package tls

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

Ciphersuite definitions and some helper functions.

type key_exchange_algorithm =
  1. | RSA
  2. | DHE_RSA

sum type of all possible key exchange methods

val key_exchange_algorithm_of_sexp : Sexplib.Sexp.t -> key_exchange_algorithm
val sexp_of_key_exchange_algorithm : key_exchange_algorithm -> Sexplib.Sexp.t
val needs_certificate : key_exchange_algorithm -> bool

needs_certificate kex is a predicate which is true if the kex requires a server certificate

val needs_server_kex : key_exchange_algorithm -> bool

needs_server_kex kex is a predicate which is true if the kex requires a server key exchange messag

val required_keytype_and_usage : key_exchange_algorithm -> [> `RSA ] * [> `Digital_signature | `Key_encipherment ]

required_keytype_and_usage kex is (keytype, usage) which a certificate must have if it is used in the given kex method

type stream_cipher =
  1. | RC4_128
val stream_cipher_of_sexp : Sexplib.Sexp.t -> stream_cipher
val sexp_of_stream_cipher : stream_cipher -> Sexplib.Sexp.t
type block_cipher =
  1. | TRIPLE_DES_EDE_CBC
  2. | AES_128_CBC
  3. | AES_256_CBC
val block_cipher_of_sexp : Sexplib.Sexp.t -> block_cipher
val sexp_of_block_cipher : block_cipher -> Sexplib.Sexp.t
type aead_cipher =
  1. | AES_128_CCM
  2. | AES_256_CCM
  3. | AES_128_GCM
  4. | AES_256_GCM
val aead_cipher_of_sexp : Sexplib.Sexp.t -> aead_cipher
val sexp_of_aead_cipher : aead_cipher -> Sexplib.Sexp.t
type payload_protection =
  1. | Stream of stream_cipher * Nocrypto.Hash.hash
  2. | Block of block_cipher * Nocrypto.Hash.hash
  3. | AEAD of aead_cipher
val payload_protection_of_sexp : Sexplib.Sexp.t -> payload_protection
val sexp_of_payload_protection : payload_protection -> Sexplib.Sexp.t
val key_length : unit option -> payload_protection -> int * int * int

key_length iv payload_protection is (key size, IV size, mac size) where key IV, and mac sizes are the required bytes for the given payload_protection

type ciphersuite = [
  1. | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  2. | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  3. | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  4. | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  5. | `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  6. | `TLS_RSA_WITH_AES_256_CBC_SHA256
  7. | `TLS_RSA_WITH_AES_128_CBC_SHA256
  8. | `TLS_RSA_WITH_AES_256_CBC_SHA
  9. | `TLS_RSA_WITH_AES_128_CBC_SHA
  10. | `TLS_RSA_WITH_3DES_EDE_CBC_SHA
  11. | `TLS_RSA_WITH_RC4_128_SHA
  12. | `TLS_RSA_WITH_RC4_128_MD5
  13. | `TLS_RSA_WITH_AES_128_GCM_SHA256
  14. | `TLS_RSA_WITH_AES_256_GCM_SHA384
  15. | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  16. | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  17. | `TLS_DHE_RSA_WITH_AES_256_CCM
  18. | `TLS_DHE_RSA_WITH_AES_128_CCM
  19. | `TLS_RSA_WITH_AES_256_CCM
  20. | `TLS_RSA_WITH_AES_128_CCM
]
val __ciphersuite_of_sexp__ : Sexplib.Sexp.t -> ciphersuite
val ciphersuite_of_sexp : Sexplib.Sexp.t -> ciphersuite
val sexp_of_ciphersuite : ciphersuite -> Sexplib.Sexp.t
val any_ciphersuite_to_ciphersuite : Packet.any_ciphersuite -> [> `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] option
val ciphersuite_to_any_ciphersuite : [< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] -> Packet.any_ciphersuite
val ciphersuite_to_string : [< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] -> string
val get_kex_privprot : [< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] -> key_exchange_algorithm * payload_protection

get_kex_privprot ciphersuite is (kex, privacy_protection) where it dissects the ciphersuite into a pair containing the key exchange method kex, and its privacy_protection

val ciphersuite_kex : [< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] -> key_exchange_algorithm

ciphersuite_kex ciphersuite is kex, first projection of get_kex_privprot

val ciphersuite_privprot : [< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] -> payload_protection

ciphersuite_privprot ciphersuite is privprot, second projection of get_kex_privprot

val ciphersuite_fs : [< `TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA | `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_3DES_EDE_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_RC4_128_MD5 | `TLS_RSA_WITH_RC4_128_SHA ] -> bool
val ciphersuite_tls12_only : [> `TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_128_CCM | `TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | `TLS_DHE_RSA_WITH_AES_256_CCM | `TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | `TLS_RSA_WITH_AES_128_CBC_SHA256 | `TLS_RSA_WITH_AES_128_CCM | `TLS_RSA_WITH_AES_128_GCM_SHA256 | `TLS_RSA_WITH_AES_256_CBC_SHA256 | `TLS_RSA_WITH_AES_256_CCM | `TLS_RSA_WITH_AES_256_GCM_SHA384 ] -> bool
OCaml

Innovation. Community. Security.