.bytes
25 | type exponent = Bytes.bytes
26 |
27 | #if ideal
28 | val honest: pk -> bool
29 | val strong: TLSConstants.ProtocolVersion -> bool
30 | #endif
31 |
32 | val gen: unit -> pk * sk
33 | val coerce: pk -> CoreACiphers.sk -> sk
34 |
35 | val repr_of_rsapkey : pk -> CoreACiphers.pk
36 | val repr_of_rsaskey : sk -> CoreACiphers.sk
37 |
38 | val create_rsapkey : modulus * exponent -> pk
39 | //val create_rsaskey : modulus * exponent -> sk
40 |
--------------------------------------------------------------------------------
/src/tls/Range.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Range
20 |
21 | open Bytes
22 | open TLSInfo
23 |
24 | type range = nat * nat
25 | type rbytes = bytes
26 | val sum: range -> range -> range
27 |
28 | val ivSize: id -> nat
29 | val fixedPadSize: id -> nat
30 | val maxPadSize: id -> nat
31 | #if TLSExt_extendedPadding
32 | val extendedPad: id -> range -> nat -> bytes
33 | #endif
34 | val targetLength: id -> range -> nat
35 | val cipherRangeClass: id -> nat -> range
36 | val rangeClass: id -> range -> range
37 |
--------------------------------------------------------------------------------
/src/tls/Record.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Record
20 |
21 | open Bytes
22 | open Tcp
23 | open TLSConstants
24 | open Error
25 | open TLSError
26 | open TLSInfo
27 | open Range
28 |
29 | /// Implements stateful AE on top of LHAE,
30 | /// managing sequence numbers and the binary record format
31 |
32 | type ConnectionState
33 | type sendState = ConnectionState
34 | type recvState = ConnectionState
35 |
36 | val initConnState: epoch -> rw -> StatefulLHAE.state -> ConnectionState
37 | val nullConnState: epoch -> rw -> ConnectionState
38 |
39 | val parseHeader: bytes -> Result<(ContentType * ProtocolVersion * nat)>
40 | val makePacket: ContentType -> ProtocolVersion -> bytes -> bytes
41 |
42 | val recordPacketOut: epoch -> sendState -> ProtocolVersion -> range -> ContentType -> TLSFragment.fragment -> (sendState * bytes)
43 | val recordPacketIn : epoch -> recvState -> ContentType -> bytes -> Result<(recvState * range * TLSFragment.fragment)>
44 |
45 | val history: epoch -> rw -> ConnectionState -> TLSFragment.history
46 |
--------------------------------------------------------------------------------
/src/tls/SessionDB.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module SessionDB
18 |
19 | (* Database storing live sessions towards resumption;
20 | We verify a simplified in-memory database with the same contents,
21 | but we trust its System.Data.SQLite implementation *)
22 |
23 | open Bytes
24 | open Date
25 | open TLSInfo
26 |
27 | predicate Authorize of Role * SessionInfo
28 |
29 | type (;sid:sessionID, r:Role) StorableSession = si:SessionInfo * (;si) PRF.masterSecret * epoch
30 | { si.sessionID = sid /\
31 | (r = Client => Authorize(r,si)) /\
32 | (r = Server /\ si.client_auth = true => Authorize(r,si))}
33 |
34 | type SessionIndex = sessionID * Role * Cert.hint
35 | type entry = sid:sessionID * r:Role * Cert.hint * (;sid,r) StorableSession
36 | type t = entry list
37 |
38 | val create: config -> t
39 | val select: t -> sid:sessionID -> r:Role -> Cert.hint -> ((;sid,r) StorableSession) option
40 | val insert: t -> sid:sessionID -> r:Role -> Cert.hint -> (;sid,r) StorableSession -> t
41 | val remove: t -> sid:sessionID -> r:Role -> Cert.hint -> t
42 |
43 | // Useful for the user of miTLS
44 | val getAllStoredIDs: t -> SessionIndex list
45 |
--------------------------------------------------------------------------------
/src/tls/SessionDB.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module SessionDB
20 |
21 | open TLSInfo
22 | open Date
23 |
24 | type StorableSession = SessionInfo * PRF.masterSecret * epoch
25 | type SessionIndex = sessionID * Role * Cert.hint
26 |
27 | #if ideal
28 | type entry = sessionID * Role * Cert.hint * StorableSession
29 | type t = list
30 | #else
31 | type t
32 | #endif
33 |
34 | val create: config -> t
35 | val select: t -> sessionID -> Role -> Cert.hint -> option
36 | val insert: t -> sessionID -> Role -> Cert.hint -> StorableSession -> t
37 | val remove: t -> sessionID -> Role -> Cert.hint -> t
38 |
39 | val getAllStoredIDs: t -> list
40 |
--------------------------------------------------------------------------------
/src/tls/Sig.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module Sig
20 |
21 | open Bytes
22 | open TLSConstants
23 |
24 | (* ------------------------------------------------------------------------ *)
25 | type alg = sigHashAlg
26 |
27 | type text = bytes
28 | type sigv = bytes
29 |
30 | (* ------------------------------------------------------------------------ *)
31 | type skey
32 | type pkey
33 |
34 | val honest: alg -> pkey -> bool
35 |
36 | val create_pkey: alg -> CoreSig.sigpkey -> pkey
37 |
38 | val sigalg_of_skeyparams : CoreSig.sigskey -> sigAlg
39 | val sigalg_of_pkeyparams : CoreSig.sigpkey -> sigAlg
40 |
41 | (* ------------------------------------------------------------------------ *)
42 | val gen : alg -> pkey * skey
43 | val sign : alg -> skey -> text -> sigv
44 | val verify : alg -> pkey -> text -> sigv -> bool
45 | val coerce : alg -> pkey -> CoreSig.sigskey -> skey
46 | val leak : alg -> skey -> CoreSig.sigskey
47 |
--------------------------------------------------------------------------------
/src/tls/StatefulLHAE.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module StatefulLHAE
20 |
21 | // implemented using LHAE with a sequence number
22 |
23 | open Bytes
24 | open Error
25 | open TLSError
26 | open TLSInfo
27 | open StatefulPlain
28 | open Range
29 |
30 | type state = {
31 | key: LHAE.LHAEKey;
32 | history: history
33 | }
34 | type reader = state
35 | type writer = state
36 |
37 | let GEN ki =
38 | let w,r = LHAE.GEN ki in
39 | let h = emptyHistory ki in
40 | ( { key = r; history = h},
41 | { key = w; history = h})
42 | let COERCE ki (rw:rw) b =
43 | let k = LHAE.COERCE ki rw b in
44 | let h = emptyHistory ki in
45 | { key = k; history = h}
46 | let LEAK ki (rw:rw) s = LHAE.LEAK ki rw s.key
47 |
48 | let history (ki:id) (rw:rw) s = s.history
49 |
50 | type cipher = LHAE.cipher
51 |
52 | let encrypt (ki:id) (w:writer) (ad0:adata) (r:range) (f:plain) =
53 | let h = w.history in
54 | let ad = LHAEPlain.makeAD ki h ad0 in
55 | let p = LHAEPlain.StatefulPlainToLHAEPlain ki h ad0 ad r f in
56 | let k,c = LHAE.encrypt ki w.key ad r p in
57 | let h = extendHistory ki ad0 h r f in
58 | let w = {key = k; history = h} in
59 | (w,c)
60 |
61 | let decrypt (ki:id) (r:reader) (ad0:adata) (e:cipher) =
62 | let h = r.history in
63 | let ad = LHAEPlain.makeAD ki h ad0 in
64 | let res = LHAE.decrypt ki r.key ad e in
65 | match res with
66 | | Correct(x) ->
67 | let (k,rg,p) = x in
68 | let f = LHAEPlain.LHAEPlainToStatefulPlain ki h ad0 ad rg p in
69 | let h = extendHistory ki ad0 h rg f in
70 | let r' = {history = h; key = k} in
71 | correct ((r',rg,f))
72 | | Error(e) -> Error(e)
73 |
--------------------------------------------------------------------------------
/src/tls/StatefulLHAE.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module StatefulLHAE
20 |
21 | open Bytes
22 | open Error
23 | open TLSError
24 | open TLSInfo
25 | open Range
26 | open StatefulPlain
27 |
28 | type state
29 | type reader = state
30 | type writer = state
31 |
32 | val GEN: id -> reader * writer
33 | val COERCE: id -> rw -> bytes -> state
34 | val LEAK: id -> rw -> state -> bytes
35 |
36 | val history: id -> rw -> state -> history
37 |
38 | type cipher = LHAE.cipher
39 |
40 | val encrypt: id -> writer -> adata -> range -> plain -> (writer * cipher)
41 | val decrypt: id -> reader -> adata -> cipher -> Result<(reader * range * plain)>
42 |
--------------------------------------------------------------------------------
/src/tls/StatefulPlain.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module StatefulPlain
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 | open Range
25 | open Error
26 | open TLSError
27 |
28 | type adata = bytes
29 |
30 | type fragment
31 | type prehistory = list<(adata * range * fragment)>
32 | type history = (nat * prehistory)
33 | type plain = fragment
34 |
35 | //------------------------------------------------------------------------------
36 | val plain: id -> history -> adata -> range -> bytes -> plain
37 | val reprFragment: id -> adata -> range -> fragment -> bytes
38 | val repr: id -> history -> adata -> range -> plain -> bytes
39 |
40 | //------------------------------------------------------------------------------
41 | val emptyHistory: id -> history
42 | val extendHistory: id -> adata -> history -> range -> fragment -> history
43 |
44 | val makeAD: id -> ContentType -> adata
45 | val RecordPlainToStAEPlain: epoch -> ContentType -> adata -> TLSFragment.history -> history -> range -> TLSFragment.plain -> plain
46 | val StAEPlainToRecordPlain: epoch -> ContentType -> adata -> TLSFragment.history -> history -> range -> plain -> TLSFragment.plain
47 |
48 | val makeExtPad: id -> adata -> range -> fragment -> fragment
49 | val parseExtPad: id -> adata -> range -> fragment -> Result
50 |
51 | #if ideal
52 | val widen: id -> adata -> range -> fragment -> fragment
53 | #endif
54 |
--------------------------------------------------------------------------------
/src/tls/TLS.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module TLS
20 |
21 | open Bytes
22 | open Error
23 | open TLSError
24 | open Dispatch
25 | open TLSInfo
26 | open Tcp
27 | open DataStream
28 |
29 | type Connection = Dispatch.Connection
30 |
31 | type ioresult_i =
32 | | ReadError of option * string
33 | | Close of Tcp.NetworkStream
34 | | Fatal of alertDescription
35 | | Warning of nextCn * alertDescription
36 | | CertQuery of nextCn * query * bool
37 | | CompletedFirst of Connection
38 | | CompletedSecond of Connection
39 | | Read of nextCn * msg_i
40 | | DontWrite of Connection
41 |
42 | type ioresult_o =
43 | | WriteError of option * string
44 | | WriteComplete of nextCn
45 | | MustRead of Connection
46 |
47 | (* Event-driven interface *)
48 |
49 | val read : Connection -> ioresult_i
50 | val write : Connection -> msg_o -> ioresult_o
51 | val full_shutdown : Connection -> Connection
52 | val half_shutdown : Connection -> unit
53 |
54 | val connect : NetworkStream -> config -> Connection
55 | val resume : NetworkStream -> sessionID -> config -> Connection
56 |
57 | val rehandshake : Connection -> config -> bool * nextCn
58 | val rekey : Connection -> config -> bool * nextCn
59 | val request : Connection -> config -> bool * nextCn
60 |
61 | val accept : TcpListener -> config -> Connection
62 | val accept_connected : NetworkStream -> config -> Connection
63 |
64 | val authorize: Connection -> query -> ioresult_i
65 | val refuse: Connection -> query -> unit
66 |
67 | val getEpochIn: Connection -> epoch
68 | val getEpochOut: Connection -> epoch
69 | val getSessionInfo: epoch -> SessionInfo
70 | val getInStream: Connection -> stream
71 | val getOutStream: Connection -> stream
72 |
--------------------------------------------------------------------------------
/src/tls/TLSError.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module TLSError
20 |
21 | type alertDescription =
22 | | AD_close_notify
23 | | AD_unexpected_message
24 | | AD_bad_record_mac
25 | | AD_decryption_failed
26 | | AD_record_overflow
27 | | AD_decompression_failure
28 | | AD_handshake_failure
29 | | AD_no_certificate
30 | | AD_bad_certificate_warning
31 | | AD_bad_certificate_fatal
32 | | AD_unsupported_certificate_warning
33 | | AD_unsupported_certificate_fatal
34 | | AD_certificate_revoked_warning
35 | | AD_certificate_revoked_fatal
36 | | AD_certificate_expired_warning
37 | | AD_certificate_expired_fatal
38 | | AD_certificate_unknown_warning
39 | | AD_certificate_unknown_fatal
40 | | AD_illegal_parameter
41 | | AD_unknown_ca
42 | | AD_access_denied
43 | | AD_decode_error
44 | | AD_decrypt_error
45 | | AD_export_restriction
46 | | AD_protocol_version
47 | | AD_insufficient_security
48 | | AD_internal_error
49 | | AD_user_cancelled_warning
50 | | AD_user_cancelled_fatal
51 | | AD_no_renegotiation
52 | | AD_unrecognized_name
53 | | AD_unsupported_extension
54 |
55 | type Result<'a> = Error.optResult<(alertDescription * string),'a>
56 |
--------------------------------------------------------------------------------
/src/tls/TLSError.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module TLSError
18 |
19 | (* Symbolic names for TLS errors, processed in Alert [RFC, section 7.2] *)
20 |
21 | type alertDescription =
22 | | AD_close_notify
23 | | AD_unexpected_message
24 | | AD_bad_record_mac
25 | | AD_decryption_failed
26 | | AD_record_overflow
27 | | AD_decompression_failure
28 | | AD_handshake_failure
29 | | AD_no_certificate
30 | | AD_bad_certificate_warning
31 | | AD_bad_certificate_fatal
32 | | AD_unsupported_certificate_warning
33 | | AD_unsupported_certificate_fatal
34 | | AD_certificate_revoked_warning
35 | | AD_certificate_revoked_fatal
36 | | AD_certificate_expired_warning
37 | | AD_certificate_expired_fatal
38 | | AD_certificate_unknown_warning
39 | | AD_certificate_unknown_fatal
40 | | AD_illegal_parameter
41 | | AD_unknown_ca
42 | | AD_access_denied
43 | | AD_decode_error
44 | | AD_decrypt_error
45 | | AD_export_restriction
46 | | AD_protocol_version
47 | | AD_insufficient_security
48 | | AD_internal_error
49 | | AD_user_cancelled_warning
50 | | AD_user_cancelled_fatal
51 | | AD_no_renegotiation
52 | | AD_unrecognized_name
53 | | AD_unsupported_extension
54 |
55 | type 'a Result = (alertDescription * string,'a) Error.optResult
56 |
--------------------------------------------------------------------------------
/src/tls/TLSError.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module TLSError
20 |
21 | type alertDescription =
22 | | AD_close_notify
23 | | AD_unexpected_message
24 | | AD_bad_record_mac
25 | | AD_decryption_failed
26 | | AD_record_overflow
27 | | AD_decompression_failure
28 | | AD_handshake_failure
29 | | AD_no_certificate
30 | | AD_bad_certificate_warning
31 | | AD_bad_certificate_fatal
32 | | AD_unsupported_certificate_warning
33 | | AD_unsupported_certificate_fatal
34 | | AD_certificate_revoked_warning
35 | | AD_certificate_revoked_fatal
36 | | AD_certificate_expired_warning
37 | | AD_certificate_expired_fatal
38 | | AD_certificate_unknown_warning
39 | | AD_certificate_unknown_fatal
40 | | AD_illegal_parameter
41 | | AD_unknown_ca
42 | | AD_access_denied
43 | | AD_decode_error
44 | | AD_decrypt_error
45 | | AD_export_restriction
46 | | AD_protocol_version
47 | | AD_insufficient_security
48 | | AD_internal_error
49 | | AD_user_cancelled_warning
50 | | AD_user_cancelled_fatal
51 | | AD_no_renegotiation
52 | | AD_unrecognized_name
53 | | AD_unsupported_extension
54 |
55 | type Result<'a> = Error.optResult
56 |
--------------------------------------------------------------------------------
/src/tls/TLSFragment.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module TLSFragment
20 |
21 | open Bytes
22 | open TLSInfo
23 | open TLSConstants
24 | open Range
25 | open Error
26 | open TLSError
27 |
28 | type history
29 |
30 | type fragment
31 | type plain = fragment
32 |
33 | val emptyHistory: epoch -> history
34 | val extendHistory: epoch -> ContentType -> history -> range -> fragment -> history
35 |
36 | val handshakeHistory: epoch -> history -> HSFragment.stream
37 | val ccsHistory: epoch -> history -> HSFragment.stream
38 | val alertHistory: epoch -> history -> HSFragment.stream
39 |
40 | val plain: epoch -> ContentType -> history -> range -> bytes -> plain
41 | val fragment: id -> ContentType -> range -> bytes -> fragment
42 | val reprFragment: id -> ContentType -> range -> fragment -> bytes
43 | val repr: epoch -> ContentType -> history -> range -> plain -> bytes
44 |
45 | val HSPlainToRecordPlain : epoch -> history -> range -> HSFragment.plain -> plain
46 | val CCSPlainToRecordPlain : epoch -> history -> range -> HSFragment.plain -> plain
47 | val AlertPlainToRecordPlain : epoch -> history -> range -> HSFragment.plain -> plain
48 | val AppPlainToRecordPlain : epoch -> history -> range -> AppFragment.plain -> plain
49 | val RecordPlainToHSPlain : epoch -> history -> range -> plain -> HSFragment.plain
50 | val RecordPlainToCCSPlain : epoch -> history -> range -> plain -> HSFragment.plain
51 | val RecordPlainToAlertPlain : epoch -> history -> range -> plain -> HSFragment.plain
52 | val RecordPlainToAppPlain : epoch -> history -> range -> plain -> AppFragment.plain
53 |
54 | val makeExtPad: id -> ContentType -> range -> fragment -> fragment
55 | val parseExtPad: id -> ContentType -> range -> fragment -> Result
56 |
57 | #if ideal
58 | val widen: id -> ContentType -> range -> fragment -> fragment
59 | #endif
60 |
--------------------------------------------------------------------------------
/src/tls/TLSPRF.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module TLSPRF
18 |
19 | (* Concrete (bytes -> bytes) PRF algorithms for TLS; trusted. *)
20 | (* Used by KEF for extracting MS, by PRF for verifyData and key derivation *)
21 |
22 | open Bytes
23 | open TLSConstants
24 | open TLSInfo
25 |
26 | val verifyData: vdAlg -> bytes -> Role -> bytes -> bytes
27 | val extract: kefAlg -> bytes -> bytes -> l:nat -> (;l)lbytes
28 | val kdf: kdfAlg -> bytes -> bytes -> l:nat -> (;l)lbytes
29 |
30 | (* SSL-specific certificate verify *)
31 |
32 | val ssl_verifyCertificate: a:hashAlg{ a = MD5 \/ a = SHA }-> bytes -> bytes -> bytes
33 |
--------------------------------------------------------------------------------
/src/tls/TLSPRF.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module TLSPRF
20 |
21 | open Bytes
22 | open TLSConstants
23 | open TLSInfo
24 |
25 | val verifyData: vdAlg -> bytes -> Role -> bytes -> bytes
26 | val extract: kefAlg -> bytes -> bytes -> int -> bytes
27 | val kdf: kdfAlg -> bytes -> bytes -> int -> bytes
28 |
29 | (* SSL-specific certificate verify *)
30 |
31 | val ssl_verifyCertificate: hashAlg -> bytes -> bytes -> bytes
32 |
--------------------------------------------------------------------------------
/src/tls/UTLS.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module UTLS
20 |
21 | open Error
22 | open TLSError
23 | open Bytes
24 | open TLSInfo
25 | open Dispatch
26 |
27 | type rawfd = Tcp.NetworkStream
28 | type fd = int
29 | type queryhd = int
30 |
31 | val EI_BADHANDLE : int
32 | val EI_BADCERTIDX : int
33 | val EI_READERROR : int
34 | val EI_CLOSE : int
35 | val EI_FATAL : int
36 | val EI_WARNING : int
37 | val EI_CERTQUERY : int
38 | val EI_HANDSHAKEN : int
39 | val EI_DONTWRITE : int
40 | val EI_WRITEERROR : int
41 | val EI_MUSTREAD : int
42 | val EI_HSONGOING : int
43 |
44 | val canwrite : fd -> int
45 | val read : fd -> int * bytes
46 | val write : fd -> bytes -> int
47 | val shutdown : fd -> unit
48 |
49 | val connect : rawfd -> config -> fd
50 | val accept_connected : rawfd -> config -> fd
51 |
--------------------------------------------------------------------------------
/src/tls/UntrustedCert.fs7:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | module UntrustedCert
18 |
19 | open Bytes
20 | open Error
21 | open TLSError
22 | open TLSConstants
23 |
24 | val OID_RSAEncryption : string
25 | val OID_SHAWithRSAEncryption : string
26 | val OID_SHA256WithRSAEncryption : string
27 | val OID_DSASignatureKey : string
28 |
29 | val oid_of_keyalg: sigAlg -> string
30 |
31 | type X509Certificate2 = System.Security.Cryptography.X509Certificates.X509Certificate2
32 | type hint = string
33 | type cert = bytes
34 | type chain = cert list
35 |
36 | val x509_is_for_signing: X509Certificate2 -> bool
37 |
38 | val x509_verify: X509Certificate2 -> bool
39 | val x509_chain: X509Certificate2 -> X509Certificate2 list
40 |
41 | val x509_check_key_sig_alg_one: Sig.alg list -> X509Certificate2 -> bool
42 |
43 | val x509_to_secret_key: X509Certificate2 -> CoreSig.sigskey option
44 | val x509_to_public_key: X509Certificate2 -> CoreSig.sigpkey option
45 |
46 | val x509_is_for_key_encryption: X509Certificate2 -> bool
47 |
48 | val x509_export_public: X509Certificate2 -> bytes
49 |
50 | val cert_to_x509: cert -> X509Certificate2 option
51 |
52 | val chain_to_x509list: chain -> X509Certificate2 list option
53 |
54 | val x509list_to_chain: X509Certificate2 list -> chain
55 |
56 | (* First argument (Sig.alg list) gives the allowed signing alg. used for
57 | * signing the keys of the chain.
58 | *)
59 |
60 | val validate_x509_chain: Sig.alg list -> chain -> bool
61 |
62 | val validate_x509list: X509Certificate2 -> X509Certificate2 list -> bool
63 |
64 | val is_for_signing: cert -> bool
65 | val is_for_key_encryption: cert -> bool
66 |
67 | val find_sigcert_and_alg: Sig.alg list -> hint -> Sig.alg list -> (X509Certificate2 * Sig.alg) option
68 | val find_enccert: Sig.alg list -> hint -> X509Certificate2 option
69 |
70 | val get_chain_key_algorithm: chain -> sigAlg option
71 |
72 | val get_name_info: X509Certificate2 -> string
73 |
--------------------------------------------------------------------------------
/src/tls/UntrustedCert.fsi:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | module UntrustedCert
20 |
21 | open Bytes
22 | open Error
23 | open TLSError
24 | open TLSConstants
25 |
26 | val OID_RSAEncryption : string
27 | val OID_SHAWithRSAEncryption : string
28 | val OID_SHA256WithRSAEncryption : string
29 | val OID_DSASignatureKey : string
30 |
31 | val oid_of_keyalg: sigAlg -> string
32 |
33 | type X509Certificate2
34 | type hint = string
35 | type cert = bytes
36 | type chain = list
37 |
38 | val x509_is_for_signing: X509Certificate2 -> bool
39 |
40 | val x509_verify: X509Certificate2 -> bool
41 | val x509_chain: X509Certificate2 -> list
42 |
43 | val x509_check_key_sig_alg_one: list -> X509Certificate2 -> bool
44 |
45 | val x509_to_secret_key: X509Certificate2 -> option
46 | val x509_to_public_key: X509Certificate2 -> option
47 |
48 | val x509_is_for_key_encryption: X509Certificate2 -> bool
49 |
50 | val x509_export_public: X509Certificate2 -> bytes
51 |
52 | val cert_to_x509: cert -> option
53 |
54 | val chain_to_x509list: chain -> option>
55 |
56 | val x509list_to_chain: list -> chain
57 |
58 | (* First argument (list) gives the allowed signing alg. used for
59 | * signing the keys of the chain.
60 | *)
61 |
62 | val validate_x509_chain: list -> chain -> bool
63 |
64 | val validate_x509list: X509Certificate2 -> list -> bool
65 |
66 | val is_for_signing: cert -> bool
67 | val is_for_key_encryption: cert -> bool
68 |
69 | val find_sigcert_and_alg: list -> hint -> list -> option<(X509Certificate2 * Sig.alg)>
70 | val find_enccert: list -> hint -> option
71 |
72 | val get_chain_key_algorithm: chain -> option
73 |
74 | val get_name_info: X509Certificate2 -> string
75 |
--------------------------------------------------------------------------------
/src/tls/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/src/tls/pi.fs:
--------------------------------------------------------------------------------
1 | (*
2 | * Copyright 2015 INRIA and Microsoft Corporation
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the "License");
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an "AS IS" BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *)
16 |
17 | #light "off"
18 |
19 | (* This file provides dummy F# definitions for the F7 specification primitives *)
20 |
21 | module Pi
22 |
23 | type formula = bool
24 | let pred (x:'a) = true
25 | let forall (f:'a -> formula) = true
26 | let exists (f:'a -> formula) = true
27 |
28 | let assume x = ()
29 | let expect x = ()
30 |
--------------------------------------------------------------------------------
/tests/Makefile:
--------------------------------------------------------------------------------
1 | # -*- Makefile -*-
2 |
3 | # --------------------------------------------------------------------
4 | .PHONY: all clean cstub
5 |
6 | # --------------------------------------------------------------------
7 | uname_S := $(shell sh -c 'uname -s 2>/dev/null || echo not')
8 | uname_M := $(shell sh -c 'uname -m 2>/dev/null || echo not')
9 | uname_O := $(shell sh -c 'uname -o 2>/dev/null || echo not')
10 | uname_R := $(shell sh -c 'uname -r 2>/dev/null || echo not')
11 | uname_P := $(shell sh -c 'uname -p 2>/dev/null || echo not')
12 | uname_V := $(shell sh -c 'uname -v 2>/dev/null || echo not')
13 |
14 |
15 | # --------------------------------------------------------------------
16 | define pki
17 | $(MAKE) -C pki MODE=$(1) clean
18 | $(MAKE) -C pki MODE=$(1) dh dsap ca
19 | $(MAKE) -C pki MODE=$(1) 'import!ca'
20 | $(MAKE) -C pki MODE=$(1) 'import!$(1).cert-01.mitls.org'
21 | $(MAKE) -C pki MODE=$(1) 'import!$(1).cert-02.mitls.org'
22 | $(MAKE) -C pki MODE=$(1) hash
23 | endef
24 |
25 | # --------------------------------------------------------------------
26 | all: cstub pki.built
27 | CYGWIN="$$CYGWIN pipe_byte pipe_nooverlap" ./test-suite.py
28 |
29 | ifneq (, $(findstring CYGWIN, $(UNAME_S)))
30 | cstub:
31 | @true
32 | else
33 | cstub:
34 | $(MAKE) -C c-stub
35 | endif
36 |
37 | pki.built:
38 | $(call pki,rsa)
39 | $(call pki,dsa)
40 | touch $@
41 |
42 | # --------------------------------------------------------------------
43 | clean:
44 | $(MAKE) -C pki MODE=rsa clean
45 | $(MAKE) -C pki MODE=dsa clean
46 | if [ "$(uname_O)" != "Cygwin" ]; then \
47 | $(MAKE) -C c-stub clean; \
48 | fi
49 | rm -f pki.built
50 |
--------------------------------------------------------------------------------
/tests/pki/rsa/certificates/google.com-1.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIEgDCCA2igAwIBAgIIOXz53P2PTWMwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
3 | BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
4 | cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwNTExMTg1MDA3WhcNMTYwODAzMTg0NjAw
5 | WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
6 | TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
7 | Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2mknb
8 | Epe0JRAPa4Ge6WwfqSuS7Fu/Fgs7MkM2V3vK8OkUt+JNbjkpxQmeWB/J3JAswZr9
9 | aj9MTkjzfqbxe+HbalFppNYFgfE7B4265f61j2OcDck8Jn0Im/fpK/cPMT8wCwGy
10 | pKjJAfA1sDtxXsN1mPy/r7rXt3PrJBipP1NyVIzrj4y4PGviRTRKg4CrlBAae1QZ
11 | BeCIkcw7OwPRu2diBA7ZzvUh4zefsbhuW5OR9un68DrlW0dJUSV2otvki7cudtcZ
12 | 2skx/UT5bnHULF5bk6NtB6MdJFd9LUvW5Hb+12rEQ6v8X9JUbhWBvpFho6SRRTrs
13 | 844Dla2twZvN6A+DAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
14 | KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE
15 | XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
16 | MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
17 | A1UdDgQWBBR6lQSe1+SXWPnnXMYIaVqsZ5F2hTAMBgNVHRMBAf8EAjAAMB8GA1Ud
18 | IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
19 | eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
20 | bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAIWZRVGxf63qiKqLz
21 | Vtrz32hv/p4bhOTXZaLM4OXgzmD/rG+RSt1QjZ3WSG3Q8guxqZO+JoqrgnyFyJED
22 | I2hX/Wyr8NI2rD2hL83vWHwxDN/13Aaqh15io31hKuITOVAymCC1yCKqnj0T4aQ5
23 | Ijhqhke0SCdI9WM9SrdKj3r3Xd+3JpcihEPVg1n/4qh04a9dKBoSe6JNVr8V8Dk7
24 | Bv5HqtfVlnqetw6VMFC2ozG28Bqc6xomOJhHmT6Kp5b3RjFZ/u/clYlEyq/7x7iS
25 | QU2IFzbI3/qd/bqnkzium0TjK8FDB1XGs8OLAMg4Bqz5MrFhVoldq2L44E0XMydX
26 | afV/dQ==
27 | -----END CERTIFICATE-----
--------------------------------------------------------------------------------
/tests/pki/rsa/certificates/google.com-2.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIID8DCCAtigAwIBAgIDAjqDMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlVT
3 | MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
4 | YWwgQ0EwHhcNMTMwNDA1MTUxNTU2WhcNMTYxMjMxMjM1OTU5WjBJMQswCQYDVQQG
5 | EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
6 | bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
7 | AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
8 | VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
9 | h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
10 | ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
11 | EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
12 | DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB5zCB5DAfBgNVHSMEGDAWgBTAephojYn7
13 | qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wDgYD
14 | VR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEBBCIwIDAeBggrBgEFBQcwAYYSaHR0cDov
15 | L2cuc3ltY2QuY29tMBIGA1UdEwEB/wQIMAYBAf8CAQAwNQYDVR0fBC4wLDAqoCig
16 | JoYkaHR0cDovL2cuc3ltY2IuY29tL2NybHMvZ3RnbG9iYWwuY3JsMBcGA1UdIAQQ
17 | MA4wDAYKKwYBBAHWeQIFATANBgkqhkiG9w0BAQsFAAOCAQEAqvqpIM1qZ4PtXtR+
18 | 3h3Ef+AlBgDFJPupyC1tft6dgmUsgWM0Zj7pUsIItMsv91+ZOmqcUHqFBYx90SpI
19 | hNMJbHzCzTWf84LuUt5oX+QAihcglvcpjZpNy6jehsgNb1aHA30DP9z6eX0hGfnI
20 | Oi9RdozHQZJxjyXON/hKTAAj78Q1EK7gI4BzfE00LshukNYQHpmEcxpw8u1VDu4X
21 | Bupn7jLrLN1nBz/2i8Jw3lsA5rsb0zYaImxssDVCbJAJPZPpZAkiDoUGn8JzIdPm
22 | X4DkjYUiOnMDsWCOrmji9D6X52ASCWg23jrW4kOVWzeBkoEfu43XrVJkFleW2V40
23 | fsg12A==
24 | -----END CERTIFICATE-----
--------------------------------------------------------------------------------
/tests/pki/rsa/certificates/google.com-3.crt:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
3 | MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
4 | aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
5 | WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
6 | AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
7 | CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
8 | OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
9 | T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
10 | JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
11 | Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
12 | PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
13 | aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
14 | TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
15 | LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
16 | BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
17 | dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
18 | AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
19 | NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
20 | b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
21 | -----END CERTIFICATE-----
--------------------------------------------------------------------------------
/tests/pki/support/mono-crt-cleanup.py:
--------------------------------------------------------------------------------
1 | #! /usr/bin/env python
2 |
3 | # --------------------------------------------------------------------
4 | import sys, os, re, locale, subprocess as sp
5 |
6 | # --------------------------------------------------------------------
7 | def _get_certificates(store):
8 | def _info_from_line(line):
9 | m = re.match(r'^\s+Subject Name: (.*)', line)
10 | if m is not None:
11 | data = re.split(',\s*', m.group(1))
12 | data = [x for x in data if '=' in x]
13 | data = dict([x.split('=', 1) for x in data])
14 | if 'CN' in data:
15 | return ('cn', unicode(data['CN'], 'utf-8'))
16 | return None
17 |
18 | m = re.match(r'^\s+Unique Hash:\s*(\w+)', line)
19 | if m is not None:
20 | return ('hash', m.group(1))
21 |
22 | return None
23 |
24 | command = ['certmgr', '-list', '-c', store]
25 | output = sp.Popen(command, stdout = sp.PIPE).communicate()[0]
26 | crts = []
27 | crtsmap = dict()
28 | ctxt0 = dict(cn = None, hash = None)
29 | ctxt = ctxt0.copy()
30 |
31 | def _valid_ctxt(ctxt):
32 | return ctxt['cn'] != None and ctxt['hash'] != None
33 |
34 | for line in output.splitlines():
35 | if re.search('^(Self-signed)?\s*X.509', line):
36 | if _valid_ctxt(ctxt):
37 | crts.append(ctxt)
38 | ctxt = ctxt0.copy()
39 | continue
40 |
41 | info = _info_from_line(line)
42 | if info is not None:
43 | ctxt[info[0]] = info[1]
44 |
45 | if _valid_ctxt(ctxt):
46 | crts.append(ctxt)
47 |
48 | for x in crts:
49 | crtsmap.setdefault(x['cn'], []).append(x['hash'])
50 |
51 | return crtsmap
52 |
53 | # --------------------------------------------------------------------
54 | def _main():
55 | locale.setlocale(locale.LC_ALL, 'C')
56 |
57 | trcrts = _get_certificates('Trust')
58 | mycrts = _get_certificates('My')
59 | hashes = set()
60 |
61 | for cn in sys.argv[1:]:
62 | for crts in (trcrts, mycrts):
63 | for h in crts.get(cn, []):
64 | hashes.add(h)
65 | for h in hashes:
66 | print h
67 |
68 | # --------------------------------------------------------------------
69 | if __name__ == '__main__':
70 | _main()
71 |
--------------------------------------------------------------------------------