respect PKCS#11 allowed return values
This commit is contained in:
Frank Morgner
parent
fc296b5488
commit
1bb2547abc
|
|
@ -572,7 +572,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
|
|||
}
|
||||
p15card = fw_data->p15_card;
|
||||
if (!p15card) {
|
||||
rv = CKR_TOKEN_NOT_RECOGNIZED;
|
||||
rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo");
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
|
@ -1600,9 +1600,8 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType,
|
|||
struct sc_pkcs15_auth_info *pin_info = NULL;
|
||||
int rc;
|
||||
|
||||
if (slot->p11card == NULL) {
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
}
|
||||
if (slot->p11card == NULL)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Login");
|
||||
p11card = slot->p11card;
|
||||
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
|
|
@ -1610,7 +1609,7 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType,
|
|||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Login");
|
||||
p15card = fw_data->p15_card;
|
||||
if (!p15card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Login");
|
||||
|
||||
sc_log(context, "pkcs15-login: userType 0x%lX, PIN length %li", userType, ulPinLen);
|
||||
switch (userType) {
|
||||
|
|
@ -1679,7 +1678,7 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType,
|
|||
return CKR_FUNCTION_REJECTED;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Login");
|
||||
|
||||
/* By default, we make the reader resource manager keep other
|
||||
* processes from accessing the card while we're logged in.
|
||||
|
|
@ -1772,12 +1771,12 @@ pkcs15_logout(struct sc_pkcs11_slot *slot)
|
|||
int rc;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Logout");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Logout");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Logout");
|
||||
|
||||
memset(fw_data->user_puk, 0, sizeof(fw_data->user_puk));
|
||||
fw_data->user_puk_len = 0;
|
||||
|
|
@ -1819,13 +1818,13 @@ pkcs15_change_pin(struct sc_pkcs11_slot *slot,
|
|||
int rc;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetPin");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetPin");
|
||||
p15card = fw_data->p15_card;
|
||||
if (!p15card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetPin");
|
||||
|
||||
if (login_user == CKU_SO) {
|
||||
rc = sc_pkcs15_find_so_pin(p15card, &pin_obj);
|
||||
|
|
@ -2035,7 +2034,7 @@ pkcs15_init_pin(struct sc_pkcs11_slot *slot, CK_CHAR_PTR pPin, CK_ULONG ulPinLen
|
|||
auth_info = slot_data_auth_info(slot->fw_data);
|
||||
if (auth_info && sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) {
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_InitPin");
|
||||
/* C_InitPIN is used to unblock User PIN or set it in the SO session .*/
|
||||
auth_obj = slot_data_auth(slot->fw_data);
|
||||
if (fw_data->user_puk_len)
|
||||
|
|
@ -2123,12 +2122,12 @@ pkcs15_create_private_key(struct sc_pkcs11_slot *slot, struct sc_profile *profil
|
|||
|
||||
memset(&args, 0, sizeof(args));
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
|
||||
/* See if the "slot" is pin protected. If so, get the PIN id */
|
||||
if ((pin = slot_data_auth_info(slot->fw_data)) != NULL)
|
||||
|
|
@ -2294,12 +2293,12 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
|
|||
|
||||
memset(&args, 0, sizeof(args));
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
|
||||
/* Get the key type */
|
||||
rv = attr_find(pTemplate, ulCount, CKA_KEY_TYPE, &key_type, NULL);
|
||||
|
|
@ -2471,12 +2470,12 @@ pkcs15_create_public_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile
|
|||
|
||||
memset(&args, 0, sizeof(args));
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
|
||||
/* See if the "slot" is pin protected. If so, get the PIN id */
|
||||
if ((pin = slot_data_auth_info(slot->fw_data)) != NULL)
|
||||
|
|
@ -2581,12 +2580,12 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot,
|
|||
|
||||
memset(&args, 0, sizeof(args));
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
|
||||
/* Get the key type */
|
||||
rv = attr_find(pTemplate, ulCount, CKA_CERTIFICATE_TYPE,
|
||||
|
|
@ -2669,12 +2668,12 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct sc_profile *profile,
|
|||
sc_init_oid(&args.app_oid);
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
|
||||
while (ulCount--) {
|
||||
CK_ATTRIBUTE_PTR attr = pTemplate++;
|
||||
|
|
@ -2751,12 +2750,12 @@ pkcs15_create_object(struct sc_pkcs11_slot *slot, CK_ATTRIBUTE_PTR pTemplate, CK
|
|||
CK_BBOOL p15init_create_object;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject");
|
||||
|
||||
rv = attr_find(pTemplate, ulCount, CKA_CLASS, &_class, NULL);
|
||||
if (rv != CKR_OK)
|
||||
|
|
@ -3021,12 +3020,12 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
|
|||
return CKR_MECHANISM_INVALID;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair");
|
||||
|
||||
rc = sc_lock(p11card->card);
|
||||
if (rc < 0)
|
||||
|
|
@ -3198,12 +3197,12 @@ pkcs15_skey_destroy(struct sc_pkcs11_session *session, void *object)
|
|||
int rv;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair");
|
||||
|
||||
/* TODO assuming this is a session only object. */
|
||||
rv = sc_lock(p11card->card);
|
||||
|
|
@ -3241,12 +3240,12 @@ pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object)
|
|||
int rv;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DestroyObject");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DestroyObject");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DestroyObject");
|
||||
|
||||
rv = sc_lock(p11card->card);
|
||||
if (rv < 0)
|
||||
|
|
@ -3324,12 +3323,12 @@ pkcs15_get_random(struct sc_pkcs11_slot *slot, CK_BYTE_PTR p, CK_ULONG len)
|
|||
int rc;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateRandom");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateRandom");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateRandom");
|
||||
|
||||
rc = sc_get_challenge(fw_data->p15_card->card, p, (size_t)len);
|
||||
return sc_to_cryptoki_error(rc, "C_GenerateRandom");
|
||||
|
|
@ -3376,12 +3375,12 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1
|
|||
CK_RV ck_rv = CKR_OK;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetAttributeValue");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetAttributeValue");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetAttributeValue");
|
||||
|
||||
rv = sc_lock(p11card->card);
|
||||
if (rv < 0)
|
||||
|
|
@ -3479,12 +3478,12 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
|
|||
sc_log(context, "pkcs15_cert_get_attribute() called");
|
||||
p11card = session->slot->p11card;
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
|
||||
switch (attr->type) {
|
||||
case CKA_CLASS:
|
||||
|
|
@ -3585,14 +3584,14 @@ pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session,
|
|||
|
||||
sc_log(context, "pkcs15_cert_cmp_attribute() called");
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data) {
|
||||
sc_log(context, "pkcs15_cert_cmp_attribute() returns SC_ERROR_INTERNAL");
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
|
||||
}
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
|
||||
switch (attr->type) {
|
||||
/* Check the issuer/subject. Some pkcs11 callers (i.e. netscape) will pass
|
||||
|
|
@ -3689,12 +3688,12 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session,
|
|||
sc_log(context, "pkcs15_prkey_get_attribute() called");
|
||||
p11card = session->slot->p11card;
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
|
||||
/* PKCS#11 requires us to supply CKA_MODULUS for private keys,
|
||||
* although that is not generally available from a smart card
|
||||
|
|
@ -3934,12 +3933,12 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj,
|
|||
sc_log(context, "Initiating signing operation, mechanism 0x%lx.",
|
||||
pMechanism->mechanism);
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Sign");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Sign");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Sign");
|
||||
|
||||
/* See which of the alternative keys supports signing */
|
||||
while (prkey && !(prkey->prv_info->usage & sign_flags))
|
||||
|
|
@ -4108,12 +4107,12 @@ pkcs15_prkey_unwrap(struct sc_pkcs11_session *session, void *obj,
|
|||
sc_log(context, "Initiating unwrapping with private key.");
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey");
|
||||
|
||||
if (pMechanism == NULL || pWrappedKey == NULL || ulWrappedKeyLen == 0 || targetKeyObj == NULL) {
|
||||
sc_log(context, "One or more of mandatory arguments were NULL.");
|
||||
|
|
@ -4176,12 +4175,12 @@ pkcs15_prkey_decrypt(struct sc_pkcs11_session *session, void *obj,
|
|||
sc_log(context, "Initiating decryption.");
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Decrypt");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Decrypt");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Decrypt");
|
||||
|
||||
/* See which of the alternative keys supports decrypt */
|
||||
prkey = (struct pkcs15_prkey_object *) obj;
|
||||
|
|
@ -4286,12 +4285,12 @@ pkcs15_prkey_derive(struct sc_pkcs11_session *session, void *obj,
|
|||
sc_log(context, "Initiating derivation");
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DeriveKey");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DeriveKey");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DeriveKey");
|
||||
|
||||
/* See which of the alternative keys supports derivation */
|
||||
while (prkey && !(prkey->prv_info->usage & SC_PKCS15_PRKEY_USAGE_DERIVE))
|
||||
|
|
@ -4368,10 +4367,10 @@ pkcs15_prkey_can_do(struct sc_pkcs11_session *session, void *obj,
|
|||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
token_algos = &fw_data->p15_card->tokeninfo->supported_algos[0];
|
||||
|
||||
for (ii=0;ii<SC_MAX_SUPPORTED_ALGORITHMS && pkinfo->algo_refs[ii];ii++) {
|
||||
|
|
@ -4547,12 +4546,12 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_
|
|||
cert = pubkey->pub_genfrom;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
|
||||
/* We may need to get these from cert */
|
||||
switch (attr->type) {
|
||||
|
|
@ -4782,7 +4781,7 @@ pkcs15_dobj_get_value(struct sc_pkcs11_session *session,
|
|||
int rv;
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
card = session->slot->p11card->card;
|
||||
if (!out_data)
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
|
@ -4796,7 +4795,7 @@ pkcs15_dobj_get_value(struct sc_pkcs11_session *session,
|
|||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue");
|
||||
|
||||
rv = sc_lock(card);
|
||||
if (rv < 0)
|
||||
|
|
@ -5083,12 +5082,12 @@ pkcs15_skey_unwrap(struct sc_pkcs11_session *session, void *obj,
|
|||
sc_log(context, "Initiating unwrapping with a secret key.");
|
||||
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey");
|
||||
|
||||
if (pMechanism == NULL || pWrappedKey == NULL || ulWrappedKeyLen == 0 || targetKeyObj == NULL) {
|
||||
sc_log(context, "One or more of mandatory arguments were NULL.");
|
||||
|
|
@ -5166,12 +5165,12 @@ pkcs15_skey_wrap(struct sc_pkcs11_session *session, void *obj,
|
|||
|
||||
p11card = session->slot->p11card;
|
||||
if (!p11card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_WrapKey");
|
||||
fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx];
|
||||
if (!fw_data)
|
||||
return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_WrapKey");
|
||||
if (!fw_data->p15_card)
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_WrapKey");
|
||||
|
||||
/* Verify that the key supports wrapping */
|
||||
if (skey && !(skey->info->usage & SC_PKCS15_PRKEY_USAGE_WRAP))
|
||||
|
|
|
|||
|
|
@ -37,6 +37,21 @@ static struct sc_to_cryptoki_error_conversion sc_to_cryptoki_error_map[] = {
|
|||
{ "C_GenerateKeyPair", SC_ERROR_INVALID_PIN_LENGTH, CKR_GENERAL_ERROR },
|
||||
{ "C_Sign", SC_ERROR_NOT_ALLOWED, CKR_FUNCTION_FAILED},
|
||||
{ "C_Decrypt", SC_ERROR_NOT_ALLOWED, CKR_FUNCTION_FAILED},
|
||||
{ "C_GetTokenInfo", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetTokenInfo", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetTokenInfo", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetMechanismList", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetMechanismList", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetMechanismList", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetMechanismInfo", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetMechanismInfo", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_GetMechanismInfo", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_InitToken", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_InitToken", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_InitToken", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_OpenSession", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_OpenSession", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{ "C_OpenSession", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED},
|
||||
{NULL, 0, 0}
|
||||
};
|
||||
|
||||
|
|
@ -87,7 +102,8 @@ static CK_RV sc_to_cryptoki_error_common(int rc)
|
|||
case SC_ERROR_INVALID_CARD:
|
||||
case SC_ERROR_WRONG_CARD:
|
||||
case SC_ERROR_NO_CARD_SUPPORT:
|
||||
return CKR_TOKEN_NOT_RECOGNIZED;
|
||||
/* CKR_TOKEN_NOT_RECOGNIZED is handled in sc_to_cryptoki_error() */
|
||||
return CKR_FUNCTION_NOT_SUPPORTED;
|
||||
case SC_ERROR_WRONG_LENGTH:
|
||||
return CKR_DATA_LEN_RANGE;
|
||||
case SC_ERROR_INVALID_PIN_LENGTH:
|
||||
|
|
|
|||
Loading…
Reference in New Issue