package pkcs11-driver

  1. Overview
  2. Docs
Legend:
Library
Module
Module type
Parameter
Class
Class type

High-level PKCS#11 bindings.

exception CKR of P11.RV.t
module type S = sig ... end

High-level interface for PKCS#11 bindings. Contains all functions in the PKCS#11 specification as well as helper functions to make working with PKCS#11 easier. All functions take core P11* types (rather than CK_* types), and structure allocation and populate is handled automatically.

type t = (module S)
val initialize : t -> unit
val initialize_nss : t -> params:Pkcs11.Nss_initialize_arg.u -> unit

Perform a c_Initialize call with NSS-style initialization parameters as described at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Specs

val finalize : t -> unit
val get_info : t -> P11.Info.t
val get_slot : t -> P11.Slot.t -> (P11.Slot_id.t, string) result
val get_slot_list : t -> bool -> P11.Slot_id.t list
val get_slot_info : t -> slot:P11.Slot_id.t -> P11.Slot_info.t
val get_token_info : t -> slot:P11.Slot_id.t -> P11.Token_info.t
val get_mechanism_list : t -> slot:P11.Slot_id.t -> P11.Mechanism_type.t list
val get_mechanism_info : t -> slot:P11.Slot_id.t -> P11.Mechanism_type.t -> P11.Mechanism_info.t
val init_token : t -> slot:P11.Slot_id.t -> pin:string -> label:string -> unit
val init_PIN : t -> P11.Session_handle.t -> pin:string -> unit
val set_PIN : t -> P11.Session_handle.t -> oldpin:string -> newpin:string -> unit
val open_session : t -> slot:P11.Slot_id.t -> flags:P11.Flags.t -> P11.Session_handle.t
val close_session : t -> P11.Session_handle.t -> unit
val close_all_sessions : t -> slot:P11.Slot_id.t -> unit
val get_session_info : t -> P11.Session_handle.t -> P11.Session_info.t
val login : t -> P11.Session_handle.t -> P11.User_type.t -> string -> unit
val logout : t -> P11.Session_handle.t -> unit
val destroy_object : t -> P11.Session_handle.t -> P11.Object_handle.t -> unit
val get_attribute_value_optimized : t -> P11.Attribute_types.t -> [ `Optimized of P11.Session_handle.t -> P11.Object_handle.t -> P11.Template.t ]
val set_attribute_value : t -> P11.Session_handle.t -> P11.Object_handle.t -> P11.Template.t -> unit
val find_objects : t -> ?max_size:int -> P11.Session_handle.t -> P11.Template.t -> P11.Object_handle.t list
val multipart_encrypt_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_encrypt_chunck : t -> P11.Session_handle.t -> P11.Data.t -> P11.Data.t
val multipart_encrypt_final : t -> P11.Session_handle.t -> P11.Data.t
val multipart_decrypt_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_decrypt_chunck : t -> P11.Session_handle.t -> P11.Data.t -> P11.Data.t
val multipart_decrypt_final : t -> P11.Session_handle.t -> P11.Data.t
val multipart_sign_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_sign_chunck : t -> P11.Session_handle.t -> P11.Data.t -> unit
val multipart_sign_final : t -> P11.Session_handle.t -> P11.Data.t
val verify : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> data:P11.Data.t -> signature:P11.Data.t -> unit
val verify_recover : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> signature:P11.Data.t -> P11.Data.t
val multipart_verify_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_verify_chunck : t -> P11.Session_handle.t -> P11.Data.t -> unit
val multipart_verify_final : t -> P11.Session_handle.t -> P11.Data.t -> unit
val multipart_verify : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t list -> P11.Data.t -> unit
val load_driver : ?log_calls:(string * Format.formatter) -> ?on_unknown:(string -> unit) -> ?load_mode:P11.Load_mode.t -> string -> t

May raise Pkcs11.Cannot_load_module. on_unknown will be called with a warning message when unsupported codes are encountered.

OCaml

Innovation. Community. Security.