Module `P11_driver`

High-level PKCS#11 bindings.

exception CKR of P11.RV.t

module type S = sig ... end: High-level interface for PKCS#11 bindings. Contains all functions in the PKCS#11 specification as well as helper functions to make working with PKCS#11 easier. All functions take core P11* types (rather than CK_* types), and structure allocation and populate is handled automatically.

type t = (module S)

val initialize : t -> unit
val initialize_nss : t -> params:Pkcs11.Nss_initialize_arg.u -> unit: Perform a c_Initialize call with NSS-style initialization parameters as described at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Specs

val finalize : t -> unit
val get_info : t -> P11.Info.t
val get_slot : t -> P11.Slot.t -> (P11.Slot_id.t, string) Stdlib.result
val get_slot_list : t -> bool -> P11.Slot_id.t list
val get_slot_info : t -> slot:P11.Slot_id.t -> P11.Slot_info.t
val get_token_info : t -> slot:P11.Slot_id.t -> P11.Token_info.t
val get_mechanism_list : t -> slot:P11.Slot_id.t -> P11.Mechanism_type.t list
val get_mechanism_info : t -> slot:P11.Slot_id.t -> P11.Mechanism_type.t -> P11.Mechanism_info.t
val init_token : t -> slot:P11.Slot_id.t -> pin:string -> label:string -> unit
val init_PIN : t -> P11.Session_handle.t -> pin:string -> unit
val set_PIN : t -> P11.Session_handle.t -> oldpin:string -> newpin:string -> unit
val open_session : t -> slot:P11.Slot_id.t -> flags:P11.Flags.t -> P11.Session_handle.t
val close_session : t -> P11.Session_handle.t -> unit
val close_all_sessions : t -> slot:P11.Slot_id.t -> unit
val get_session_info : t -> P11.Session_handle.t -> P11.Session_info.t
val login : t -> P11.Session_handle.t -> P11.User_type.t -> string -> unit
val logout : t -> P11.Session_handle.t -> unit
val create_object : t -> P11.Session_handle.t -> P11.Template.t -> P11.Object_handle.t
val copy_object : t -> P11.Session_handle.t -> P11.Object_handle.t -> P11.Template.t -> P11.Object_handle.t
val destroy_object : t -> P11.Session_handle.t -> P11.Object_handle.t -> unit
val get_attribute_value : t -> P11.Session_handle.t -> P11.Object_handle.t -> P11.Attribute_types.t -> P11.Template.t
val get_attribute_value' : t -> P11.Session_handle.t -> P11.Object_handle.t -> P11.Attribute_types.t -> P11.Template.t
val get_attribute_value_optimized : t -> P11.Attribute_types.t -> [ `Optimized of P11.Session_handle.t -> P11.Object_handle.t -> P11.Template.t ]
val set_attribute_value : t -> P11.Session_handle.t -> P11.Object_handle.t -> P11.Template.t -> unit
val find_objects : t -> ?⁠max_size:int -> P11.Session_handle.t -> P11.Template.t -> P11.Object_handle.t list
val encrypt : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t -> P11.Data.t
val multipart_encrypt_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_encrypt_chunck : t -> P11.Session_handle.t -> P11.Data.t -> P11.Data.t
val multipart_encrypt_final : t -> P11.Session_handle.t -> P11.Data.t
val multipart_encrypt : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t list -> P11.Data.t
val decrypt : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t -> P11.Data.t
val multipart_decrypt_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_decrypt_chunck : t -> P11.Session_handle.t -> P11.Data.t -> P11.Data.t
val multipart_decrypt_final : t -> P11.Session_handle.t -> P11.Data.t
val multipart_decrypt : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t list -> P11.Data.t
val sign : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t -> P11.Data.t
val sign_recover : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t -> P11.Data.t
val multipart_sign_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_sign_chunck : t -> P11.Session_handle.t -> P11.Data.t -> unit
val multipart_sign_final : t -> P11.Session_handle.t -> P11.Data.t
val multipart_sign : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t list -> P11.Data.t
val verify : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> data:P11.Data.t -> signature:P11.Data.t -> unit
val verify_recover : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> signature:P11.Data.t -> P11.Data.t
val multipart_verify_init : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> unit
val multipart_verify_chunck : t -> P11.Session_handle.t -> P11.Data.t -> unit
val multipart_verify_final : t -> P11.Session_handle.t -> P11.Data.t -> unit
val multipart_verify : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t list -> P11.Data.t -> unit
val generate_key : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Template.t -> P11.Object_handle.t
val generate_key_pair : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Template.t -> P11.Template.t -> P11.Object_handle.t * P11.Object_handle.t
val wrap_key : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Object_handle.t -> P11.Data.t
val unwrap_key : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Data.t -> P11.Template.t -> P11.Object_handle.t
val derive_key : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Object_handle.t -> P11.Template.t -> P11.Object_handle.t
val digest : t -> P11.Session_handle.t -> P11.Mechanism.t -> P11.Data.t -> P11.Data.t

module Wrap_low_level_bindings : functor (X : Pkcs11.LOW_LEVEL_BINDINGS) -> S

val load_driver : ?⁠log_calls:(string * Stdlib.Format.formatter) -> ?⁠on_unknown:(string -> unit) -> ?⁠load_mode:P11.Load_mode.t -> string -> t: May raise Pkcs11.Cannot_load_module. on_unknown will be called with a warning message when unsupported codes are encountered.