package tls
Library
Module
Module type
Parameter
Class
Class type
Ciphersuite definitions and some helper functions.
val key_exchange_algorithm_of_sexp : Sexplib.Sexp.t -> key_exchange_algorithm
val sexp_of_key_exchange_algorithm : key_exchange_algorithm -> Sexplib.Sexp.t
val needs_certificate : key_exchange_algorithm -> bool
needs_certificate kex
is a predicate which is true if the kex
requires a server certificate
val needs_server_kex : key_exchange_algorithm -> bool
needs_server_kex kex
is a predicate which is true if the kex
requires a server key exchange messag
val required_keytype_and_usage :
key_exchange_algorithm ->
[> `RSA ] * [> `Digital_signature | `Key_encipherment ]
required_keytype_and_usage kex
is (keytype, usage)
which a certificate must have if it is used in the given kex
method
val stream_cipher_of_sexp : Sexplib.Sexp.t -> stream_cipher
val sexp_of_stream_cipher : stream_cipher -> Sexplib.Sexp.t
val block_cipher_of_sexp : Sexplib.Sexp.t -> block_cipher
val sexp_of_block_cipher : block_cipher -> Sexplib.Sexp.t
val aead_cipher_of_sexp : Sexplib.Sexp.t -> aead_cipher
val sexp_of_aead_cipher : aead_cipher -> Sexplib.Sexp.t
type payload_protection =
| Stream of stream_cipher * Nocrypto.Hash.hash
| Block of block_cipher * Nocrypto.Hash.hash
| AEAD of aead_cipher
val payload_protection_of_sexp : Sexplib.Sexp.t -> payload_protection
val sexp_of_payload_protection : payload_protection -> Sexplib.Sexp.t
val key_length : unit option -> payload_protection -> int * int * int
key_length iv payload_protection
is (key size, IV size, mac size)
where key IV, and mac sizes are the required bytes for the given payload_protection
type ciphersuite = [
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_RC4_128_SHA
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_128_CCM
]
val __ciphersuite_of_sexp__ : Sexplib.Sexp.t -> ciphersuite
val ciphersuite_of_sexp : Sexplib.Sexp.t -> ciphersuite
val sexp_of_ciphersuite : ciphersuite -> Sexplib.Sexp.t
val any_ciphersuite_to_ciphersuite :
Packet.any_ciphersuite ->
[> `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_RC4_128_SHA ]
option
val ciphersuite_to_any_ciphersuite :
[< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_RC4_128_SHA ] ->
Packet.any_ciphersuite
val ciphersuite_to_string :
[< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_RC4_128_SHA ] ->
string
val get_kex_privprot :
[< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_RC4_128_SHA ] ->
key_exchange_algorithm * payload_protection
get_kex_privprot ciphersuite
is (kex, privacy_protection)
where it dissects the ciphersuite
into a pair containing the key exchange method kex
, and its privacy_protection
val ciphersuite_kex :
[< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_RC4_128_SHA ] ->
key_exchange_algorithm
ciphersuite_kex ciphersuite
is kex
, first projection of get_kex_privprot
val ciphersuite_privprot :
[< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_RC4_128_SHA ] ->
payload_protection
ciphersuite_privprot ciphersuite
is privprot
, second projection of get_kex_privprot
val ciphersuite_fs :
[< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_3DES_EDE_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_RC4_128_MD5
| `TLS_RSA_WITH_RC4_128_SHA ] ->
bool
val ciphersuite_tls12_only :
[> `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_128_CCM
| `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
| `TLS_DHE_RSA_WITH_AES_256_CCM
| `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
| `TLS_RSA_WITH_AES_128_CBC_SHA256
| `TLS_RSA_WITH_AES_128_CCM
| `TLS_RSA_WITH_AES_128_GCM_SHA256
| `TLS_RSA_WITH_AES_256_CBC_SHA256
| `TLS_RSA_WITH_AES_256_CCM
| `TLS_RSA_WITH_AES_256_GCM_SHA384 ] ->
bool