tls 0.17.1 · OCaml Package

val src : Logs.src

module Log : Logs.LOG

val trace_cipher : 
  [< `AES_128_CCM_SHA256
  | `AES_128_GCM_SHA256
  | `AES_256_GCM_SHA384
  | `CHACHA20_POLY1305_SHA256
  | `DHE_RSA_WITH_3DES_EDE_CBC_SHA
  | `DHE_RSA_WITH_AES_128_CBC_SHA
  | `DHE_RSA_WITH_AES_128_CBC_SHA256
  | `DHE_RSA_WITH_AES_128_CCM
  | `DHE_RSA_WITH_AES_128_GCM_SHA256
  | `DHE_RSA_WITH_AES_256_CBC_SHA
  | `DHE_RSA_WITH_AES_256_CBC_SHA256
  | `DHE_RSA_WITH_AES_256_CCM
  | `DHE_RSA_WITH_AES_256_GCM_SHA384
  | `DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  | `ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  | `ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  | `ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
  | `ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  | `ECDHE_ECDSA_WITH_AES_256_CBC_SHA
  | `ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  | `ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  | `ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
  | `ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  | `ECDHE_RSA_WITH_AES_128_CBC_SHA
  | `ECDHE_RSA_WITH_AES_128_CBC_SHA256
  | `ECDHE_RSA_WITH_AES_128_GCM_SHA256
  | `ECDHE_RSA_WITH_AES_256_CBC_SHA
  | `ECDHE_RSA_WITH_AES_256_CBC_SHA384
  | `ECDHE_RSA_WITH_AES_256_GCM_SHA384
  | `ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
  | `RSA_WITH_3DES_EDE_CBC_SHA
  | `RSA_WITH_AES_128_CBC_SHA
  | `RSA_WITH_AES_128_CBC_SHA256
  | `RSA_WITH_AES_128_CCM
  | `RSA_WITH_AES_128_GCM_SHA256
  | `RSA_WITH_AES_256_CBC_SHA
  | `RSA_WITH_AES_256_CBC_SHA256
  | `RSA_WITH_AES_256_CCM
  | `RSA_WITH_AES_256_GCM_SHA384 AES_128_CCM_SHA256 AES_128_GCM_SHA256 AES_256_GCM_SHA384 CHACHA20_POLY1305_SHA256 ] ->
  unit

val empty : 'a list -> bool

val change_cipher_spec : Packet.content_type * Cstruct.t

val hostname : Core.client_hello -> [ `host ] Domain_name.t option

val groups : 
  Core.client_hello ->
  [> `FFDHE2048
  | `FFDHE3072
  | `FFDHE4096
  | `FFDHE6144
  | `FFDHE8192
  | `P256
  | `P384
  | `P521
  | `X25519 ]
    list

val find_matching : 
  [ `host ] Domain_name.t ->
  (X509.Certificate.t list * 'a) list ->
  (X509.Certificate.t list * 'a) option

val agreed_cert : 
  [< `Multiple of
       (X509.Certificate.t list
        * [> `ED25519 of 'b
          | `P256 of 'c
          | `P384 of 'd
          | `P521 of 'e
          | `RSA of 'f ] as 'a)
         list
  | `Multiple_default of
    (X509.Certificate.t list * 'g) * (X509.Certificate.t list * 'h) list
  | `None
  | `Single of X509.Certificate.t list * 'g ] ->
  ?f:(X509.Certificate.t -> bool) ->
  ?signature_algorithms:
    [< `ECDSA_SECP256R1_SHA1
    | `ECDSA_SECP256R1_SHA256
    | `ECDSA_SECP384R1_SHA384
    | `ECDSA_SECP521R1_SHA512
    | `ED25519
    | `RSA_PKCS1_MD5
    | `RSA_PKCS1_SHA1
    | `RSA_PKCS1_SHA224
    | `RSA_PKCS1_SHA256
    | `RSA_PKCS1_SHA384
    | `RSA_PKCS1_SHA512
    | `RSA_PSS_RSAENC_SHA256
    | `RSA_PSS_RSAENC_SHA384
    | `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ]
      list ->
  [ `host ] Domain_name.t option ->
  (X509.Certificate.t list * 'g,
    [> `Error of
         [> `CouldntSelectCertificate
         | `NoCertificateConfigured
         | `NoMatchingCertificateFound of string ] ])
    Stdlib.result

val get_secure_renegotiation : 
  [> `SecureRenegotiation of 'a ] list ->
  'a option

val get_alpn_protocols : Core.client_hello -> string list option

val alpn_protocol : 
  Config.config ->
  Core.client_hello ->
  (string option, [> `Fatal of [> `NoApplicationProtocol ] ]) Stdlib.result

val get_alpn_protocol : Core.server_hello -> string option

val empty_common_session_data : State.common_session_data

val empty_session : State.session_data

val empty_session13 : Ciphersuite.ciphersuite13 -> State.session_data13

val common_session_data_of_epoch : 
  Core.epoch_data ->
  State.common_session_data ->
  State.common_session_data

val session_of_epoch : Core.epoch_data -> State.session_data

val session13_of_epoch : 
  Ciphersuite.ciphersuite13 ->
  Core.epoch_data ->
  State.session_data13

val supported_protocol_version : 
  ([< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]
   * [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]) ->
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] as 'a ->
  'a option

val to_client_ext_type : 
  [< `ALPN of 'a
  | `Cookie of 'b
  | `Draft of 'c
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname of 'd
  | `KeyShare of 'e
  | `MaxFragmentLength of 'f
  | `Padding of 'g
  | `PostHandshakeAuthentication
  | `PreSharedKeys of 'h
  | `PskKeyExchangeModes of 'i
  | `SecureRenegotiation of 'j
  | `SignatureAlgorithms of 'k
  | `SupportedGroups of 'l
  | `SupportedVersions of 'm
  | `UnknownExtension of 'n ] ->
  [> `ALPN
  | `Cookie
  | `Draft
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare
  | `MaxFragmentLength
  | `Padding
  | `PostHandshakeAuthentication
  | `PreSharedKey
  | `PskKeyExchangeMode
  | `SecureRenegotiation
  | `SignatureAlgorithms
  | `SupportedGroups
  | `SupportedVersion
  | `UnknownExtension ]

val to_server_ext_type : 
  [< `ALPN of 'a
  | `Draft of 'b
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare of 'c
  | `MaxFragmentLength of 'd
  | `PreSharedKey of 'e
  | `SecureRenegotiation of 'f
  | `SelectedVersion of 'g
  | `UnknownExtension of 'h ] ->
  [> `ALPN
  | `Draft
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare
  | `MaxFragmentLength
  | `PreSharedKey
  | `SecureRenegotiation
  | `SupportedVersion
  | `UnknownExtension ]

val extension_types : 
  ('a -> [> `UnknownExtension ] as 'b) ->
  'a list ->
  'b list

val server_exts_subset_of_client : 
  [< `ALPN of 'a
  | `Draft of 'b
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname
  | `KeyShare of 'c
  | `MaxFragmentLength of 'd
  | `PreSharedKey of 'e
  | `SecureRenegotiation of 'f
  | `SelectedVersion of 'g
  | `UnknownExtension of 'h ]
    list ->
  [< `ALPN of 'i
  | `Cookie of 'j
  | `Draft of 'k
  | `ECPointFormats
  | `EarlyDataIndication
  | `ExtendedMasterSecret
  | `Hostname of 'l
  | `KeyShare of 'm
  | `MaxFragmentLength of 'n
  | `Padding of 'o
  | `PostHandshakeAuthentication
  | `PreSharedKeys of 'p
  | `PskKeyExchangeModes of 'q
  | `SecureRenegotiation of 'r
  | `SignatureAlgorithms of 's
  | `SupportedGroups of 't
  | `SupportedVersions of 'u
  | `UnknownExtension of 'v ]
    list ->
  bool

module Group : sig ... end

module GroupSet : sig ... end

val of_list : GroupSet.elt list -> GroupSet.t

val client_hello_valid : 
  [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of 'a ] ->
  Core.client_hello ->
  (unit,
    [> `EmptyCiphersuites
    | `NoGoodSignatureAlgorithms of Core.signature_algorithm list
    | `NoKeyShareExtension
    | `NoSignatureAlgorithmsExtension
    | `NoSupportedCiphersuite of Packet.any_ciphersuite list
    | `NoSupportedGroupExtension
    | `NotSetExtension of Core.client_extension list
    | `NotSetKeyShare of (Packet.named_group * Cstruct.t) list
    | `NotSetSupportedGroup of Packet.named_group list
    | `NotSubsetKeyShareSupportedGroup of
      Packet.named_group list * (Packet.named_group * Cstruct.t) list ])
    Stdlib.result

val server_hello_valid : Core.server_hello -> bool

val to_sign_1_3 : string option -> Cstruct.t

val signature : 
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  ?context_string:string ->
  Cstruct.t ->
  Core.signature_algorithm list option ->
  Core.signature_algorithm list ->
  X509.Private_key.t ->
  (Cstruct.t,
    [> `Error of
         [> `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list ]
    | `Fatal of [> `KeyTooSmall | `SigningFailed of string ] ])
    Stdlib.result

val peer_key : 
  X509.Certificate.t option ->
  (X509.Public_key.t, [> `Fatal of [> `NoCertificateReceived ] ]) Stdlib.result

val verify_digitally_signed : 
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  ?context_string:string ->
  Core.signature_algorithm list ->
  Cstruct.t ->
  Cstruct.t ->
  X509.Certificate.t option ->
  (unit,
    [> `Error of
         [> `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list ]
    | `Fatal of
      [> `NoCertificateReceived
      | `ReaderError of Reader.error
      | `SignatureVerificationFailed of string ] ])
    Stdlib.result

val validate_chain : 
  (?ip:'a ->
    host:'b ->
    X509.Certificate.t list ->
    (('c list * 'd) option, 'e) Stdlib.result)
    option ->
  Cstruct.t list ->
  'a option ->
  'b ->
  (X509.Certificate.t option * X509.Certificate.t list * 'c list * 'd option,
    [> `Error of [> `AuthenticationFailure of 'e ]
    | `Fatal of [> `BadCertificateChain | `KeyTooSmall ] ])
    Stdlib.result

val output_key_update : 
  request:bool ->
  State.state ->
  (State.state * (Packet.content_type * Cstruct.t),
    [> `Fatal of [> `InvalidSession ] ])
    Stdlib.result

package tls