package sihl

  1. Overview
  2. Docs

This module does not provide an API to read a decrypted token (by turning it into a string, Cstruct.t or similar). This is to prevent leaking CSRF tokens.

type t
val equal : t -> t -> bool

equal tkn1 tkn2 checks if two decrypted tokens tkn1 and tkn2 are equal.

val equal_struct : t -> Cstruct.t -> bool

equal_struct tkn raw checks if a decrypted token tkn is equal to a raw token raw.

val from_encrypted : with_secret:Secret.t -> Encrypted_token.t -> t

from_encrypted ~with_secret tkn decrypts an encrypted token tkn using AES in ECB mode given a secret with_secret.

val from_encrypted_random : with_secret:Secret.t -> Encrypted_token.t -> t

from_encrypted_random ~with_secret tkn decrypts a randomized encrypted token tkn given a secret with_secret. This function reverses Encrypted_token.from_struct_random since a specific format is required.

val from_encrypted_to_encrypted_random : with_secret:Secret.t -> Encrypted_token.t -> Encrypted_token.t

from_encrypted_to_encrypted_random ~with_secret tkn turns a normal encrypted token tkn into a randomly encrypted token by first decrypting it and then re-encrypting it with Encrypted_token.from_struct_random.

OCaml

Innovation. Community. Security.