diff --git a/doc/index.html b/doc/index.html index 4de40bf7..2d0054cf 100644 --- a/doc/index.html +++ b/doc/index.html @@ -2,7 +2,7 @@ index - + @@ -11,10 +11,10 @@

OCaml package documentation

    -
  1. tls 0.17.1
    2. -
  2. tls-async 0.17.1
    3. -
  3. tls-lwt 0.17.1
    4. -
  4. tls-mirage 0.17.1
    5. +
  5. tls 0.17.3
    6. +
  6. tls-async 0.17.3
    7. +
  7. tls-lwt 0.17.3
    8. +
  8. tls-mirage 0.17.3
diff --git a/doc/_odoc_support/fonts/KaTeX_AMS-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_AMS-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_AMS-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_AMS-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Caligraphic-Bold.woff2 b/doc/odoc.support/fonts/KaTeX_Caligraphic-Bold.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Caligraphic-Bold.woff2 rename to doc/odoc.support/fonts/KaTeX_Caligraphic-Bold.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Caligraphic-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Caligraphic-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Caligraphic-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Caligraphic-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Fraktur-Bold.woff2 b/doc/odoc.support/fonts/KaTeX_Fraktur-Bold.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Fraktur-Bold.woff2 rename to doc/odoc.support/fonts/KaTeX_Fraktur-Bold.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Fraktur-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Fraktur-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Fraktur-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Fraktur-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Main-Bold.woff2 b/doc/odoc.support/fonts/KaTeX_Main-Bold.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Main-Bold.woff2 rename to doc/odoc.support/fonts/KaTeX_Main-Bold.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Main-BoldItalic.woff2 b/doc/odoc.support/fonts/KaTeX_Main-BoldItalic.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Main-BoldItalic.woff2 rename to doc/odoc.support/fonts/KaTeX_Main-BoldItalic.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Main-Italic.woff2 b/doc/odoc.support/fonts/KaTeX_Main-Italic.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Main-Italic.woff2 rename to doc/odoc.support/fonts/KaTeX_Main-Italic.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Main-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Main-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Main-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Main-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Math-BoldItalic.woff2 b/doc/odoc.support/fonts/KaTeX_Math-BoldItalic.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Math-BoldItalic.woff2 rename to doc/odoc.support/fonts/KaTeX_Math-BoldItalic.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Math-Italic.woff2 b/doc/odoc.support/fonts/KaTeX_Math-Italic.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Math-Italic.woff2 rename to doc/odoc.support/fonts/KaTeX_Math-Italic.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_SansSerif-Bold.woff2 b/doc/odoc.support/fonts/KaTeX_SansSerif-Bold.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_SansSerif-Bold.woff2 rename to doc/odoc.support/fonts/KaTeX_SansSerif-Bold.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_SansSerif-Italic.woff2 b/doc/odoc.support/fonts/KaTeX_SansSerif-Italic.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_SansSerif-Italic.woff2 rename to doc/odoc.support/fonts/KaTeX_SansSerif-Italic.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_SansSerif-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_SansSerif-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_SansSerif-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_SansSerif-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Script-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Script-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Script-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Script-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Size1-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Size1-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Size1-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Size1-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Size2-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Size2-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Size2-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Size2-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Size3-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Size3-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Size3-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Size3-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Size4-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Size4-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Size4-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Size4-Regular.woff2 diff --git a/doc/_odoc_support/fonts/KaTeX_Typewriter-Regular.woff2 b/doc/odoc.support/fonts/KaTeX_Typewriter-Regular.woff2 similarity index 100% rename from doc/_odoc_support/fonts/KaTeX_Typewriter-Regular.woff2 rename to doc/odoc.support/fonts/KaTeX_Typewriter-Regular.woff2 diff --git a/doc/_odoc_support/highlight.pack.js b/doc/odoc.support/highlight.pack.js similarity index 100% rename from doc/_odoc_support/highlight.pack.js rename to doc/odoc.support/highlight.pack.js diff --git a/doc/_odoc_support/katex.min.css b/doc/odoc.support/katex.min.css similarity index 100% rename from doc/_odoc_support/katex.min.css rename to doc/odoc.support/katex.min.css diff --git a/doc/_odoc_support/katex.min.js b/doc/odoc.support/katex.min.js similarity index 100% rename from doc/_odoc_support/katex.min.js rename to doc/odoc.support/katex.min.js diff --git a/doc/_odoc_support/odoc.css b/doc/odoc.support/odoc.css similarity index 100% rename from doc/_odoc_support/odoc.css rename to doc/odoc.support/odoc.css diff --git a/doc/tls-async/Tls_async/.dummy b/doc/tls-async/Tls_async/.dummy deleted file mode 100644 index e69de29b..00000000 diff --git a/doc/tls-async/Tls_async/Session/Fd/index.html b/doc/tls-async/Tls_async/Session/Fd/index.html index 65072049..5f0c41f2 100644 --- a/doc/tls-async/Tls_async/Session/Fd/index.html +++ b/doc/tls-async/Tls_async/Session/Fd/index.html @@ -1,2 +1,2 @@ -Fd (tls-async.Tls_async.Session.Fd)

Module Session.Fd

type t = Async.Reader.t * Async.Writer.t
val read : t -> Cstruct.t -> [ `Ok of int | `Eof ] Async.Deferred.Or_error.t
val write_full : t -> Cstruct.t -> unit Async.Deferred.Or_error.t
\ No newline at end of file +Fd (tls-async.Tls_async.Session.Fd)

Module Session.Fd

type t = Async.Reader.t * Async.Writer.t
val read : t -> Cstruct.t -> [ `Ok of int | `Eof ] Async.Deferred.Or_error.t
val write_full : t -> Cstruct.t -> unit Async.Deferred.Or_error.t
\ No newline at end of file diff --git a/doc/tls-async/Tls_async/Session/index.html b/doc/tls-async/Tls_async/Session/index.html index bf9253a8..ee9d2ced 100644 --- a/doc/tls-async/Tls_async/Session/index.html +++ b/doc/tls-async/Tls_async/Session/index.html @@ -1,5 +1,5 @@ -Session (tls-async.Tls_async.Session)

Module Tls_async.Session

Low-level API for working with TLS sessions. Most applications should use the high-level API below

module Fd : sig ... end
type t

Abstract type of a session

Constructors

val server_of_fd : Tls.Config.server -> Fd.t -> t Async.Deferred.Or_error.t

server_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.

val client_of_fd : +Session (tls-async.Tls_async.Session)

Module Tls_async.Session

Low-level API for working with TLS sessions. Most applications should use the high-level API below

module Fd : sig ... end
type t

Abstract type of a session

Constructors

val server_of_fd : Tls.Config.server -> Fd.t -> t Async.Deferred.Or_error.t

server_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.

val client_of_fd : Tls.Config.client -> ?host:[ `host ] Domain_name.t -> Fd.t -> diff --git a/doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html b/doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html index 2a526063..13620b05 100644 --- a/doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html +++ b/doc/tls-async/Tls_async/X509_async/Authenticator/Param/index.html @@ -1,5 +1,5 @@ -Param (tls-async.Tls_async.X509_async.Authenticator.Param)

Module Authenticator.Param

type t
val ca_file : +Param (tls-async.Tls_async.X509_async.Authenticator.Param)

Module Authenticator.Param

type t
val ca_file : ?allowed_hashes:Mirage_crypto.Hash.hash list -> ?crls:Core.Filename.t -> Core.Filename.t -> diff --git a/doc/tls-async/Tls_async/X509_async/Authenticator/index.html b/doc/tls-async/Tls_async/X509_async/Authenticator/index.html index 551cdf3c..faaa8fab 100644 --- a/doc/tls-async/Tls_async/X509_async/Authenticator/index.html +++ b/doc/tls-async/Tls_async/X509_async/Authenticator/index.html @@ -1,5 +1,5 @@ -Authenticator (tls-async.Tls_async.X509_async.Authenticator)

Module X509_async.Authenticator

type t = +Authenticator (tls-async.Tls_async.X509_async.Authenticator)

Module X509_async.Authenticator

type t = ?ip:Ipaddr.t -> host:[ `host ] Domain_name.t option -> X509.Certificate.t list -> diff --git a/doc/tls-async/Tls_async/X509_async/CRL/index.html b/doc/tls-async/Tls_async/X509_async/CRL/index.html index 871605f3..25fbadfc 100644 --- a/doc/tls-async/Tls_async/X509_async/CRL/index.html +++ b/doc/tls-async/Tls_async/X509_async/CRL/index.html @@ -1,5 +1,5 @@ -CRL (tls-async.Tls_async.X509_async.CRL)

Module X509_async.CRL

type t = X509.CRL.t
val encode_der : t -> Cstruct.t
val issuer : t -> X509.Distinguished_name.t
val this_update : t -> Ptime.t
val next_update : t -> Ptime.t option
type revoked_cert = X509.CRL.revoked_cert = {
  1. serial : Z.t;
  2. date : Ptime.t;
  3. extensions : X509.Extension.t;
}
val reason : revoked_cert -> X509.Extension.reason option
val revoked_certificates : t -> revoked_cert list
val extensions : t -> X509.Extension.t
val crl_number : t -> int option
val signature_algorithm : +CRL (tls-async.Tls_async.X509_async.CRL)

Module X509_async.CRL

type t = X509.CRL.t
val encode_der : t -> Cstruct.t
val issuer : t -> X509.Distinguished_name.t
val this_update : t -> Ptime.t
val next_update : t -> Ptime.t option
type revoked_cert = X509.CRL.revoked_cert = {
  1. serial : Z.t;
  2. date : Ptime.t;
  3. extensions : X509.Extension.t;
}
val reason : revoked_cert -> X509.Extension.reason option
val revoked_certificates : t -> revoked_cert list
val extensions : t -> X509.Extension.t
val crl_number : t -> int option
val signature_algorithm : t -> (X509.Key_type.signature_scheme * Mirage_crypto.Hash.hash) option
val validate : t -> diff --git a/doc/tls-async/Tls_async/X509_async/Certificate/index.html b/doc/tls-async/Tls_async/X509_async/Certificate/index.html index 3643a4b5..487e7430 100644 --- a/doc/tls-async/Tls_async/X509_async/Certificate/index.html +++ b/doc/tls-async/Tls_async/X509_async/Certificate/index.html @@ -1,5 +1,5 @@ -Certificate (tls-async.Tls_async.X509_async.Certificate)

Module X509_async.Certificate

val decode_pkcs1_digest_info : +Certificate (tls-async.Tls_async.X509_async.Certificate)

Module X509_async.Certificate

val decode_pkcs1_digest_info : Cstruct.t -> (Mirage_crypto.Hash.hash * Cstruct.t, [> `Msg of string ]) Stdlib.result
val encode_pkcs1_digest_info : (Mirage_crypto.Hash.hash * Cstruct.t) -> diff --git a/doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html b/doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html index d2483d0a..31258d2f 100644 --- a/doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html +++ b/doc/tls-async/Tls_async/X509_async/Distinguished_name/index.html @@ -1,5 +1,5 @@ -Distinguished_name (tls-async.Tls_async.X509_async.Distinguished_name)

Module X509_async.Distinguished_name

type attribute = X509.Distinguished_name.attribute =
  1. | CN of string
  2. | Serialnumber of string
  3. | C of string
  4. | L of string
  5. | ST of string
  6. | O of string
  7. | OU of string
  8. | T of string
  9. | DNQ of string
  10. | Mail of string
  11. | DC of string
  12. | Given_name of string
  13. | Surname of string
  14. | Initials of string
  15. | Pseudonym of string
  16. | Generation of string
  17. | Street of string
  18. | Userid of string
  19. | Other of Asn.oid * string
module Relative_distinguished_name = +Distinguished_name (tls-async.Tls_async.X509_async.Distinguished_name)

Module X509_async.Distinguished_name

type attribute = X509.Distinguished_name.attribute =
  1. | CN of string
  2. | Serialnumber of string
  3. | C of string
  4. | L of string
  5. | ST of string
  6. | O of string
  7. | OU of string
  8. | T of string
  9. | DNQ of string
  10. | Mail of string
  11. | DC of string
  12. | Given_name of string
  13. | Surname of string
  14. | Initials of string
  15. | Pseudonym of string
  16. | Generation of string
  17. | Street of string
  18. | Userid of string
  19. | Other of Asn.oid * string
module Relative_distinguished_name = X509.Distinguished_name.Relative_distinguished_name
type t = Relative_distinguished_name.t list
val equal : t -> t -> bool
val make_pp : format:[ `OSF | `OpenSSL | `RFC4514 ] -> ?spacing:[ `Loose | `Medium | `Tight ] -> diff --git a/doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html b/doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html index f68a6e7d..31bf7d4b 100644 --- a/doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html +++ b/doc/tls-async/Tls_async/X509_async/OCSP/Request/index.html @@ -1,5 +1,5 @@ -Request (tls-async.Tls_async.X509_async.OCSP.Request)

Module OCSP.Request

type t = X509.OCSP.Request.t
val pp : t Fmt.t
val validate : +Request (tls-async.Tls_async.X509_async.OCSP.Request)

Module OCSP.Request

type t = X509.OCSP.Request.t
val pp : t Fmt.t
val validate : t -> ?allowed_hashes:Mirage_crypto.Hash.hash list -> X509.Public_key.t -> diff --git a/doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html b/doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html index dcc485a8..c6a315bc 100644 --- a/doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html +++ b/doc/tls-async/Tls_async/X509_async/OCSP/Response/index.html @@ -1,5 +1,5 @@ -Response (tls-async.Tls_async.X509_async.OCSP.Response)

Module OCSP.Response

type status = [
  1. | `InternalError
  2. | `MalformedRequest
  3. | `SigRequired
  4. | `Successful
  5. | `TryLater
  6. | `Unauthorized
]
val pp_status : status Fmt.t
type cert_status = [
  1. | `Good
  2. | `Revoked of Ptime.t * X509.Extension.reason option
  3. | `Unknown
]
val pp_cert_status : cert_status Fmt.t
type single_response = X509.OCSP.Response.single_response
val create_single_response : +Response (tls-async.Tls_async.X509_async.OCSP.Response)

Module OCSP.Response

type status = [
  1. | `InternalError
  2. | `MalformedRequest
  3. | `SigRequired
  4. | `Successful
  5. | `TryLater
  6. | `Unauthorized
]
val pp_status : status Fmt.t
type cert_status = [
  1. | `Good
  2. | `Revoked of Ptime.t * X509.Extension.reason option
  3. | `Unknown
]
val pp_cert_status : cert_status Fmt.t
type single_response = X509.OCSP.Response.single_response
val create_single_response : ?next_update:Ptime.t -> ?single_extensions:X509.Extension.t -> X509.OCSP.cert_id -> diff --git a/doc/tls-async/Tls_async/X509_async/OCSP/index.html b/doc/tls-async/Tls_async/X509_async/OCSP/index.html index e1c31efd..2dc37e54 100644 --- a/doc/tls-async/Tls_async/X509_async/OCSP/index.html +++ b/doc/tls-async/Tls_async/X509_async/OCSP/index.html @@ -1,5 +1,5 @@ -OCSP (tls-async.Tls_async.X509_async.OCSP)

Module X509_async.OCSP

type cert_id = X509.OCSP.cert_id
val create_cert_id : +OCSP (tls-async.Tls_async.X509_async.OCSP)

Module X509_async.OCSP

type cert_id = X509.OCSP.cert_id
val create_cert_id : ?hash:Mirage_crypto.Hash.hash -> X509.Certificate.t -> Z.t -> diff --git a/doc/tls-async/Tls_async/X509_async/PKCS12/index.html b/doc/tls-async/Tls_async/X509_async/PKCS12/index.html index 9e8079bd..9b7dcaa9 100644 --- a/doc/tls-async/Tls_async/X509_async/PKCS12/index.html +++ b/doc/tls-async/Tls_async/X509_async/PKCS12/index.html @@ -1,5 +1,5 @@ -PKCS12 (tls-async.Tls_async.X509_async.PKCS12)

Module X509_async.PKCS12

type t = X509.PKCS12.t
val encode_der : t -> Cstruct.t
val create : +PKCS12 (tls-async.Tls_async.X509_async.PKCS12)

Module X509_async.PKCS12

type t = X509.PKCS12.t
val encode_der : t -> Cstruct.t
val create : ?mac:[ `SHA1 | `SHA224 | `SHA256 | `SHA384 | `SHA512 ] -> ?algorithm:[ `AES128_CBC | `AES192_CBC | `AES256_CBC ] -> ?iterations:int -> diff --git a/doc/tls-async/Tls_async/X509_async/Private_key/index.html b/doc/tls-async/Tls_async/X509_async/Private_key/index.html index 99779410..5823fed5 100644 --- a/doc/tls-async/Tls_async/X509_async/Private_key/index.html +++ b/doc/tls-async/Tls_async/X509_async/Private_key/index.html @@ -1,5 +1,5 @@ -Private_key (tls-async.Tls_async.X509_async.Private_key)

Module X509_async.Private_key

type t = [
  1. | `ED25519 of Mirage_crypto_ec.Ed25519.priv
  2. | `P224 of Mirage_crypto_ec.P224.Dsa.priv
  3. | `P256 of Mirage_crypto_ec.P256.Dsa.priv
  4. | `P384 of Mirage_crypto_ec.P384.Dsa.priv
  5. | `P521 of Mirage_crypto_ec.P521.Dsa.priv
  6. | `RSA of Mirage_crypto_pk.Rsa.priv
]
val generate : ?seed:Cstruct.t -> ?bits:int -> X509.Key_type.t -> t
val of_cstruct : +Private_key (tls-async.Tls_async.X509_async.Private_key)

Module X509_async.Private_key

type t = [
  1. | `ED25519 of Mirage_crypto_ec.Ed25519.priv
  2. | `P224 of Mirage_crypto_ec.P224.Dsa.priv
  3. | `P256 of Mirage_crypto_ec.P256.Dsa.priv
  4. | `P384 of Mirage_crypto_ec.P384.Dsa.priv
  5. | `P521 of Mirage_crypto_ec.P521.Dsa.priv
  6. | `RSA of Mirage_crypto_pk.Rsa.priv
]
val generate : ?seed:Cstruct.t -> ?bits:int -> X509.Key_type.t -> t
val of_cstruct : Cstruct.t -> X509.Key_type.t -> (t, [> `Msg of string ]) Stdlib.result
val of_string : diff --git a/doc/tls-async/Tls_async/X509_async/Public_key/index.html b/doc/tls-async/Tls_async/X509_async/Public_key/index.html index c5d1832e..c7ece278 100644 --- a/doc/tls-async/Tls_async/X509_async/Public_key/index.html +++ b/doc/tls-async/Tls_async/X509_async/Public_key/index.html @@ -1,5 +1,5 @@ -Public_key (tls-async.Tls_async.X509_async.Public_key)

Module X509_async.Public_key

type t = [
  1. | `ED25519 of Mirage_crypto_ec.Ed25519.pub
  2. | `P224 of Mirage_crypto_ec.P224.Dsa.pub
  3. | `P256 of Mirage_crypto_ec.P256.Dsa.pub
  4. | `P384 of Mirage_crypto_ec.P384.Dsa.pub
  5. | `P521 of Mirage_crypto_ec.P521.Dsa.pub
  6. | `RSA of Mirage_crypto_pk.Rsa.pub
]
val pp : t Fmt.t
val id : t -> Cstruct.t
val fingerprint : ?hash:Mirage_crypto.Hash.hash -> t -> Cstruct.t
val key_type : t -> X509.Key_type.t
val encode_der : t -> Cstruct.t
val encode_pem : t -> Cstruct.t
val verify : +Public_key (tls-async.Tls_async.X509_async.Public_key)

Module X509_async.Public_key

type t = [
  1. | `ED25519 of Mirage_crypto_ec.Ed25519.pub
  2. | `P224 of Mirage_crypto_ec.P224.Dsa.pub
  3. | `P256 of Mirage_crypto_ec.P256.Dsa.pub
  4. | `P384 of Mirage_crypto_ec.P384.Dsa.pub
  5. | `P521 of Mirage_crypto_ec.P521.Dsa.pub
  6. | `RSA of Mirage_crypto_pk.Rsa.pub
]
val pp : t Fmt.t
val id : t -> Cstruct.t
val fingerprint : ?hash:Mirage_crypto.Hash.hash -> t -> Cstruct.t
val key_type : t -> X509.Key_type.t
val encode_der : t -> Cstruct.t
val encode_pem : t -> Cstruct.t
val verify : Mirage_crypto.Hash.hash -> ?scheme:Key_type.signature_scheme -> signature:string -> diff --git a/doc/tls-async/Tls_async/X509_async/Signing_request/index.html b/doc/tls-async/Tls_async/X509_async/Signing_request/index.html index 2a41c5ee..c42a1eaa 100644 --- a/doc/tls-async/Tls_async/X509_async/Signing_request/index.html +++ b/doc/tls-async/Tls_async/X509_async/Signing_request/index.html @@ -1,5 +1,5 @@ -Signing_request (tls-async.Tls_async.X509_async.Signing_request)

Module X509_async.Signing_request

type t = X509.Signing_request.t
val encode_der : t -> Cstruct.t
val encode_pem : t -> Cstruct.t
module Ext = X509.Signing_request.Ext
type request_info = X509.Signing_request.request_info = {
  1. subject : X509.Distinguished_name.t;
  2. public_key : X509.Public_key.t;
  3. extensions : Ext.t;
}
val info : t -> request_info
val signature_algorithm : +Signing_request (tls-async.Tls_async.X509_async.Signing_request)

Module X509_async.Signing_request

type t = X509.Signing_request.t
val encode_der : t -> Cstruct.t
val encode_pem : t -> Cstruct.t
module Ext = X509.Signing_request.Ext
type request_info = X509.Signing_request.request_info = {
  1. subject : X509.Distinguished_name.t;
  2. public_key : X509.Public_key.t;
  3. extensions : Ext.t;
}
val info : t -> request_info
val signature_algorithm : t -> (X509.Key_type.signature_scheme * Mirage_crypto.Hash.hash) option
val hostnames : t -> X509.Host.Set.t
val decode_der : ?allowed_hashes:Mirage_crypto.Hash.hash list -> diff --git a/doc/tls-async/Tls_async/X509_async/index.html b/doc/tls-async/Tls_async/X509_async/index.html index 3f6eeac7..d512ff68 100644 --- a/doc/tls-async/Tls_async/X509_async/index.html +++ b/doc/tls-async/Tls_async/X509_async/index.html @@ -1,2 +1,2 @@ -X509_async (tls-async.Tls_async.X509_async)

Module Tls_async.X509_async

Helper functions for Async_unix-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem

include module type of struct include X509 end
module Host = X509.Host
module Key_type = X509.Key_type
module General_name = X509.General_name
module Extension = X509.Extension
module Validation = X509.Validation
module Authenticator : sig ... end
module Private_key : sig ... end
module Public_key : sig ... end
module Certificate : sig ... end
module Distinguished_name : sig ... end
module CRL : sig ... end
module OCSP : sig ... end
module PKCS12 : sig ... end
module Signing_request : sig ... end
\ No newline at end of file +X509_async (tls-async.Tls_async.X509_async)

Module Tls_async.X509_async

Helper functions for Async_unix-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem

include module type of struct include X509 end
module Host = X509.Host
module Key_type = X509.Key_type
module General_name = X509.General_name
module Extension = X509.Extension
module Validation = X509.Validation
module Authenticator : sig ... end
module Private_key : sig ... end
module Public_key : sig ... end
module Certificate : sig ... end
module Distinguished_name : sig ... end
module CRL : sig ... end
module OCSP : sig ... end
module PKCS12 : sig ... end
module Signing_request : sig ... end
\ No newline at end of file diff --git a/doc/tls-async/Tls_async/index.html b/doc/tls-async/Tls_async/index.html index 2d424b2a..e33827d1 100644 --- a/doc/tls-async/Tls_async/index.html +++ b/doc/tls-async/Tls_async/index.html @@ -1,5 +1,5 @@ -Tls_async (tls-async.Tls_async)

Module Tls_async

module Session : sig ... end

Low-level API for working with TLS sessions. Most applications should use the high-level API below

module X509_async : sig ... end

Helper functions for Async_unix-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem

val listen : +Tls_async (tls-async.Tls_async)

Module Tls_async

module Session : sig ... end

Low-level API for working with TLS sessions. Most applications should use the high-level API below

module X509_async : sig ... end

Helper functions for Async_unix-specific IO operations commonly used with X509 certificates, such as loading from a Unix filesystem

val listen : ?buffer_age_limit:Async.Writer.buffer_age_limit -> ?max_connections:int -> ?max_accepts_per_batch:int -> diff --git a/doc/tls-async/index.html b/doc/tls-async/index.html index 5d16db1c..dc34ffe0 100644 --- a/doc/tls-async/index.html +++ b/doc/tls-async/index.html @@ -1,2 +1,2 @@ -index (tls-async.index)

tls-async index

Library tls-async

The entry point of this library is the module: Tls_async.

\ No newline at end of file +index (tls-async.index)

tls-async index

Library tls-async

The entry point of this library is the module: Tls_async.

\ No newline at end of file diff --git a/doc/tls-lwt/Tls_lwt/.dummy b/doc/tls-lwt/Tls_lwt/.dummy deleted file mode 100644 index e69de29b..00000000 diff --git a/doc/tls-lwt/Tls_lwt/Unix/index.html b/doc/tls-lwt/Tls_lwt/Unix/index.html index 21c27c64..3944e257 100644 --- a/doc/tls-lwt/Tls_lwt/Unix/index.html +++ b/doc/tls-lwt/Tls_lwt/Unix/index.html @@ -1,5 +1,5 @@ -Unix (tls-lwt.Tls_lwt.Unix)

Module Tls_lwt.Unix

Low-level API

Unix API

It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.

type t

Abstract type of a session

Constructors

val server_of_fd : Tls.Config.server -> Lwt_unix.file_descr -> t Lwt.t

server_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.

val client_of_fd : +Unix (tls-lwt.Tls_lwt.Unix)

Module Tls_lwt.Unix

Low-level API

Unix API

It is the responsibility of the client to handle error conditions. The underlying file descriptors are not closed.

type t

Abstract type of a session

Constructors

val server_of_fd : Tls.Config.server -> Lwt_unix.file_descr -> t Lwt.t

server_of_fd server fd is t, after server-side TLS handshake of fd using server configuration.

val client_of_fd : Tls.Config.client -> ?host:[ `host ] Domain_name.t -> Lwt_unix.file_descr -> diff --git a/doc/tls-lwt/Tls_lwt/index.html b/doc/tls-lwt/Tls_lwt/index.html index 9df8aa08..aeb2a488 100644 --- a/doc/tls-lwt/Tls_lwt/index.html +++ b/doc/tls-lwt/Tls_lwt/index.html @@ -1,5 +1,5 @@ -Tls_lwt (tls-lwt.Tls_lwt)

Module Tls_lwt

Effectful operations using Lwt for pure TLS.

The pure TLS is state and buffer in, state and buffer out. This module uses Lwt for communication over the network.

This module implements a high-level API and a low-level API (in Unix). Most applications should use the high-level API described below.

exception Tls_alert of Tls.Packet.alert_type

Tls_alert exception received from the other endpoint

exception Tls_failure of Tls.Engine.failure

Tls_failure exception while processing incoming data

module Unix : sig ... end

Low-level API

High-level API

type ic = Lwt_io.input_channel
type oc = Lwt_io.output_channel
val accept_ext : +Tls_lwt (tls-lwt.Tls_lwt)

Module Tls_lwt

Effectful operations using Lwt for pure TLS.

The pure TLS is state and buffer in, state and buffer out. This module uses Lwt for communication over the network.

This module implements a high-level API and a low-level API (in Unix). Most applications should use the high-level API described below.

exception Tls_alert of Tls.Packet.alert_type

Tls_alert exception received from the other endpoint

exception Tls_failure of Tls.Engine.failure

Tls_failure exception while processing incoming data

module Unix : sig ... end

Low-level API

High-level API

type ic = Lwt_io.input_channel
type oc = Lwt_io.output_channel
val accept_ext : Tls.Config.server -> Lwt_unix.file_descr -> ((ic * oc) * Lwt_unix.sockaddr) Lwt.t

accept_ext server fd is (ic, oc), sockaddr, the input and output channel from an accepted connection on the given fd, after upgrading to TLS using the server configuration.

val accept : diff --git a/doc/tls-lwt/X509_lwt/.dummy b/doc/tls-lwt/X509_lwt/.dummy deleted file mode 100644 index e69de29b..00000000 diff --git a/doc/tls-lwt/X509_lwt/index.html b/doc/tls-lwt/X509_lwt/index.html index cd5509b9..ffdcdeae 100644 --- a/doc/tls-lwt/X509_lwt/index.html +++ b/doc/tls-lwt/X509_lwt/index.html @@ -1,5 +1,5 @@ -X509_lwt (tls-lwt.X509_lwt)

Module X509_lwt

X.509 certificate handling using Lwt.

val private_of_pems : +X509_lwt (tls-lwt.X509_lwt)

Module X509_lwt

X.509 certificate handling using Lwt.

val private_of_pems : cert:Lwt_io.file_name -> priv_key:Lwt_io.file_name -> Tls.Config.certchain Lwt.t

private_of_pems ~cert ~priv_key is priv, after reading the private key and certificate chain from the given PEM-encoded files.

val certs_of_pem : Lwt_io.file_name -> X509.Certificate.t list Lwt.t

certs_of_pem file is certificates, which are read from the PEM-encoded file.

val certs_of_pem_dir : Lwt_io.file_name -> X509.Certificate.t list Lwt.t

certs_of_pem_dir dir is certificates, which are read from all PEM-encoded files in dir.

val authenticator : diff --git a/doc/tls-lwt/index.html b/doc/tls-lwt/index.html index e467aa92..c24e1f9f 100644 --- a/doc/tls-lwt/index.html +++ b/doc/tls-lwt/index.html @@ -1,2 +1,2 @@ -index (tls-lwt.index)

tls-lwt index

Library tls-lwt

This library exposes the following toplevel modules:

  • Tls_lwt Effectful operations using Lwt for pure TLS.
  • X509_lwt X.509 certificate handling using Lwt.
\ No newline at end of file +index (tls-lwt.index)

tls-lwt index

Library tls-lwt

This library exposes the following toplevel modules:

  • Tls_lwt Effectful operations using Lwt for pure TLS.
  • X509_lwt X.509 certificate handling using Lwt.
\ No newline at end of file diff --git a/doc/tls-mirage/Tls_mirage/.dummy b/doc/tls-mirage/Tls_mirage/.dummy deleted file mode 100644 index e69de29b..00000000 diff --git a/doc/tls-mirage/Tls_mirage/Make/index.html b/doc/tls-mirage/Tls_mirage/Make/index.html index bf44e822..bab07125 100644 --- a/doc/tls-mirage/Tls_mirage/Make/index.html +++ b/doc/tls-mirage/Tls_mirage/Make/index.html @@ -1,5 +1,5 @@ -Make (tls-mirage.Tls_mirage.Make)

Module Tls_mirage.Make

TLS module given a flow

Parameters

module F : Mirage_flow.S

Signature

module FLOW = F
type error = [
  1. | `Tls_alert of Tls.Packet.alert_type
  2. | `Tls_failure of Tls.Engine.failure
  3. | `Read of F.error
  4. | `Write of F.write_error
]

possible errors: incoming alert, processing failure, or a problem in the underlying flow.

type write_error = [
  1. | `Closed
  2. | error
]

The type for write errors.

we provide the FLOW interface

include Mirage_flow.S +Make (tls-mirage.Tls_mirage.Make)

Module Tls_mirage.Make

TLS module given a flow

Parameters

module F : Mirage_flow.S

Signature

module FLOW = F
type error = [
  1. | `Tls_alert of Tls.Packet.alert_type
  2. | `Tls_failure of Tls.Engine.failure
  3. | `Read of F.error
  4. | `Write of F.write_error
]

possible errors: incoming alert, processing failure, or a problem in the underlying flow.

type write_error = [
  1. | `Closed
  2. | error
]

The type for write errors.

we provide the FLOW interface

include Mirage_flow.S with type error := error and type write_error := write_error
val pp_error : error Fmt.t
val pp_write_error : write_error Fmt.t
type flow
val read : flow -> (Cstruct.t Mirage_flow.or_eof, error) Stdlib.result Lwt.t
val write : flow -> Cstruct.t -> (unit, write_error) Stdlib.result Lwt.t
val writev : flow -> Cstruct.t list -> (unit, write_error) Stdlib.result Lwt.t
val close : flow -> unit Lwt.t
val reneg : ?authenticator:X509.Authenticator.t -> diff --git a/doc/tls-mirage/Tls_mirage/X509/index.html b/doc/tls-mirage/Tls_mirage/X509/index.html index 0d14c4e0..23b1a3ac 100644 --- a/doc/tls-mirage/Tls_mirage/X509/index.html +++ b/doc/tls-mirage/Tls_mirage/X509/index.html @@ -1,5 +1,5 @@ -X509 (tls-mirage.Tls_mirage.X509)

Module Tls_mirage.X509

X.509 handling given a key value store and a clock

Parameters

module KV : Mirage_kv.RO
module C : Mirage_clock.PCLOCK

Signature

val authenticator : +X509 (tls-mirage.Tls_mirage.X509)

Module Tls_mirage.X509

X.509 handling given a key value store and a clock

Parameters

module KV : Mirage_kv.RO
module C : Mirage_clock.PCLOCK

Signature

val authenticator : ?allowed_hashes:Mirage_crypto.Hash.hash list -> ?crl:string -> KV.t -> diff --git a/doc/tls-mirage/Tls_mirage/index.html b/doc/tls-mirage/Tls_mirage/index.html index 468ff587..1359376b 100644 --- a/doc/tls-mirage/Tls_mirage/index.html +++ b/doc/tls-mirage/Tls_mirage/index.html @@ -1,2 +1,2 @@ -Tls_mirage (tls-mirage.Tls_mirage)

Module Tls_mirage

Effectful operations using Mirage for pure TLS.

module Make (F : Mirage_flow.S) : sig ... end

TLS module given a flow

module X509 (KV : Mirage_kv.RO) (C : Mirage_clock.PCLOCK) : sig ... end

X.509 handling given a key value store and a clock

\ No newline at end of file +Tls_mirage (tls-mirage.Tls_mirage)

Module Tls_mirage

Effectful operations using Mirage for pure TLS.

module Make (F : Mirage_flow.S) : sig ... end

TLS module given a flow

module X509 (KV : Mirage_kv.RO) (C : Mirage_clock.PCLOCK) : sig ... end

X.509 handling given a key value store and a clock

\ No newline at end of file diff --git a/doc/tls-mirage/index.html b/doc/tls-mirage/index.html index b719fbfd..bdbed038 100644 --- a/doc/tls-mirage/index.html +++ b/doc/tls-mirage/index.html @@ -1,2 +1,2 @@ -index (tls-mirage.index)

tls-mirage index

Library tls-mirage

The entry point of this library is the module: Tls_mirage.

\ No newline at end of file +index (tls-mirage.index)

tls-mirage index

Library tls-mirage

The entry point of this library is the module: Tls_mirage.

\ No newline at end of file diff --git a/doc/tls/Tls/.dummy b/doc/tls/Tls/.dummy deleted file mode 100644 index e69de29b..00000000 diff --git a/doc/tls/Tls/Ciphersuite/index.html b/doc/tls/Tls/Ciphersuite/index.html index 2efd1b98..b23fcfd0 100644 --- a/doc/tls/Tls/Ciphersuite/index.html +++ b/doc/tls/Tls/Ciphersuite/index.html @@ -1,5 +1,5 @@ -Ciphersuite (tls.Tls.Ciphersuite)

Module Tls.Ciphersuite

Ciphersuite definitions and some helper functions.

type key_exchange_algorithm_dhe = [
  1. | `FFDHE
  2. | `ECDHE
]

sum type of all possible key exchange methods

type key_exchange_algorithm = [
  1. | key_exchange_algorithm_dhe
  2. | `RSA
]
val pp_key_exchange_algorithm_dhe : +Ciphersuite (tls.Tls.Ciphersuite)

Module Tls.Ciphersuite

Ciphersuite definitions and some helper functions.

type key_exchange_algorithm_dhe = [
  1. | `FFDHE
  2. | `ECDHE
]

sum type of all possible key exchange methods

type key_exchange_algorithm = [
  1. | key_exchange_algorithm_dhe
  2. | `RSA
]
val pp_key_exchange_algorithm_dhe : Stdlib.Format.formatter -> [< `ECDHE | `FFDHE ] -> unit
val pp_key_exchange_algorithm : diff --git a/doc/tls/Tls/Config/Ciphers/index.html b/doc/tls/Tls/Config/Ciphers/index.html index c41c3c2b..8427f006 100644 --- a/doc/tls/Tls/Config/Ciphers/index.html +++ b/doc/tls/Tls/Config/Ciphers/index.html @@ -1,2 +1,2 @@ -Ciphers (tls.Tls.Config.Ciphers)

Module Config.Ciphers

Cipher selection

Cipher selection related utilities.

Cipher selection

val default : Ciphersuite.ciphersuite list

default is a list of ciphersuites this library uses by default.

val supported : Ciphersuite.ciphersuite list

supported is a list of ciphersuites this library supports (larger than default).

fs is a list of ciphersuites which provide forward secrecy (sublist of default).

val http2 : Ciphersuite.ciphersuite list

http2 is a list of ciphersuites which are allowed to be used with HTTP2: not a member of bad cipher suites. These are only ephemeral key exchanges with AEAD ciphers.

fs_of ciphers selects all ciphersuites which provide forward secrecy from ciphers.

\ No newline at end of file +Ciphers (tls.Tls.Config.Ciphers)

Module Config.Ciphers

Cipher selection

Cipher selection related utilities.

Cipher selection

val default : Ciphersuite.ciphersuite list

default is a list of ciphersuites this library uses by default.

val supported : Ciphersuite.ciphersuite list

supported is a list of ciphersuites this library supports (larger than default).

fs is a list of ciphersuites which provide forward secrecy (sublist of default).

val http2 : Ciphersuite.ciphersuite list

http2 is a list of ciphersuites which are allowed to be used with HTTP2: not a member of bad cipher suites. These are only ephemeral key exchanges with AEAD ciphers.

fs_of ciphers selects all ciphersuites which provide forward secrecy from ciphers.

\ No newline at end of file diff --git a/doc/tls/Tls/Config/index.html b/doc/tls/Tls/Config/index.html index f5b9615d..c55ccc6e 100644 --- a/doc/tls/Tls/Config/index.html +++ b/doc/tls/Tls/Config/index.html @@ -1,5 +1,5 @@ -Config (tls.Tls.Config)

Module Tls.Config

Configuration of the TLS stack

Config type

type certchain = X509.Certificate.t list * X509.Private_key.t

certificate chain and private key of the first certificate

type own_cert = [
  1. | `None
  2. | `Single of certchain
  3. | `Multiple of certchain list
  4. | `Multiple_default of certchain * certchain list
]

polymorphic variant of own certificates

type session_cache = Core.SessionID.t -> Core.epoch_data option
type ticket_cache = {
  1. lookup : Cstruct.t -> (Core.psk13 * Core.epoch_data) option;
  2. ticket_granted : Core.psk13 -> Core.epoch_data -> unit;
  3. lifetime : int32;
  4. timestamp : unit -> Ptime.t;
}
type config = private {
  1. ciphers : Ciphersuite.ciphersuite list;
    (*

    ordered list (regarding preference) of supported cipher suites

    *)
  2. protocol_versions : Core.tls_version * Core.tls_version;
    (*

    supported protocol versions (min, max)

    *)
  3. signature_algorithms : Core.signature_algorithm list;
    (*

    ordered list of supported signature algorithms (regarding preference)

    *)
  4. use_reneg : bool;
    (*

    endpoint should accept renegotiation requests

    *)
  5. authenticator : X509.Authenticator.t option;
    (*

    optional X509 authenticator

    *)
  6. peer_name : [ `host ] Domain_name.t option;
    (*

    optional name of other endpoint (used for SNI RFC4366)

    *)
  7. own_certificates : own_cert;
    (*

    optional default certificate chain and other certificate chains

    *)
  8. acceptable_cas : X509.Distinguished_name.t list;
    (*

    ordered list of acceptable certificate authorities

    *)
  9. session_cache : session_cache;
  10. ticket_cache : ticket_cache option;
  11. cached_session : Core.epoch_data option;
  12. cached_ticket : (Core.psk13 * Core.epoch_data) option;
  13. alpn_protocols : string list;
    (*

    optional ordered list of accepted alpn_protocols

    *)
  14. groups : Core.group list;
    (*

    the first FFDHE will be used for TLS 1.2 and below if a DHE ciphersuite is used

    *)
  15. zero_rtt : int32;
  16. ip : Ipaddr.t option;
}

configuration parameters

val ciphers13 : config -> Ciphersuite.ciphersuite13 list

ciphers13 config are the ciphersuites for TLS 1.3 in the configuration.

type client

opaque type of a client configuration

type server

opaque type of a server configuration

Constructors

val client : +Config (tls.Tls.Config)

Module Tls.Config

Configuration of the TLS stack

Config type

type certchain = X509.Certificate.t list * X509.Private_key.t

certificate chain and private key of the first certificate

type own_cert = [
  1. | `None
  2. | `Single of certchain
  3. | `Multiple of certchain list
  4. | `Multiple_default of certchain * certchain list
]

polymorphic variant of own certificates

type session_cache = Core.SessionID.t -> Core.epoch_data option
type ticket_cache = {
  1. lookup : Cstruct.t -> (Core.psk13 * Core.epoch_data) option;
  2. ticket_granted : Core.psk13 -> Core.epoch_data -> unit;
  3. lifetime : int32;
  4. timestamp : unit -> Ptime.t;
}
type config = private {
  1. ciphers : Ciphersuite.ciphersuite list;
    (*

    ordered list (regarding preference) of supported cipher suites

    *)
  2. protocol_versions : Core.tls_version * Core.tls_version;
    (*

    supported protocol versions (min, max)

    *)
  3. signature_algorithms : Core.signature_algorithm list;
    (*

    ordered list of supported signature algorithms (regarding preference)

    *)
  4. use_reneg : bool;
    (*

    endpoint should accept renegotiation requests

    *)
  5. authenticator : X509.Authenticator.t option;
    (*

    optional X509 authenticator

    *)
  6. peer_name : [ `host ] Domain_name.t option;
    (*

    optional name of other endpoint (used for SNI RFC4366)

    *)
  7. own_certificates : own_cert;
    (*

    optional default certificate chain and other certificate chains

    *)
  8. acceptable_cas : X509.Distinguished_name.t list;
    (*

    ordered list of acceptable certificate authorities

    *)
  9. session_cache : session_cache;
  10. ticket_cache : ticket_cache option;
  11. cached_session : Core.epoch_data option;
  12. cached_ticket : (Core.psk13 * Core.epoch_data) option;
  13. alpn_protocols : string list;
    (*

    optional ordered list of accepted alpn_protocols

    *)
  14. groups : Core.group list;
    (*

    the first FFDHE will be used for TLS 1.2 and below if a DHE ciphersuite is used

    *)
  15. zero_rtt : int32;
  16. ip : Ipaddr.t option;
}

configuration parameters

val ciphers13 : config -> Ciphersuite.ciphersuite13 list

ciphers13 config are the ciphersuites for TLS 1.3 in the configuration.

type client

opaque type of a client configuration

type server

opaque type of a server configuration

Constructors

val client : authenticator:X509.Authenticator.t -> ?peer_name:[ `host ] Domain_name.t -> ?ciphers:Ciphersuite.ciphersuite list -> diff --git a/doc/tls/Tls/Core/PreSharedKeyID/index.html b/doc/tls/Tls/Core/PreSharedKeyID/index.html index a80a4cba..3437186f 100644 --- a/doc/tls/Tls/Core/PreSharedKeyID/index.html +++ b/doc/tls/Tls/Core/PreSharedKeyID/index.html @@ -1,2 +1,2 @@ -PreSharedKeyID (tls.Tls.Core.PreSharedKeyID)

Module Core.PreSharedKeyID

type t = Cstruct.t
val compare : Cstruct.t -> Cstruct.t -> int
val hash : Cstruct.t -> int
val equal : Cstruct.t -> Cstruct.t -> bool
\ No newline at end of file +PreSharedKeyID (tls.Tls.Core.PreSharedKeyID)

Module Core.PreSharedKeyID

type t = Cstruct.t
val compare : Cstruct.t -> Cstruct.t -> int
val hash : Cstruct.t -> int
val equal : Cstruct.t -> Cstruct.t -> bool
\ No newline at end of file diff --git a/doc/tls/Tls/Core/SessionID/index.html b/doc/tls/Tls/Core/SessionID/index.html index 6954a04b..70e40770 100644 --- a/doc/tls/Tls/Core/SessionID/index.html +++ b/doc/tls/Tls/Core/SessionID/index.html @@ -1,2 +1,2 @@ -SessionID (tls.Tls.Core.SessionID)

Module Core.SessionID

type t = Cstruct.t
val compare : Cstruct.t -> Cstruct.t -> int
val hash : Cstruct.t -> int
val equal : Cstruct.t -> Cstruct.t -> bool
\ No newline at end of file +SessionID (tls.Tls.Core.SessionID)

Module Core.SessionID

type t = Cstruct.t
val compare : Cstruct.t -> Cstruct.t -> int
val hash : Cstruct.t -> int
val equal : Cstruct.t -> Cstruct.t -> bool
\ No newline at end of file diff --git a/doc/tls/Tls/Core/Tracing/index.html b/doc/tls/Tls/Core/Tracing/index.html index 1e22986c..085bd242 100644 --- a/doc/tls/Tls/Core/Tracing/index.html +++ b/doc/tls/Tls/Core/Tracing/index.html @@ -1,5 +1,5 @@ -Tracing (tls.Tls.Core.Tracing)

Module Core.Tracing

include Logs.LOG
val msg : Logs.level -> 'a Logs.log
val app : 'a Logs.log
val err : 'a Logs.log
val warn : 'a Logs.log
val info : 'a Logs.log
val debug : 'a Logs.log
val kmsg : (unit -> 'b) -> Logs.level -> ('a, 'b) Logs.msgf -> 'b
val on_error : +Tracing (tls.Tls.Core.Tracing)

Module Core.Tracing

include Logs.LOG
val msg : Logs.level -> 'a Logs.log
val app : 'a Logs.log
val err : 'a Logs.log
val warn : 'a Logs.log
val info : 'a Logs.log
val debug : 'a Logs.log
val kmsg : (unit -> 'b) -> Logs.level -> ('a, 'b) Logs.msgf -> 'b
val on_error : ?level:Logs.level -> ?header:string -> ?tags:Logs.Tag.set -> diff --git a/doc/tls/Tls/Core/index.html b/doc/tls/Tls/Core/index.html index 7fcd9105..df7edff9 100644 --- a/doc/tls/Tls/Core/index.html +++ b/doc/tls/Tls/Core/index.html @@ -1,5 +1,5 @@ -Core (tls.Tls.Core)

Module Tls.Core

Core type definitions

val (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t
val let* : +Core (tls.Tls.Core)

Module Tls.Core

Core type definitions

val (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t
val let* : ('a, 'b) Stdlib.result -> ('a -> ('c, 'b) Stdlib.result) -> ('c, 'b) Stdlib.result
val guard : bool -> 'a -> (unit, 'b) Stdlib.result
val map_reader_error : @@ -176,7 +176,7 @@ | `RSA_PSS_RSAENC_SHA256 | `RSA_PSS_RSAENC_SHA384 | `RSA_PSS_RSAENC_SHA512 ECDSA_SECP256R1_SHA1 ECDSA_SECP256R1_SHA256 ECDSA_SECP384R1_SHA384 ECDSA_SECP521R1_SHA512 ED25519 ] -> - bool
type client_extension = [
  1. | `Hostname of [ `host ] Domain_name.t
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of Packet.named_group list
  4. | `SecureRenegotiation of Cstruct.t
  5. | `Padding of int
  6. | `SignatureAlgorithms of signature_algorithm list
  7. | `ExtendedMasterSecret
  8. | `ALPN of string list
  9. | `KeyShare of (Packet.named_group * Cstruct.t) list
  10. | `EarlyDataIndication
  11. | `PreSharedKeys of psk_identity list
  12. | `SupportedVersions of tls_any_version list
  13. | `PostHandshakeAuthentication
  14. | `Cookie of Cstruct.t
  15. | `PskKeyExchangeModes of Packet.psk_key_exchange_mode list
  16. | `ECPointFormats
  17. | `UnknownExtension of int * Cstruct.t
]
type server13_extension = [
  1. | `KeyShare of group * Cstruct.t
  2. | `PreSharedKey of int
  3. | `SelectedVersion of tls_version
]
type server_extension = [
  1. | server13_extension
  2. | `Hostname
  3. | `MaxFragmentLength of Packet.max_fragment_length
  4. | `SecureRenegotiation of Cstruct.t
  5. | `ExtendedMasterSecret
  6. | `ALPN of string
  7. | `ECPointFormats
  8. | `UnknownExtension of int * Cstruct.t
]
type encrypted_extension = [
  1. | `Hostname
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of group list
  4. | `ALPN of string
  5. | `EarlyDataIndication
  6. | `UnknownExtension of int * Cstruct.t
]
type hello_retry_extension = [
  1. | `SelectedGroup of group
  2. | `Cookie of Cstruct.t
  3. | `SelectedVersion of tls_version
  4. | `UnknownExtension of int * Cstruct.t
]
type client_hello = {
  1. client_version : tls_any_version;
  2. client_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuites : Packet.any_ciphersuite list;
  5. extensions : client_extension list;
}
type server_hello = {
  1. server_version : tls_version;
  2. server_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuite : Ciphersuite.ciphersuite;
  5. extensions : server_extension list;
}
type dh_parameters = {
  1. dh_p : Cstruct.t;
  2. dh_g : Cstruct.t;
  3. dh_Ys : Cstruct.t;
}
type hello_retry = {
  1. retry_version : tls_version;
  2. ciphersuite : Ciphersuite.ciphersuite13;
  3. sessionid : SessionID.t option;
  4. selected_group : group;
  5. extensions : hello_retry_extension list;
}
type session_ticket_extension = [
  1. | `EarlyDataIndication of int32
  2. | `UnknownExtension of int * Cstruct.t
]
type session_ticket = {
  1. lifetime : int32;
  2. age_add : int32;
  3. nonce : Cstruct.t;
  4. ticket : Cstruct.t;
  5. extensions : session_ticket_extension list;
}
type certificate_request_extension = [
  1. | `SignatureAlgorithms of signature_algorithm list
  2. | `CertificateAuthorities of X509.Distinguished_name.t list
  3. | `UnknownExtension of int * Cstruct.t
]
type tls_handshake =
  1. | HelloRequest
  2. | HelloRetryRequest of hello_retry
  3. | EncryptedExtensions of encrypted_extension list
  4. | ServerHelloDone
  5. | ClientHello of client_hello
  6. | ServerHello of server_hello
  7. | Certificate of Cstruct.t
  8. | ServerKeyExchange of Cstruct.t
  9. | CertificateRequest of Cstruct.t
  10. | ClientKeyExchange of Cstruct.t
  11. | CertificateVerify of Cstruct.t
  12. | Finished of Cstruct.t
  13. | SessionTicket of session_ticket
  14. | KeyUpdate of Packet.key_update_request_type
  15. | EndOfEarlyData
val pp_handshake : Stdlib.Format.formatter -> tls_handshake -> unit
val src : Logs.src
module Tracing : sig ... end
type master_secret = Cstruct.t

the master secret of a TLS connection

type psk13 = {
  1. identifier : Cstruct.t;
  2. obfuscation : int32;
  3. secret : Cstruct.t;
  4. lifetime : int32;
  5. early_data : int32;
  6. issued_at : Ptime.t;
}
type epoch_state = [
  1. | `ZeroRTT
  2. | `Established
]
type epoch_data = {
  1. state : epoch_state;
  2. protocol_version : tls_version;
  3. ciphersuite : Ciphersuite.ciphersuite;
  4. peer_random : Cstruct.t;
  5. peer_certificate_chain : X509.Certificate.t list;
  6. peer_certificate : X509.Certificate.t option;
  7. peer_name : [ `host ] Domain_name.t option;
  8. trust_anchor : X509.Certificate.t option;
  9. received_certificates : X509.Certificate.t list;
  10. own_random : Cstruct.t;
  11. own_certificate : X509.Certificate.t list;
  12. own_private_key : X509.Private_key.t option;
  13. own_name : [ `host ] Domain_name.t option;
  14. master_secret : master_secret;
  15. session_id : SessionID.t;
  16. extended_ms : bool;
  17. alpn_protocol : string option;
}

information about an open session

val supports_key_usage : + bool
type client_extension = [
  1. | `Hostname of [ `host ] Domain_name.t
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of Packet.named_group list
  4. | `SecureRenegotiation of Cstruct.t
  5. | `Padding of int
  6. | `SignatureAlgorithms of signature_algorithm list
  7. | `ExtendedMasterSecret
  8. | `ALPN of string list
  9. | `KeyShare of (Packet.named_group * Cstruct.t) list
  10. | `EarlyDataIndication
  11. | `PreSharedKeys of psk_identity list
  12. | `SupportedVersions of tls_any_version list
  13. | `PostHandshakeAuthentication
  14. | `Cookie of Cstruct.t
  15. | `PskKeyExchangeModes of Packet.psk_key_exchange_mode list
  16. | `ECPointFormats
  17. | `UnknownExtension of int * Cstruct.t
]
type server13_extension = [
  1. | `KeyShare of group * Cstruct.t
  2. | `PreSharedKey of int
  3. | `SelectedVersion of tls_version
]
type server_extension = [
  1. | server13_extension
  2. | `Hostname
  3. | `MaxFragmentLength of Packet.max_fragment_length
  4. | `SecureRenegotiation of Cstruct.t
  5. | `ExtendedMasterSecret
  6. | `ALPN of string
  7. | `ECPointFormats
  8. | `UnknownExtension of int * Cstruct.t
]
type encrypted_extension = [
  1. | `Hostname
  2. | `MaxFragmentLength of Packet.max_fragment_length
  3. | `SupportedGroups of group list
  4. | `ALPN of string
  5. | `EarlyDataIndication
  6. | `UnknownExtension of int * Cstruct.t
]
type hello_retry_extension = [
  1. | `SelectedGroup of group
  2. | `Cookie of Cstruct.t
  3. | `SelectedVersion of tls_version
  4. | `UnknownExtension of int * Cstruct.t
]
type client_hello = {
  1. client_version : tls_any_version;
  2. client_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuites : Packet.any_ciphersuite list;
  5. extensions : client_extension list;
}
type server_hello = {
  1. server_version : tls_version;
  2. server_random : Cstruct.t;
  3. sessionid : SessionID.t option;
  4. ciphersuite : Ciphersuite.ciphersuite;
  5. extensions : server_extension list;
}
type dh_parameters = {
  1. dh_p : Cstruct.t;
  2. dh_g : Cstruct.t;
  3. dh_Ys : Cstruct.t;
}
type hello_retry = {
  1. retry_version : tls_version;
  2. ciphersuite : Ciphersuite.ciphersuite13;
  3. sessionid : SessionID.t option;
  4. selected_group : group;
  5. extensions : hello_retry_extension list;
}
type session_ticket_extension = [
  1. | `EarlyDataIndication of int32
  2. | `UnknownExtension of int * Cstruct.t
]
type session_ticket = {
  1. lifetime : int32;
  2. age_add : int32;
  3. nonce : Cstruct.t;
  4. ticket : Cstruct.t;
  5. extensions : session_ticket_extension list;
}
type certificate_request_extension = [
  1. | `SignatureAlgorithms of signature_algorithm list
  2. | `CertificateAuthorities of X509.Distinguished_name.t list
  3. | `UnknownExtension of int * Cstruct.t
]
type tls_handshake =
  1. | HelloRequest
  2. | HelloRetryRequest of hello_retry
  3. | EncryptedExtensions of encrypted_extension list
  4. | ServerHelloDone
  5. | ClientHello of client_hello
  6. | ServerHello of server_hello
  7. | Certificate of Cstruct.t
  8. | ServerKeyExchange of Cstruct.t
  9. | CertificateRequest of Cstruct.t
  10. | ClientKeyExchange of Cstruct.t
  11. | CertificateVerify of Cstruct.t
  12. | Finished of Cstruct.t
  13. | SessionTicket of session_ticket
  14. | KeyUpdate of Packet.key_update_request_type
  15. | EndOfEarlyData
val pp_handshake : Stdlib.Format.formatter -> tls_handshake -> unit
val src : Logs.src
module Tracing : sig ... end
type master_secret = Cstruct.t

the master secret of a TLS connection

type psk13 = {
  1. identifier : Cstruct.t;
  2. obfuscation : int32;
  3. secret : Cstruct.t;
  4. lifetime : int32;
  5. early_data : int32;
  6. issued_at : Ptime.t;
}
type epoch_state = [
  1. | `ZeroRTT
  2. | `Established
]
type epoch_data = {
  1. side : [ `Client | `Server ];
  2. state : epoch_state;
  3. protocol_version : tls_version;
  4. ciphersuite : Ciphersuite.ciphersuite;
  5. peer_random : Cstruct.t;
  6. peer_certificate_chain : X509.Certificate.t list;
  7. peer_certificate : X509.Certificate.t option;
  8. peer_name : [ `host ] Domain_name.t option;
  9. trust_anchor : X509.Certificate.t option;
  10. received_certificates : X509.Certificate.t list;
  11. own_random : Cstruct.t;
  12. own_certificate : X509.Certificate.t list;
  13. own_private_key : X509.Private_key.t option;
  14. own_name : [ `host ] Domain_name.t option;
  15. master_secret : master_secret;
  16. exporter_master_secret : master_secret;
  17. session_id : SessionID.t;
  18. extended_ms : bool;
  19. alpn_protocol : string option;
}

information about an open session

val supports_key_usage : ?not_present:bool -> X509.Extension.key_usage -> X509.Certificate.t -> diff --git a/doc/tls/Tls/Crypto/Ciphers/index.html b/doc/tls/Tls/Crypto/Ciphers/index.html index 523d4ac1..2d751ff3 100644 --- a/doc/tls/Tls/Crypto/Ciphers/index.html +++ b/doc/tls/Tls/Crypto/Ciphers/index.html @@ -1,5 +1,5 @@ -Ciphers (tls.Tls.Crypto.Ciphers)

Module Crypto.Ciphers

type keyed =
  1. | K_CBC : 'k State.cbc_cipher * (Cstruct.t -> 'k) -> keyed
val get_block : Ciphersuite.block_cipher -> keyed
type aead_keyed =
  1. | K_AEAD : 'k State.aead_cipher * (Cstruct.t -> 'k) * bool -> aead_keyed
val get_aead_cipher : +Ciphers (tls.Tls.Crypto.Ciphers)

Module Crypto.Ciphers

type keyed =
  1. | K_CBC : 'k State.cbc_cipher * (Cstruct.t -> 'k) -> keyed
val get_block : Ciphersuite.block_cipher -> keyed
type aead_keyed =
  1. | K_AEAD : 'k State.aead_cipher * (Cstruct.t -> 'k) * bool -> aead_keyed
val get_aead_cipher : secret:Cstruct.t -> nonce:State.nonce -> Ciphersuite.aead_cipher -> diff --git a/doc/tls/Tls/Crypto/index.html b/doc/tls/Tls/Crypto/index.html index 850849ed..90e00f48 100644 --- a/doc/tls/Tls/Crypto/index.html +++ b/doc/tls/Tls/Crypto/index.html @@ -1,5 +1,5 @@ -Crypto (tls.Tls.Crypto)

Module Tls.Crypto

val (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t
val dh_params_pack : +Crypto (tls.Tls.Crypto)

Module Tls.Crypto

val (<+>) : Cstruct.t -> Cstruct.t -> Cstruct.t
val dh_params_pack : Mirage_crypto_pk.Dh.group -> Cstruct.t -> Core.dh_parameters
val dh_params_unpack : diff --git a/doc/tls/Tls/Engine/index.html b/doc/tls/Tls/Engine/index.html index 3234374e..7541d08c 100644 --- a/doc/tls/Tls/Engine/index.html +++ b/doc/tls/Tls/Engine/index.html @@ -1,5 +1,5 @@ -Engine (tls.Tls.Engine)

Module Tls.Engine

Transport layer security

TLS is an implementation of transport layer security in OCaml. TLS is a widely used security protocol which establishes an end-to-end secure channel (with optional (mutual) authentication) between two endpoints. It uses TCP/IP as transport. This library supports all three versions of TLS: 1.2, RFC5246, 1.1, RFC4346, and 1.0, RFC2246. SSL, the previous protocol definition, is not supported.

TLS is algorithmically agile: protocol version, key exchange algorithm, symmetric cipher, and message authentication code are negotiated upon connection.

This library implements several extensions of TLS, AES ciphers, TLS extensions (such as server name indication, SNI), Renegotiation extension, Session Hash and Extended Master Secret Extension.

This library does not contain insecure cipher suites (such as single DES, export ciphers, ...). It does not expose the server time in the server random, requires secure renegotiation.

This library consists of a core, implemented in a purely functional matter (Engine, this module), and effectful parts: Tls_lwt and Tls_mirage.

v0.17.1

Abstract state type

type state

The abstract type of a TLS state.

Constructors

val client : Config.client -> state * Cstruct.t

client client is tls * out where tls is the initial state, and out the initial client hello

val server : Config.server -> state

server server is tls where tls is the initial server state

Protocol failures

type error = [
  1. | `AuthenticationFailure of X509.Validation.validation_error
  2. | `NoConfiguredCiphersuite of Ciphersuite.ciphersuite list
  3. | `NoConfiguredVersions of Core.tls_version list
  4. | `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list
  5. | `NoMatchingCertificateFound of string
  6. | `NoCertificateConfigured
  7. | `CouldntSelectCertificate
]

failures which can be mitigated by reconfiguration

type client_hello_errors = [
  1. | `EmptyCiphersuites
  2. | `NotSetCiphersuites of Packet.any_ciphersuite list
  3. | `NoSupportedCiphersuite of Packet.any_ciphersuite list
  4. | `NotSetExtension of Core.client_extension list
  5. | `NoSignatureAlgorithmsExtension
  6. | `NoGoodSignatureAlgorithms of Core.signature_algorithm list
  7. | `NoKeyShareExtension
  8. | `NoSupportedGroupExtension
  9. | `NotSetSupportedGroup of Packet.named_group list
  10. | `NotSetKeyShare of (Packet.named_group * Cstruct.t) list
  11. | `NotSubsetKeyShareSupportedGroup of +Engine (tls.Tls.Engine)

    Module Tls.Engine

    Transport layer security

    TLS is an implementation of transport layer security in OCaml. TLS is a widely used security protocol which establishes an end-to-end secure channel (with optional (mutual) authentication) between two endpoints. It uses TCP/IP as transport. This library supports all three versions of TLS: 1.2, RFC5246, 1.1, RFC4346, and 1.0, RFC2246. SSL, the previous protocol definition, is not supported.

    TLS is algorithmically agile: protocol version, key exchange algorithm, symmetric cipher, and message authentication code are negotiated upon connection.

    This library implements several extensions of TLS, AES ciphers, TLS extensions (such as server name indication, SNI), Renegotiation extension, Session Hash and Extended Master Secret Extension.

    This library does not contain insecure cipher suites (such as single DES, export ciphers, ...). It does not expose the server time in the server random, requires secure renegotiation.

    This library consists of a core, implemented in a purely functional matter (Engine, this module), and effectful parts: Tls_lwt and Tls_mirage.

    v0.17.3

    Abstract state type

    type state

    The abstract type of a TLS state.

    Constructors

    val client : Config.client -> state * Cstruct.t

    client client is tls * out where tls is the initial state, and out the initial client hello

    val server : Config.server -> state

    server server is tls where tls is the initial server state

    Protocol failures

    type error = [
    1. | `AuthenticationFailure of X509.Validation.validation_error
    2. | `NoConfiguredCiphersuite of Ciphersuite.ciphersuite list
    3. | `NoConfiguredVersions of Core.tls_version list
    4. | `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list
    5. | `NoMatchingCertificateFound of string
    6. | `NoCertificateConfigured
    7. | `CouldntSelectCertificate
    ]

    failures which can be mitigated by reconfiguration

    type client_hello_errors = [
    1. | `EmptyCiphersuites
    2. | `NotSetCiphersuites of Packet.any_ciphersuite list
    3. | `NoSupportedCiphersuite of Packet.any_ciphersuite list
    4. | `NotSetExtension of Core.client_extension list
    5. | `NoSignatureAlgorithmsExtension
    6. | `NoGoodSignatureAlgorithms of Core.signature_algorithm list
    7. | `NoKeyShareExtension
    8. | `NoSupportedGroupExtension
    9. | `NotSetSupportedGroup of Packet.named_group list
    10. | `NotSetKeyShare of (Packet.named_group * Cstruct.t) list
    11. | `NotSubsetKeyShareSupportedGroup of Packet.named_group list * (Packet.named_group * Cstruct.t) list
    12. | `Has0rttAfterHRR
    13. | `NoCookie
    ]
    type fatal = [
    1. | `NoSecureRenegotiation
    2. | `NoSupportedGroup
    3. | `NoVersions of Core.tls_any_version list
    4. | `ReaderError of Reader.error
    5. | `NoCertificateReceived
    6. | `NoCertificateVerifyReceived
    7. | `NotRSACertificate
    8. | `KeyTooSmall
    9. | `SignatureVerificationFailed of string
    10. | `SigningFailed of string
    11. | `BadCertificateChain
    12. | `MACMismatch
    13. | `MACUnderflow
    14. | `RecordOverflow of int
    15. | `UnknownRecordVersion of int * int
    16. | `UnknownContentType of int
    17. | `CannotHandleApplicationDataYet
    18. | `NoHeartbeat
    19. | `BadRecordVersion of Core.tls_any_version
    20. | `BadFinished
    21. | `HandshakeFragmentsNotEmpty
    22. | `InsufficientDH
    23. | `InvalidDH
    24. | `BadECDH of Mirage_crypto_ec.error
    25. | `InvalidRenegotiation
    26. | `InvalidClientHello of client_hello_errors
    27. | `InvalidServerHello
    28. | `InvalidRenegotiationVersion of Core.tls_version
    29. | `InappropriateFallback
    30. | `UnexpectedCCS
    31. | `UnexpectedHandshake of Core.tls_handshake
    32. | `InvalidCertificateUsage
    33. | `InvalidCertificateExtendedUsage
    34. | `InvalidSession
    35. | `NoApplicationProtocol
    36. | `HelloRetryRequest
    37. | `InvalidMessage
    38. | `Toomany0rttbytes
    39. | `MissingContentType
    40. | `Downgrade12
    41. | `Downgrade11
    ]

    failures from received garbage or lack of features

    type failure = [
    1. | `Error of error
    2. | `Fatal of fatal
    ]

    type of failures

    val alert_of_failure : failure -> Packet.alert_type

    alert_of_failure failure is alert, the TLS alert type for this failure.

    val string_of_failure : failure -> string

    string_of_failure failure is string, the string representation of the failure.

    val pp_failure : failure Fmt.t

    pp_failure failure pretty-prints failure.

    Protocol handling

    type ret = ([ `Ok of state | `Eof | `Alert of Packet.alert_type ] * [ `Response of Cstruct.t option ] @@ -16,4 +16,9 @@ (state * Cstruct.t) option

    reneg ~authenticator ~acceptable_cas ~cert tls initiates a renegotation on tls, using the provided authenticator. It is tls' * out where tls' is the new tls state, and out either a client hello or hello request (depending on which communication endpoint tls is).

    val key_update : ?request:bool -> state -> - (state * Cstruct.t, failure) Stdlib.result

    key_update ~request state initiates a KeyUpdate (TLS 1.3 only). If request is provided and true (the default), the KeyUpdate message contains a request that the peer should update their traffic key as well.

    Session information

    type epoch = [
    1. | `InitialEpoch
    2. | `Epoch of Core.epoch_data
    ]

    polymorphic variant of session information. The first variant `InitialEpoch will only be used for TLS states without completed handshake. The second variant, `Epoch, contains actual session data.

    val epoch : state -> epoch

    epoch state is epoch, which contains the session information.

    \ No newline at end of file + (state * Cstruct.t, failure) Stdlib.result

key_update ~request state initiates a KeyUpdate (TLS 1.3 only). If request is provided and true (the default), the KeyUpdate message contains a request that the peer should update their traffic key as well.

Session information

val epoch : state -> (Core.epoch_data, unit) Stdlib.result

epoch state is epoch, which contains the session information. If there's no established session yet, an error is returned.

val export_key_material : + Core.epoch_data -> + ?context:string -> + string -> + int -> + Cstruct.t

export_key_material epoch_data ?context label length is the RFC 5705 exported key material of length bytes using label and, if provided, context.

\ No newline at end of file diff --git a/doc/tls/Tls/Explorator/index.html b/doc/tls/Tls/Explorator/index.html index 46d559cf..fe7e0608 100644 --- a/doc/tls/Tls/Explorator/index.html +++ b/doc/tls/Tls/Explorator/index.html @@ -1,2 +1,2 @@ -Explorator (tls.Tls.Explorator)

Module Tls.Explorator

\ No newline at end of file +Explorator (tls.Tls.Explorator)

Module Tls.Explorator

\ No newline at end of file diff --git a/doc/tls/Tls/Handshake_client/index.html b/doc/tls/Tls/Handshake_client/index.html index 2a61db07..59c502c2 100644 --- a/doc/tls/Tls/Handshake_client/index.html +++ b/doc/tls/Tls/Handshake_client/index.html @@ -1,5 +1,5 @@ -Handshake_client (tls.Tls.Handshake_client)

Module Tls.Handshake_client

val default_client_hello : +Handshake_client (tls.Tls.Handshake_client)

Module Tls.Handshake_client

val handle_change_cipher_spec : State.client_handshake_state -> diff --git a/doc/tls/Tls/Handshake_client13/index.html b/doc/tls/Tls/Handshake_client13/index.html index e859523b..7276a6b2 100644 --- a/doc/tls/Tls/Handshake_client13/index.html +++ b/doc/tls/Tls/Handshake_client13/index.html @@ -1,5 +1,5 @@ -Handshake_client13 (tls.Tls.Handshake_client13)

Module Tls.Handshake_client13

val answer_server_hello : +Handshake_client13 (tls.Tls.Handshake_client13)

Module Tls.Handshake_client13

val answer_server_hello : State.handshake_state -> Core.client_hello -> Core.server_hello -> diff --git a/doc/tls/Tls/Handshake_common/Group/index.html b/doc/tls/Tls/Handshake_common/Group/index.html index c856676b..fcb400ef 100644 --- a/doc/tls/Tls/Handshake_common/Group/index.html +++ b/doc/tls/Tls/Handshake_common/Group/index.html @@ -1,2 +1,2 @@ -Group (tls.Tls.Handshake_common.Group)

Module Handshake_common.Group

val compare : 'a -> 'a -> int
\ No newline at end of file +Group (tls.Tls.Handshake_common.Group)

Module Handshake_common.Group

val compare : 'a -> 'a -> int
\ No newline at end of file diff --git a/doc/tls/Tls/Handshake_common/GroupSet/index.html b/doc/tls/Tls/Handshake_common/GroupSet/index.html index b80ffef0..747bed37 100644 --- a/doc/tls/Tls/Handshake_common/GroupSet/index.html +++ b/doc/tls/Tls/Handshake_common/GroupSet/index.html @@ -1,2 +1,2 @@ -GroupSet (tls.Tls.Handshake_common.GroupSet)

Module Handshake_common.GroupSet

type elt = Group.t
type t = Stdlib__Set.Make(Group).t
val empty : t
val is_empty : t -> bool
val mem : elt -> t -> bool
val add : elt -> t -> t
val singleton : elt -> t
val remove : elt -> t -> t
val union : t -> t -> t
val inter : t -> t -> t
val disjoint : t -> t -> bool
val diff : t -> t -> t
val compare : t -> t -> int
val equal : t -> t -> bool
val subset : t -> t -> bool
val iter : (elt -> unit) -> t -> unit
val map : (elt -> elt) -> t -> t
val fold : (elt -> 'a -> 'a) -> t -> 'a -> 'a
val for_all : (elt -> bool) -> t -> bool
val exists : (elt -> bool) -> t -> bool
val filter : (elt -> bool) -> t -> t
val filter_map : (elt -> elt option) -> t -> t
val partition : (elt -> bool) -> t -> t * t
val cardinal : t -> int
val elements : t -> elt list
val min_elt : t -> elt
val min_elt_opt : t -> elt option
val max_elt : t -> elt
val max_elt_opt : t -> elt option
val choose : t -> elt
val choose_opt : t -> elt option
val split : elt -> t -> t * bool * t
val find : elt -> t -> elt
val find_opt : elt -> t -> elt option
val find_first : (elt -> bool) -> t -> elt
val find_first_opt : (elt -> bool) -> t -> elt option
val find_last : (elt -> bool) -> t -> elt
val find_last_opt : (elt -> bool) -> t -> elt option
val of_list : elt list -> t
val to_seq_from : elt -> t -> elt Stdlib.Seq.t
val to_seq : t -> elt Stdlib.Seq.t
val to_rev_seq : t -> elt Stdlib.Seq.t
val add_seq : elt Stdlib.Seq.t -> t -> t
val of_seq : elt Stdlib.Seq.t -> t
\ No newline at end of file +GroupSet (tls.Tls.Handshake_common.GroupSet)

Module Handshake_common.GroupSet

type elt = Group.t
type t = Stdlib__Set.Make(Group).t
val empty : t
val is_empty : t -> bool
val mem : elt -> t -> bool
val add : elt -> t -> t
val singleton : elt -> t
val remove : elt -> t -> t
val union : t -> t -> t
val inter : t -> t -> t
val disjoint : t -> t -> bool
val diff : t -> t -> t
val compare : t -> t -> int
val equal : t -> t -> bool
val subset : t -> t -> bool
val iter : (elt -> unit) -> t -> unit
val map : (elt -> elt) -> t -> t
val fold : (elt -> 'a -> 'a) -> t -> 'a -> 'a
val for_all : (elt -> bool) -> t -> bool
val exists : (elt -> bool) -> t -> bool
val filter : (elt -> bool) -> t -> t
val filter_map : (elt -> elt option) -> t -> t
val partition : (elt -> bool) -> t -> t * t
val cardinal : t -> int
val elements : t -> elt list
val min_elt : t -> elt
val min_elt_opt : t -> elt option
val max_elt : t -> elt
val max_elt_opt : t -> elt option
val choose : t -> elt
val choose_opt : t -> elt option
val split : elt -> t -> t * bool * t
val find : elt -> t -> elt
val find_opt : elt -> t -> elt option
val find_first : (elt -> bool) -> t -> elt
val find_first_opt : (elt -> bool) -> t -> elt option
val find_last : (elt -> bool) -> t -> elt
val find_last_opt : (elt -> bool) -> t -> elt option
val of_list : elt list -> t
val to_seq_from : elt -> t -> elt Stdlib.Seq.t
val to_seq : t -> elt Stdlib.Seq.t
val to_rev_seq : t -> elt Stdlib.Seq.t
val add_seq : elt Stdlib.Seq.t -> t -> t
val of_seq : elt Stdlib.Seq.t -> t
\ No newline at end of file diff --git a/doc/tls/Tls/Handshake_common/index.html b/doc/tls/Tls/Handshake_common/index.html index ea08a009..2ffa17c3 100644 --- a/doc/tls/Tls/Handshake_common/index.html +++ b/doc/tls/Tls/Handshake_common/index.html @@ -1,5 +1,5 @@ -Handshake_common (tls.Tls.Handshake_common)

Module Tls.Handshake_common

val src : Logs.src
module Log : Logs.LOG
val trace_cipher : +Handshake_common (tls.Tls.Handshake_common)

Module Tls.Handshake_common

val src : Logs.src
module Log : Logs.LOG
val trace_cipher : [< `AES_128_CCM_SHA256 | `AES_128_GCM_SHA256 | `AES_256_GCM_SHA384 diff --git a/doc/tls/Tls/Handshake_crypto/index.html b/doc/tls/Tls/Handshake_crypto/index.html index 2b0421fc..5a37c671 100644 --- a/doc/tls/Tls/Handshake_crypto/index.html +++ b/doc/tls/Tls/Handshake_crypto/index.html @@ -1,5 +1,5 @@ -Handshake_crypto (tls.Tls.Handshake_crypto)

Module Tls.Handshake_crypto

val derive_master_secret : +Handshake_crypto (tls.Tls.Handshake_crypto)

Module Tls.Handshake_crypto

val derive_master_secret : Core.tls_before_13 -> State.session_data -> Cstruct.t -> @@ -13,4 +13,11 @@ Cstruct.t -> string -> Cstruct.t list -> - Cstruct.t
\ No newline at end of file + Cstruct.t
val pseudo_random_function : + Core.tls_before_13 -> + Ciphersuite.ciphersuite -> + int -> + Cstruct.t -> + string -> + Cstruct.t -> + Cstruct.t

pseudo_random_function version cipher length secret label seed

\ No newline at end of file diff --git a/doc/tls/Tls/Handshake_crypto13/index.html b/doc/tls/Tls/Handshake_crypto13/index.html index 57731df4..fe0b3aae 100644 --- a/doc/tls/Tls/Handshake_crypto13/index.html +++ b/doc/tls/Tls/Handshake_crypto13/index.html @@ -1,5 +1,5 @@ -Handshake_crypto13 (tls.Tls.Handshake_crypto13)

Module Tls.Handshake_crypto13

val cdiv : int -> int -> int
val left_pad_dh : Mirage_crypto_pk.Dh.group -> Cstruct.t -> Cstruct.t
val not_all_zero : +Handshake_crypto13 (tls.Tls.Handshake_crypto13)

Module Tls.Handshake_crypto13

val cdiv : int -> int -> int
val left_pad_dh : Mirage_crypto_pk.Dh.group -> Cstruct.t -> Cstruct.t
val not_all_zero : (Cstruct.t, [> `Fatal of [> `InvalidDH ] ] as 'a) Stdlib.result -> (Cstruct.t, 'a) Stdlib.result
val dh_shared : [< `Finite_field of Mirage_crypto_pk.Dh.secret diff --git a/doc/tls/Tls/Handshake_server/index.html b/doc/tls/Tls/Handshake_server/index.html index cabd2919..d02a095c 100644 --- a/doc/tls/Tls/Handshake_server/index.html +++ b/doc/tls/Tls/Handshake_server/index.html @@ -1,5 +1,5 @@ -Handshake_server (tls.Tls.Handshake_server)

Module Tls.Handshake_server

val hello_request : +Handshake_server (tls.Tls.Handshake_server)

Module Tls.Handshake_server

val hello_request : State.handshake_state -> (State.handshake_return, State.failure) Stdlib.result
val handle_change_cipher_spec : State.server_handshake_state -> diff --git a/doc/tls/Tls/Handshake_server13/index.html b/doc/tls/Tls/Handshake_server13/index.html index a49c16d5..9c30c7e8 100644 --- a/doc/tls/Tls/Handshake_server13/index.html +++ b/doc/tls/Tls/Handshake_server13/index.html @@ -1,5 +1,5 @@ -Handshake_server13 (tls.Tls.Handshake_server13)

Module Tls.Handshake_server13

val answer_client_hello : +Handshake_server13 (tls.Tls.Handshake_server13)

Module Tls.Handshake_server13

val answer_client_hello : hrr:bool -> State.handshake_state -> Core.client_hello -> diff --git a/doc/tls/Tls/Packet/index.html b/doc/tls/Tls/Packet/index.html index 45f96bc9..6a7bf064 100644 --- a/doc/tls/Tls/Packet/index.html +++ b/doc/tls/Tls/Packet/index.html @@ -1,5 +1,5 @@ -Packet (tls.Tls.Packet)

Module Tls.Packet

Magic numbers of the TLS protocol.

val get_uint24_len : Cstruct.t -> int
val set_uint24_len : Cstruct.t -> int -> unit
type content_type =
  1. | CHANGE_CIPHER_SPEC
  2. | ALERT
  3. | HANDSHAKE
  4. | APPLICATION_DATA
  5. | HEARTBEAT
val content_type_to_int : content_type -> int
val int_to_content_type : int -> content_type option
val pp_content_type : Stdlib.Format.formatter -> content_type -> unit
type alert_level =
  1. | WARNING
  2. | FATAL
val pp_alert_level : Stdlib.Format.formatter -> alert_level -> unit
val alert_level_to_int : alert_level -> int
val int_to_alert_level : int -> alert_level option
type alert_type =
  1. | CLOSE_NOTIFY
  2. | UNEXPECTED_MESSAGE
  3. | BAD_RECORD_MAC
  4. | DECRYPTION_FAILED
  5. | RECORD_OVERFLOW
  6. | DECOMPRESSION_FAILURE
  7. | HANDSHAKE_FAILURE
  8. | NO_CERTIFICATE_RESERVED
  9. | BAD_CERTIFICATE
  10. | UNSUPPORTED_CERTIFICATE
  11. | CERTIFICATE_REVOKED
  12. | CERTIFICATE_EXPIRED
  13. | CERTIFICATE_UNKNOWN
  14. | ILLEGAL_PARAMETER
  15. | UNKNOWN_CA
  16. | ACCESS_DENIED
  17. | DECODE_ERROR
  18. | DECRYPT_ERROR
  19. | EXPORT_RESTRICTION_RESERVED
  20. | PROTOCOL_VERSION
  21. | INSUFFICIENT_SECURITY
  22. | INTERNAL_ERROR
  23. | INAPPROPRIATE_FALLBACK
  24. | USER_CANCELED
  25. | NO_RENEGOTIATION
  26. | MISSING_EXTENSION
  27. | UNSUPPORTED_EXTENSION
  28. | CERTIFICATE_UNOBTAINABLE
  29. | UNRECOGNIZED_NAME
  30. | BAD_CERTIFICATE_STATUS_RESPONSE
  31. | BAD_CERTIFICATE_HASH_VALUE
  32. | UNKNOWN_PSK_IDENTITY
  33. | CERTIFICATE_REQUIRED
  34. | NO_APPLICATION_PROTOCOL
val alert_type_to_string : alert_type -> string
val alert_type_to_int : alert_type -> int
val int_to_alert_type : int -> alert_type option
val pp_alert : Stdlib.Format.formatter -> (alert_level * alert_type) -> unit
type handshake_type =
  1. | HELLO_REQUEST
  2. | CLIENT_HELLO
  3. | SERVER_HELLO
  4. | HELLO_VERIFY_REQUEST
  5. | SESSION_TICKET
  6. | END_OF_EARLY_DATA
  7. | ENCRYPTED_EXTENSIONS
  8. | CERTIFICATE
  9. | SERVER_KEY_EXCHANGE
  10. | CERTIFICATE_REQUEST
  11. | SERVER_HELLO_DONE
  12. | CERTIFICATE_VERIFY
  13. | CLIENT_KEY_EXCHANGE
  14. | FINISHED
  15. | CERTIFICATE_URL
  16. | CERTIFICATE_STATUS
  17. | SUPPLEMENTAL_DATA
  18. | KEY_UPDATE
  19. | MESSAGE_HASH
val handshake_type_to_int : handshake_type -> int
val int_to_handshake_type : int -> handshake_type option
type client_certificate_type =
  1. | RSA_SIGN
  2. | DSS_SIGN
  3. | RSA_FIXED_DH
  4. | DSS_FIXED_DH
  5. | RSA_EPHEMERAL_DH_RESERVED
  6. | DSS_EPHEMERAL_DH_RESERVED
  7. | FORTEZZA_DMS_RESERVED
  8. | ECDSA_SIGN
  9. | RSA_FIXED_ECDH
  10. | ECDSA_FIXED_ECDH
val client_certificate_type_to_int : client_certificate_type -> int
val int_to_client_certificate_type : int -> client_certificate_type option
type compression_method =
  1. | NULL
  2. | DEFLATE
  3. | LZS
val compression_method_to_int : compression_method -> int
val int_to_compression_method : int -> compression_method option
type extension_type =
  1. | SERVER_NAME
  2. | MAX_FRAGMENT_LENGTH
  3. | CLIENT_CERTIFICATE_URL
  4. | TRUSTED_CA_KEYS
  5. | TRUNCATED_HMAC
  6. | STATUS_REQUEST
  7. | USER_MAPPING
  8. | CLIENT_AUTHZ
  9. | SERVER_AUTHZ
  10. | CERT_TYPE
  11. | SUPPORTED_GROUPS
  12. | EC_POINT_FORMATS
  13. | SRP
  14. | SIGNATURE_ALGORITHMS
  15. | USE_SRTP
  16. | HEARTBEAT
  17. | APPLICATION_LAYER_PROTOCOL_NEGOTIATION
  18. | STATUS_REQUEST_V2
  19. | SIGNED_CERTIFICATE_TIMESTAMP
  20. | CLIENT_CERTIFICATE_TYPE
  21. | SERVER_CERTIFICATE_TYPE
  22. | PADDING
  23. | ENCRYPT_THEN_MAC
  24. | EXTENDED_MASTER_SECRET
  25. | TOKEN_BINDING
  26. | CACHED_INFO
  27. | TLS_LTS
  28. | COMPRESSED_CERTIFICATE
  29. | RECORD_SIZE_LIMIT
  30. | PWD_PROTECT
  31. | PWD_CLEAR
  32. | PASSWORD_SALT
  33. | SESSION_TICKET
  34. | PRE_SHARED_KEY
  35. | EARLY_DATA
  36. | SUPPORTED_VERSIONS
  37. | COOKIE
  38. | PSK_KEY_EXCHANGE_MODES
  39. | CERTIFICATE_AUTHORITIES
  40. | OID_FILTERS
  41. | POST_HANDSHAKE_AUTH
  42. | SIGNATURE_ALGORITHMS_CERT
  43. | KEY_SHARE
  44. | RENEGOTIATION_INFO
  45. | DRAFT_SUPPORT
val extension_type_to_int : extension_type -> int
val int_to_extension_type : int -> extension_type option
val extension_type_to_string : extension_type -> string
type max_fragment_length =
  1. | TWO_9
  2. | TWO_10
  3. | TWO_11
  4. | TWO_12
val max_fragment_length_to_int : max_fragment_length -> int
val int_to_max_fragment_length : int -> max_fragment_length option
type psk_key_exchange_mode =
  1. | PSK_KE
  2. | PSK_KE_DHE
val psk_key_exchange_mode_to_int : psk_key_exchange_mode -> int
val int_to_psk_key_exchange_mode : int -> psk_key_exchange_mode option
type signature_alg =
  1. | RSA_PKCS1_MD5
  2. | RSA_PKCS1_SHA1
  3. | RSA_PKCS1_SHA224
  4. | RSA_PKCS1_SHA256
  5. | RSA_PKCS1_SHA384
  6. | RSA_PKCS1_SHA512
  7. | ECDSA_SECP256R1_SHA1
  8. | ECDSA_SECP256R1_SHA256
  9. | ECDSA_SECP384R1_SHA384
  10. | ECDSA_SECP521R1_SHA512
  11. | RSA_PSS_RSAENC_SHA256
  12. | RSA_PSS_RSAENC_SHA384
  13. | RSA_PSS_RSAENC_SHA512
  14. | ED25519
  15. | ED448
  16. | RSA_PSS_PSS_SHA256
  17. | RSA_PSS_PSS_SHA384
  18. | RSA_PSS_PSS_SHA512
val signature_alg_to_int : signature_alg -> int
val int_to_signature_alg : int -> signature_alg option
val to_signature_alg : +Packet (tls.Tls.Packet)

Module Tls.Packet

Magic numbers of the TLS protocol.

val get_uint24_len : Cstruct.t -> int
val set_uint24_len : Cstruct.t -> int -> unit
type content_type =
  1. | CHANGE_CIPHER_SPEC
  2. | ALERT
  3. | HANDSHAKE
  4. | APPLICATION_DATA
  5. | HEARTBEAT
val content_type_to_int : content_type -> int
val int_to_content_type : int -> content_type option
val pp_content_type : Stdlib.Format.formatter -> content_type -> unit
type alert_level =
  1. | WARNING
  2. | FATAL
val pp_alert_level : Stdlib.Format.formatter -> alert_level -> unit
val alert_level_to_int : alert_level -> int
val int_to_alert_level : int -> alert_level option
type alert_type =
  1. | CLOSE_NOTIFY
  2. | UNEXPECTED_MESSAGE
  3. | BAD_RECORD_MAC
  4. | DECRYPTION_FAILED
  5. | RECORD_OVERFLOW
  6. | DECOMPRESSION_FAILURE
  7. | HANDSHAKE_FAILURE
  8. | NO_CERTIFICATE_RESERVED
  9. | BAD_CERTIFICATE
  10. | UNSUPPORTED_CERTIFICATE
  11. | CERTIFICATE_REVOKED
  12. | CERTIFICATE_EXPIRED
  13. | CERTIFICATE_UNKNOWN
  14. | ILLEGAL_PARAMETER
  15. | UNKNOWN_CA
  16. | ACCESS_DENIED
  17. | DECODE_ERROR
  18. | DECRYPT_ERROR
  19. | EXPORT_RESTRICTION_RESERVED
  20. | PROTOCOL_VERSION
  21. | INSUFFICIENT_SECURITY
  22. | INTERNAL_ERROR
  23. | INAPPROPRIATE_FALLBACK
  24. | USER_CANCELED
  25. | NO_RENEGOTIATION
  26. | MISSING_EXTENSION
  27. | UNSUPPORTED_EXTENSION
  28. | CERTIFICATE_UNOBTAINABLE
  29. | UNRECOGNIZED_NAME
  30. | BAD_CERTIFICATE_STATUS_RESPONSE
  31. | BAD_CERTIFICATE_HASH_VALUE
  32. | UNKNOWN_PSK_IDENTITY
  33. | CERTIFICATE_REQUIRED
  34. | NO_APPLICATION_PROTOCOL
val alert_type_to_string : alert_type -> string
val alert_type_to_int : alert_type -> int
val int_to_alert_type : int -> alert_type option
val pp_alert : Stdlib.Format.formatter -> (alert_level * alert_type) -> unit
type handshake_type =
  1. | HELLO_REQUEST
  2. | CLIENT_HELLO
  3. | SERVER_HELLO
  4. | HELLO_VERIFY_REQUEST
  5. | SESSION_TICKET
  6. | END_OF_EARLY_DATA
  7. | ENCRYPTED_EXTENSIONS
  8. | CERTIFICATE
  9. | SERVER_KEY_EXCHANGE
  10. | CERTIFICATE_REQUEST
  11. | SERVER_HELLO_DONE
  12. | CERTIFICATE_VERIFY
  13. | CLIENT_KEY_EXCHANGE
  14. | FINISHED
  15. | CERTIFICATE_URL
  16. | CERTIFICATE_STATUS
  17. | SUPPLEMENTAL_DATA
  18. | KEY_UPDATE
  19. | MESSAGE_HASH
val handshake_type_to_int : handshake_type -> int
val int_to_handshake_type : int -> handshake_type option
type client_certificate_type =
  1. | RSA_SIGN
  2. | DSS_SIGN
  3. | RSA_FIXED_DH
  4. | DSS_FIXED_DH
  5. | RSA_EPHEMERAL_DH_RESERVED
  6. | DSS_EPHEMERAL_DH_RESERVED
  7. | FORTEZZA_DMS_RESERVED
  8. | ECDSA_SIGN
  9. | RSA_FIXED_ECDH
  10. | ECDSA_FIXED_ECDH
val client_certificate_type_to_int : client_certificate_type -> int
val int_to_client_certificate_type : int -> client_certificate_type option
type compression_method =
  1. | NULL
  2. | DEFLATE
  3. | LZS
val compression_method_to_int : compression_method -> int
val int_to_compression_method : int -> compression_method option
type extension_type =
  1. | SERVER_NAME
  2. | MAX_FRAGMENT_LENGTH
  3. | CLIENT_CERTIFICATE_URL
  4. | TRUSTED_CA_KEYS
  5. | TRUNCATED_HMAC
  6. | STATUS_REQUEST
  7. | USER_MAPPING
  8. | CLIENT_AUTHZ
  9. | SERVER_AUTHZ
  10. | CERT_TYPE
  11. | SUPPORTED_GROUPS
  12. | EC_POINT_FORMATS
  13. | SRP
  14. | SIGNATURE_ALGORITHMS
  15. | USE_SRTP
  16. | HEARTBEAT
  17. | APPLICATION_LAYER_PROTOCOL_NEGOTIATION
  18. | STATUS_REQUEST_V2
  19. | SIGNED_CERTIFICATE_TIMESTAMP
  20. | CLIENT_CERTIFICATE_TYPE
  21. | SERVER_CERTIFICATE_TYPE
  22. | PADDING
  23. | ENCRYPT_THEN_MAC
  24. | EXTENDED_MASTER_SECRET
  25. | TOKEN_BINDING
  26. | CACHED_INFO
  27. | TLS_LTS
  28. | COMPRESSED_CERTIFICATE
  29. | RECORD_SIZE_LIMIT
  30. | PWD_PROTECT
  31. | PWD_CLEAR
  32. | PASSWORD_SALT
  33. | SESSION_TICKET
  34. | PRE_SHARED_KEY
  35. | EARLY_DATA
  36. | SUPPORTED_VERSIONS
  37. | COOKIE
  38. | PSK_KEY_EXCHANGE_MODES
  39. | CERTIFICATE_AUTHORITIES
  40. | OID_FILTERS
  41. | POST_HANDSHAKE_AUTH
  42. | SIGNATURE_ALGORITHMS_CERT
  43. | KEY_SHARE
  44. | RENEGOTIATION_INFO
  45. | DRAFT_SUPPORT
val extension_type_to_int : extension_type -> int
val int_to_extension_type : int -> extension_type option
val extension_type_to_string : extension_type -> string
type max_fragment_length =
  1. | TWO_9
  2. | TWO_10
  3. | TWO_11
  4. | TWO_12
val max_fragment_length_to_int : max_fragment_length -> int
val int_to_max_fragment_length : int -> max_fragment_length option
type psk_key_exchange_mode =
  1. | PSK_KE
  2. | PSK_KE_DHE
val psk_key_exchange_mode_to_int : psk_key_exchange_mode -> int
val int_to_psk_key_exchange_mode : int -> psk_key_exchange_mode option
type signature_alg =
  1. | RSA_PKCS1_MD5
  2. | RSA_PKCS1_SHA1
  3. | RSA_PKCS1_SHA224
  4. | RSA_PKCS1_SHA256
  5. | RSA_PKCS1_SHA384
  6. | RSA_PKCS1_SHA512
  7. | ECDSA_SECP256R1_SHA1
  8. | ECDSA_SECP256R1_SHA256
  9. | ECDSA_SECP384R1_SHA384
  10. | ECDSA_SECP521R1_SHA512
  11. | RSA_PSS_RSAENC_SHA256
  12. | RSA_PSS_RSAENC_SHA384
  13. | RSA_PSS_RSAENC_SHA512
  14. | ED25519
  15. | ED448
  16. | RSA_PSS_PSS_SHA256
  17. | RSA_PSS_PSS_SHA384
  18. | RSA_PSS_PSS_SHA512
val signature_alg_to_int : signature_alg -> int
val int_to_signature_alg : int -> signature_alg option
val to_signature_alg : [< `ECDSA_SECP256R1_SHA1 | `ECDSA_SECP256R1_SHA256 | `ECDSA_SECP384R1_SHA384 diff --git a/doc/tls/Tls/Reader/index.html b/doc/tls/Tls/Reader/index.html index fdd29963..18a05954 100644 --- a/doc/tls/Tls/Reader/index.html +++ b/doc/tls/Tls/Reader/index.html @@ -1,5 +1,5 @@ -Reader (tls.Tls.Reader)

Module Tls.Reader

type error =
  1. | TrailingBytes of string
  2. | WrongLength of string
  3. | Unknown of string
  4. | Underflow
  5. | Overflow of int
  6. | UnknownVersion of int * int
  7. | UnknownContent of int
val pp_error : error Fmt.t
val parse_version : Cstruct.t -> (Core.tls_version, error) Stdlib.result
val parse_any_version : +Reader (tls.Tls.Reader)

Module Tls.Reader

type error =
  1. | TrailingBytes of string
  2. | WrongLength of string
  3. | Unknown of string
  4. | Underflow
  5. | Overflow of int
  6. | UnknownVersion of int * int
  7. | UnknownContent of int
val pp_error : error Fmt.t
val parse_version : Cstruct.t -> (Core.tls_version, error) Stdlib.result
val parse_any_version : Cstruct.t -> (Core.tls_any_version, error) Stdlib.result
val parse_record : Cstruct.t -> diff --git a/doc/tls/Tls/State/index.html b/doc/tls/Tls/State/index.html index be0ccb00..ebd31378 100644 --- a/doc/tls/Tls/State/index.html +++ b/doc/tls/Tls/State/index.html @@ -1,5 +1,5 @@ -State (tls.Tls.State)

Module Tls.State

type hmac_key = Cstruct.t
type iv_mode =
  1. | Iv of Cstruct.t
  2. | Random_iv
type 'k cbc_cipher = +State (tls.Tls.State)

Module Tls.State

type hmac_key = Cstruct.t
type iv_mode =
  1. | Iv of Cstruct.t
  2. | Random_iv
type 'k cbc_cipher = (module Mirage_crypto.Cipher_block.S.CBC with type key = 'k)
type 'k cbc_state = {
  1. cipher : 'k cbc_cipher;
  2. cipher_secret : 'k;
  3. iv_mode : iv_mode;
  4. hmac : Mirage_crypto.Hash.hash;
  5. hmac_secret : hmac_key;
}
type nonce = Cstruct.t
type 'k aead_cipher = (module Mirage_crypto.AEAD with type key = 'k)
type 'k aead_state = {
  1. cipher : 'k aead_cipher;
  2. cipher_secret : 'k;
  3. nonce : nonce;
  4. explicit_nonce : bool;
}
type cipher_st =
  1. | CBC : 'k cbc_state -> cipher_st
  2. | AEAD : 'k aead_state -> cipher_st
type crypto_context = {
  1. sequence : int64;
  2. cipher_st : cipher_st;
}
type hs_log = Cstruct.t list
type dh_secret = [
  1. | `Finite_field of Mirage_crypto_pk.Dh.secret
  2. | `P256 of Mirage_crypto_ec.P256.Dh.secret
  3. | `P384 of Mirage_crypto_ec.P384.Dh.secret
  4. | `P521 of Mirage_crypto_ec.P521.Dh.secret
  5. | `X25519 of Mirage_crypto_ec.X25519.secret
]
type reneg_params = Cstruct.t * Cstruct.t
type common_session_data = {
  1. server_random : Cstruct.t;
  2. client_random : Cstruct.t;
  3. peer_certificate_chain : X509.Certificate.t list;
  4. peer_certificate : X509.Certificate.t option;
  5. trust_anchor : X509.Certificate.t option;
  6. received_certificates : X509.Certificate.t list;
  7. own_certificate : X509.Certificate.t list;
  8. own_private_key : X509.Private_key.t option;
  9. own_name : [ `host ] Domain_name.t option;
  10. client_auth : bool;
  11. master_secret : Core.master_secret;
  12. alpn_protocol : string option;
}
type session_data = {
  1. common_session_data : common_session_data;
  2. client_version : Core.tls_any_version;
  3. ciphersuite : Ciphersuite.ciphersuite;
  4. group : Core.group option;
  5. renegotiation : reneg_params;
  6. session_id : Cstruct.t;
  7. extended_ms : bool;
}
type server_handshake_state =
  1. | AwaitClientHello
  2. | AwaitClientHelloRenegotiate
  3. | AwaitClientCertificate_RSA of session_data * hs_log
  4. | AwaitClientCertificate_DHE of session_data * dh_secret * hs_log
  5. | AwaitClientKeyExchange_RSA of session_data * hs_log
  6. | AwaitClientKeyExchange_DHE of session_data * dh_secret * hs_log
  7. | AwaitClientCertificateVerify of session_data * crypto_context @@ -23,7 +23,7 @@ * hs_log
  8. | AwaitServerChangeCipherSpecResume of session_data * crypto_context * crypto_context - * hs_log
  9. | AwaitServerFinished of session_data * Cstruct.t * hs_log
  10. | AwaitServerFinishedResume of session_data * hs_log
  11. | Established
type kdf = {
  1. secret : Cstruct.t;
  2. cipher : Ciphersuite.ciphersuite13;
  3. hash : Mirage_crypto.Hash.hash;
}
type session_data13 = {
  1. common_session_data13 : common_session_data;
  2. ciphersuite13 : Ciphersuite.ciphersuite13;
  3. master_secret : kdf;
  4. resumption_secret : Cstruct.t;
  5. state : Core.epoch_state;
  6. resumed : bool;
  7. client_app_secret : Cstruct.t;
  8. server_app_secret : Cstruct.t;
}
type client13_handshake_state =
  1. | AwaitServerHello13 of Core.client_hello + * hs_log
  2. | AwaitServerFinished of session_data * Cstruct.t * hs_log
  3. | AwaitServerFinishedResume of session_data * hs_log
  4. | Established
type kdf = {
  1. secret : Cstruct.t;
  2. cipher : Ciphersuite.ciphersuite13;
  3. hash : Mirage_crypto.Hash.hash;
}
type session_data13 = {
  1. common_session_data13 : common_session_data;
  2. ciphersuite13 : Ciphersuite.ciphersuite13;
  3. master_secret : kdf;
  4. exporter_master_secret : Cstruct.t;
  5. resumption_secret : Cstruct.t;
  6. state : Core.epoch_state;
  7. resumed : bool;
  8. client_app_secret : Cstruct.t;
  9. server_app_secret : Cstruct.t;
}
type client13_handshake_state =
  1. | AwaitServerHello13 of Core.client_hello * (Core.group * dh_secret) list * Cstruct.t
  2. | AwaitServerEncryptedExtensions13 of session_data13 * Cstruct.t diff --git a/doc/tls/Tls/Utils/List_set/index.html b/doc/tls/Tls/Utils/List_set/index.html index bb4748cb..b82bbd5e 100644 --- a/doc/tls/Tls/Utils/List_set/index.html +++ b/doc/tls/Tls/Utils/List_set/index.html @@ -1,2 +1,2 @@ -List_set (tls.Tls.Utils.List_set)

    Module Utils.List_set

    val subset : ?compare:('a -> 'a -> int) -> 'b list -> 'a list -> bool
    val is_proper_set : 'a list -> bool
    \ No newline at end of file +List_set (tls.Tls.Utils.List_set)

    Module Utils.List_set

    val subset : ?compare:('a -> 'a -> int) -> 'b list -> 'a list -> bool
    val is_proper_set : 'a list -> bool
    \ No newline at end of file diff --git a/doc/tls/Tls/Utils/index.html b/doc/tls/Tls/Utils/index.html index e1f1aab4..7b4d14f7 100644 --- a/doc/tls/Tls/Utils/index.html +++ b/doc/tls/Tls/Utils/index.html @@ -1,2 +1,2 @@ -Utils (tls.Tls.Utils)

    Module Tls.Utils

    module List_set : sig ... end
    val map_find : f:('a -> 'b option) -> 'c list -> 'd option
    val init_and_last : 'a list -> ('b list * 'c) option
    val first_match : 'a list -> 'b list -> 'c option
    \ No newline at end of file +Utils (tls.Tls.Utils)

    Module Tls.Utils

    module List_set : sig ... end
    val map_find : f:('a -> 'b option) -> 'c list -> 'd option
    val init_and_last : 'a list -> ('b list * 'c) option
    val first_match : 'a list -> 'b list -> 'c option
    \ No newline at end of file diff --git a/doc/tls/Tls/Writer/index.html b/doc/tls/Tls/Writer/index.html index 0a010f7c..0406faa5 100644 --- a/doc/tls/Tls/Writer/index.html +++ b/doc/tls/Tls/Writer/index.html @@ -1,5 +1,5 @@ -Writer (tls.Tls.Writer)

    Module Tls.Writer

    val assemble_protocol_version : Core.tls_version -> Cstruct.t
    val assemble_handshake : Core.tls_handshake -> Cstruct.t
    val assemble_message_hash : int -> Cstruct.t
    val assemble_hdr : +Writer (tls.Tls.Writer)

    Module Tls.Writer

    val assemble_protocol_version : Core.tls_version -> Cstruct.t
    val assemble_handshake : Core.tls_handshake -> Cstruct.t
    val assemble_message_hash : int -> Cstruct.t
    val assemble_hdr : Core.tls_version -> (Packet.content_type * Cstruct.t) -> Cstruct.t
    val assemble_alert : diff --git a/doc/tls/Tls/index.html b/doc/tls/Tls/index.html index 88e854d2..f5f1e1c8 100644 --- a/doc/tls/Tls/index.html +++ b/doc/tls/Tls/index.html @@ -1,2 +1,2 @@ -Tls (tls.Tls)

    Module Tls

    module Ciphersuite : sig ... end

    Ciphersuite definitions and some helper functions.

    module Config : sig ... end

    Configuration of the TLS stack

    module Core : sig ... end

    Core type definitions

    module Crypto : sig ... end
    module Engine : sig ... end

    Transport layer security

    module Explorator : sig ... end
    module Handshake_client : sig ... end
    module Handshake_client13 : sig ... end
    module Handshake_common : sig ... end
    module Handshake_crypto : sig ... end
    module Handshake_crypto13 : sig ... end
    module Handshake_server : sig ... end
    module Handshake_server13 : sig ... end
    module Packet : sig ... end

    Magic numbers of the TLS protocol.

    module Reader : sig ... end
    module State : sig ... end
    module Utils : sig ... end
    module Writer : sig ... end
    \ No newline at end of file +Tls (tls.Tls)

    Module Tls

    module Ciphersuite : sig ... end

    Ciphersuite definitions and some helper functions.

    module Config : sig ... end

    Configuration of the TLS stack

    module Core : sig ... end

    Core type definitions

    module Crypto : sig ... end
    module Engine : sig ... end

    Transport layer security

    module Explorator : sig ... end
    module Handshake_client : sig ... end
    module Handshake_client13 : sig ... end
    module Handshake_common : sig ... end
    module Handshake_crypto : sig ... end
    module Handshake_crypto13 : sig ... end
    module Handshake_server : sig ... end
    module Handshake_server13 : sig ... end
    module Packet : sig ... end

    Magic numbers of the TLS protocol.

    module Reader : sig ... end
    module State : sig ... end
    module Utils : sig ... end
    module Writer : sig ... end
    \ No newline at end of file diff --git a/doc/tls/index.html b/doc/tls/index.html index 7238c6bb..68a13576 100644 --- a/doc/tls/index.html +++ b/doc/tls/index.html @@ -1,2 +1,2 @@ -index (tls.index)

    tls index

    Library tls

    The entry point of this library is the module: Tls.

    \ No newline at end of file +index (tls.index)

    tls index

    Library tls

    The entry point of this library is the module: Tls.

    \ No newline at end of file