tls

Transport Layer Security purely in OCaml
Library tls
val answer_client_hello : hrr:bool -> State.handshake_state -> Core.client_hello -> Cstruct.t -> ( State.handshake_state * [> `Change_dec of State.crypto_context | `Change_enc of State.crypto_context | `Record of Packet.content_type * Cstruct.t ] list, [> `Error of [> `CouldntSelectCertificate | `NoCertificateConfigured | `NoConfiguredCiphersuite of [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] list | `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list | `NoMatchingCertificateFound of string ] | `Fatal of [> `BadECDH of Mirage_crypto_ec.error | `HandshakeFragmentsNotEmpty | `InvalidClientHello of [> `EmptyCiphersuites | `Has0rttAfterHRR | `HasSignatureAlgorithmsExtension | `NoCookie | `NoGoodSignatureAlgorithms of Core.signature_algorithm list | `NoKeyShareExtension | `NoSignatureAlgorithmsExtension | `NoSupportedCiphersuite of Packet.any_ciphersuite list | `NoSupportedGroupExtension | `NotSetExtension of Core.client_extension list | `NotSetKeyShare of (Packet.named_group * Cstruct_sexp.t) list | `NotSetSupportedGroup of Packet.named_group list | `NotSubsetKeyShareSupportedGroup of Packet.named_group list * (Packet.named_group * Cstruct_sexp.t) list ] | `InvalidDH | `InvalidSession | `KeyTooSmall | `NoApplicationProtocol | `NoSupportedGroup | `SigningFailed of string ] ] ) result
val answer_client_certificate : State.handshake_state -> Cstruct.t -> State.session_data13 -> Cstruct_sexp.t -> State.crypto_context -> Core.session_ticket option -> Cstruct.t -> Cstruct.t -> ( State.handshake_state * 'a list, [> `Error of [> `AuthenticationFailure of X509.Validation.validation_error ] | `Fatal of [> `BadCertificateChain | `InvalidSession | `KeyTooSmall | `ReaderError of Reader.error ] ] ) result
val answer_client_certificate_verify : State.handshake_state -> Cstruct.t -> State.session_data13 -> Cstruct_sexp.t -> State.crypto_context -> Core.session_ticket option -> Cstruct.t -> Cstruct.t -> ( State.handshake_state * 'a list, [> `Error of [> `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list ] | `Fatal of [> `NoCertificateReceived | `ReaderError of Reader.error | `SignatureVerificationFailed of string ] ] ) result
val answer_client_finished : State.handshake_state -> Cstruct.t -> Cstruct.t -> 'a -> Core.session_ticket option -> Cstruct.t -> Cstruct.t -> ( State.handshake_state * [> `Change_dec of 'a ] list, [> `Fatal of [> `BadFinished | `HandshakeFragmentsNotEmpty | `InvalidSession ] ] ) result
val handle_end_of_early_data : State.handshake_state -> Cstruct_sexp.t -> 'a -> State.crypto_context -> Core.session_ticket option -> Cstruct.t -> Cstruct.t -> ( State.handshake_state * [> `Change_dec of 'a ] list, [> `Fatal of [> `InvalidSession ] ] ) result
val handle_key_update : State.handshake_state -> Packet.key_update_request_type -> ( State.handshake_state * [> `Change_dec of State.crypto_context | `Change_enc of State.crypto_context | `Record of Packet.content_type * Cstruct.t ] list, [> `Fatal of [> `HandshakeFragmentsNotEmpty | `InvalidSession ] ] ) result
val handle_handshake : State.server13_handshake_state -> State.handshake_state -> Cstruct.t -> ( State.handshake_state * [> `Change_dec of State.crypto_context | `Change_enc of State.crypto_context | `Record of Packet.content_type * Cstruct.t ] list, [> `Error of [> `AuthenticationFailure of X509.Validation.validation_error | `CouldntSelectCertificate | `NoCertificateConfigured | `NoConfiguredCiphersuite of [> `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 | `CHACHA20_POLY1305_SHA256 ] list | `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list | `NoMatchingCertificateFound of string ] | `Fatal of [> `BadCertificateChain | `BadECDH of Mirage_crypto_ec.error | `BadFinished | `HandshakeFragmentsNotEmpty | `InvalidClientHello of [> `EmptyCiphersuites | `Has0rttAfterHRR | `HasSignatureAlgorithmsExtension | `NoCookie | `NoGoodSignatureAlgorithms of Core.signature_algorithm list | `NoKeyShareExtension | `NoSignatureAlgorithmsExtension | `NoSupportedCiphersuite of Packet.any_ciphersuite list | `NoSupportedGroupExtension | `NotSetExtension of Core.client_extension list | `NotSetKeyShare of (Packet.named_group * Cstruct_sexp.t) list | `NotSetSupportedGroup of Packet.named_group list | `NotSubsetKeyShareSupportedGroup of Packet.named_group list * (Packet.named_group * Cstruct_sexp.t) list ] | `InvalidDH | `InvalidSession | `KeyTooSmall | `NoApplicationProtocol | `NoCertificateReceived | `NoSupportedGroup | `ReaderError of Reader.error | `SignatureVerificationFailed of string | `SigningFailed of string | `UnexpectedHandshake of Core.tls_handshake ] ] ) result