Module `Tls.Core`Source

Core type definitions

Sourceval (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t

Sourceval (let*) : ('a, 'b) result -> ('a -> ('c, 'b) result) -> ('c, 'b) result

Sourceval guard : bool -> 'a -> (unit, 'a) result

val map_reader_error : 
  ('a, 'b) result ->
  ('a, [> `Fatal of [> `ReaderError of 'b ] ]) result

Sourcetype tls13 = [

| `TLS_1_3

]

Sourceval sexp_of_tls13 : tls13 -> Sexplib0.Sexp.t

Sourcetype tls_before_13 = [

| `TLS_1_0
| `TLS_1_1
| `TLS_1_2

]

Sourceval sexp_of_tls_before_13 : tls_before_13 -> Sexplib0.Sexp.t

Sourcetype tls_version = [

| tls13
| tls_before_13

]

Sourceval sexp_of_tls_version : tls_version -> Sexplib0.Sexp.t

Source

val pair_of_tls_version : 
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  int * int

Source

val compare_tls_version : 
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  int

Source

val next : 
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  [> `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option

Source

val all_versions : 
  (([< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 TLS_1_1 TLS_1_2 TLS_1_3 ] as 'a)
   * [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ]) ->
  'a list

Source

val tls_version_of_pair : 
  (int * int) ->
  [> `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option

Sourcetype tls_any_version = [

| tls_version
| `SSL_3
| `TLS_1_X of int

]

Sourceval sexp_of_tls_any_version : tls_any_version -> Sexplib0.Sexp.t

Source

val any_version_to_version : 
  [> tls_version ] ->
  [> `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] option

Source

val version_eq : 
  [> tls_version ] ->
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  bool

Source

val version_ge : 
  [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of 'a ] ->
  [< `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 ] ->
  bool

Source

val tls_any_version_of_pair : 
  (int * int) ->
  [> `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ]
    option

Source

val pair_of_tls_any_version : 
  [< `SSL_3 | `TLS_1_0 | `TLS_1_1 | `TLS_1_2 | `TLS_1_3 | `TLS_1_X of int ] ->
  int * int

Sourceval max_protocol_version : ('a * 'b) -> 'b

Sourceval min_protocol_version : ('a * 'b) -> 'a

Sourcetype tls_hdr = {

content_type : Packet.content_type;
version : tls_any_version;

}

Sourceval sexp_of_tls_hdr : tls_hdr -> Sexplib0.Sexp.t

Sourcemodule SessionID : sig ... end

Sourcemodule PreSharedKeyID : sig ... end

Sourcetype psk_identity = (Cstruct_sexp.t * int32) * Cstruct_sexp.t

Sourceval sexp_of_psk_identity : psk_identity -> Sexplib0.Sexp.t

Sourceval binders_len : ('a * Cstruct.t) list -> int

Sourcetype group = [

| `FFDHE2048
| `FFDHE3072
| `FFDHE4096
| `FFDHE6144
| `FFDHE8192
| `X25519
| `P256
| `P384
| `P521

]

Sourceval sexp_of_group : group -> Sexplib0.Sexp.t

Source

val named_group_to_group : 
  Packet.named_group ->
  [> `FFDHE2048
  | `FFDHE3072
  | `FFDHE4096
  | `FFDHE6144
  | `FFDHE8192
  | `P256
  | `P384
  | `P521
  | `X25519 ]
    option

Source

val group_to_named_group : 
  [< `FFDHE2048
  | `FFDHE3072
  | `FFDHE4096
  | `FFDHE6144
  | `FFDHE8192
  | `P256
  | `P384
  | `P521
  | `X25519 ] ->
  Packet.named_group

Source

val group_to_impl : 
  [< `FFDHE2048
  | `FFDHE3072
  | `FFDHE4096
  | `FFDHE6144
  | `FFDHE8192
  | `P256
  | `P384
  | `P521
  | `X25519 ] ->
  [> `Finite_field of Mirage_crypto_pk.Dh.group
  | `P256
  | `P384
  | `P521
  | `X25519 ]

Sourcetype signature_algorithm = [

| `RSA_PKCS1_MD5
| `RSA_PKCS1_SHA1
| `RSA_PKCS1_SHA224
| `RSA_PKCS1_SHA256
| `RSA_PKCS1_SHA384
| `RSA_PKCS1_SHA512
| `ECDSA_SECP256R1_SHA1
| `ECDSA_SECP256R1_SHA256
| `ECDSA_SECP384R1_SHA384
| `ECDSA_SECP521R1_SHA512
| `RSA_PSS_RSAENC_SHA256
| `RSA_PSS_RSAENC_SHA384
| `RSA_PSS_RSAENC_SHA512
| `ED25519

]

Sourceval sexp_of_signature_algorithm : signature_algorithm -> Sexplib0.Sexp.t

Source

val hash_of_signature_algorithm : 
  [< `ECDSA_SECP256R1_SHA1
  | `ECDSA_SECP256R1_SHA256
  | `ECDSA_SECP384R1_SHA384
  | `ECDSA_SECP521R1_SHA512
  | `ED25519
  | `RSA_PKCS1_MD5
  | `RSA_PKCS1_SHA1
  | `RSA_PKCS1_SHA224
  | `RSA_PKCS1_SHA256
  | `RSA_PKCS1_SHA384
  | `RSA_PKCS1_SHA512
  | `RSA_PSS_RSAENC_SHA256
  | `RSA_PSS_RSAENC_SHA384
  | `RSA_PSS_RSAENC_SHA512 ] ->
  [> `MD5 | `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ]

Source

val signature_scheme_of_signature_algorithm : 
  [< `ECDSA_SECP256R1_SHA1
  | `ECDSA_SECP256R1_SHA256
  | `ECDSA_SECP384R1_SHA384
  | `ECDSA_SECP521R1_SHA512
  | `ED25519
  | `RSA_PKCS1_MD5
  | `RSA_PKCS1_SHA1
  | `RSA_PKCS1_SHA224
  | `RSA_PKCS1_SHA256
  | `RSA_PKCS1_SHA384
  | `RSA_PKCS1_SHA512
  | `RSA_PSS_RSAENC_SHA256
  | `RSA_PSS_RSAENC_SHA384
  | `RSA_PSS_RSAENC_SHA512 ] ->
  [> `ECDSA | `ED25519 | `RSA_PKCS1 | `RSA_PSS ]

Source

val rsa_sigalg : 
  [< `ECDSA_SECP256R1_SHA1
  | `ECDSA_SECP256R1_SHA256
  | `ECDSA_SECP384R1_SHA384
  | `ECDSA_SECP521R1_SHA512
  | `ED25519
  | `RSA_PKCS1_MD5
  | `RSA_PKCS1_SHA1
  | `RSA_PKCS1_SHA224
  | `RSA_PKCS1_SHA256
  | `RSA_PKCS1_SHA384
  | `RSA_PKCS1_SHA512
  | `RSA_PSS_RSAENC_SHA256
  | `RSA_PSS_RSAENC_SHA384
  | `RSA_PSS_RSAENC_SHA512 ] ->
  bool

Source

val tls13_sigalg : 
  [< `ECDSA_SECP256R1_SHA1
  | `ECDSA_SECP256R1_SHA256
  | `ECDSA_SECP384R1_SHA384
  | `ECDSA_SECP521R1_SHA512
  | `ED25519
  | `RSA_PKCS1_MD5
  | `RSA_PKCS1_SHA1
  | `RSA_PKCS1_SHA224
  | `RSA_PKCS1_SHA256
  | `RSA_PKCS1_SHA384
  | `RSA_PKCS1_SHA512
  | `RSA_PSS_RSAENC_SHA256
  | `RSA_PSS_RSAENC_SHA384
  | `RSA_PSS_RSAENC_SHA512 ] ->
  bool

Source

val pk_matches_sa : 
  [> `ED25519 of 'a | `P256 of 'b | `P384 of 'c | `P521 of 'd | `RSA of 'e ] ->
  [< `ECDSA_SECP256R1_SHA1
  | `ECDSA_SECP256R1_SHA256
  | `ECDSA_SECP384R1_SHA384
  | `ECDSA_SECP521R1_SHA512
  | `ED25519
  | `RSA_PKCS1_MD5
  | `RSA_PKCS1_SHA1
  | `RSA_PKCS1_SHA224
  | `RSA_PKCS1_SHA256
  | `RSA_PKCS1_SHA384
  | `RSA_PKCS1_SHA512
  | `RSA_PSS_RSAENC_SHA256
  | `RSA_PSS_RSAENC_SHA384
  | `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ] ->
  bool

Sourcemodule Peer_name : sig ... end

Sourcetype client_extension = [

| `Hostname of Peer_name.t
| `MaxFragmentLength of Packet.max_fragment_length
| `SupportedGroups of Packet.named_group list
| `SecureRenegotiation of Cstruct_sexp.t
| `Padding of int
| `SignatureAlgorithms of signature_algorithm list
| `ExtendedMasterSecret
| `ALPN of string list
| `KeyShare of (Packet.named_group * Cstruct_sexp.t) list
| `EarlyDataIndication
| `PreSharedKeys of psk_identity list
| `SupportedVersions of tls_any_version list
| `PostHandshakeAuthentication
| `Cookie of Cstruct_sexp.t
| `PskKeyExchangeModes of Packet.psk_key_exchange_mode list
| `ECPointFormats
| `UnknownExtension of int * Cstruct_sexp.t

]

Sourceval sexp_of_client_extension : client_extension -> Sexplib0.Sexp.t

Sourcetype server13_extension = [

| `KeyShare of group * Cstruct_sexp.t
| `PreSharedKey of int
| `SelectedVersion of tls_version

]

Sourceval sexp_of_server13_extension : server13_extension -> Sexplib0.Sexp.t

Sourcetype server_extension = [

| server13_extension
| `Hostname
| `MaxFragmentLength of Packet.max_fragment_length
| `SecureRenegotiation of Cstruct_sexp.t
| `ExtendedMasterSecret
| `ALPN of string
| `ECPointFormats
| `UnknownExtension of int * Cstruct_sexp.t

]

Sourceval sexp_of_server_extension : server_extension -> Sexplib0.Sexp.t

Sourcetype encrypted_extension = [

| `Hostname
| `MaxFragmentLength of Packet.max_fragment_length
| `SupportedGroups of group list
| `ALPN of string
| `EarlyDataIndication
| `UnknownExtension of int * Cstruct_sexp.t

]

Sourceval sexp_of_encrypted_extension : encrypted_extension -> Sexplib0.Sexp.t

Sourcetype hello_retry_extension = [

| `SelectedGroup of group
| `Cookie of Cstruct_sexp.t
| `SelectedVersion of tls_version
| `UnknownExtension of int * Cstruct_sexp.t

]

Sourceval sexp_of_hello_retry_extension : hello_retry_extension -> Sexplib0.Sexp.t

Sourcetype client_hello = {

client_version : tls_any_version;
client_random : Cstruct_sexp.t;
sessionid : SessionID.t option;
ciphersuites : Packet.any_ciphersuite list;
extensions : client_extension list;

}

Sourceval sexp_of_client_hello : client_hello -> Sexplib0.Sexp.t

Sourcetype server_hello = {

server_version : tls_version;
server_random : Cstruct_sexp.t;
sessionid : SessionID.t option;
ciphersuite : Ciphersuite.ciphersuite;
extensions : server_extension list;

}

Sourceval sexp_of_server_hello : server_hello -> Sexplib0.Sexp.t

Sourcetype dh_parameters = {

dh_p : Cstruct_sexp.t;
dh_g : Cstruct_sexp.t;
dh_Ys : Cstruct_sexp.t;

}

Sourceval sexp_of_dh_parameters : dh_parameters -> Sexplib0.Sexp.t

Sourcetype hello_retry = {

retry_version : tls_version;
ciphersuite : Ciphersuite.ciphersuite13;
sessionid : SessionID.t option;
selected_group : group;
extensions : hello_retry_extension list;

}

Sourceval sexp_of_hello_retry : hello_retry -> Sexplib0.Sexp.t

Sourcetype session_ticket_extension = [

| `EarlyDataIndication of int32
| `UnknownExtension of int * Cstruct_sexp.t

]

Source

val sexp_of_session_ticket_extension : 
  session_ticket_extension ->
  Sexplib0.Sexp.t

Sourcetype session_ticket = {

lifetime : int32;
age_add : int32;
nonce : Cstruct_sexp.t;
ticket : Cstruct_sexp.t;
extensions : session_ticket_extension list;

}

Sourceval sexp_of_session_ticket : session_ticket -> Sexplib0.Sexp.t

Sourcetype certificate_request_extension = [

| `SignatureAlgorithms of signature_algorithm list
| `CertificateAuthorities of X509.Distinguished_name.t list
| `UnknownExtension of int * Cstruct_sexp.t

]

Sourcetype tls_handshake =

| HelloRequest
| HelloRetryRequest of hello_retry
| EncryptedExtensions of encrypted_extension list
| ServerHelloDone
| ClientHello of client_hello
| ServerHello of server_hello
| Certificate of Cstruct_sexp.t
| ServerKeyExchange of Cstruct_sexp.t
| CertificateRequest of Cstruct_sexp.t
| ClientKeyExchange of Cstruct_sexp.t
| CertificateVerify of Cstruct_sexp.t
| Finished of Cstruct_sexp.t
| SessionTicket of session_ticket
| KeyUpdate of Packet.key_update_request_type
| EndOfEarlyData

Sourceval sexp_of_tls_handshake : tls_handshake -> Sexplib0.Sexp.t

Sourcetype tls_alert = Packet.alert_level * Packet.alert_type

Sourceval sexp_of_tls_alert : tls_alert -> Sexplib0.Sexp.t

Sourcetype master_secret = Cstruct_sexp.t

the master secret of a TLS connection

Sourceval sexp_of_master_secret : master_secret -> Sexplib0.Sexp.t

Sourcemodule Cert : sig ... end

Sourcemodule Priv : sig ... end

Sourcemodule Ptime : sig ... end

Sourcetype psk13 = {

identifier : Cstruct_sexp.t;
obfuscation : int32;
secret : Cstruct_sexp.t;
lifetime : int32;
early_data : int32;
issued_at : Ptime.t;

}

Sourceval sexp_of_psk13 : psk13 -> Sexplib0.Sexp.t

Sourcetype epoch_state = [

| `ZeroRTT
| `Established

]

Sourceval sexp_of_epoch_state : epoch_state -> Sexplib0.Sexp.t

Sourcetype epoch_data = {

state : epoch_state;
protocol_version : tls_version;
ciphersuite : Ciphersuite.ciphersuite;
peer_random : Cstruct_sexp.t;
peer_certificate_chain : Cert.t list;
peer_certificate : Cert.t option;
peer_name : Peer_name.t option;
trust_anchor : Cert.t option;
received_certificates : Cert.t list;
own_random : Cstruct_sexp.t;
own_certificate : Cert.t list;
own_private_key : Priv.t option;
own_name : Peer_name.t option;
master_secret : master_secret;
session_id : SessionID.t;
extended_ms : bool;
alpn_protocol : string option;

}

information about an open session

Sourceval sexp_of_epoch_data : epoch_data -> Sexplib0.Sexp.t

Source

val supports_key_usage : 
  ?not_present:bool ->
  X509.Extension.key_usage ->
  X509.Certificate.t ->
  bool

Source

val supports_extended_key_usage : 
  ?not_present:bool ->
  X509.Extension.extended_key_usage ->
  X509.Certificate.t ->
  bool

Install

dune-project
Dependency

Authors

Maintainers

Sources

doc/tls/Tls/Core/index.html

Module `Tls.Core`Source

package tls

Install

dune-project Dependency

Authors

Maintainers

Sources

doc/tls/Tls/Core/index.html

Module Tls.CoreSource

dune-project
Dependency

Module `Tls.Core`Source