1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* this file maps PKCS11 Errors into SECErrors
* This is an information reducing process, since most errors are reflected
* back to the user (the user doesn't care about invalid flags, or active
* operations). If any of these errors need more detail in the upper layers
* which call PK11 library functions, we can add more SEC_ERROR_XXX functions
* and change there mappings here.
*
* Some PKCS11 errors are mapped to SEC_ERROR_LIBRARY_FAILURE intentionally
* because they indicate that there is a bug in the library (either NSS or
* the token).
*/
#include "pkcs11t.h"
#include "pk11func.h"
#include "secerr.h"
#include "prerror.h"
#ifdef PK11_ERROR_USE_ARRAY
/*
* build a static array of entries...
*/
static struct {
CK_RV pk11_error;
int sec_error;
} pk11_error_map = {
#define MAPERROR(x, y) { x, y },
#else
/* the default is to use a big switch statement */
int
PK11_MapError(CK_RV rv)
{
switch (rv) {
#define MAPERROR(x, y) \
case x: \
return y;
#endif
/* the guts mapping */
/* clang-format off */
MAPERROR(CKR_OK, 0)
MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS)
MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN)
MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN)
MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_PKCS11_DEVICE_ERROR)
MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)
MAPERROR(CKR_DOMAIN_PARAMS_INVALID, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_ENCRYPTED_DATA_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_ENCRYPTED_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_FUNCTION_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_FUNCTION_FAILED, SEC_ERROR_PKCS11_FUNCTION_FAILED)
MAPERROR(CKR_FUNCTION_NOT_PARALLEL, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_FUNCTION_NOT_SUPPORTED, PR_NOT_IMPLEMENTED_ERROR)
MAPERROR(CKR_GENERAL_ERROR, SEC_ERROR_PKCS11_GENERAL_ERROR)
MAPERROR(CKR_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_MECHANISM_INVALID, SEC_ERROR_INVALID_ALGORITHM)
MAPERROR(CKR_MECHANISM_PARAM_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_NO_EVENT, SEC_ERROR_NO_EVENT)
MAPERROR(CKR_OBJECT_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_OPERATION_ACTIVE, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_OPERATION_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_PIN_INCORRECT, SEC_ERROR_BAD_PASSWORD)
MAPERROR(CKR_PIN_INVALID, SEC_ERROR_INVALID_PASSWORD)
MAPERROR(CKR_PIN_LEN_RANGE, SEC_ERROR_INVALID_PASSWORD)
MAPERROR(CKR_PIN_EXPIRED, SEC_ERROR_EXPIRED_PASSWORD)
MAPERROR(CKR_PIN_LOCKED, SEC_ERROR_LOCKED_PASSWORD)
MAPERROR(CKR_SESSION_CLOSED, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_SESSION_COUNT, SEC_ERROR_NO_MEMORY) /* XXXX? */
MAPERROR(CKR_SESSION_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_SESSION_PARALLEL_NOT_SUPPORTED, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_SESSION_READ_ONLY, SEC_ERROR_READ_ONLY)
MAPERROR(CKR_SIGNATURE_INVALID, SEC_ERROR_BAD_SIGNATURE)
MAPERROR(CKR_SIGNATURE_LEN_RANGE, SEC_ERROR_BAD_SIGNATURE)
MAPERROR(CKR_TEMPLATE_INCOMPLETE, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_TEMPLATE_INCONSISTENT, SEC_ERROR_BAD_DATA)
MAPERROR(CKR_TOKEN_NOT_PRESENT, SEC_ERROR_NO_TOKEN)
MAPERROR(CKR_TOKEN_NOT_RECOGNIZED, SEC_ERROR_IO)
MAPERROR(CKR_TOKEN_WRITE_PROTECTED, SEC_ERROR_READ_ONLY)
MAPERROR(CKR_UNWRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_UNWRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_USER_ALREADY_LOGGED_IN, 0)
MAPERROR(CKR_USER_NOT_LOGGED_IN, SEC_ERROR_TOKEN_NOT_LOGGED_IN)
MAPERROR(CKR_USER_PIN_NOT_INITIALIZED, SEC_ERROR_NO_TOKEN)
MAPERROR(CKR_USER_TYPE_INVALID, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_WRAPPED_KEY_INVALID, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_WRAPPED_KEY_LEN_RANGE, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_WRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_WRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
MAPERROR(CKR_VENDOR_DEFINED, SEC_ERROR_LIBRARY_FAILURE)
MAPERROR(CKR_NSS_CERTDB_FAILED, SEC_ERROR_BAD_DATABASE)
MAPERROR(CKR_NSS_KEYDB_FAILED, SEC_ERROR_BAD_DATABASE)
MAPERROR(CKR_CANT_LOCK, SEC_ERROR_INCOMPATIBLE_PKCS11)
/* clang-format on */
#ifdef PK11_ERROR_USE_ARRAY
};
int
PK11_MapError(CK_RV rv)
{
int size = sizeof(pk11_error_map) / sizeof(pk11_error_map[0]);
for (i = 0; i < size; i++) {
if (pk11_error_map[i].pk11_error == rv) {
return pk11_error_map[i].sec_error;
}
}
return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
}
#else
/* clang-format off */
default :
break;
/* clang-format on */
}
return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
}
#endif
|