package tls

  1. Overview
  2. Docs
package tls
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Module Tls.StateSource

Sourcetype hmac_key = Cstruct.t
Sourcetype iv_mode =
  1. | Iv of Cstruct_sexp.t
  2. | Random_iv
Sourceval iv_mode_of_sexp : Sexplib0.Sexp.t -> iv_mode
Sourceval sexp_of_iv_mode : iv_mode -> Sexplib0.Sexp.t
Sourcetype 'k cbc_cipher = (module Mirage_crypto.Cipher_block.S.CBC with type key = 'k)
Sourcetype 'k cbc_state = {
  1. cipher : 'k cbc_cipher;
  2. cipher_secret : 'k;
  3. iv_mode : iv_mode;
  4. hmac : Mirage_crypto.Hash.hash;
  5. hmac_secret : hmac_key;
}
Sourcetype nonce = Cstruct.t
Sourcetype 'k aead_cipher =
  1. | CCM of (module Mirage_crypto.Cipher_block.S.CCM with type key = 'k)
  2. | GCM of (module Mirage_crypto.Cipher_block.S.GCM with type key = 'k)
  3. | ChaCha20_Poly1305 of (module Mirage_crypto.AEAD with type key = 'k)
Sourcetype 'k aead_state = {
  1. cipher : 'k aead_cipher;
  2. cipher_secret : 'k;
  3. nonce : nonce;
}
Sourcetype cipher_st =
  1. | CBC : 'k cbc_state -> cipher_st
  2. | AEAD : 'k aead_state -> cipher_st
Sourceval sexp_of_cipher_st : cipher_st -> Sexplib.Sexp.t
Sourceval cipher_st_of_sexp : Sexplib0.Sexp.t -> 'a
Sourcetype crypto_context = {
  1. sequence : int64;
  2. cipher_st : cipher_st;
}
Sourceval crypto_context_of_sexp : Sexplib0.Sexp.t -> crypto_context
Sourceval sexp_of_crypto_context : crypto_context -> Sexplib0.Sexp.t
Sourcetype hs_log = Cstruct_sexp.t list
Sourceval hs_log_of_sexp : Sexplib0.Sexp.t -> hs_log
Sourceval sexp_of_hs_log : hs_log -> Sexplib0.Sexp.t
Sourcetype dh_secret = [
  1. | `Fiat of Fiat_p256.secret
  2. | `Hacl of Hacl_x25519.secret
  3. | `Mirage_crypto of Mirage_crypto_pk.Dh.secret
]
Sourceval sexp_of_dh_secret : 'a -> Sexplib.Sexp.t
Sourceval dh_secret_of_sexp : Sexplib0.Sexp.t -> 'a
Sourcetype reneg_params = Cstruct_sexp.t * Cstruct_sexp.t
Sourceval reneg_params_of_sexp : Sexplib0.Sexp.t -> reneg_params
Sourceval sexp_of_reneg_params : reneg_params -> Sexplib0.Sexp.t
Sourcetype common_session_data = {
  1. server_random : Cstruct_sexp.t;
  2. client_random : Cstruct_sexp.t;
  3. peer_certificate_chain : Core.Cert.t list;
  4. peer_certificate : Core.Cert.t option;
  5. trust_anchor : Core.Cert.t option;
  6. received_certificates : Core.Cert.t list;
  7. own_certificate : Core.Cert.t list;
  8. own_private_key : Mirage_crypto_pk.Rsa.priv option;
  9. own_name : string option;
  10. client_auth : bool;
  11. master_secret : Core.master_secret;
  12. alpn_protocol : string option;
}
Sourceval common_session_data_of_sexp : Sexplib0.Sexp.t -> common_session_data
Sourceval sexp_of_common_session_data : common_session_data -> Sexplib0.Sexp.t
Sourcetype session_data = {
  1. common_session_data : common_session_data;
  2. client_version : Core.tls_any_version;
  3. ciphersuite : Ciphersuite.ciphersuite;
  4. group : Core.group option;
  5. renegotiation : reneg_params;
  6. session_id : Cstruct_sexp.t;
  7. extended_ms : bool;
}
Sourceval session_data_of_sexp : Sexplib0.Sexp.t -> session_data
Sourceval sexp_of_session_data : session_data -> Sexplib0.Sexp.t
Sourcetype server_handshake_state =
  1. | AwaitClientHello
  2. | AwaitClientHelloRenegotiate
  3. | AwaitClientCertificate_RSA of session_data * hs_log
  4. | AwaitClientCertificate_DHE_RSA of session_data * dh_secret * hs_log
  5. | AwaitClientKeyExchange_RSA of session_data * hs_log
  6. | AwaitClientKeyExchange_DHE_RSA of session_data * dh_secret * hs_log
  7. | AwaitClientCertificateVerify of session_data * crypto_context * crypto_context * hs_log
  8. | AwaitClientChangeCipherSpec of session_data * crypto_context * crypto_context * hs_log
  9. | AwaitClientChangeCipherSpecResume of session_data * crypto_context * Cstruct_sexp.t * hs_log
  10. | AwaitClientFinished of session_data * hs_log
  11. | AwaitClientFinishedResume of session_data * Cstruct_sexp.t * hs_log
  12. | Established
Sourceval server_handshake_state_of_sexp : Sexplib0.Sexp.t -> server_handshake_state
Sourceval sexp_of_server_handshake_state : server_handshake_state -> Sexplib0.Sexp.t
Sourcetype client_handshake_state =
  1. | ClientInitial
  2. | AwaitServerHello of Core.client_hello * (Core.group * dh_secret) list * hs_log
  3. | AwaitServerHelloRenegotiate of session_data * Core.client_hello * hs_log
  4. | AwaitCertificate_RSA of session_data * hs_log
  5. | AwaitCertificate_DHE_RSA of session_data * hs_log
  6. | AwaitServerKeyExchange_DHE_RSA of session_data * hs_log
  7. | AwaitCertificateRequestOrServerHelloDone of session_data * Cstruct_sexp.t * Cstruct_sexp.t * hs_log
  8. | AwaitServerHelloDone of session_data * Core.signature_algorithm list option * Cstruct_sexp.t * Cstruct_sexp.t * hs_log
  9. | AwaitServerChangeCipherSpec of session_data * crypto_context * Cstruct_sexp.t * hs_log
  10. | AwaitServerChangeCipherSpecResume of session_data * crypto_context * crypto_context * hs_log
  11. | AwaitServerFinished of session_data * Cstruct_sexp.t * hs_log
  12. | AwaitServerFinishedResume of session_data * hs_log
  13. | Established
Sourceval client_handshake_state_of_sexp : Sexplib0.Sexp.t -> client_handshake_state
Sourceval sexp_of_client_handshake_state : client_handshake_state -> Sexplib0.Sexp.t
Sourcetype kdf = {
  1. secret : Cstruct_sexp.t;
  2. cipher : Ciphersuite.ciphersuite13;
  3. hash : Ciphersuite.H.t;
}
Sourceval kdf_of_sexp : Sexplib0.Sexp.t -> kdf
Sourceval sexp_of_kdf : kdf -> Sexplib0.Sexp.t
Sourcetype session_data13 = {
  1. common_session_data13 : common_session_data;
  2. ciphersuite13 : Ciphersuite.ciphersuite13;
  3. master_secret : kdf;
  4. resumption_secret : Cstruct_sexp.t;
  5. state : Core.epoch_state;
  6. resumed : bool;
  7. client_app_secret : Cstruct_sexp.t;
  8. server_app_secret : Cstruct_sexp.t;
}
Sourceval session_data13_of_sexp : Sexplib0.Sexp.t -> session_data13
Sourceval sexp_of_session_data13 : session_data13 -> Sexplib0.Sexp.t
Sourcetype client13_handshake_state =
  1. | AwaitServerHello13 of Core.client_hello * (Core.group * dh_secret) list * Cstruct_sexp.t
  2. | AwaitServerEncryptedExtensions13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
  3. | AwaitServerCertificateRequestOrCertificate13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
  4. | AwaitServerCertificate13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
  5. | AwaitServerCertificateVerify13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
  6. | AwaitServerFinished13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
  7. | Established13
Sourceval client13_handshake_state_of_sexp : Sexplib0.Sexp.t -> client13_handshake_state
Sourceval sexp_of_client13_handshake_state : client13_handshake_state -> Sexplib0.Sexp.t
Sourcetype server13_handshake_state =
  1. | AwaitClientHelloHRR13
  2. | AwaitClientCertificate13 of session_data13 * Cstruct_sexp.t * crypto_context * Core.session_ticket option * Cstruct_sexp.t
  3. | AwaitClientCertificateVerify13 of session_data13 * Cstruct_sexp.t * crypto_context * Core.session_ticket option * Cstruct_sexp.t
  4. | AwaitClientFinished13 of Cstruct_sexp.t * crypto_context * Core.session_ticket option * Cstruct_sexp.t
  5. | AwaitEndOfEarlyData13 of Cstruct_sexp.t * crypto_context * crypto_context * Core.session_ticket option * Cstruct_sexp.t
  6. | Established13
Sourceval server13_handshake_state_of_sexp : Sexplib0.Sexp.t -> server13_handshake_state
Sourceval sexp_of_server13_handshake_state : server13_handshake_state -> Sexplib0.Sexp.t
Sourcetype handshake_machina_state =
  1. | Client of client_handshake_state
  2. | Server of server_handshake_state
  3. | Client13 of client13_handshake_state
  4. | Server13 of server13_handshake_state
Sourceval handshake_machina_state_of_sexp : Sexplib0.Sexp.t -> handshake_machina_state
Sourceval sexp_of_handshake_machina_state : handshake_machina_state -> Sexplib0.Sexp.t
Sourcetype handshake_state = {
  1. session : [ `TLS of session_data | `TLS13 of session_data13 ] list;
  2. protocol_version : Core.tls_version;
  3. early_data_left : int32;
  4. machina : handshake_machina_state;
  5. config : Config.config;
  6. hs_fragment : Cstruct_sexp.t;
}
Sourceval handshake_state_of_sexp : Sexplib0.Sexp.t -> handshake_state
Sourceval sexp_of_handshake_state : handshake_state -> Sexplib0.Sexp.t
Sourcetype crypto_state = crypto_context option
Sourceval crypto_state_of_sexp : Sexplib0.Sexp.t -> crypto_state
Sourceval sexp_of_crypto_state : crypto_state -> Sexplib0.Sexp.t
Sourceval record_of_sexp : Sexplib0.Sexp.t -> record
Sourceval sexp_of_record : record -> Sexplib0.Sexp.t
Sourcetype rec_resp = [
  1. | `Change_enc of crypto_context
  2. | `Change_dec of crypto_context
  3. | `Record of record
]
Sourcetype handshake_return = handshake_state * rec_resp list
Sourcetype state = {
  1. handshake : handshake_state;
  2. decryptor : crypto_state;
  3. encryptor : crypto_state;
  4. fragment : Cstruct_sexp.t;
}
Sourceval state_of_sexp : Sexplib0.Sexp.t -> state
Sourceval sexp_of_state : state -> Sexplib0.Sexp.t
Sourcemodule V_err : sig ... end
Sourcetype error = [
  1. | `AuthenticationFailure of V_err.t
  2. | `NoConfiguredCiphersuite of Ciphersuite.ciphersuite list
  3. | `NoConfiguredVersions of Core.tls_version list
  4. | `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list
  5. | `NoMatchingCertificateFound of string
  6. | `NoCertificateConfigured
  7. | `CouldntSelectCertificate
]
Sourceval __error_of_sexp__ : Sexplib0.Sexp.t -> error
Sourceval error_of_sexp : Sexplib0.Sexp.t -> error
Sourceval sexp_of_error : error -> Sexplib0.Sexp.t
Sourcetype client_hello_errors = [
  1. | `EmptyCiphersuites
  2. | `NotSetCiphersuites of Packet.any_ciphersuite list
  3. | `NoSupportedCiphersuite of Packet.any_ciphersuite list
  4. | `NotSetExtension of Core.client_extension list
  5. | `HasSignatureAlgorithmsExtension
  6. | `NoSignatureAlgorithmsExtension
  7. | `NoGoodSignatureAlgorithms of Core.signature_algorithm list
  8. | `NoKeyShareExtension
  9. | `NoSupportedGroupExtension
  10. | `NotSetSupportedGroup of Packet.named_group list
  11. | `NotSetKeyShare of (Packet.named_group * Cstruct_sexp.t) list
  12. | `NotSubsetKeyShareSupportedGroup of Packet.named_group list * (Packet.named_group * Cstruct_sexp.t) list
  13. | `Has0rttAfterHRR
  14. | `NoCookie
]
Sourceval __client_hello_errors_of_sexp__ : Sexplib0.Sexp.t -> client_hello_errors
Sourceval client_hello_errors_of_sexp : Sexplib0.Sexp.t -> client_hello_errors
Sourceval sexp_of_client_hello_errors : client_hello_errors -> Sexplib0.Sexp.t
Sourcetype fatal = [
  1. | `NoSecureRenegotiation
  2. | `NoSupportedGroup
  3. | `NoVersions of Core.tls_any_version list
  4. | `ReaderError of Reader.error
  5. | `NoCertificateReceived
  6. | `NoCertificateVerifyReceived
  7. | `NotRSACertificate
  8. | `NotRSASignature
  9. | `KeyTooSmall
  10. | `RSASignatureMismatch
  11. | `RSASignatureVerificationFailed
  12. | `UnsupportedSignatureScheme
  13. | `HashAlgorithmMismatch
  14. | `BadCertificateChain
  15. | `MACMismatch
  16. | `MACUnderflow
  17. | `RecordOverflow of int
  18. | `UnknownRecordVersion of int * int
  19. | `UnknownContentType of int
  20. | `CannotHandleApplicationDataYet
  21. | `NoHeartbeat
  22. | `BadRecordVersion of Core.tls_any_version
  23. | `BadFinished
  24. | `HandshakeFragmentsNotEmpty
  25. | `InsufficientDH
  26. | `InvalidDH
  27. | `InvalidRenegotiation
  28. | `InvalidClientHello of client_hello_errors
  29. | `InvalidServerHello
  30. | `InvalidRenegotiationVersion of Core.tls_version
  31. | `InappropriateFallback
  32. | `UnexpectedCCS
  33. | `UnexpectedHandshake of Core.tls_handshake
  34. | `InvalidCertificateUsage
  35. | `InvalidCertificateExtendedUsage
  36. | `InvalidSession
  37. | `NoApplicationProtocol
  38. | `HelloRetryRequest
  39. | `InvalidMessage
  40. | `Toomany0rttbytes
  41. | `MissingContentType
  42. | `Downgrade12
  43. | `Downgrade11
  44. | `UnsupportedKeyExchange
]
Sourceval __fatal_of_sexp__ : Sexplib0.Sexp.t -> fatal
Sourceval fatal_of_sexp : Sexplib0.Sexp.t -> fatal
Sourceval sexp_of_fatal : fatal -> Sexplib0.Sexp.t
Sourcetype failure = [
  1. | `Error of error
  2. | `Fatal of fatal
]
Sourceval __failure_of_sexp__ : Sexplib0.Sexp.t -> failure
Sourceval failure_of_sexp : Sexplib0.Sexp.t -> failure
Sourceval sexp_of_failure : failure -> Sexplib0.Sexp.t
include sig ... end
Sourcetype err = failure
Sourcetype !'a t = ('a, failure) result
Sourceval fail : err -> 'a t
Sourceval is_success : 'a t -> bool
Sourceval is_error : 'a t -> bool
Sourceval return : 'a -> 'a t
Sourceval bind : 'a t -> ('a -> 'b t) -> 'b t
Sourceval (>>=) : 'a t -> ('a -> 'b t) -> 'b t
Sourceval (>|=) : 'a t -> ('a -> 'b) -> 'b t
Sourceval map : ('a -> 'b) -> 'a t -> 'b t
Sourceval sequence : 'a t list -> 'a list t
Sourceval sequence_ : 'a t list -> unit t
Sourceval mapM : ('a -> 'b t) -> 'a list -> 'b list t
Sourceval mapM_ : ('a -> 'b t) -> 'a list -> unit t
Sourceval foldM : ('a -> 'b -> 'a t) -> 'a -> 'b list -> 'a t
Sourceval guard : bool -> err -> unit t
Sourceval or_else : 'a t -> 'a -> 'a
Sourceval or_else_f : 'a t -> ('b -> 'a) -> 'b -> 'a
Sourcetype 'a eff = 'a t
Sourceval common_data_to_epoch : common_session_data -> bool -> string option -> Core.epoch_data
Sourceval epoch_of_session : bool -> string option -> Core.tls_version -> [< `TLS of session_data | `TLS13 of session_data13 ] -> Core.epoch_data
Sourceval epoch_of_hs : handshake_state -> Core.epoch_data option