module Netgssapi_support:sig
..end
val oid_to_der : Netsys_gssapi.oid -> string
val der_to_oid : string -> int Pervasives.ref -> Netsys_gssapi.oid
der_to_oid
takes a cursor as second arg.val oid_to_der_value : Netsys_gssapi.oid -> string
val der_value_to_oid : string -> int Pervasives.ref -> int -> Netsys_gssapi.oid
der_value_to_oid
takes a cursor and the length
in bytes.val wire_encode_token : Netsys_gssapi.oid -> Netsys_gssapi.token -> string
val wire_decode_token : string -> int Pervasives.ref -> Netsys_gssapi.oid * Netsys_gssapi.token
val encode_exported_name : Netsys_gssapi.oid -> string -> string
val decode_exported_name : string -> int Pervasives.ref -> Netsys_gssapi.oid * string
val gs2_encode_saslname : string -> string
val gs2_decode_saslname : string -> string
val parse_kerberos_name : string -> string list * string option
let (name_components, realm_opt) = parse_kerberos_name s
:
Returns the slash-separated name components as name_components
,
and the realm following "@" as realm_opt
.
Fails on parse error.
val create_mic_token : sent_by_acceptor:bool ->
acceptor_subkey:bool ->
sequence_number:int64 ->
get_mic:(Netsys_gssapi.message -> string) ->
message:Netsys_gssapi.message -> string
sent_by_acceptor
: whether this token comes from the acceptoracceptor_subkey
: see RFCsequence_number
: a sequence numberget_mic
: the checksum function
(e.g. Netmech_scram.Cryptosystem.get_mic
)message
: the message to be signedval parse_mic_token_header : string -> bool * bool * int64
sent_by_acceptor
, acceptor_subkey
, sequence_number
) from
the header of a MIC token that is passed to this function as
string. Fails if not parsableval verify_mic_token : get_mic:(Netsys_gssapi.message -> string) ->
message:Netsys_gssapi.message -> token:string -> bool
token
with get_mic
, and returns true if the
verification is successfulval create_wrap_token_conf : sent_by_acceptor:bool ->
acceptor_subkey:bool ->
sequence_number:int64 ->
get_ec:(int -> int) ->
encrypt_and_sign:(Netsys_gssapi.message -> Netsys_gssapi.message) ->
message:Netsys_gssapi.message -> Netsys_gssapi.message
message
so that it is encrypted and signed (confidential).
sent_by_acceptor
: whether this token comes from the acceptoracceptor_subkey
: see RFCsequence_number
: a sequence numberget_ec
: This function returns the "extra count" number for
the size of the plaintext w/o filler (e.g. use
Netmech_scram.Cryptosystem.get_ec
).encrypt_and_sign
: the encryption function from the cryptosystem.
The plaintext is passed to this function, and the ciphertext with
the appended signature must be returned in the string.message
: the payload messageval parse_wrap_token_header : Netsys_gssapi.message -> bool * bool * bool * int64
let (sent_by_acceptor, sealed, acceptor_subkey, sequence_number) =
parse_wrap_token_header token
Fails if the token
cannot be parsed.
val unwrap_wrap_token_conf : decrypt_and_verify:(Netsys_gssapi.message -> Netsys_gssapi.message) ->
token:Netsys_gssapi.message -> Netsys_gssapi.message
token
using the decryption function
decrypt_and_verify
from the cryptosystem.
The functions fails if there is a format error, or the integrity check fails.
Non-confidential messages cannot be unwrapped with this function.