package tls

  1. Overview
  2. Docs
type hmac_key = Cstruct.t
type 'k stream_state = {
  1. cipher : (module Mirage_crypto.Cipher_stream.S with type key = 'k);
  2. cipher_secret : 'k;
  3. hmac : Mirage_crypto.Hash.hash;
  4. hmac_secret : hmac_key;
}
type iv_mode =
  1. | Iv of Cstruct_sexp.t
  2. | Random_iv
val iv_mode_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> iv_mode
val sexp_of_iv_mode : iv_mode -> Ppx_sexp_conv_lib.Sexp.t
type 'k cbc_cipher = (module Mirage_crypto.Cipher_block.S.CBC with type key = 'k)
type 'k cbc_state = {
  1. cipher : 'k cbc_cipher;
  2. cipher_secret : 'k;
  3. iv_mode : iv_mode;
  4. hmac : Mirage_crypto.Hash.hash;
  5. hmac_secret : hmac_key;
}
type nonce = Cstruct.t
type 'k aead_cipher =
  1. | CCM of (module Mirage_crypto.Cipher_block.S.CCM with type key = 'k)
  2. | GCM of (module Mirage_crypto.Cipher_block.S.GCM with type key = 'k)
type 'k aead_state = {
  1. cipher : 'k aead_cipher;
  2. cipher_secret : 'k;
  3. nonce : nonce;
}
type cipher_st =
  1. | Stream : 'k stream_state -> cipher_st
  2. | CBC : 'k cbc_state -> cipher_st
  3. | AEAD : 'k aead_state -> cipher_st
val sexp_of_cipher_st : cipher_st -> Sexplib.Sexp.t
val cipher_st_of_sexp : Sexplib0.Sexp.t -> 'a
type crypto_context = {
  1. sequence : int64;
  2. cipher_st : cipher_st;
}
val crypto_context_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> crypto_context
val sexp_of_crypto_context : crypto_context -> Ppx_sexp_conv_lib.Sexp.t
type hs_log = Cstruct_sexp.t list
val hs_log_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> hs_log
val sexp_of_hs_log : hs_log -> Ppx_sexp_conv_lib.Sexp.t
type reneg_params = Cstruct_sexp.t * Cstruct_sexp.t
val reneg_params_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> reneg_params
val sexp_of_reneg_params : reneg_params -> Ppx_sexp_conv_lib.Sexp.t
type session_data = {
  1. server_random : Cstruct_sexp.t;
  2. client_random : Cstruct_sexp.t;
  3. client_version : Core.tls_any_version;
  4. ciphersuite : Ciphersuite.ciphersuite;
  5. peer_certificate_chain : Core.Cert.t list;
  6. peer_certificate : Core.Cert.t option;
  7. trust_anchor : Core.Cert.t option;
  8. received_certificates : Core.Cert.t list;
  9. own_certificate : Core.Cert.t list;
  10. own_private_key : Mirage_crypto_pk.Rsa.priv option;
  11. master_secret : Core.master_secret;
  12. renegotiation : reneg_params;
  13. own_name : string option;
  14. client_auth : bool;
  15. session_id : Cstruct_sexp.t;
  16. extended_ms : bool;
  17. alpn_protocol : string option;
}
val session_data_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> session_data
val sexp_of_session_data : session_data -> Ppx_sexp_conv_lib.Sexp.t
type server_handshake_state =
  1. | AwaitClientHello
  2. | AwaitClientHelloRenegotiate
  3. | AwaitClientCertificate_RSA of session_data * hs_log
  4. | AwaitClientCertificate_DHE_RSA of session_data * Mirage_crypto_pk.Dh.secret * hs_log
  5. | AwaitClientKeyExchange_RSA of session_data * hs_log
  6. | AwaitClientKeyExchange_DHE_RSA of session_data * Mirage_crypto_pk.Dh.secret * hs_log
  7. | AwaitClientCertificateVerify of session_data * crypto_context * crypto_context * hs_log
  8. | AwaitClientChangeCipherSpec of session_data * crypto_context * crypto_context * hs_log
  9. | AwaitClientChangeCipherSpecResume of session_data * crypto_context * Cstruct_sexp.t * hs_log
  10. | AwaitClientFinished of session_data * hs_log
  11. | AwaitClientFinishedResume of session_data * Cstruct_sexp.t * hs_log
  12. | Established
val server_handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> server_handshake_state
val sexp_of_server_handshake_state : server_handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type client_handshake_state =
  1. | ClientInitial
  2. | AwaitServerHello of Core.client_hello * hs_log
  3. | AwaitServerHelloRenegotiate of session_data * Core.client_hello * hs_log
  4. | AwaitCertificate_RSA of session_data * hs_log
  5. | AwaitCertificate_DHE_RSA of session_data * hs_log
  6. | AwaitServerKeyExchange_DHE_RSA of session_data * hs_log
  7. | AwaitCertificateRequestOrServerHelloDone of session_data * Cstruct_sexp.t * Cstruct_sexp.t * hs_log
  8. | AwaitServerHelloDone of session_data * (Ciphersuite.H.t * Packet.signature_algorithm_type) list option * Cstruct_sexp.t * Cstruct_sexp.t * hs_log
  9. | AwaitServerChangeCipherSpec of session_data * crypto_context * Cstruct_sexp.t * hs_log
  10. | AwaitServerChangeCipherSpecResume of session_data * crypto_context * crypto_context * hs_log
  11. | AwaitServerFinished of session_data * Cstruct_sexp.t * hs_log
  12. | AwaitServerFinishedResume of session_data * hs_log
  13. | Established
val client_handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> client_handshake_state
val sexp_of_client_handshake_state : client_handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type handshake_machina_state =
  1. | Client of client_handshake_state
  2. | Server of server_handshake_state
val handshake_machina_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> handshake_machina_state
val sexp_of_handshake_machina_state : handshake_machina_state -> Ppx_sexp_conv_lib.Sexp.t
type handshake_state = {
  1. session : session_data list;
  2. protocol_version : Core.tls_version;
  3. machina : handshake_machina_state;
  4. config : Config.config;
  5. hs_fragment : Cstruct_sexp.t;
}
val handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> handshake_state
val sexp_of_handshake_state : handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type crypto_state = crypto_context option
val crypto_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> crypto_state
val sexp_of_crypto_state : crypto_state -> Ppx_sexp_conv_lib.Sexp.t
val record_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> record
val sexp_of_record : record -> Ppx_sexp_conv_lib.Sexp.t
type rec_resp = [
  1. | `Change_enc of crypto_state
  2. | `Change_dec of crypto_state
  3. | `Record of record
]
type handshake_return = handshake_state * rec_resp list
type state = {
  1. handshake : handshake_state;
  2. decryptor : crypto_state;
  3. encryptor : crypto_state;
  4. fragment : Cstruct_sexp.t;
}
val state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> state
val sexp_of_state : state -> Ppx_sexp_conv_lib.Sexp.t
module V_err : sig ... end
type error = [
  1. | `AuthenticationFailure of V_err.t
  2. | `NoConfiguredCiphersuite of Ciphersuite.ciphersuite list
  3. | `NoConfiguredVersion of Core.tls_version
  4. | `NoConfiguredHash of Ciphersuite.H.t list
  5. | `NoMatchingCertificateFound of string
  6. | `NoCertificateConfigured
  7. | `CouldntSelectCertificate
]
val __error_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> error
val error_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> error
val sexp_of_error : error -> Ppx_sexp_conv_lib.Sexp.t
type fatal = [
  1. | `NoSecureRenegotiation
  2. | `NoCiphersuite of Packet.any_ciphersuite list
  3. | `NoVersion of Core.tls_any_version
  4. | `ReaderError of Reader.error
  5. | `NoCertificateReceived
  6. | `NotRSACertificate
  7. | `NotRSASignature
  8. | `KeyTooSmall
  9. | `RSASignatureMismatch
  10. | `RSASignatureVerificationFailed
  11. | `HashAlgorithmMismatch
  12. | `BadCertificateChain
  13. | `MACMismatch
  14. | `MACUnderflow
  15. | `RecordOverflow of int
  16. | `UnknownRecordVersion of int * int
  17. | `UnknownContentType of int
  18. | `CannotHandleApplicationDataYet
  19. | `NoHeartbeat
  20. | `BadRecordVersion of Core.tls_any_version
  21. | `BadFinished
  22. | `HandshakeFragmentsNotEmpty
  23. | `InvalidDH
  24. | `InvalidRenegotiation
  25. | `InvalidClientHello
  26. | `InvalidServerHello
  27. | `InvalidRenegotiationVersion of Core.tls_version
  28. | `InappropriateFallback
  29. | `UnexpectedCCS
  30. | `UnexpectedHandshake of Core.tls_handshake
  31. | `InvalidCertificateUsage
  32. | `InvalidCertificateExtendedUsage
  33. | `InvalidSession
  34. | `NoApplicationProtocol
]
val __fatal_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> fatal
val fatal_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> fatal
val sexp_of_fatal : fatal -> Ppx_sexp_conv_lib.Sexp.t
type failure = [
  1. | `Error of error
  2. | `Fatal of fatal
]
val __failure_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> failure
val failure_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> failure
val sexp_of_failure : failure -> Ppx_sexp_conv_lib.Sexp.t
include sig ... end
type err = failure
type !'a t = ('a, failure) result
val fail : err -> 'a t
val is_success : 'a t -> bool
val is_error : 'a t -> bool
val return : 'a -> 'a t
val bind : 'a t -> ('a -> 'b t) -> 'b t
val (>>=) : 'a t -> ('a -> 'b t) -> 'b t
val (>|=) : 'a t -> ('a -> 'b) -> 'b t
val map : ('a -> 'b) -> 'a t -> 'b t
val sequence : 'a t list -> 'a list t
val sequence_ : 'a t list -> unit t
val mapM : ('a -> 'b t) -> 'a list -> 'b list t
val mapM_ : ('a -> 'b t) -> 'a list -> unit t
val foldM : ('a -> 'b -> 'a t) -> 'a -> 'b list -> 'a t
val guard : bool -> err -> unit t
val or_else : 'a t -> 'a -> 'a
val or_else_f : 'a t -> ('b -> 'a) -> 'b -> 'a
type 'a eff = 'a t
OCaml

Innovation. Community. Security.

GitHub Discord Twitter Peertube RSS
About
Changelog Releases Industrial Users Academic Users Why OCaml
Ecosystem
Packages Community Events OCaml Planet Jobs
Resources
Install OCaml Get Started Platform Tools Language Manual Standard Library API Books Exercises Papers OCaml Playground Logo
Policies
Carbon Footprint Governance Privacy Code of Conduct