Module Tls.State

type hmac_key = Cstruct.t
type iv_mode =
| Iv of Cstruct_sexp.t
| Random_iv
val iv_mode_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> iv_mode
val sexp_of_iv_mode : iv_mode -> Ppx_sexp_conv_lib.Sexp.t
type 'k cbc_cipher = (module Mirage_crypto.Cipher_block.S.CBC with type key = 'k)
type 'k cbc_state = {
cipher : 'k cbc_cipher;
cipher_secret : 'k;
iv_mode : iv_mode;
hmac : Mirage_crypto.Hash.hash;
hmac_secret : hmac_key;
}
type nonce = Cstruct.t
type 'k aead_cipher =
| CCM of (module Mirage_crypto.Cipher_block.S.CCM with type key = 'k)
| GCM of (module Mirage_crypto.Cipher_block.S.GCM with type key = 'k)
| ChaCha20_Poly1305 of (module Mirage_crypto.AEAD with type key = 'k)
type 'k aead_state = {
cipher : 'k aead_cipher;
cipher_secret : 'k;
nonce : nonce;
}
type cipher_st =
| CBC : 'k cbc_state -> cipher_st
| AEAD : 'k aead_state -> cipher_st
val sexp_of_cipher_st : cipher_st -> Sexplib.Sexp.t
val cipher_st_of_sexp : Sexplib0.Sexp.t -> 'a
type crypto_context = {
sequence : int64;
cipher_st : cipher_st;
}
val crypto_context_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> crypto_context
val sexp_of_crypto_context : crypto_context -> Ppx_sexp_conv_lib.Sexp.t
type hs_log = Cstruct_sexp.t list
val hs_log_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> hs_log
val sexp_of_hs_log : hs_log -> Ppx_sexp_conv_lib.Sexp.t
type dh_secret = [
| `Fiat of Fiat_p256.secret
| `Hacl of Hacl_x25519.secret
| `Mirage_crypto of Mirage_crypto_pk.Dh.secret
]
val sexp_of_dh_secret : 'a -> Sexplib.Sexp.t
val dh_secret_of_sexp : Sexplib0.Sexp.t -> 'a
type reneg_params = Cstruct_sexp.t * Cstruct_sexp.t
val reneg_params_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> reneg_params
val sexp_of_reneg_params : reneg_params -> Ppx_sexp_conv_lib.Sexp.t
type common_session_data = {
server_random : Cstruct_sexp.t;
client_random : Cstruct_sexp.t;
peer_certificate_chain : Core.Cert.t list;
peer_certificate : Core.Cert.t option;
trust_anchor : Core.Cert.t option;
received_certificates : Core.Cert.t list;
own_certificate : Core.Cert.t list;
own_private_key : Mirage_crypto_pk.Rsa.priv option;
own_name : string option;
client_auth : bool;
master_secret : Core.master_secret;
alpn_protocol : string option;
}
val common_session_data_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> common_session_data
val sexp_of_common_session_data : common_session_data -> Ppx_sexp_conv_lib.Sexp.t
type session_data = {
common_session_data : common_session_data;
client_version : Core.tls_any_version;
ciphersuite : Ciphersuite.ciphersuite;
group : Core.group option;
renegotiation : reneg_params;
session_id : Cstruct_sexp.t;
extended_ms : bool;
}
val session_data_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> session_data
val sexp_of_session_data : session_data -> Ppx_sexp_conv_lib.Sexp.t
type server_handshake_state =
| AwaitClientHello
| AwaitClientHelloRenegotiate
| AwaitClientCertificate_RSA of session_data * hs_log
| AwaitClientCertificate_DHE_RSA of session_data * dh_secret * hs_log
| AwaitClientKeyExchange_RSA of session_data * hs_log
| AwaitClientKeyExchange_DHE_RSA of session_data * dh_secret * hs_log
| AwaitClientCertificateVerify of session_data * crypto_context * crypto_context * hs_log
| AwaitClientChangeCipherSpec of session_data * crypto_context * crypto_context * hs_log
| AwaitClientChangeCipherSpecResume of session_data * crypto_context * Cstruct_sexp.t * hs_log
| AwaitClientFinished of session_data * hs_log
| AwaitClientFinishedResume of session_data * Cstruct_sexp.t * hs_log
| Established
val server_handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> server_handshake_state
val sexp_of_server_handshake_state : server_handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type client_handshake_state =
| ClientInitial
| AwaitServerHello of Core.client_hello * (Core.group * dh_secret) list * hs_log
| AwaitServerHelloRenegotiate of session_data * Core.client_hello * hs_log
| AwaitCertificate_RSA of session_data * hs_log
| AwaitCertificate_DHE_RSA of session_data * hs_log
| AwaitServerKeyExchange_DHE_RSA of session_data * hs_log
| AwaitCertificateRequestOrServerHelloDone of session_data * Cstruct_sexp.t * Cstruct_sexp.t * hs_log
| AwaitServerHelloDone of session_data * Core.signature_algorithm list option * Cstruct_sexp.t * Cstruct_sexp.t * hs_log
| AwaitServerChangeCipherSpec of session_data * crypto_context * Cstruct_sexp.t * hs_log
| AwaitServerChangeCipherSpecResume of session_data * crypto_context * crypto_context * hs_log
| AwaitServerFinished of session_data * Cstruct_sexp.t * hs_log
| AwaitServerFinishedResume of session_data * hs_log
| Established
val client_handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> client_handshake_state
val sexp_of_client_handshake_state : client_handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type kdf = {
secret : Cstruct_sexp.t;
cipher : Ciphersuite.ciphersuite13;
hash : Ciphersuite.H.t;
}
val kdf_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> kdf
val sexp_of_kdf : kdf -> Ppx_sexp_conv_lib.Sexp.t
type session_data13 = {
common_session_data13 : common_session_data;
ciphersuite13 : Ciphersuite.ciphersuite13;
master_secret : kdf;
resumption_secret : Cstruct_sexp.t;
state : Core.epoch_state;
resumed : bool;
client_app_secret : Cstruct_sexp.t;
server_app_secret : Cstruct_sexp.t;
}
val session_data13_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> session_data13
val sexp_of_session_data13 : session_data13 -> Ppx_sexp_conv_lib.Sexp.t
type client13_handshake_state =
| AwaitServerHello13 of Core.client_hello * (Core.group * dh_secret) list * Cstruct_sexp.t
| AwaitServerEncryptedExtensions13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
| AwaitServerCertificateRequestOrCertificate13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
| AwaitServerCertificate13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
| AwaitServerCertificateVerify13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
| AwaitServerFinished13 of session_data13 * Cstruct_sexp.t * Cstruct_sexp.t * Cstruct_sexp.t
| Established13
val client13_handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> client13_handshake_state
val sexp_of_client13_handshake_state : client13_handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type server13_handshake_state =
| AwaitClientHelloHRR13
| AwaitClientCertificate13 of session_data13 * Cstruct_sexp.t * crypto_context * Core.session_ticket option * Cstruct_sexp.t
| AwaitClientCertificateVerify13 of session_data13 * Cstruct_sexp.t * crypto_context * Core.session_ticket option * Cstruct_sexp.t
| AwaitClientFinished13 of Cstruct_sexp.t * crypto_context * Core.session_ticket option * Cstruct_sexp.t
| AwaitEndOfEarlyData13 of Cstruct_sexp.t * crypto_context * crypto_context * Core.session_ticket option * Cstruct_sexp.t
| Established13
val server13_handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> server13_handshake_state
val sexp_of_server13_handshake_state : server13_handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type handshake_machina_state =
| Client of client_handshake_state
| Server of server_handshake_state
| Client13 of client13_handshake_state
| Server13 of server13_handshake_state
val handshake_machina_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> handshake_machina_state
val sexp_of_handshake_machina_state : handshake_machina_state -> Ppx_sexp_conv_lib.Sexp.t
type handshake_state = {
session : [ `TLS of session_data | `TLS13 of session_data13 ] list;
protocol_version : Core.tls_version;
early_data_left : int32;
machina : handshake_machina_state;
config : Config.config;
hs_fragment : Cstruct_sexp.t;
}
val handshake_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> handshake_state
val sexp_of_handshake_state : handshake_state -> Ppx_sexp_conv_lib.Sexp.t
type crypto_state = crypto_context option
val crypto_state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> crypto_state
val sexp_of_crypto_state : crypto_state -> Ppx_sexp_conv_lib.Sexp.t
type record = Packet.content_type * Cstruct_sexp.t
val record_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> record
val sexp_of_record : record -> Ppx_sexp_conv_lib.Sexp.t
type rec_resp = [
| `Change_enc of crypto_context
| `Change_dec of crypto_context
| `Record of record
]
type handshake_return = handshake_state * rec_resp list
type state = {
handshake : handshake_state;
decryptor : crypto_state;
encryptor : crypto_state;
fragment : Cstruct_sexp.t;
}
val state_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> state
val sexp_of_state : state -> Ppx_sexp_conv_lib.Sexp.t
module V_err : sig ... end
type error = [
| `AuthenticationFailure of V_err.t
| `NoConfiguredCiphersuite of Ciphersuite.ciphersuite list
| `NoConfiguredVersions of Core.tls_version list
| `NoConfiguredSignatureAlgorithm of Core.signature_algorithm list
| `NoMatchingCertificateFound of string
| `NoCertificateConfigured
| `CouldntSelectCertificate
]
val __error_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> error
val error_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> error
val sexp_of_error : error -> Ppx_sexp_conv_lib.Sexp.t
type client_hello_errors = [
| `EmptyCiphersuites
| `NotSetCiphersuites of Packet.any_ciphersuite list
| `NoSupportedCiphersuite of Packet.any_ciphersuite list
| `NotSetExtension of Core.client_extension list
| `HasSignatureAlgorithmsExtension
| `NoSignatureAlgorithmsExtension
| `NoGoodSignatureAlgorithms of Core.signature_algorithm list
| `NoKeyShareExtension
| `NoSupportedGroupExtension
| `NotSetSupportedGroup of Packet.named_group list
| `NotSetKeyShare of (Packet.named_group * Cstruct_sexp.t) list
| `NotSubsetKeyShareSupportedGroup of Packet.named_group list * (Packet.named_group * Cstruct_sexp.t) list
| `Has0rttAfterHRR
| `NoCookie
]
val __client_hello_errors_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> client_hello_errors
val client_hello_errors_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> client_hello_errors
val sexp_of_client_hello_errors : client_hello_errors -> Ppx_sexp_conv_lib.Sexp.t
type fatal = [
| `NoSecureRenegotiation
| `NoSupportedGroup
| `NoVersions of Core.tls_any_version list
| `ReaderError of Reader.error
| `NoCertificateReceived
| `NoCertificateVerifyReceived
| `NotRSACertificate
| `NotRSASignature
| `KeyTooSmall
| `RSASignatureMismatch
| `RSASignatureVerificationFailed
| `UnsupportedSignatureScheme
| `HashAlgorithmMismatch
| `BadCertificateChain
| `MACMismatch
| `MACUnderflow
| `RecordOverflow of int
| `UnknownRecordVersion of int * int
| `UnknownContentType of int
| `CannotHandleApplicationDataYet
| `NoHeartbeat
| `BadRecordVersion of Core.tls_any_version
| `BadFinished
| `HandshakeFragmentsNotEmpty
| `InsufficientDH
| `InvalidDH
| `InvalidRenegotiation
| `InvalidClientHello of client_hello_errors
| `InvalidServerHello
| `InvalidRenegotiationVersion of Core.tls_version
| `InappropriateFallback
| `UnexpectedCCS
| `UnexpectedHandshake of Core.tls_handshake
| `InvalidCertificateUsage
| `InvalidCertificateExtendedUsage
| `InvalidSession
| `NoApplicationProtocol
| `HelloRetryRequest
| `InvalidMessage
| `Toomany0rttbytes
| `MissingContentType
| `Downgrade12
| `Downgrade11
| `UnsupportedKeyExchange
]
val __fatal_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> fatal
val fatal_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> fatal
val sexp_of_fatal : fatal -> Ppx_sexp_conv_lib.Sexp.t
type failure = [
| `Error of error
| `Fatal of fatal
]
val __failure_of_sexp__ : Ppx_sexp_conv_lib.Sexp.t -> failure
val failure_of_sexp : Ppx_sexp_conv_lib.Sexp.t -> failure
val sexp_of_failure : failure -> Ppx_sexp_conv_lib.Sexp.t
include sig ... end
type err = failure
type 'a t = ('afailure) Stdlib.result
val fail : err -> 'a t
val is_success : 'a t -> bool
val is_error : 'a t -> bool
val return : 'a -> 'a t
val bind : 'a t -> ('a -> 'b t) -> 'b t
val (>>=) : 'a t -> ('a -> 'b t) -> 'b t
val (>|=) : 'a t -> ('a -> 'b) -> 'b t
val map : ('a -> 'b) -> 'a t -> 'b t
val sequence : 'a t list -> 'a list t
val sequence_ : 'a t list -> unit t
val mapM : ('a -> 'b t) -> 'a list -> 'b list t
val mapM_ : ('a -> 'b t) -> 'a list -> unit t
val foldM : ('a -> 'b -> 'a t) -> 'a -> 'b list -> 'a t
val guard : bool -> err -> unit t
val or_else : 'a t -> 'a -> 'a
val or_else_f : 'a t -> ('b -> 'a) -> 'b -> 'a
type 'a eff = 'a t
val common_data_to_epoch : common_session_data -> bool -> string option -> Core.epoch_data
val epoch_of_session : bool -> string option -> Core.tls_version -> [< `TLS of session_data | `TLS13 of session_data13 ] -> Core.epoch_data
val epoch_of_hs : handshake_state -> Core.epoch_data option