1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
4
<link rel="stylesheet" href="style.css" type="text/css">
5
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type">
6
<link rel="Start" href="index.html">
7
<link rel="previous" href="Nethttpd_intro.html">
8
<link rel="next" href="Netmech_scram_gssapi.html">
9
<link rel="Up" href="index.html">
10
<link title="Index of types" rel=Appendix href="index_types.html">
11
<link title="Index of exceptions" rel=Appendix href="index_exceptions.html">
12
<link title="Index of values" rel=Appendix href="index_values.html">
13
<link title="Index of class attributes" rel=Appendix href="index_attributes.html">
14
<link title="Index of class methods" rel=Appendix href="index_methods.html">
15
<link title="Index of classes" rel=Appendix href="index_classes.html">
16
<link title="Index of class types" rel=Appendix href="index_class_types.html">
17
<link title="Index of modules" rel=Appendix href="index_modules.html">
18
<link title="Index of module types" rel=Appendix href="index_module_types.html">
19
<link title="Uq_gtk" rel="Chapter" href="Uq_gtk.html">
20
<link title="Uq_ssl" rel="Chapter" href="Uq_ssl.html">
21
<link title="Https_client" rel="Chapter" href="Https_client.html">
22
<link title="Uq_tcl" rel="Chapter" href="Uq_tcl.html">
23
<link title="Equeue" rel="Chapter" href="Equeue.html">
24
<link title="Unixqueue" rel="Chapter" href="Unixqueue.html">
25
<link title="Unixqueue_pollset" rel="Chapter" href="Unixqueue_pollset.html">
26
<link title="Unixqueue_select" rel="Chapter" href="Unixqueue_select.html">
27
<link title="Uq_resolver" rel="Chapter" href="Uq_resolver.html">
28
<link title="Uq_engines" rel="Chapter" href="Uq_engines.html">
29
<link title="Uq_socks5" rel="Chapter" href="Uq_socks5.html">
30
<link title="Uq_io" rel="Chapter" href="Uq_io.html">
31
<link title="Uq_lwt" rel="Chapter" href="Uq_lwt.html">
32
<link title="Uq_libevent" rel="Chapter" href="Uq_libevent.html">
33
<link title="Equeue_intro" rel="Chapter" href="Equeue_intro.html">
34
<link title="Netcamlbox" rel="Chapter" href="Netcamlbox.html">
35
<link title="Netcgi_apache" rel="Chapter" href="Netcgi_apache.html">
36
<link title="Netcgi_modtpl" rel="Chapter" href="Netcgi_modtpl.html">
37
<link title="Netcgi_plex" rel="Chapter" href="Netcgi_plex.html">
38
<link title="Netcgi_common" rel="Chapter" href="Netcgi_common.html">
39
<link title="Netcgi" rel="Chapter" href="Netcgi.html">
40
<link title="Netcgi_ajp" rel="Chapter" href="Netcgi_ajp.html">
41
<link title="Netcgi_scgi" rel="Chapter" href="Netcgi_scgi.html">
42
<link title="Netcgi_cgi" rel="Chapter" href="Netcgi_cgi.html">
43
<link title="Netcgi_fcgi" rel="Chapter" href="Netcgi_fcgi.html">
44
<link title="Netcgi_dbi" rel="Chapter" href="Netcgi_dbi.html">
45
<link title="Netcgi1_compat" rel="Chapter" href="Netcgi1_compat.html">
46
<link title="Netcgi_test" rel="Chapter" href="Netcgi_test.html">
47
<link title="Netcgi_porting" rel="Chapter" href="Netcgi_porting.html">
48
<link title="Http_client_conncache" rel="Chapter" href="Http_client_conncache.html">
49
<link title="Http_client" rel="Chapter" href="Http_client.html">
50
<link title="Telnet_client" rel="Chapter" href="Telnet_client.html">
51
<link title="Ftp_data_endpoint" rel="Chapter" href="Ftp_data_endpoint.html">
52
<link title="Ftp_client" rel="Chapter" href="Ftp_client.html">
53
<link title="Http_fs" rel="Chapter" href="Http_fs.html">
54
<link title="Ftp_fs" rel="Chapter" href="Ftp_fs.html">
55
<link title="Netclient_tut" rel="Chapter" href="Netclient_tut.html">
56
<link title="Netgssapi" rel="Chapter" href="Netgssapi.html">
57
<link title="Nethttpd_types" rel="Chapter" href="Nethttpd_types.html">
58
<link title="Nethttpd_kernel" rel="Chapter" href="Nethttpd_kernel.html">
59
<link title="Nethttpd_reactor" rel="Chapter" href="Nethttpd_reactor.html">
60
<link title="Nethttpd_engine" rel="Chapter" href="Nethttpd_engine.html">
61
<link title="Nethttpd_services" rel="Chapter" href="Nethttpd_services.html">
62
<link title="Nethttpd_plex" rel="Chapter" href="Nethttpd_plex.html">
63
<link title="Nethttpd_util" rel="Chapter" href="Nethttpd_util.html">
64
<link title="Nethttpd_intro" rel="Chapter" href="Nethttpd_intro.html">
65
<link title="Netmech_scram" rel="Chapter" href="Netmech_scram.html">
66
<link title="Netmech_scram_gssapi" rel="Chapter" href="Netmech_scram_gssapi.html">
67
<link title="Netmcore" rel="Chapter" href="Netmcore.html">
68
<link title="Netmcore_camlbox" rel="Chapter" href="Netmcore_camlbox.html">
69
<link title="Netmcore_mempool" rel="Chapter" href="Netmcore_mempool.html">
70
<link title="Netmcore_heap" rel="Chapter" href="Netmcore_heap.html">
71
<link title="Netmcore_ref" rel="Chapter" href="Netmcore_ref.html">
72
<link title="Netmcore_array" rel="Chapter" href="Netmcore_array.html">
73
<link title="Netmcore_sem" rel="Chapter" href="Netmcore_sem.html">
74
<link title="Netmcore_mutex" rel="Chapter" href="Netmcore_mutex.html">
75
<link title="Netmcore_condition" rel="Chapter" href="Netmcore_condition.html">
76
<link title="Netmcore_queue" rel="Chapter" href="Netmcore_queue.html">
77
<link title="Netmcore_buffer" rel="Chapter" href="Netmcore_buffer.html">
78
<link title="Netmcore_matrix" rel="Chapter" href="Netmcore_matrix.html">
79
<link title="Netmcore_hashtbl" rel="Chapter" href="Netmcore_hashtbl.html">
80
<link title="Netmcore_process" rel="Chapter" href="Netmcore_process.html">
81
<link title="Netmcore_tut" rel="Chapter" href="Netmcore_tut.html">
82
<link title="Netplex_types" rel="Chapter" href="Netplex_types.html">
83
<link title="Netplex_mp" rel="Chapter" href="Netplex_mp.html">
84
<link title="Netplex_mt" rel="Chapter" href="Netplex_mt.html">
85
<link title="Netplex_log" rel="Chapter" href="Netplex_log.html">
86
<link title="Netplex_controller" rel="Chapter" href="Netplex_controller.html">
87
<link title="Netplex_container" rel="Chapter" href="Netplex_container.html">
88
<link title="Netplex_sockserv" rel="Chapter" href="Netplex_sockserv.html">
89
<link title="Netplex_workload" rel="Chapter" href="Netplex_workload.html">
90
<link title="Netplex_main" rel="Chapter" href="Netplex_main.html">
91
<link title="Netplex_config" rel="Chapter" href="Netplex_config.html">
92
<link title="Netplex_kit" rel="Chapter" href="Netplex_kit.html">
93
<link title="Rpc_netplex" rel="Chapter" href="Rpc_netplex.html">
94
<link title="Netplex_cenv" rel="Chapter" href="Netplex_cenv.html">
95
<link title="Netplex_semaphore" rel="Chapter" href="Netplex_semaphore.html">
96
<link title="Netplex_sharedvar" rel="Chapter" href="Netplex_sharedvar.html">
97
<link title="Netplex_mutex" rel="Chapter" href="Netplex_mutex.html">
98
<link title="Netplex_encap" rel="Chapter" href="Netplex_encap.html">
99
<link title="Netplex_intro" rel="Chapter" href="Netplex_intro.html">
100
<link title="Netplex_advanced" rel="Chapter" href="Netplex_advanced.html">
101
<link title="Netplex_admin" rel="Chapter" href="Netplex_admin.html">
102
<link title="Netshm" rel="Chapter" href="Netshm.html">
103
<link title="Netshm_data" rel="Chapter" href="Netshm_data.html">
104
<link title="Netshm_hashtbl" rel="Chapter" href="Netshm_hashtbl.html">
105
<link title="Netshm_array" rel="Chapter" href="Netshm_array.html">
106
<link title="Netshm_intro" rel="Chapter" href="Netshm_intro.html">
107
<link title="Netconversion" rel="Chapter" href="Netconversion.html">
108
<link title="Netchannels" rel="Chapter" href="Netchannels.html">
109
<link title="Netstream" rel="Chapter" href="Netstream.html">
110
<link title="Mimestring" rel="Chapter" href="Mimestring.html">
111
<link title="Netmime" rel="Chapter" href="Netmime.html">
112
<link title="Netsendmail" rel="Chapter" href="Netsendmail.html">
113
<link title="Neturl" rel="Chapter" href="Neturl.html">
114
<link title="Netaddress" rel="Chapter" href="Netaddress.html">
115
<link title="Netbuffer" rel="Chapter" href="Netbuffer.html">
116
<link title="Netdate" rel="Chapter" href="Netdate.html">
117
<link title="Netencoding" rel="Chapter" href="Netencoding.html">
118
<link title="Netulex" rel="Chapter" href="Netulex.html">
119
<link title="Netaccel" rel="Chapter" href="Netaccel.html">
120
<link title="Netaccel_link" rel="Chapter" href="Netaccel_link.html">
121
<link title="Nethtml" rel="Chapter" href="Nethtml.html">
122
<link title="Netstring_str" rel="Chapter" href="Netstring_str.html">
123
<link title="Netstring_pcre" rel="Chapter" href="Netstring_pcre.html">
124
<link title="Netmappings" rel="Chapter" href="Netmappings.html">
125
<link title="Netaux" rel="Chapter" href="Netaux.html">
126
<link title="Nethttp" rel="Chapter" href="Nethttp.html">
127
<link title="Netpagebuffer" rel="Chapter" href="Netpagebuffer.html">
128
<link title="Netfs" rel="Chapter" href="Netfs.html">
129
<link title="Netglob" rel="Chapter" href="Netglob.html">
130
<link title="Netauth" rel="Chapter" href="Netauth.html">
131
<link title="Netsockaddr" rel="Chapter" href="Netsockaddr.html">
132
<link title="Netnumber" rel="Chapter" href="Netnumber.html">
133
<link title="Rtypes" rel="Chapter" href="Rtypes.html">
134
<link title="Xdr_mstring" rel="Chapter" href="Xdr_mstring.html">
135
<link title="Xdr" rel="Chapter" href="Xdr.html">
136
<link title="Netcompression" rel="Chapter" href="Netcompression.html">
137
<link title="Netchannels_tut" rel="Chapter" href="Netchannels_tut.html">
138
<link title="Netmime_tut" rel="Chapter" href="Netmime_tut.html">
139
<link title="Netsendmail_tut" rel="Chapter" href="Netsendmail_tut.html">
140
<link title="Netulex_tut" rel="Chapter" href="Netulex_tut.html">
141
<link title="Neturl_tut" rel="Chapter" href="Neturl_tut.html">
142
<link title="Netsys" rel="Chapter" href="Netsys.html">
143
<link title="Netsys_posix" rel="Chapter" href="Netsys_posix.html">
144
<link title="Netsys_pollset" rel="Chapter" href="Netsys_pollset.html">
145
<link title="Netlog" rel="Chapter" href="Netlog.html">
146
<link title="Netexn" rel="Chapter" href="Netexn.html">
147
<link title="Netsys_win32" rel="Chapter" href="Netsys_win32.html">
148
<link title="Netsys_pollset_posix" rel="Chapter" href="Netsys_pollset_posix.html">
149
<link title="Netsys_pollset_win32" rel="Chapter" href="Netsys_pollset_win32.html">
150
<link title="Netsys_pollset_generic" rel="Chapter" href="Netsys_pollset_generic.html">
151
<link title="Netsys_signal" rel="Chapter" href="Netsys_signal.html">
152
<link title="Netsys_oothr" rel="Chapter" href="Netsys_oothr.html">
153
<link title="Netsys_xdr" rel="Chapter" href="Netsys_xdr.html">
154
<link title="Netsys_rng" rel="Chapter" href="Netsys_rng.html">
155
<link title="Netsys_types" rel="Chapter" href="Netsys_types.html">
156
<link title="Netsys_mem" rel="Chapter" href="Netsys_mem.html">
157
<link title="Netsys_tmp" rel="Chapter" href="Netsys_tmp.html">
158
<link title="Netgzip" rel="Chapter" href="Netgzip.html">
159
<link title="Netpop" rel="Chapter" href="Netpop.html">
160
<link title="Rpc_auth_dh" rel="Chapter" href="Rpc_auth_dh.html">
161
<link title="Rpc_key_service" rel="Chapter" href="Rpc_key_service.html">
162
<link title="Rpc_time" rel="Chapter" href="Rpc_time.html">
163
<link title="Rpc_auth_local" rel="Chapter" href="Rpc_auth_local.html">
164
<link title="Rpc_ssl" rel="Chapter" href="Rpc_ssl.html">
165
<link title="Rpc_xti_client" rel="Chapter" href="Rpc_xti_client.html">
166
<link title="Rpc" rel="Chapter" href="Rpc.html">
167
<link title="Rpc_program" rel="Chapter" href="Rpc_program.html">
168
<link title="Rpc_util" rel="Chapter" href="Rpc_util.html">
169
<link title="Rpc_portmapper_aux" rel="Chapter" href="Rpc_portmapper_aux.html">
170
<link title="Rpc_packer" rel="Chapter" href="Rpc_packer.html">
171
<link title="Rpc_transport" rel="Chapter" href="Rpc_transport.html">
172
<link title="Rpc_client" rel="Chapter" href="Rpc_client.html">
173
<link title="Rpc_simple_client" rel="Chapter" href="Rpc_simple_client.html">
174
<link title="Rpc_portmapper_clnt" rel="Chapter" href="Rpc_portmapper_clnt.html">
175
<link title="Rpc_portmapper" rel="Chapter" href="Rpc_portmapper.html">
176
<link title="Rpc_server" rel="Chapter" href="Rpc_server.html">
177
<link title="Rpc_auth_sys" rel="Chapter" href="Rpc_auth_sys.html">
178
<link title="Rpc_auth_gssapi" rel="Chapter" href="Rpc_auth_gssapi.html">
179
<link title="Rpc_proxy" rel="Chapter" href="Rpc_proxy.html">
180
<link title="Rpc_intro" rel="Chapter" href="Rpc_intro.html">
181
<link title="Rpc_mapping_ref" rel="Chapter" href="Rpc_mapping_ref.html">
182
<link title="Rpc_intro_gss" rel="Chapter" href="Rpc_intro_gss.html">
183
<link title="Shell_sys" rel="Chapter" href="Shell_sys.html">
184
<link title="Shell" rel="Chapter" href="Shell.html">
185
<link title="Shell_uq" rel="Chapter" href="Shell_uq.html">
186
<link title="Shell_fs" rel="Chapter" href="Shell_fs.html">
187
<link title="Shell_intro" rel="Chapter" href="Shell_intro.html">
188
<link title="Netsmtp" rel="Chapter" href="Netsmtp.html">
189
<link title="Intro" rel="Chapter" href="Intro.html">
190
<link title="Platform" rel="Chapter" href="Platform.html">
191
<link title="Foreword" rel="Chapter" href="Foreword.html">
192
<link title="Ipv6" rel="Chapter" href="Ipv6.html"><link title="Clients" rel="Section" href="#2_Clients">
193
<link title="Servers" rel="Section" href="#2_Servers">
194
<link title="Confidentiality" rel="Section" href="#2_Confidentiality">
195
<title>Ocamlnet 3 Reference Manual : Netmech_scram</title>
198
<div class="navbar"><a href="Nethttpd_intro.html">Previous</a>
199
<a href="index.html">Up</a>
200
<a href="Netmech_scram_gssapi.html">Next</a>
202
<center><h1>Module <a href="type_Netmech_scram.html">Netmech_scram</a></h1></center>
204
<pre><span class="keyword">module</span> Netmech_scram: <code class="code">sig</code> <a href="Netmech_scram.html">..</a> <code class="code">end</code></pre>SCRAM mechanism for authentication (RFC 5802)<br>
207
This implements SCRAM-SHA-1 for GSSAPI. Other profiles may be added later.
210
As we do not implement SASLprep, usernames and passwords are restricted
212
<pre><span id="TYPEptype"><span class="keyword">type</span> <code class="type"></code>ptype</span> = <code class="type">[ `GSSAPI ]</code> </pre>
214
Currently only the variant for <code class="code">`GSSAPI</code> is supported<br>
217
<pre><span id="TYPEmechanism"><span class="keyword">type</span> <code class="type"></code>mechanism</span> = <code class="type">[ `SHA_1 ]</code> </pre>
219
<br><code><span id="TYPEprofile"><span class="keyword">type</span> <code class="type"></code>profile</span> = {</code><table class="typetable">
221
<td align="left" valign="top" >
222
<code> </code></td>
223
<td align="left" valign="top" >
224
<code>ptype : <code class="type"><a href="Netmech_scram.html#TYPEptype">ptype</a></code>;</code></td>
228
<td align="left" valign="top" >
229
<code> </code></td>
230
<td align="left" valign="top" >
231
<code>mechanism : <code class="type"><a href="Netmech_scram.html#TYPEmechanism">mechanism</a></code>;</code></td>
232
<td class="typefieldcomment" align="left" valign="top" ><code>(*</code></td><td class="typefieldcomment" align="left" valign="top" >Which mechanism</td><td class="typefieldcomment" align="left" valign="bottom" ><code>*)</code></td>
235
<td align="left" valign="top" >
236
<code> </code></td>
237
<td align="left" valign="top" >
238
<code>return_unknown_user : <code class="type">bool</code>;</code></td>
239
<td class="typefieldcomment" align="left" valign="top" ><code>(*</code></td><td class="typefieldcomment" align="left" valign="top" >Whether servers exhibit the fact that the
240
user is unknown</td><td class="typefieldcomment" align="left" valign="bottom" ><code>*)</code></td>
243
<td align="left" valign="top" >
244
<code> </code></td>
245
<td align="left" valign="top" >
246
<code>iteration_count_limit : <code class="type">int</code>;</code></td>
247
<td class="typefieldcomment" align="left" valign="top" ><code>(*</code></td><td class="typefieldcomment" align="left" valign="top" >Largest supported iteration number</td><td class="typefieldcomment" align="left" valign="bottom" ><code>*)</code></td>
255
<pre><span id="TYPEserver_error"><span class="keyword">type</span> <code class="type"></code>server_error</span> = <code class="type">[ `Channel_binding_not_supported<br> | `Channel_bindings_dont_match<br> | `Extension of string<br> | `Extensions_not_supported<br> | `Invalid_encoding<br> | `Invalid_proof<br> | `Invalid_username_encoding<br> | `No_resources<br> | `Other_error<br> | `Server_does_support_channel_binding<br> | `Unknown_user<br> | `Unsupported_channel_binding_type ]</code> </pre>
257
Error codes of this protocol<br>
260
<pre><span id="TYPEclient_session"><span class="keyword">type</span> <code class="type"></code>client_session</span> </pre>
262
Session context for clients<br>
265
<pre><span id="TYPEserver_session"><span class="keyword">type</span> <code class="type"></code>server_session</span> </pre>
267
Session context for servers<br>
270
<pre><span id="EXCEPTIONInvalid_encoding"><span class="keyword">exception</span> Invalid_encoding</span> <span class="keyword">of</span> <code class="type">string * string</code></pre>
272
Raised by clients when something cannot be decoded. First string
273
is an error message, the second string the raw message that cannot
276
<pre><span id="EXCEPTIONInvalid_username_encoding"><span class="keyword">exception</span> Invalid_username_encoding</span> <span class="keyword">of</span> <code class="type">string * string</code></pre>
278
Raised by clients when the username does not match the requirements.
279
Arguments as for <code class="code">Invalid_encoding</code>.<br>
281
<pre><span id="EXCEPTIONExtensions_not_supported"><span class="keyword">exception</span> Extensions_not_supported</span> <span class="keyword">of</span> <code class="type">string * string</code></pre>
283
Raised by clients when the server enables an unsupported extension.
284
Arguments as for <code class="code">Invalid_encoding</code>.<br>
286
<pre><span id="EXCEPTIONProtocol_error"><span class="keyword">exception</span> Protocol_error</span> <span class="keyword">of</span> <code class="type">string</code></pre>
288
Raised by clients when the server violates the protocol. The argument
291
<pre><span id="EXCEPTIONInvalid_server_signature"><span class="keyword">exception</span> Invalid_server_signature</span></pre>
293
Raised by clients when the signature sent by the server is invalid
294
(i.e. the server does not know the client password)<br>
296
<pre><span id="EXCEPTIONServer_error"><span class="keyword">exception</span> Server_error</span> <span class="keyword">of</span> <code class="type"><a href="Netmech_scram.html#TYPEserver_error">server_error</a></code></pre>
298
Raised by clients when the server sent an error code<br>
300
<pre><span id="VALprofile"><span class="keyword">val</span> profile</span> : <code class="type">?return_unknown_user:bool -><br> ?iteration_count_limit:int -> <a href="Netmech_scram.html#TYPEptype">ptype</a> -> <a href="Netmech_scram.html#TYPEprofile">profile</a></code></pre><div class="info">
301
Creates a profile<br>
303
<pre><span id="VALstring_of_server_error"><span class="keyword">val</span> string_of_server_error</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_error">server_error</a> -> string</code></pre><pre><span id="VALserver_error_of_string"><span class="keyword">val</span> server_error_of_string</span> : <code class="type">string -> <a href="Netmech_scram.html#TYPEserver_error">server_error</a></code></pre><div class="info">
307
<span id="2_Clients"><h2>Clients</h2></span><br>
309
The idea is to create a client session <code class="code">s</code> first. The functions
310
<code class="code">client_emit_flag</code> and <code class="code">client_recv_flag</code> indicate now whether
311
the client needs to emit a new message, or whether it needs to
312
receive a message, respectively. Emission is done by <code class="code">client_emit_message</code>,
313
reception by <code class="code">client_recv_message</code>. If everything goes well, the
314
protocol state advances, and finally <code class="code">client_finish_flag</code> is true.
315
This indicates that the client is authenticated and that the server
316
knows the client's password. If an error occurs, an exception is
317
raised (see above for possibilities), and <code class="code">client_error_flag</code> signals
318
<code class="code">true</code>.<br>
319
<pre><span id="VALcreate_client_session"><span class="keyword">val</span> create_client_session</span> : <code class="type"><a href="Netmech_scram.html#TYPEprofile">profile</a> -> string -> string -> <a href="Netmech_scram.html#TYPEclient_session">client_session</a></code></pre><div class="info">
320
<code class="code">create_client_session p username password</code>: Creates a new client
321
session for profile <code class="code">p</code> so that the client authenticates as user
322
<code class="code">username</code>, and proves its identify with the given <code class="code">password</code>.<br>
324
<pre><span id="VALclient_configure_channel_binding"><span class="keyword">val</span> client_configure_channel_binding</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> string -> unit</code></pre><div class="info">
325
Instruct the client to require a channel binding. The passed string
326
is the <code class="code">c</code> parameter (before encoding it via Base64. The function
327
needs to be called before sending the second message to the server.
328
It fails if called too late.<br>
330
<pre><span id="VALclient_emit_flag"><span class="keyword">val</span> client_emit_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> bool</code></pre><div class="info">
331
Whether <code class="code">client_emit_message</code> can now be called<br>
333
<pre><span id="VALclient_recv_flag"><span class="keyword">val</span> client_recv_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> bool</code></pre><div class="info">
334
Whether <code class="code">client_recv_message</code> can now be called<br>
336
<pre><span id="VALclient_finish_flag"><span class="keyword">val</span> client_finish_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> bool</code></pre><div class="info">
337
Whether the client is authenticated and the server verified<br>
339
<pre><span id="VALclient_error_flag"><span class="keyword">val</span> client_error_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> bool</code></pre><div class="info">
340
Whether an error occurred, and the protocol cannot advance anymore<br>
342
<pre><span id="VALclient_channel_binding"><span class="keyword">val</span> client_channel_binding</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> string</code></pre><div class="info">
343
Returns the channel binding ("" of none)<br>
345
<pre><span id="VALclient_emit_message"><span class="keyword">val</span> client_emit_message</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> string</code></pre><div class="info">
346
Emits the next message to be sent to the server<br>
348
<pre><span id="VALclient_recv_message"><span class="keyword">val</span> client_recv_message</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> string -> unit</code></pre><div class="info">
349
Receives the next message from the server<br>
351
<pre><span id="VALclient_protocol_key"><span class="keyword">val</span> client_protocol_key</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> string option</code></pre><div class="info">
352
The 128-bit protocol key for encrypting messages. This is available
353
as soon as the second client message is emitted.<br>
355
<pre><span id="VALclient_user_name"><span class="keyword">val</span> client_user_name</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> string</code></pre><div class="info">
358
<pre><span id="VALclient_export"><span class="keyword">val</span> client_export</span> : <code class="type"><a href="Netmech_scram.html#TYPEclient_session">client_session</a> -> string</code></pre><pre><span id="VALclient_import"><span class="keyword">val</span> client_import</span> : <code class="type">string -> <a href="Netmech_scram.html#TYPEclient_session">client_session</a></code></pre><div class="info">
359
Exports a client session as string, and imports the string again.
360
Only established sessions are allowed to be exported
361
(for which <code class="code">client_finish_flag</code> is true).
364
The export format is just a marshalled Ocaml value.<br>
367
<span id="2_Servers"><h2>Servers</h2></span><br>
369
The idea is to create a server session <code class="code">s</code> first. The functions
370
<code class="code">server_emit_flag</code> and <code class="code">server_recv_flag</code> indicate now whether
371
the server needs to emit a new message, or whether it needs to
372
receive a message, respectively. Emission is done by <code class="code">server_emit_message</code>,
373
reception by <code class="code">server_recv_message</code>. If everything goes well, the
374
protocol state advances, and finally <code class="code">server_finish_flag</code> is true.
375
This indicates that the client could be authenticated.
378
If an error occurs, <b>no</b> exception is raised, and the protocol
379
advances nevertheless, and finally the server sends an error token
380
to the client. After this, <code class="code">server_error_flag</code> returns true.<br>
381
<pre><span id="VALcreate_server_session"><span class="keyword">val</span> create_server_session</span> : <code class="type"><a href="Netmech_scram.html#TYPEprofile">profile</a> -><br> (string -> string * string * int) -> <a href="Netmech_scram.html#TYPEserver_session">server_session</a></code></pre><div class="info">
382
<code class="code">create_server_session p auth</code>: Creates a new server session with
383
profile <code class="code">p</code> and authenticator function <code class="code">auth</code>.
386
The function is <code class="code">auth</code> is called when the credentials of the
387
client have been received to check whether the client can be
388
authenticated. It is called as
391
<pre><code class="code"> let (salted_password, salt, iteration_count) = auth username
395
where <code class="code">username</code> is the user name. The function can now raise
396
<code class="code">Not_found</code> if the user is unknown, or it can return the
397
shown triple. Note that the cleartext password needs not to
398
be known. <code class="code">salt</code> is a random string, and <code class="code">iteration_count</code> a
399
security parameter that should be at least 4096. Whereas <code class="code">salt</code>
400
should be different for each user, the <code class="code">iteration_count</code> can be
401
chosen as a constant (e.g. 4096). Now <code class="code">salted_password</code> can be
402
computed from the cleartext password and these two extra parameters.
403
See <code class="code">salt_password</code> below.<br>
405
<pre><span id="VALcreate_salt"><span class="keyword">val</span> create_salt</span> : <code class="type">unit -> string</code></pre><div class="info">
406
Creates a random string suited as salt<br>
408
<pre><span id="VALsalt_password"><span class="keyword">val</span> salt_password</span> : <code class="type">string -> string -> int -> string</code></pre><div class="info">
409
<code class="code">let salted_password = salt_password password salt iteration_count</code>
412
As we do not implement <code class="code">SASLprep</code> only passwords consisting of
413
US-ASCII characters are accepted (<code class="code">Invalid_encoding</code> otherwise).<br>
415
<pre><span id="VALserver_emit_flag"><span class="keyword">val</span> server_emit_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> bool</code></pre><div class="info">
416
Whether <code class="code">server_emit_message</code> can now be called<br>
418
<pre><span id="VALserver_recv_flag"><span class="keyword">val</span> server_recv_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> bool</code></pre><div class="info">
419
Whether <code class="code">server_recv_message</code> can now be called<br>
421
<pre><span id="VALserver_finish_flag"><span class="keyword">val</span> server_finish_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> bool</code></pre><div class="info">
422
Whether the client is authenticated<br>
424
<pre><span id="VALserver_error_flag"><span class="keyword">val</span> server_error_flag</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> bool</code></pre><div class="info">
425
Whether an error occurred, and the protocol cannot advance anymore<br>
427
<pre><span id="VALserver_emit_message"><span class="keyword">val</span> server_emit_message</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> string</code></pre><div class="info">
428
Emits the next message to be sent to the client<br>
430
<pre><span id="VALserver_recv_message"><span class="keyword">val</span> server_recv_message</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> string -> unit</code></pre><div class="info">
431
Receives the next message from the client<br>
433
<pre><span id="VALserver_protocol_key"><span class="keyword">val</span> server_protocol_key</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> string option</code></pre><div class="info">
434
The 128-bit protocol key for encrypting messages. This is available
435
as soon as the second client message has been received.<br>
437
<pre><span id="VALserver_channel_binding"><span class="keyword">val</span> server_channel_binding</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> string option</code></pre><div class="info">
438
Returns the channel binding requirement (the "c" parameter). It is
439
up to the application to enforce the binding. This information is
440
available as soon as the second client message has been received<br>
442
<pre><span id="VALserver_user_name"><span class="keyword">val</span> server_user_name</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> string option</code></pre><div class="info">
443
The user name as transmitted from the client. This is returned here
444
even before the authentication is completed!<br>
446
<pre><span id="VALserver_export"><span class="keyword">val</span> server_export</span> : <code class="type"><a href="Netmech_scram.html#TYPEserver_session">server_session</a> -> string</code></pre><pre><span id="VALserver_import"><span class="keyword">val</span> server_import</span> : <code class="type">string -> <a href="Netmech_scram.html#TYPEserver_session">server_session</a></code></pre><div class="info">
447
Exports a server session as string, and imports the string again.
448
Only established sessions are allowed to be exported
449
(for which <code class="code">server_finish_flag</code> is true).
452
The export format is just a marshalled Ocaml value.<br>
455
<span id="2_Confidentiality"><h2>Confidentiality</h2></span><br>
456
<br><code><span id="TYPEspecific_keys"><span class="keyword">type</span> <code class="type"></code>specific_keys</span> = {</code><table class="typetable">
458
<td align="left" valign="top" >
459
<code> </code></td>
460
<td align="left" valign="top" >
461
<code>kc : <code class="type">string</code>;</code></td>
465
<td align="left" valign="top" >
466
<code> </code></td>
467
<td align="left" valign="top" >
468
<code>ke : <code class="type">string</code>;</code></td>
472
<td align="left" valign="top" >
473
<code> </code></td>
474
<td align="left" valign="top" >
475
<code>ki : <code class="type">string</code>;</code></td>
481
The specific keys to use<br>
484
<pre><span class="keyword">module</span> <a href="Netmech_scram.AES_CTS.html">AES_CTS</a>: <code class="code">sig</code> <a href="Netmech_scram.AES_CTS.html">..</a> <code class="code">end</code></pre><div class="info">
485
This module implements AES in Ciphertext Stealing mode (see RFC 3962)
487
<pre><span class="keyword">module</span> <a href="Netmech_scram.Cryptosystem.html">Cryptosystem</a>: <code class="code">sig</code> <a href="Netmech_scram.Cryptosystem.html">..</a> <code class="code">end</code></pre><div class="info">
488
This is the cryptosystem as defined in RFC 3961, so far needed here.
490
<pre><span class="keyword">module</span> <a href="Netmech_scram.Debug.html">Debug</a>: <code class="code">sig</code> <a href="Netmech_scram.Debug.html">..</a> <code class="code">end</code></pre></body></html>
b'\\ No newline at end of file'