/src/nss-nspr/nss/lib/pk11wrap/pk11err.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | /* |
5 | | * this file maps PKCS11 Errors into SECErrors |
6 | | * This is an information reducing process, since most errors are reflected |
7 | | * back to the user (the user doesn't care about invalid flags, or active |
8 | | * operations). If any of these errors need more detail in the upper layers |
9 | | * which call PK11 library functions, we can add more SEC_ERROR_XXX functions |
10 | | * and change there mappings here. |
11 | | * |
12 | | * Some PKCS11 errors are mapped to SEC_ERROR_LIBRARY_FAILURE intentionally |
13 | | * because they indicate that there is a bug in the library (either NSS or |
14 | | * the token). |
15 | | */ |
16 | | #include "pkcs11t.h" |
17 | | #include "pk11func.h" |
18 | | #include "secerr.h" |
19 | | #include "prerror.h" |
20 | | |
21 | | #ifdef PK11_ERROR_USE_ARRAY |
22 | | |
23 | | /* |
24 | | * build a static array of entries... |
25 | | */ |
26 | | static struct { |
27 | | CK_RV pk11_error; |
28 | | int sec_error; |
29 | | } pk11_error_map = { |
30 | | #define MAPERROR(x, y) { x, y }, |
31 | | |
32 | | #else |
33 | | |
34 | | /* the default is to use a big switch statement */ |
35 | | int |
36 | | PK11_MapError(CK_RV rv) |
37 | 155 | { |
38 | | |
39 | 155 | switch (rv) { |
40 | 0 | #define MAPERROR(x, y) \ |
41 | 155 | case x: \ |
42 | 155 | return y; |
43 | | |
44 | 0 | #endif |
45 | | |
46 | | /* the guts mapping */ |
47 | | /* clang-format off */ |
48 | 0 | MAPERROR(CKR_OK, 0) |
49 | 0 | MAPERROR(CKR_CANCEL, SEC_ERROR_IO) |
50 | 12 | MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY) |
51 | 0 | MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA) |
52 | 9 | MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS) |
53 | 0 | MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY) |
54 | 0 | MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */ |
55 | 0 | MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA) |
56 | 0 | MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA) |
57 | 2 | MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN) |
58 | 0 | MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA) |
59 | 10 | MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN) |
60 | 0 | MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_PKCS11_DEVICE_ERROR) |
61 | 0 | MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY) |
62 | 0 | MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN) |
63 | 1 | MAPERROR(CKR_DOMAIN_PARAMS_INVALID, SEC_ERROR_INVALID_KEY) |
64 | 8 | MAPERROR(CKR_ENCRYPTED_DATA_INVALID, SEC_ERROR_BAD_DATA) |
65 | 0 | MAPERROR(CKR_ENCRYPTED_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA) |
66 | 0 | MAPERROR(CKR_FUNCTION_CANCELED, SEC_ERROR_LIBRARY_FAILURE) |
67 | 0 | MAPERROR(CKR_FUNCTION_FAILED, SEC_ERROR_PKCS11_FUNCTION_FAILED) |
68 | 0 | MAPERROR(CKR_FUNCTION_NOT_PARALLEL, SEC_ERROR_LIBRARY_FAILURE) |
69 | 0 | MAPERROR(CKR_FUNCTION_NOT_SUPPORTED, PR_NOT_IMPLEMENTED_ERROR) |
70 | 0 | MAPERROR(CKR_GENERAL_ERROR, SEC_ERROR_PKCS11_GENERAL_ERROR) |
71 | 0 | MAPERROR(CKR_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY) |
72 | 61 | MAPERROR(CKR_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY) |
73 | 0 | MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY) |
74 | 38 | MAPERROR(CKR_MECHANISM_INVALID, SEC_ERROR_INVALID_ALGORITHM) |
75 | 5 | MAPERROR(CKR_MECHANISM_PARAM_INVALID, SEC_ERROR_BAD_DATA) |
76 | 0 | MAPERROR(CKR_NO_EVENT, SEC_ERROR_NO_EVENT) |
77 | 0 | MAPERROR(CKR_OBJECT_HANDLE_INVALID, SEC_ERROR_BAD_DATA) |
78 | 0 | MAPERROR(CKR_OPERATION_ACTIVE, SEC_ERROR_LIBRARY_FAILURE) |
79 | 0 | MAPERROR(CKR_OPERATION_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE) |
80 | 0 | MAPERROR(CKR_PIN_INCORRECT, SEC_ERROR_BAD_PASSWORD) |
81 | 0 | MAPERROR(CKR_PIN_INVALID, SEC_ERROR_INVALID_PASSWORD) |
82 | 0 | MAPERROR(CKR_PIN_LEN_RANGE, SEC_ERROR_INVALID_PASSWORD) |
83 | 0 | MAPERROR(CKR_PIN_EXPIRED, SEC_ERROR_EXPIRED_PASSWORD) |
84 | 0 | MAPERROR(CKR_PIN_LOCKED, SEC_ERROR_LOCKED_PASSWORD) |
85 | 0 | MAPERROR(CKR_SESSION_CLOSED, SEC_ERROR_LIBRARY_FAILURE) |
86 | 0 | MAPERROR(CKR_SESSION_COUNT, SEC_ERROR_NO_MEMORY) /* XXXX? */ |
87 | 0 | MAPERROR(CKR_SESSION_HANDLE_INVALID, SEC_ERROR_BAD_DATA) |
88 | 0 | MAPERROR(CKR_SESSION_PARALLEL_NOT_SUPPORTED, SEC_ERROR_LIBRARY_FAILURE) |
89 | 0 | MAPERROR(CKR_SESSION_READ_ONLY, SEC_ERROR_READ_ONLY) |
90 | 0 | MAPERROR(CKR_SIGNATURE_INVALID, SEC_ERROR_BAD_SIGNATURE) |
91 | 0 | MAPERROR(CKR_SIGNATURE_LEN_RANGE, SEC_ERROR_BAD_SIGNATURE) |
92 | 0 | MAPERROR(CKR_TEMPLATE_INCOMPLETE, SEC_ERROR_BAD_DATA) |
93 | 9 | MAPERROR(CKR_TEMPLATE_INCONSISTENT, SEC_ERROR_BAD_DATA) |
94 | 0 | MAPERROR(CKR_TOKEN_NOT_PRESENT, SEC_ERROR_NO_TOKEN) |
95 | 0 | MAPERROR(CKR_TOKEN_NOT_RECOGNIZED, SEC_ERROR_IO) |
96 | 0 | MAPERROR(CKR_TOKEN_WRITE_PROTECTED, SEC_ERROR_READ_ONLY) |
97 | 0 | MAPERROR(CKR_UNWRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY) |
98 | 0 | MAPERROR(CKR_UNWRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY) |
99 | 0 | MAPERROR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY) |
100 | 0 | MAPERROR(CKR_USER_ALREADY_LOGGED_IN, 0) |
101 | 0 | MAPERROR(CKR_USER_NOT_LOGGED_IN, SEC_ERROR_TOKEN_NOT_LOGGED_IN) |
102 | 0 | MAPERROR(CKR_USER_PIN_NOT_INITIALIZED, SEC_ERROR_NO_TOKEN) |
103 | 0 | MAPERROR(CKR_USER_TYPE_INVALID, SEC_ERROR_LIBRARY_FAILURE) |
104 | 0 | MAPERROR(CKR_WRAPPED_KEY_INVALID, SEC_ERROR_INVALID_KEY) |
105 | 0 | MAPERROR(CKR_WRAPPED_KEY_LEN_RANGE, SEC_ERROR_INVALID_KEY) |
106 | 0 | MAPERROR(CKR_WRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY) |
107 | 0 | MAPERROR(CKR_WRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY) |
108 | 0 | MAPERROR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY) |
109 | 0 | MAPERROR(CKR_VENDOR_DEFINED, SEC_ERROR_LIBRARY_FAILURE) |
110 | 0 | MAPERROR(CKR_NSS_CERTDB_FAILED, SEC_ERROR_BAD_DATABASE) |
111 | 0 | MAPERROR(CKR_NSS_KEYDB_FAILED, SEC_ERROR_BAD_DATABASE) |
112 | 0 | MAPERROR(CKR_CANT_LOCK, SEC_ERROR_INCOMPATIBLE_PKCS11) |
113 | | /* clang-format on */ |
114 | | |
115 | | #ifdef PK11_ERROR_USE_ARRAY |
116 | | }; |
117 | | |
118 | | int |
119 | | PK11_MapError(CK_RV rv) |
120 | | { |
121 | | int size = sizeof(pk11_error_map) / sizeof(pk11_error_map[0]); |
122 | | |
123 | | for (i = 0; i < size; i++) { |
124 | | if (pk11_error_map[i].pk11_error == rv) { |
125 | | return pk11_error_map[i].sec_error; |
126 | | } |
127 | | } |
128 | | return SEC_ERROR_UNKNOWN_PKCS11_ERROR; |
129 | | } |
130 | | |
131 | | #else |
132 | | |
133 | | /* clang-format off */ |
134 | 0 | default : |
135 | 0 | break; |
136 | | /* clang-format on */ |
137 | 155 | } |
138 | 0 | return SEC_ERROR_UNKNOWN_PKCS11_ERROR; |
139 | 155 | } |
140 | | |
141 | | #endif |