From 1bb2547abca12f3ce22d48c3c171ea5e44ab4c4a Mon Sep 17 00:00:00 2001 From: Frank Morgner Date: Tue, 2 Jun 2020 22:43:42 +0200 Subject: [PATCH] respect PKCS#11 allowed return values --- src/pkcs11/framework-pkcs15.c | 113 +++++++++++++++++----------------- src/pkcs11/misc.c | 18 +++++- 2 files changed, 73 insertions(+), 58 deletions(-) diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 87384399..7c5d6b38 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -572,7 +572,7 @@ CK_RV C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) } p15card = fw_data->p15_card; if (!p15card) { - rv = CKR_TOKEN_NOT_RECOGNIZED; + rv = sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetTokenInfo"); goto out; } @@ -1600,9 +1600,8 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, struct sc_pkcs15_auth_info *pin_info = NULL; int rc; - if (slot->p11card == NULL) { - return CKR_TOKEN_NOT_RECOGNIZED; - } + if (slot->p11card == NULL) + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Login"); p11card = slot->p11card; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; @@ -1610,7 +1609,7 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Login"); p15card = fw_data->p15_card; if (!p15card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Login"); sc_log(context, "pkcs15-login: userType 0x%lX, PIN length %li", userType, ulPinLen); switch (userType) { @@ -1679,7 +1678,7 @@ pkcs15_login(struct sc_pkcs11_slot *slot, CK_USER_TYPE userType, return CKR_FUNCTION_REJECTED; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Login"); /* By default, we make the reader resource manager keep other * processes from accessing the card while we're logged in. @@ -1772,12 +1771,12 @@ pkcs15_logout(struct sc_pkcs11_slot *slot) int rc; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Logout"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Logout"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Logout"); memset(fw_data->user_puk, 0, sizeof(fw_data->user_puk)); fw_data->user_puk_len = 0; @@ -1819,13 +1818,13 @@ pkcs15_change_pin(struct sc_pkcs11_slot *slot, int rc; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetPin"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetPin"); p15card = fw_data->p15_card; if (!p15card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetPin"); if (login_user == CKU_SO) { rc = sc_pkcs15_find_so_pin(p15card, &pin_obj); @@ -2035,7 +2034,7 @@ pkcs15_init_pin(struct sc_pkcs11_slot *slot, CK_CHAR_PTR pPin, CK_ULONG ulPinLen auth_info = slot_data_auth_info(slot->fw_data); if (auth_info && sc_pkcs11_conf.pin_unblock_style == SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN) { if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_InitPin"); /* C_InitPIN is used to unblock User PIN or set it in the SO session .*/ auth_obj = slot_data_auth(slot->fw_data); if (fw_data->user_puk_len) @@ -2123,12 +2122,12 @@ pkcs15_create_private_key(struct sc_pkcs11_slot *slot, struct sc_profile *profil memset(&args, 0, sizeof(args)); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); /* See if the "slot" is pin protected. If so, get the PIN id */ if ((pin = slot_data_auth_info(slot->fw_data)) != NULL) @@ -2294,12 +2293,12 @@ pkcs15_create_secret_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile memset(&args, 0, sizeof(args)); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); /* Get the key type */ rv = attr_find(pTemplate, ulCount, CKA_KEY_TYPE, &key_type, NULL); @@ -2471,12 +2470,12 @@ pkcs15_create_public_key(struct sc_pkcs11_slot *slot, struct sc_profile *profile memset(&args, 0, sizeof(args)); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); /* See if the "slot" is pin protected. If so, get the PIN id */ if ((pin = slot_data_auth_info(slot->fw_data)) != NULL) @@ -2581,12 +2580,12 @@ pkcs15_create_certificate(struct sc_pkcs11_slot *slot, memset(&args, 0, sizeof(args)); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); /* Get the key type */ rv = attr_find(pTemplate, ulCount, CKA_CERTIFICATE_TYPE, @@ -2669,12 +2668,12 @@ pkcs15_create_data(struct sc_pkcs11_slot *slot, struct sc_profile *profile, sc_init_oid(&args.app_oid); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); while (ulCount--) { CK_ATTRIBUTE_PTR attr = pTemplate++; @@ -2751,12 +2750,12 @@ pkcs15_create_object(struct sc_pkcs11_slot *slot, CK_ATTRIBUTE_PTR pTemplate, CK CK_BBOOL p15init_create_object; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_CreateObject"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_CreateObject"); rv = attr_find(pTemplate, ulCount, CKA_CLASS, &_class, NULL); if (rv != CKR_OK) @@ -3021,12 +3020,12 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism, return CKR_MECHANISM_INVALID; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair"); rc = sc_lock(p11card->card); if (rc < 0) @@ -3198,12 +3197,12 @@ pkcs15_skey_destroy(struct sc_pkcs11_session *session, void *object) int rv; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateKeyPair"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateKeyPair"); /* TODO assuming this is a session only object. */ rv = sc_lock(p11card->card); @@ -3241,12 +3240,12 @@ pkcs15_any_destroy(struct sc_pkcs11_session *session, void *object) int rv; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DestroyObject"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DestroyObject"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DestroyObject"); rv = sc_lock(p11card->card); if (rv < 0) @@ -3324,12 +3323,12 @@ pkcs15_get_random(struct sc_pkcs11_slot *slot, CK_BYTE_PTR p, CK_ULONG len) int rc; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateRandom"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GenerateRandom"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GenerateRandom"); rc = sc_get_challenge(fw_data->p15_card->card, p, (size_t)len); return sc_to_cryptoki_error(rc, "C_GenerateRandom"); @@ -3376,12 +3375,12 @@ pkcs15_set_attrib(struct sc_pkcs11_session *session, struct sc_pkcs15_object *p1 CK_RV ck_rv = CKR_OK; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetAttributeValue"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_SetAttributeValue"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_SetAttributeValue"); rv = sc_lock(p11card->card); if (rv < 0) @@ -3479,12 +3478,12 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT sc_log(context, "pkcs15_cert_get_attribute() called"); p11card = session->slot->p11card; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); switch (attr->type) { case CKA_CLASS: @@ -3585,14 +3584,14 @@ pkcs15_cert_cmp_attribute(struct sc_pkcs11_session *session, sc_log(context, "pkcs15_cert_cmp_attribute() called"); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) { sc_log(context, "pkcs15_cert_cmp_attribute() returns SC_ERROR_INTERNAL"); return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); } if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); switch (attr->type) { /* Check the issuer/subject. Some pkcs11 callers (i.e. netscape) will pass @@ -3689,12 +3688,12 @@ pkcs15_prkey_get_attribute(struct sc_pkcs11_session *session, sc_log(context, "pkcs15_prkey_get_attribute() called"); p11card = session->slot->p11card; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); /* PKCS#11 requires us to supply CKA_MODULUS for private keys, * although that is not generally available from a smart card @@ -3934,12 +3933,12 @@ pkcs15_prkey_sign(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating signing operation, mechanism 0x%lx.", pMechanism->mechanism); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Sign"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Sign"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Sign"); /* See which of the alternative keys supports signing */ while (prkey && !(prkey->prv_info->usage & sign_flags)) @@ -4108,12 +4107,12 @@ pkcs15_prkey_unwrap(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating unwrapping with private key."); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey"); if (pMechanism == NULL || pWrappedKey == NULL || ulWrappedKeyLen == 0 || targetKeyObj == NULL) { sc_log(context, "One or more of mandatory arguments were NULL."); @@ -4176,12 +4175,12 @@ pkcs15_prkey_decrypt(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating decryption."); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Decrypt"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_Decrypt"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_Decrypt"); /* See which of the alternative keys supports decrypt */ prkey = (struct pkcs15_prkey_object *) obj; @@ -4286,12 +4285,12 @@ pkcs15_prkey_derive(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating derivation"); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DeriveKey"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_DeriveKey"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_DeriveKey"); /* See which of the alternative keys supports derivation */ while (prkey && !(prkey->prv_info->usage & SC_PKCS15_PRKEY_USAGE_DERIVE)) @@ -4368,10 +4367,10 @@ pkcs15_prkey_can_do(struct sc_pkcs11_session *session, void *obj, return CKR_FUNCTION_NOT_SUPPORTED; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return CKR_FUNCTION_NOT_SUPPORTED; fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return CKR_FUNCTION_NOT_SUPPORTED; token_algos = &fw_data->p15_card->tokeninfo->supported_algos[0]; for (ii=0;iialgo_refs[ii];ii++) { @@ -4547,12 +4546,12 @@ pkcs15_pubkey_get_attribute(struct sc_pkcs11_session *session, void *object, CK_ cert = pubkey->pub_genfrom; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); /* We may need to get these from cert */ switch (attr->type) { @@ -4782,7 +4781,7 @@ pkcs15_dobj_get_value(struct sc_pkcs11_session *session, int rv; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); card = session->slot->p11card->card; if (!out_data) return SC_ERROR_INVALID_ARGUMENTS; @@ -4796,7 +4795,7 @@ pkcs15_dobj_get_value(struct sc_pkcs11_session *session, if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_GetAttributeValue"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_GetAttributeValue"); rv = sc_lock(card); if (rv < 0) @@ -5083,12 +5082,12 @@ pkcs15_skey_unwrap(struct sc_pkcs11_session *session, void *obj, sc_log(context, "Initiating unwrapping with a secret key."); if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_UnwrapKey"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_UnwrapKey"); if (pMechanism == NULL || pWrappedKey == NULL || ulWrappedKeyLen == 0 || targetKeyObj == NULL) { sc_log(context, "One or more of mandatory arguments were NULL."); @@ -5166,12 +5165,12 @@ pkcs15_skey_wrap(struct sc_pkcs11_session *session, void *obj, p11card = session->slot->p11card; if (!p11card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_WrapKey"); fw_data = (struct pkcs15_fw_data *) p11card->fws_data[session->slot->fw_data_idx]; if (!fw_data) return sc_to_cryptoki_error(SC_ERROR_INTERNAL, "C_WrapKey"); if (!fw_data->p15_card) - return CKR_TOKEN_NOT_RECOGNIZED; + return sc_to_cryptoki_error(SC_ERROR_INVALID_CARD, "C_WrapKey"); /* Verify that the key supports wrapping */ if (skey && !(skey->info->usage & SC_PKCS15_PRKEY_USAGE_WRAP)) diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c index c3f5bb4e..9b1bffc4 100644 --- a/src/pkcs11/misc.c +++ b/src/pkcs11/misc.c @@ -37,6 +37,21 @@ static struct sc_to_cryptoki_error_conversion sc_to_cryptoki_error_map[] = { { "C_GenerateKeyPair", SC_ERROR_INVALID_PIN_LENGTH, CKR_GENERAL_ERROR }, { "C_Sign", SC_ERROR_NOT_ALLOWED, CKR_FUNCTION_FAILED}, { "C_Decrypt", SC_ERROR_NOT_ALLOWED, CKR_FUNCTION_FAILED}, + { "C_GetTokenInfo", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetTokenInfo", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetTokenInfo", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetMechanismList", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetMechanismList", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetMechanismList", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetMechanismInfo", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetMechanismInfo", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_GetMechanismInfo", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_InitToken", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_InitToken", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_InitToken", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_OpenSession", SC_ERROR_INVALID_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_OpenSession", SC_ERROR_WRONG_CARD, CKR_TOKEN_NOT_RECOGNIZED}, + { "C_OpenSession", SC_ERROR_NO_CARD_SUPPORT, CKR_TOKEN_NOT_RECOGNIZED}, {NULL, 0, 0} }; @@ -87,7 +102,8 @@ static CK_RV sc_to_cryptoki_error_common(int rc) case SC_ERROR_INVALID_CARD: case SC_ERROR_WRONG_CARD: case SC_ERROR_NO_CARD_SUPPORT: - return CKR_TOKEN_NOT_RECOGNIZED; + /* CKR_TOKEN_NOT_RECOGNIZED is handled in sc_to_cryptoki_error() */ + return CKR_FUNCTION_NOT_SUPPORTED; case SC_ERROR_WRONG_LENGTH: return CKR_DATA_LEN_RANGE; case SC_ERROR_INVALID_PIN_LENGTH: