Plasma GitLab Archive

Projects Blog Knowledge

Location:

Projects

Contents:

PXP

Wdialog

Wtimer

Ocamlnet

Cryptgps

Xstrp4

Plasma

Xstr

OMake

Findlib Browser

WebDAV

Cache

Db2man

Netamqp

Findlib

Hydro

Starting Points:

Projects

Blog

Knowledge

Module Netgssapi_support

module Netgssapi_support: sig .. end

Support functions for GSS-API

val oid_to_der : Netsys_gssapi.oid -> string

Encodings

val der_to_oid : string -> int Pervasives.ref -> Netsys_gssapi.oid

Convert OID's to/from DER. der_to_oid takes a cursor as second arg.

val wire_encode_token : Netsys_gssapi.oid -> Netsys_gssapi.token -> string

val wire_decode_token : string -> int Pervasives.ref -> Netsys_gssapi.oid * Netsys_gssapi.token

Encode tokens as described in section 3.1 of RFC 2078. This is usually only done for the initiating token.

val encode_exported_name : Netsys_gssapi.oid -> string -> string

val decode_exported_name : string -> int Pervasives.ref -> Netsys_gssapi.oid * string

Encode names as described in section 3.2 of RFC 2078

Create tokens

Format of the tokens: see RFC 4121

val create_mic_token : sent_by_acceptor:bool ->
 acceptor_subkey:bool ->
 sequence_number:int64 ->
 get_mic:(Netsys_gssapi.message -> string) ->
 message:Netsys_gssapi.message -> string

Create a MIC token:

sent_by_acceptor: whether this token comes from the acceptor
acceptor_subkey: see RFC
sequence_number: a sequence number
get_mic: the checksum function (e.g. Netmech_scram.Cryptosystem.get_mic)
message: the message to be signed

The function returns the MIC token

val parse_mic_token_header : string -> bool * bool * int64

Returns the triple (sent_by_acceptor, acceptor_subkey, sequence_number) from the header of a MIC token that is passed to this function as string. Fails if not parsable

val verify_mic_token : get_mic:(Netsys_gssapi.message -> string) ->
 message:Netsys_gssapi.message -> token:string -> bool

Verifies the MIC token with get_mic, and returns true if the verification is successful

val create_wrap_token_conf : sent_by_acceptor:bool ->
 acceptor_subkey:bool ->
 sequence_number:int64 ->
 get_ec:(int -> int) ->
 encrypt_and_sign:(Netsys_gssapi.message -> Netsys_gssapi.message) ->
 message:Netsys_gssapi.message -> Netsys_gssapi.message

Wraps a message so that it is encrypted and signed (confidential).

sent_by_acceptor: whether this token comes from the acceptor
acceptor_subkey: see RFC
sequence_number: a sequence number
get_ec: This function returns the "extra count" number for the size of the plaintext w/o filler (e.g. use Netmech_scram.Cryptosystem.get_ec).
encrypt_and_sign: the encryption function from the cryptosystem. The plaintext is passed to this function, and the ciphertext with the appended signature must be returned in the string.
message: the payload message

The function returns the token wrapping the message.

val parse_wrap_token_header : Netsys_gssapi.message -> bool * bool * bool * int64

let (sent_by_acceptor, sealed, acceptor_subkey, sequence_number) =
 parse_wrap_token_header token

Fails if the token cannot be parsed.

val unwrap_wrap_token_conf : decrypt_and_verify:(Netsys_gssapi.message -> Netsys_gssapi.message) ->
 token:Netsys_gssapi.message -> Netsys_gssapi.message

Unwraps the token using the decryption function decrypt_and_verify from the cryptosystem.

The functions fails if there is a format error, or the integrity check fails.

Non-confidential messages cannot be unwrapped with this function.

Token functions for non-confidential messages are still missing

This web site is published by Informatikbüro Gerd Stolpmann