Module Nettls_gnutls.TLS

module TLS: Netsys_crypto_types.TLS_PROVIDER 

type config 

type credentials 

type endpoint 

module Exc: Netsys_crypto_types.TLS_EXCEPTIONS 

Access to exceptions

val error_message : string -> string

Returns the message for humans (display, log files etc.) when called with an error or warning symbol.

type dh_params = [ `Generate of int | `PKCS3_DER of string | `PKCS3_PEM_file of string ] 

Diffie-Hellman parameters:

• `PKCS3_PEM_file name: points to a PEM-encoded PKCS3-file ("BEGIN DH PARAMETERS")
• `PKCS3_DER data: the parameters are in a DER-encoded PKCS3 structure
• `Generate bits: the parameters are generated with the passed number of bits

val create_config : ?algorithms:string ->
       ?dh_params:dh_params ->
       ?verify:(endpoint -> bool -> bool -> bool) ->
       peer_auth:[ `None | `Optional | `Required ] ->
       credentials:credentials ->
       unit -> config

The configuration includes:

• algorithms: a string specifying which cryptographic algorithms, protocols and protocol options are enabled, and in which priority they are used in the negotiation. (GnuTLS calls this "priority string".) The syntax is implementation-defined.
• dh_params: parameters for Diffie-Hellman key exchange (used for DH-based authentication, but only on the server side)
• peer_auth: controls whether the peer is requested to authenticate. This can be set to `None meaning not to request authentication and to ignore credentials, or to `Optional meaning not to request authentication but to check credentials if they are sent nevertheless, or to `Required meaning to request and check credentials. For "standard clients" you should set this to `Required, and for "standard servers" to `None or `Required.
• credentials describes our own credentials, and the accepted credentials of the peer.
• verify is a function called to verify the peer certificate in addition to the actions of peer_auth. The function must return true in order to be successful. The arguments of the function are the TLS endpoint, and two bools indicating the success of previous checks. The first bool says whether the certificate is trusted (based on peer_auth, trust and system_trust), and the second bool says whether the host name of the peer matches the name in the certificate. If not passed, verify defaults to (fun _ cert_ok name_ok -> cert_ok && name_ok), i.e. both bools must be true.

A configuration is read-only once created, and can be used for several endpoints. In particular, it does not cache TLS sessions.

type crt_list = [ `DER of string list | `PEM_file of string ] 

Certificates are given either as:

• `PEM_file name: The certs are stored in this file, and are PEM-encoded.
• `DER l: The certs are given directly in their DER-encoded form

See also Credentials for TLS.

type crl_list = [ `DER of string list | `PEM_file of string ] 

Certificate revocation lists are given either as:

• `PEM_file name: The CRLs are stored in this file, and are PEM-encoded.
• `DER l: The CRLs are given directly in their DER-encoded form

See also Credentials for TLS.

type private_key = [ `DSA of string
       | `EC of string
       | `PEM_file of string
       | `PKCS8 of string
       | `PKCS8_encrypted of string
       | `RSA of string ] 

Private keys are given either as:

• `PEM_file name: The key is stored PEM-encoded in this file. The PEM header indicates the format.
• `RSA data: The key is a PKCS1 RSA key
• `DSA data: The key is a DSA key
• `EC data: The key is for an elliptic curve
• `PKCS8 data: The key is in a PKCS8 data structure
• `PKCS8_encrypted data: The key is in a PKCS8 data structure, and is additionally encrypted.

See also Credentials for TLS.

val create_x509_credentials : ?system_trust:bool ->
       ?trust:crt_list list ->
       ?revoke:crl_list list ->
       ?keys:(crt_list *
              private_key * string option)
             list ->
       unit -> credentials

Create X.509 credentials from individual objects:

• system_trust: if set, the system certificates are trusted
• trust specifies the CAs of peers to trust (default: empty)
• revoke specifies CRLs for revocation of peer certificates (default: empty)
• keys are our own certificates, as triples (cert_path, private_key, password) (default: empty)

A client should set trust to the list of CAs it can accept on the server side. It is not required to specify a key.

A server must specify a key (but can also specify several keys). If a server requests authentication from the client, it must also set trust.

The keys must include the certificate path cert_path, starting with the endpoint certificate, and followed by all middle certificates, but omitting the certificate of the CA. The private_key is the key of the endpoint. If it is password-encrypted, the password must be given.

val create_endpoint : role:[ `Client | `Server ] ->
       recv:(Netsys_types.memory -> int) ->
       send:(Netsys_types.memory -> int -> int) ->
       peer_name:string option ->
       config ->
       endpoint

Creates a new endpoint for this configuration.

peer_name is the expected common name or DNS name of the peer. peer_name has an option type as it is not always required to pass it. However, keep in mind that clients normally authenticate servers (peer_auth=`Required). In order to do so, they need to check whether the name in the server certificate equals the DNS name of the service they are connected to. This check is done by comparing peer_name with the name in the certificate.

peer_name is also used for the SNI extension.

Servers normally need not to set peer_name. You can also omit it when there is no name-driven authentication at all.

The endpoint will use the functions recv and send for I/O, which must be user-supplied. recv buf is expected to read data into the buffer, and to return the number of bytes, or 0 for EOF. send buf n is expected to send the n first bytes in buf.

Both functions may raise Unix_error. The codes Unix.EAGAIN and Unix.EINTR are specially interpreted.

val stash_endpoint : endpoint -> exn

The endpoint in "stashed" form, encapsulated as an exception. This form is intended for keeping the session alive in RAM, but without keeping references to the recv and send functions.

The endpoint passed in to stash_endpoint must no longer be used!

val restore_endpoint : recv:(Netsys_types.memory -> int) ->
       send:(Netsys_types.memory -> int -> int) ->
       exn -> endpoint

Reconnect the stashed endpoint with recv and send functions

val resume_client : recv:(Netsys_types.memory -> int) ->
       send:(Netsys_types.memory -> int -> int) ->
       peer_name:string option ->
       config ->
       string -> endpoint

Creates a new endpoint that will resume an old session. This implies the client role.

The session data is passed as string, which must have been retrieved with get_session_data.

type state = [ `Accepting
       | `Data_r
       | `Data_rs
       | `Data_rw
       | `Data_w
       | `End
       | `Handshake
       | `Refusing
       | `Start
       | `Switching ] 

The state of a session:

• `Start: Before the session is started
• `Handshake: The handshake is being done (and hello needs to be called again)
• `Data_rw: The connection exists, and is read/write
• `Data_r: The connection exists, and is read-only
• `Data_w: The connection exists, and is write-only
• `Data_rs: The connection exists, and data can be read. There was a switch request (initiated by us), and a response is awaited. No data can be sent in the moment.
• `Switching: A rehandshake is being negotiated (and switch needs to be called again)
• `Accepting: A rehandshake is being accepted (and accept_switch needs to be called again)
• `Refusing: A rehandshake is being refused (and refuse_switch needs to be called again)
• `End: After finishing the session

val get_state : endpoint ->
       state

Return the recorded state

type raw_credentials = [ `Anonymous | `X509 of string ] 

The encoded credentials:

• `X509 s: The X509 certificate in DER encoding
• `Anonymous: no certificate or other key is available

val at_transport_eof : endpoint -> bool

Whether the underlying transport channel has seen the end of input. Use this after recv or mem_recv returned 0 to check whether only the TLS enf-of-input message has been read, or the underlying channel (usually the file descriptor) has indicated EOF.

val hello : endpoint -> unit

Performs the initial handshake (exchanges credentials and establishes a session).

hello doesn't verify the peer. Use verify for that.

May raise EAGAIN_RD, EAGAIN_WR, Unix_error(EINTR,_,_), Error or Warning.

val bye : endpoint -> Unix.shutdown_command -> unit

Performs the final handshake (exchanges close requests).

If SHUTDOWN_SEND is set, the close request is sent to the peer, and the TLS tunnel is considered as closed for writing. The application can receive further data until recv returns zero bytes meaning that the peer responded with another close request.

If SHUTDOWN_ALL is passed, it is additionally waited until the peer responds with a close request.

A simple SHUTDOWN_RECEIVE is unimplemented and ignored.

In no case the underlying transport is closed or shut down!

May raise EAGAIN_RD, EAGAIN_WR, Unix_error(EINTR,_,_), Error or Warning.

val verify : endpoint -> unit

verify ep peer_name: Checks that:

• there is a trust chain for the peer's certificate
• that peer_name is the common name of the certificate subject, or an alternate name

These checks are not performed if peer_auth=`None is set in the configuration!

Additionally, the verify function in the endpoint configuration is called back, and a failure is indicated if this function returns false. This callback is useful to get the certificate of the peer and to perform further checks.

The verify function will raise Failure on failed checks (and Error for internal processing errors).

val get_config : endpoint ->
       config

Get the current config (possibly modified because of a rehandshake)

val get_endpoint_creds : endpoint ->
       raw_credentials

Get the credentials that was actually used in the handshake, in raw format.

val get_peer_creds : endpoint ->
       raw_credentials

Get the credentials of the peer, in raw format. Raises Not_found if not applicable/no credentials present.

val get_peer_creds_list : endpoint ->
       raw_credentials list

Get the chain that was actually used in the handshake.

val switch : endpoint ->
       config -> unit

The server can use this to request a rehandshake and to use the new configuration for cert verification. This function sends the request, and expects a soon response from the client. The state enters `Data_rs meaning that we can still read data, and at some point recv will raise TLS_switch_response.

On the client side, the request will by returned as exception TLS_switch_request by recv. The client should respond with accept_switch if it accepts the handshake, or refuse_switch if not.

May raise EAGAIN_RD, EAGAIN_WR, Unix_error(EINTR,_,_), Error or Warning.

val accept_switch : endpoint ->
       config -> unit

On the client: Enter another handshake round with new configuration data.

May raise EAGAIN_RD, EAGAIN_WR, Unix_error(EINTR,_,_), Error or Warning.

val refuse_switch : endpoint -> unit

On the client: Refuse a handshake

May raise EAGAIN_RD, EAGAIN_WR, Unix_error(EINTR,_,_), Error or Warning.

val send : endpoint ->
       Netsys_types.memory -> int -> int

send ep buffer n: Sends the first n bytes in the buffer over the endpoint, and returns the actual number of processed bytes.

May raise EAGAIN_RD, EAGAIN_WR, Unix_error(EINTR,_,_), Error or Warning.

val recv : endpoint -> Netsys_types.memory -> int

recv ep buffer n: Receives data, and puts them into the memory buffer, and returns the actual number of received bytes. If 0 is returned, a close request was received by the peer. For closing the tunnel properly this request should be responded by another close request with bye (unless this has already been done).

May raise EAGAIN_RD, EAGAIN_WR, Unix_error(EINTR,_,_), Error or Warning.

The exception TLS_switch_request can only occur on the client side, and should be responded by accept_switch or refuse_switch.

The exception TLS_switch_response can only occur on the server side.

val recv_will_not_block : endpoint -> bool

If there is still unprocessed data in the endpoint buffer, recv is guaranteed not to block or raise EAGAIN.

val get_session_id : endpoint -> string

The (non-printable) session ID

val get_session_data : endpoint -> string

Get the (non-printable) marshalled session data, for later resumption with resume_client

val get_cipher_suite_type : endpoint -> string

The type of the cipher suite:

• "X509": X509 certificates are used
• "OPENPGP": OpenPGP certificates are used
• "ANON": anonymous credentials
• "SRP": SRP credentials
• "PSK": PSK credentials

val get_cipher_algo : endpoint -> string

Get the name of the cipher

val get_kx_algo : endpoint -> string

Get the name of the key exchange method

val get_mac_algo : endpoint -> string

Get the name of the message authentication code

val get_compression_algo : endpoint -> string

Get the name of the record-level compression method

val get_cert_type : endpoint -> string

Get the type of the certificate

val get_protocol : endpoint -> string

Get the name of the tunnel protocol

type server_name = [ `Domain of string ] 

val get_addressed_servers : endpoint ->
       server_name list

To be used in servers: The client can address one of several virtual servers with the SNI extension, and this function returns which was requested. Raises Not_found if there is nothing appropriate. This information is only available after a handshake, and if the client submitted it.

val set_session_cache : store:(string -> string -> unit) ->
       remove:(string -> unit) ->
       retrieve:(string -> string) ->
       endpoint -> unit

Sets the three callbacks for storing, removing and retrieving sessions (on the server side)

val implementation_name : string

String name of the implementation. By convention this is the full OCaml module path, e.g. "Nettls_gnutls.TLS"

val implementation : unit -> exn

Implementation-defined additional functionality