Safe Haskell	None
Language	Haskell2010

System.Crypto.Pkcs11

Contents

Library
- Reading library information
Slots
- Reading slot information
- Reading token information
Mechanisms
Session management
Object attributes
- Searching objects
- Reading object attributes
Key generation
Key wrapping/unwrapping
Encryption/decryption
Misc

Synopsis

Library

data Library Source #

loadLibrary :: String -> IO Library Source #

Load PKCS#11 dynamically linked library

lib <- loadLibrary "/path/to/dll.so"

releaseLibrary :: Library -> IO () Source #

Reading library information

data Info Source #

Instances

Show Info Source #
Methods showsPrec :: Int -> Info -> ShowS # show :: Info -> String # showList :: [Info] -> ShowS #
Storable Info Source #
Methods sizeOf :: Info -> Int # alignment :: Info -> Int # peekElemOff :: Ptr Info -> Int -> IO Info # pokeElemOff :: Ptr Info -> Int -> Info -> IO () # peekByteOff :: Ptr b -> Int -> IO Info # pokeByteOff :: Ptr b -> Int -> Info -> IO () # peek :: Ptr Info -> IO Info # poke :: Ptr Info -> Info -> IO () #

getInfo :: Library -> IO Info Source #

Returns general information about Cryptoki

infoCryptokiVersion :: Info -> Version Source #

Cryptoki interface version number, for compatibility with future revisions of this interface

infoManufacturerId :: Info -> String Source #

ID of the Cryptoki library manufacturer

infoFlags :: Info -> Int Source #

bit flags reserved for future versions. Must be zero for this version

infoLibraryDescription :: Info -> String Source #

infoLibraryVersion :: Info -> Version Source #

Cryptoki library version number

Slots

type SlotId = Int Source #

getSlotList :: Library -> Bool -> Int -> IO [SlotId] Source #

Allows to obtain a list of slots in the system

slotsIds <- getSlotList lib True 10

In this example retrieves list of, at most 10 (third parameter) slot identifiers with tokens present (second parameter is set to True)

Reading slot information

data SlotInfo Source #

Instances

Show SlotInfo Source #
Methods showsPrec :: Int -> SlotInfo -> ShowS # show :: SlotInfo -> String # showList :: [SlotInfo] -> ShowS #
Storable SlotInfo Source #
Methods sizeOf :: SlotInfo -> Int # alignment :: SlotInfo -> Int # peekElemOff :: Ptr SlotInfo -> Int -> IO SlotInfo # pokeElemOff :: Ptr SlotInfo -> Int -> SlotInfo -> IO () # peekByteOff :: Ptr b -> Int -> IO SlotInfo # pokeByteOff :: Ptr b -> Int -> SlotInfo -> IO () # peek :: Ptr SlotInfo -> IO SlotInfo # poke :: Ptr SlotInfo -> SlotInfo -> IO () #

getSlotInfo :: Library -> SlotId -> IO SlotInfo Source #

Obtains information about a particular slot in the system

slotInfo <- getSlotInfo lib slotId

slotInfoDescription :: SlotInfo -> String Source #

slotInfoManufacturerId :: SlotInfo -> String Source #

slotInfoFlags :: SlotInfo -> Int Source #

bit flags indicating capabilities and status of the slot as defined in https://www.cryptsoft.com/pkcs11doc/v220/pkcs11__all_8h.html#aCK_SLOT_INFO

slotInfoHardwareVersion :: SlotInfo -> Version Source #

slotInfoFirmwareVersion :: SlotInfo -> Version Source #

Reading token information

data TokenInfo Source #

Instances

Show TokenInfo Source #
Methods showsPrec :: Int -> TokenInfo -> ShowS # show :: TokenInfo -> String # showList :: [TokenInfo] -> ShowS #
Storable TokenInfo Source #
Methods sizeOf :: TokenInfo -> Int # alignment :: TokenInfo -> Int # peekElemOff :: Ptr TokenInfo -> Int -> IO TokenInfo # pokeElemOff :: Ptr TokenInfo -> Int -> TokenInfo -> IO () # peekByteOff :: Ptr b -> Int -> IO TokenInfo # pokeByteOff :: Ptr b -> Int -> TokenInfo -> IO () # peek :: Ptr TokenInfo -> IO TokenInfo # poke :: Ptr TokenInfo -> TokenInfo -> IO () #

getTokenInfo :: Library -> SlotId -> IO TokenInfo Source #

Obtains information about a particular token in the system

tokenInfo <- getTokenInfo lib slotId

tokenInfoLabel :: TokenInfo -> String Source #

tokenInfoManufacturerId :: TokenInfo -> String Source #

tokenInfoModel :: TokenInfo -> String Source #

tokenInfoSerialNumber :: TokenInfo -> String Source #

tokenInfoFlags :: TokenInfo -> Int Source #

bit flags indicating capabilities and status of the device as defined in https://www.cryptsoft.com/pkcs11doc/v220/pkcs11__all_8h.html#aCK_TOKEN_INFO

Mechanisms

data MechType Source #

Constructors

RsaPkcsKeyPairGen
RsaPkcs
AesEcb
AesCbc
AesMac
AesMacGeneral
AesCbcPad
AesCtr

Instances

Enum MechType Source #
Methods succ :: MechType -> MechType # pred :: MechType -> MechType # toEnum :: Int -> MechType # fromEnum :: MechType -> Int # enumFrom :: MechType -> [MechType] # enumFromThen :: MechType -> MechType -> [MechType] # enumFromTo :: MechType -> MechType -> [MechType] # enumFromThenTo :: MechType -> MechType -> MechType -> [MechType] #
Eq MechType Source #
Methods (==) :: MechType -> MechType -> Bool # (/=) :: MechType -> MechType -> Bool #
Show MechType Source #
Methods showsPrec :: Int -> MechType -> ShowS # show :: MechType -> String # showList :: [MechType] -> ShowS #

data MechInfo Source #

Instances

Show MechInfo Source #
Methods showsPrec :: Int -> MechInfo -> ShowS # show :: MechInfo -> String # showList :: [MechInfo] -> ShowS #
Storable MechInfo Source #
Methods sizeOf :: MechInfo -> Int # alignment :: MechInfo -> Int # peekElemOff :: Ptr MechInfo -> Int -> IO MechInfo # pokeElemOff :: Ptr MechInfo -> Int -> MechInfo -> IO () # peekByteOff :: Ptr b -> Int -> IO MechInfo # pokeByteOff :: Ptr b -> Int -> MechInfo -> IO () # peek :: Ptr MechInfo -> IO MechInfo # poke :: Ptr MechInfo -> MechInfo -> IO () #

getMechanismList :: Library -> SlotId -> Int -> IO [Int] Source #

Obtains a list of mechanism types supported by a token

getMechanismInfo :: Library -> SlotId -> MechType -> IO MechInfo Source #

Obtains information about a particular mechanism possibly supported by a token

mechInfoMinKeySize :: MechInfo -> Int Source #

mechInfoMaxKeySize :: MechInfo -> Int Source #

mechInfoFlags :: MechInfo -> Int Source #

Session management

data Session Source #

data UserType Source #

Constructors

SecurityOfficer
User
ContextSpecific

Instances

Enum UserType Source #
Methods succ :: UserType -> UserType # pred :: UserType -> UserType # toEnum :: Int -> UserType # fromEnum :: UserType -> Int # enumFrom :: UserType -> [UserType] # enumFromThen :: UserType -> UserType -> [UserType] # enumFromTo :: UserType -> UserType -> [UserType] # enumFromThenTo :: UserType -> UserType -> UserType -> [UserType] #
Eq UserType Source #
Methods (==) :: UserType -> UserType -> Bool # (/=) :: UserType -> UserType -> Bool #

withSession :: Library -> SlotId -> Bool -> (Session -> IO a) -> IO a Source #

login :: Session -> UserType -> ByteString -> IO () Source #

logout :: Session -> IO () Source #

Object attributes

type ObjectHandle = CULong Source #

data Attribute Source #

Constructors

Class ClassType
KeyType KeyTypeValue
Label String
ModulusBits Int
Token Bool
Decrypt Bool
Modulus Integer
PublicExponent Integer

Instances

Show Attribute Source #
Methods showsPrec :: Int -> Attribute -> ShowS # show :: Attribute -> String # showList :: [Attribute] -> ShowS #

data ClassType Source #

Constructors

PrivateKey
SecretKey

Instances

Enum ClassType Source #
Methods succ :: ClassType -> ClassType # pred :: ClassType -> ClassType # toEnum :: Int -> ClassType # fromEnum :: ClassType -> Int # enumFrom :: ClassType -> [ClassType] # enumFromThen :: ClassType -> ClassType -> [ClassType] # enumFromTo :: ClassType -> ClassType -> [ClassType] # enumFromThenTo :: ClassType -> ClassType -> ClassType -> [ClassType] #
Eq ClassType Source #
Methods (==) :: ClassType -> ClassType -> Bool # (/=) :: ClassType -> ClassType -> Bool #
Show ClassType Source #
Methods showsPrec :: Int -> ClassType -> ShowS # show :: ClassType -> String # showList :: [ClassType] -> ShowS #

data KeyTypeValue Source #

Constructors

RSA
DSA
DH
ECDSA
EC
AES

Instances

Enum KeyTypeValue Source #
Methods succ :: KeyTypeValue -> KeyTypeValue # pred :: KeyTypeValue -> KeyTypeValue # toEnum :: Int -> KeyTypeValue # fromEnum :: KeyTypeValue -> Int # enumFrom :: KeyTypeValue -> [KeyTypeValue] # enumFromThen :: KeyTypeValue -> KeyTypeValue -> [KeyTypeValue] # enumFromTo :: KeyTypeValue -> KeyTypeValue -> [KeyTypeValue] # enumFromThenTo :: KeyTypeValue -> KeyTypeValue -> KeyTypeValue -> [KeyTypeValue] #
Eq KeyTypeValue Source #
Methods (==) :: KeyTypeValue -> KeyTypeValue -> Bool # (/=) :: KeyTypeValue -> KeyTypeValue -> Bool #
Show KeyTypeValue Source #
Methods showsPrec :: Int -> KeyTypeValue -> ShowS # show :: KeyTypeValue -> String # showList :: [KeyTypeValue] -> ShowS #

Searching objects

findObjects :: Session -> [Attribute] -> IO [ObjectHandle] Source #

Reading object attributes

getTokenFlag :: Session -> ObjectHandle -> IO Bool Source #

getPrivateFlag :: Session -> ObjectHandle -> IO Bool Source #

getSensitiveFlag :: Session -> ObjectHandle -> IO Bool Source #

getEncryptFlag :: Session -> ObjectHandle -> IO Bool Source #

getDecryptFlag :: Session -> ObjectHandle -> IO Bool Source #

getWrapFlag :: Session -> ObjectHandle -> IO Bool Source #

getUnwrapFlag :: Session -> ObjectHandle -> IO Bool Source #

getSignFlag :: Session -> ObjectHandle -> IO Bool Source #

getModulus :: Session -> ObjectHandle -> IO Integer Source #

getPublicExponent :: Session -> ObjectHandle -> IO Integer Source #

Key generation

generateKeyPair :: Session -> MechType -> [Attribute] -> [Attribute] -> IO (ObjectHandle, ObjectHandle) Source #

Key wrapping/unwrapping

unwrapKey :: MechType -> Session -> ObjectHandle -> ByteString -> [Attribute] -> IO ObjectHandle Source #

Encryption/decryption

decrypt :: MechType -> Session -> ObjectHandle -> ByteString -> IO ByteString Source #

encrypt :: MechType -> Session -> ObjectHandle -> ByteString -> IO ByteString Source #

Misc

data Version Source #

Instances

Show Version Source #
Methods showsPrec :: Int -> Version -> ShowS # show :: Version -> String # showList :: [Version] -> ShowS #
Storable Version Source #
Methods sizeOf :: Version -> Int # alignment :: Version -> Int # peekElemOff :: Ptr Version -> Int -> IO Version # pokeElemOff :: Ptr Version -> Int -> Version -> IO () # peekByteOff :: Ptr b -> Int -> IO Version # pokeByteOff :: Ptr b -> Int -> Version -> IO () # peek :: Ptr Version -> IO Version # poke :: Ptr Version -> Version -> IO () #

versionMajor :: Version -> Int Source #

versionMinor :: Version -> Int Source #