tls 0.12.8 · OCaml Package

val src : Logs.src

module Log : Logs.LOG

val trace_cipher : 
  [< `AES_128_CCM_SHA256
  | `AES_128_GCM_SHA256
  | `AES_256_GCM_SHA384
  | `CHACHA20_POLY1305_SHA256
  | `DHE_RSA_WITH_3DES_EDE_CBC_SHA
  | `DHE_RSA_WITH_AES_128_CBC_SHA
  | `DHE_RSA_WITH_AES_128_CBC_SHA256
  | `DHE_RSA_WITH_AES_128_CCM
  | `DHE_RSA_WITH_AES_128_GCM_SHA256
  | `DHE_RSA_WITH_AES_256_CBC_SHA
  | `DHE_RSA_WITH_AES_256_CBC_SHA256
  | `DHE_RSA_WITH_AES_256_CCM
  | `DHE_RSA_WITH_AES_256_GCM_SHA384
  | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  | `ECDHE_RSA_WITH_AES_128_CBC_SHA
  | `ECDHE_RSA_WITH_AES_128_CBC_SHA256
  | `ECDHE_RSA_WITH_AES_128_GCM_SHA256
  | `ECDHE_RSA_WITH_AES_256_CBC_SHA
  | `ECDHE_RSA_WITH_AES_256_CBC_SHA384
  | `ECDHE_RSA_WITH_AES_256_GCM_SHA384
  | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  | `RSA_WITH_3DES_EDE_CBC_SHA
  | `RSA_WITH_AES_128_CBC_SHA
  | `RSA_WITH_AES_128_CBC_SHA256
  | `RSA_WITH_AES_128_CCM
  | `RSA_WITH_AES_128_GCM_SHA256
  | `RSA_WITH_AES_256_CBC_SHA
  | `RSA_WITH_AES_256_CBC_SHA256
  | `RSA_WITH_AES_256_CCM
  | `RSA_WITH_AES_256_GCM_SHA384 ] ->
  unit

val empty : 'a list -> bool

val change_cipher_spec : Packet.content_type * Cstruct.t

val host_name_opt : string option -> [ `host ] Domain_name.t option

val hostname : Core.client_hello -> [ `host ] Domain_name.t option

val groups : 
  Core.client_hello ->
  [> `FFDHE2048
  | `FFDHE3072
  | `FFDHE4096
  | `FFDHE6144
  | `FFDHE8192
  | `P256
  | `X25519 ]
    list

val find_matching : 
  [ `host ] Domain_name.t ->
  (X509.Certificate.t list * 'a) list ->
  (X509.Certificate.t list * 'a) option

val agreed_cert : 
  [> `Multiple of (X509.Certificate.t list * 'a) list
  | `Multiple_default of
    (X509.Certificate.t list * 'b) * (X509.Certificate.t list * 'b) list
  | `None
  | `Single of X509.Certificate.t list * 'b ] ->
  [ `host ] Domain_name.t option ->
  (X509.Certificate.t list * 'b) State.t

val get_secure_renegotiation : 
  [> `SecureRenegotiation of 'a ] list ->
  'b option

val get_alpn_protocols : Core.client_hello -> string list option

val alpn_protocol : Config.config -> Core.client_hello -> string option State.t

val get_alpn_protocol : Core.server_hello -> string option

val empty_common_session_data : State.common_session_data

val empty_session : State.session_data

val empty_session13 : Ciphersuite.ciphersuite13 -> State.session_data13

val common_session_data_of_epoch : 
  Core.epoch_data ->
  State.common_session_data ->
  State.common_session_data

val session_of_epoch : Core.epoch_data -> State.session_data

val session13_of_epoch : 
  Ciphersuite.ciphersuite13 ->
  Core.epoch_data ->
  State.session_data13

val supported_protocol_version : 
  ([< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]
   * [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]) ->
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] as 'a ->
  'b option

val to_client_ext_type : 
  [< `ALPN of 'a
  | `Cookie of 'b
  | `Draft of 'c
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname of 'd
  | `KeyShare of 'e
  | `MaxFragmentLength of 'f
  | `Padding of 'g
  | `PostHandshakeAuthentication
  | `PreSharedKeys of 'h
  | `PskKeyExchangeModes of 'i
  | `SecureRenegotiation of 'j
  | `SignatureAlgorithms of 'k
  | `SupportedGroups of 'l
  | `SupportedVersions of 'm
  | `UnknownExtension of 'n ] ->
  [> `ALPN
  | `Cookie
  | `Draft
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare
  | `MaxFragmentLength
  | `Padding
  | `PostHandshakeAuthentication
  | `PreSharedKey
  | `PskKeyExchangeMode
  | `SecureRenegotiation
  | `SignatureAlgorithms
  | `SupportedGroups
  | `SupportedVersion
  | `UnknownExtension ]

val to_server_ext_type : 
  [< `ALPN of 'a
  | `Draft of 'b
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare of 'c
  | `MaxFragmentLength of 'd
  | `PreSharedKey of 'e
  | `SecureRenegotiation of 'f
  | `SelectedVersion of 'g
  | `UnknownExtension of 'h ] ->
  [> `ALPN
  | `Draft
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare
  | `MaxFragmentLength
  | `PreSharedKey
  | `SecureRenegotiation
  | `SupportedVersion
  | `UnknownExtension ]

val extension_types : 
  ('a -> [> `UnknownExtension ] as 'b) ->
  'a list ->
  'c list

val server_exts_subset_of_client : 
  [< `ALPN of 'a
  | `Draft of 'b
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare of 'c
  | `MaxFragmentLength of 'd
  | `PreSharedKey of 'e
  | `SecureRenegotiation of 'f
  | `SelectedVersion of 'g
  | `UnknownExtension of 'h ]
    list ->
  [< `ALPN of 'i
  | `Cookie of 'j
  | `Draft of 'k
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname of 'l
  | `KeyShare of 'm
  | `MaxFragmentLength of 'n
  | `Padding of 'o
  | `PostHandshakeAuthentication
  | `PreSharedKeys of 'p
  | `PskKeyExchangeModes of 'q
  | `SecureRenegotiation of 'r
  | `SignatureAlgorithms of 's
  | `SupportedGroups of 't
  | `SupportedVersions of 'u
  | `UnknownExtension of 'v ]
    list ->
  bool

module Group : sig ... end

module GroupSet : sig ... end

val of_list : GroupSet.elt list -> GroupSet.t

val client_hello_valid : 
  [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of 'a ] ->
  Core.client_hello ->
  [> `Error of
       [> `EmptyCiphersuites
       | `HasSignatureAlgorithmsExtension
       | `NoGoodSignatureAlgorithms of Core.signature_algorithm list
       | `NoKeyShareExtension
       | `NoSignatureAlgorithmsExtension
       | `NoSupportedCiphersuite of Packet.any_ciphersuite list
       | `NoSupportedGroupExtension
       | `NotSetExtension of Core.client_extension list
       | `NotSetKeyShare of (Packet.named_group * Cstruct_sexp.t) list
       | `NotSetSupportedGroup of Packet.named_group list
       | `NotSubsetKeyShareSupportedGroup of
         Packet.named_group list * (Packet.named_group * Cstruct_sexp.t) list ]
  | `Ok ]

val server_hello_valid : Core.server_hello -> bool

val (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t

val to_sign_1_3 : string option -> Cstruct.t

val signature : 
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  ?context_string:string ->
  Cstruct.t ->
  Core.signature_algorithm list option ->
  Core.signature_algorithm list ->
  Mirage_crypto_pk.Rsa.priv ->
  Cstruct.t State.t

val peer_rsa_key : 
  X509.Certificate.t option ->
  Mirage_crypto_pk.Rsa.pub State.t

val verify_digitally_signed : 
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  ?context_string:string ->
  Core.signature_algorithm list ->
  Cstruct.t ->
  Cstruct.t ->
  X509.Certificate.t option ->
  unit State.t

val validate_chain : 
  (host:'a ->
    X509.Certificate.t list ->
    (('b list * 'c) option, State.V_err.t) result)
    option ->
  Cstruct.t list ->
  'd ->
  (X509.Certificate.t option * X509.Certificate.t list * 'b list * 'e option)
    State.t

val output_key_update : 
  request:bool ->
  State.state ->
  (State.state * (Packet.content_type * Cstruct.t)) State.t

package tls