module Netgssapi_support:sig..end
val oid_to_der : Netsys_gssapi.oid -> stringval der_to_oid : string -> int Pervasives.ref -> Netsys_gssapi.oidder_to_oid takes a cursor as second arg.val oid_to_der_value : Netsys_gssapi.oid -> string
val der_value_to_oid : string -> int Pervasives.ref -> int -> Netsys_gssapi.oidder_value_to_oid takes a cursor and the length
in bytes.val wire_encode_token : Netsys_gssapi.oid -> Netsys_gssapi.token -> string
val wire_decode_token : string -> int Pervasives.ref -> Netsys_gssapi.oid * Netsys_gssapi.tokenval encode_exported_name : Netsys_gssapi.oid -> string -> string
val decode_exported_name : string -> int Pervasives.ref -> Netsys_gssapi.oid * stringval gs2_encode_saslname : string -> string
val gs2_decode_saslname : string -> stringval parse_kerberos_name : string -> string list * string optionlet (name_components, realm_opt) = parse_kerberos_name s:
Returns the slash-separated name components as name_components,
and the realm following "@" as realm_opt.
Fails on parse error.
val create_mic_token : sent_by_acceptor:bool ->
acceptor_subkey:bool ->
sequence_number:int64 ->
get_mic:(Netsys_gssapi.message -> string) ->
message:Netsys_gssapi.message -> string
sent_by_acceptor: whether this token comes from the acceptoracceptor_subkey: see RFCsequence_number: a sequence numberget_mic: the checksum function
(e.g. Netmech_scram.Cryptosystem.get_mic)message: the message to be signedval parse_mic_token_header : string -> bool * bool * int64sent_by_acceptor, acceptor_subkey, sequence_number) from
the header of a MIC token that is passed to this function as
string. Fails if not parsableval verify_mic_token : get_mic:(Netsys_gssapi.message -> string) ->
message:Netsys_gssapi.message -> token:string -> booltoken with get_mic, and returns true if the
verification is successfulval create_wrap_token_conf : sent_by_acceptor:bool ->
acceptor_subkey:bool ->
sequence_number:int64 ->
get_ec:(int -> int) ->
encrypt_and_sign:(Netsys_gssapi.message -> Netsys_gssapi.message) ->
message:Netsys_gssapi.message -> Netsys_gssapi.messagemessage so that it is encrypted and signed (confidential).
sent_by_acceptor: whether this token comes from the acceptoracceptor_subkey: see RFCsequence_number: a sequence numberget_ec: This function returns the "extra count" number for
the size of the plaintext w/o filler (e.g. use
Netmech_scram.Cryptosystem.get_ec).encrypt_and_sign: the encryption function from the cryptosystem.
The plaintext is passed to this function, and the ciphertext with
the appended signature must be returned in the string.message: the payload messageval parse_wrap_token_header : Netsys_gssapi.message -> bool * bool * bool * int64let (sent_by_acceptor, sealed, acceptor_subkey, sequence_number) =
parse_wrap_token_header token
Fails if the token cannot be parsed.
val unwrap_wrap_token_conf : decrypt_and_verify:(Netsys_gssapi.message -> Netsys_gssapi.message) ->
token:Netsys_gssapi.message -> Netsys_gssapi.messagetoken using the decryption function
decrypt_and_verify from the cryptosystem.
The functions fails if there is a format error, or the integrity check fails.
Non-confidential messages cannot be unwrapped with this function.
