/src/nss/lib/pk11wrap/pk11err.c

Source (jump to first uncovered line)
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
 * this file maps PKCS11 Errors into SECErrors
 *  This is an information reducing process, since most errors are reflected
 *  back to the user (the user doesn't care about invalid flags, or active
 *  operations). If any of these errors need more detail in the upper layers
 *  which call PK11 library functions, we can add more SEC_ERROR_XXX functions
 *  and change there mappings here.
 *
 *  Some PKCS11 errors are mapped to SEC_ERROR_LIBRARY_FAILURE intentionally
 *  because they indicate that there is a bug in the library (either NSS or
 *  the token).
 */
#include "pkcs11t.h"
#include "pk11func.h"
#include "secerr.h"
#include "prerror.h"

#ifdef PK11_ERROR_USE_ARRAY

/*
 * build a static array of entries...
 */
static struct {
    CK_RV pk11_error;
    int sec_error;
} pk11_error_map = {
#define MAPERROR(x, y) { x, y },

#else

/* the default is to use a big switch statement */
int
PK11_MapError(CK_RV rv)
{

    switch (rv) {
#define MAPERROR(x, y) \
    case x:            \
        return y;

#endif

    /* the guts mapping */
    /* clang-format off */
    MAPERROR(CKR_OK, 0)
    MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
    MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
    MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS)
    MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
    MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
    MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN)
    MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN)
    MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_PKCS11_DEVICE_ERROR)
    MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
    MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)
    MAPERROR(CKR_DOMAIN_PARAMS_INVALID, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_ENCRYPTED_DATA_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_ENCRYPTED_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_FUNCTION_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_FUNCTION_FAILED, SEC_ERROR_PKCS11_FUNCTION_FAILED)
    MAPERROR(CKR_FUNCTION_NOT_PARALLEL, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_FUNCTION_NOT_SUPPORTED, PR_NOT_IMPLEMENTED_ERROR)
    MAPERROR(CKR_GENERAL_ERROR, SEC_ERROR_PKCS11_GENERAL_ERROR)
    MAPERROR(CKR_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_MECHANISM_INVALID, SEC_ERROR_INVALID_ALGORITHM)
    MAPERROR(CKR_MECHANISM_PARAM_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_NO_EVENT, SEC_ERROR_NO_EVENT)
    MAPERROR(CKR_OBJECT_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_OPERATION_ACTIVE, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_OPERATION_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_PIN_INCORRECT, SEC_ERROR_BAD_PASSWORD)
    MAPERROR(CKR_PIN_INVALID, SEC_ERROR_INVALID_PASSWORD)
    MAPERROR(CKR_PIN_LEN_RANGE, SEC_ERROR_INVALID_PASSWORD)
    MAPERROR(CKR_PIN_EXPIRED, SEC_ERROR_EXPIRED_PASSWORD)
    MAPERROR(CKR_PIN_LOCKED, SEC_ERROR_LOCKED_PASSWORD)
    MAPERROR(CKR_SESSION_CLOSED, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_SESSION_COUNT, SEC_ERROR_NO_MEMORY) /* XXXX? */
    MAPERROR(CKR_SESSION_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_SESSION_PARALLEL_NOT_SUPPORTED, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_SESSION_READ_ONLY, SEC_ERROR_READ_ONLY)
    MAPERROR(CKR_SIGNATURE_INVALID, SEC_ERROR_BAD_SIGNATURE)
    MAPERROR(CKR_SIGNATURE_LEN_RANGE, SEC_ERROR_BAD_SIGNATURE)
    MAPERROR(CKR_TEMPLATE_INCOMPLETE, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_TEMPLATE_INCONSISTENT, SEC_ERROR_BAD_DATA)
    MAPERROR(CKR_TOKEN_NOT_PRESENT, SEC_ERROR_NO_TOKEN)
    MAPERROR(CKR_TOKEN_NOT_RECOGNIZED, SEC_ERROR_IO)
    MAPERROR(CKR_TOKEN_WRITE_PROTECTED, SEC_ERROR_READ_ONLY)
    MAPERROR(CKR_UNWRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_UNWRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_USER_ALREADY_LOGGED_IN, 0)
    MAPERROR(CKR_USER_NOT_LOGGED_IN, SEC_ERROR_TOKEN_NOT_LOGGED_IN)
    MAPERROR(CKR_USER_PIN_NOT_INITIALIZED, SEC_ERROR_NO_TOKEN)
    MAPERROR(CKR_USER_TYPE_INVALID, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_WRAPPED_KEY_INVALID, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_WRAPPED_KEY_LEN_RANGE, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_WRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_WRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
    MAPERROR(CKR_VENDOR_DEFINED, SEC_ERROR_LIBRARY_FAILURE)
    MAPERROR(CKR_NSS_CERTDB_FAILED, SEC_ERROR_BAD_DATABASE)
    MAPERROR(CKR_NSS_KEYDB_FAILED, SEC_ERROR_BAD_DATABASE)
    MAPERROR(CKR_CANT_LOCK, SEC_ERROR_INCOMPATIBLE_PKCS11)
/* clang-format on */

#ifdef PK11_ERROR_USE_ARRAY
};

int
PK11_MapError(CK_RV rv)
{
    int size = sizeof(pk11_error_map) / sizeof(pk11_error_map[0]);

    for (i = 0; i < size; i++) {
        if (pk11_error_map[i].pk11_error == rv) {
            return pk11_error_map[i].sec_error;
        }
    }
    return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
}

#else

            /* clang-format off */
    default :
        break;
            /* clang-format on */
    }
    return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
}

#endif

Line	Count	Source (jump to first uncovered line)
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4		/*
5		* this file maps PKCS11 Errors into SECErrors
6		* This is an information reducing process, since most errors are reflected
7		* back to the user (the user doesn't care about invalid flags, or active
8		* operations). If any of these errors need more detail in the upper layers
9		* which call PK11 library functions, we can add more SEC_ERROR_XXX functions
10		* and change there mappings here.
11		*
12		* Some PKCS11 errors are mapped to SEC_ERROR_LIBRARY_FAILURE intentionally
13		* because they indicate that there is a bug in the library (either NSS or
14		* the token).
15		*/
16		#include "pkcs11t.h"
17		#include "pk11func.h"
18		#include "secerr.h"
19		#include "prerror.h"
20
21		#ifdef PK11_ERROR_USE_ARRAY
22
23		/*
24		* build a static array of entries...
25		*/
26		static struct {
27		CK_RV pk11_error;
28		int sec_error;
29		} pk11_error_map = {
30		#define MAPERROR(x, y) { x, y },
31
32		#else
33
34		/* the default is to use a big switch statement */
35		int
36		PK11_MapError(CK_RV rv)
37	0	{
38
39	0	switch (rv) {
40	0	#define MAPERROR(x, y) \
41	0	case x: \
42	0	return y;
43
44	0	#endif
45
46		/* the guts mapping */
47		/* clang-format off */
48	0	MAPERROR(CKR_OK, 0)
49	0	MAPERROR(CKR_CANCEL, SEC_ERROR_IO)
50	0	MAPERROR(CKR_HOST_MEMORY, SEC_ERROR_NO_MEMORY)
51	0	MAPERROR(CKR_SLOT_ID_INVALID, SEC_ERROR_BAD_DATA)
52	0	MAPERROR(CKR_ARGUMENTS_BAD, SEC_ERROR_INVALID_ARGS)
53	0	MAPERROR(CKR_ATTRIBUTE_READ_ONLY, SEC_ERROR_READ_ONLY)
54	0	MAPERROR(CKR_ATTRIBUTE_SENSITIVE, SEC_ERROR_IO) /* XX SENSITIVE */
55	0	MAPERROR(CKR_ATTRIBUTE_TYPE_INVALID, SEC_ERROR_BAD_DATA)
56	0	MAPERROR(CKR_ATTRIBUTE_VALUE_INVALID, SEC_ERROR_BAD_DATA)
57	0	MAPERROR(CKR_BUFFER_TOO_SMALL, SEC_ERROR_OUTPUT_LEN)
58	0	MAPERROR(CKR_DATA_INVALID, SEC_ERROR_BAD_DATA)
59	0	MAPERROR(CKR_DATA_LEN_RANGE, SEC_ERROR_INPUT_LEN)
60	0	MAPERROR(CKR_DEVICE_ERROR, SEC_ERROR_PKCS11_DEVICE_ERROR)
61	0	MAPERROR(CKR_DEVICE_MEMORY, SEC_ERROR_NO_MEMORY)
62	0	MAPERROR(CKR_DEVICE_REMOVED, SEC_ERROR_NO_TOKEN)
63	0	MAPERROR(CKR_DOMAIN_PARAMS_INVALID, SEC_ERROR_INVALID_KEY)
64	0	MAPERROR(CKR_ENCRYPTED_DATA_INVALID, SEC_ERROR_BAD_DATA)
65	0	MAPERROR(CKR_ENCRYPTED_DATA_LEN_RANGE, SEC_ERROR_BAD_DATA)
66	0	MAPERROR(CKR_FUNCTION_CANCELED, SEC_ERROR_LIBRARY_FAILURE)
67	0	MAPERROR(CKR_FUNCTION_FAILED, SEC_ERROR_PKCS11_FUNCTION_FAILED)
68	0	MAPERROR(CKR_FUNCTION_NOT_PARALLEL, SEC_ERROR_LIBRARY_FAILURE)
69	0	MAPERROR(CKR_FUNCTION_NOT_SUPPORTED, PR_NOT_IMPLEMENTED_ERROR)
70	0	MAPERROR(CKR_GENERAL_ERROR, SEC_ERROR_PKCS11_GENERAL_ERROR)
71	0	MAPERROR(CKR_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
72	0	MAPERROR(CKR_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
73	0	MAPERROR(CKR_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
74	0	MAPERROR(CKR_MECHANISM_INVALID, SEC_ERROR_INVALID_ALGORITHM)
75	0	MAPERROR(CKR_MECHANISM_PARAM_INVALID, SEC_ERROR_BAD_DATA)
76	0	MAPERROR(CKR_NO_EVENT, SEC_ERROR_NO_EVENT)
77	0	MAPERROR(CKR_OBJECT_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
78	0	MAPERROR(CKR_OPERATION_ACTIVE, SEC_ERROR_LIBRARY_FAILURE)
79	0	MAPERROR(CKR_OPERATION_NOT_INITIALIZED, SEC_ERROR_LIBRARY_FAILURE)
80	0	MAPERROR(CKR_PIN_INCORRECT, SEC_ERROR_BAD_PASSWORD)
81	0	MAPERROR(CKR_PIN_INVALID, SEC_ERROR_INVALID_PASSWORD)
82	0	MAPERROR(CKR_PIN_LEN_RANGE, SEC_ERROR_INVALID_PASSWORD)
83	0	MAPERROR(CKR_PIN_EXPIRED, SEC_ERROR_EXPIRED_PASSWORD)
84	0	MAPERROR(CKR_PIN_LOCKED, SEC_ERROR_LOCKED_PASSWORD)
85	0	MAPERROR(CKR_SESSION_CLOSED, SEC_ERROR_LIBRARY_FAILURE)
86	0	MAPERROR(CKR_SESSION_COUNT, SEC_ERROR_NO_MEMORY) /* XXXX? */
87	0	MAPERROR(CKR_SESSION_HANDLE_INVALID, SEC_ERROR_BAD_DATA)
88	0	MAPERROR(CKR_SESSION_PARALLEL_NOT_SUPPORTED, SEC_ERROR_LIBRARY_FAILURE)
89	0	MAPERROR(CKR_SESSION_READ_ONLY, SEC_ERROR_READ_ONLY)
90	0	MAPERROR(CKR_SIGNATURE_INVALID, SEC_ERROR_BAD_SIGNATURE)
91	0	MAPERROR(CKR_SIGNATURE_LEN_RANGE, SEC_ERROR_BAD_SIGNATURE)
92	0	MAPERROR(CKR_TEMPLATE_INCOMPLETE, SEC_ERROR_BAD_DATA)
93	0	MAPERROR(CKR_TEMPLATE_INCONSISTENT, SEC_ERROR_BAD_DATA)
94	0	MAPERROR(CKR_TOKEN_NOT_PRESENT, SEC_ERROR_NO_TOKEN)
95	0	MAPERROR(CKR_TOKEN_NOT_RECOGNIZED, SEC_ERROR_IO)
96	0	MAPERROR(CKR_TOKEN_WRITE_PROTECTED, SEC_ERROR_READ_ONLY)
97	0	MAPERROR(CKR_UNWRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
98	0	MAPERROR(CKR_UNWRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
99	0	MAPERROR(CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
100	0	MAPERROR(CKR_USER_ALREADY_LOGGED_IN, 0)
101	0	MAPERROR(CKR_USER_NOT_LOGGED_IN, SEC_ERROR_TOKEN_NOT_LOGGED_IN)
102	0	MAPERROR(CKR_USER_PIN_NOT_INITIALIZED, SEC_ERROR_NO_TOKEN)
103	0	MAPERROR(CKR_USER_TYPE_INVALID, SEC_ERROR_LIBRARY_FAILURE)
104	0	MAPERROR(CKR_WRAPPED_KEY_INVALID, SEC_ERROR_INVALID_KEY)
105	0	MAPERROR(CKR_WRAPPED_KEY_LEN_RANGE, SEC_ERROR_INVALID_KEY)
106	0	MAPERROR(CKR_WRAPPING_KEY_HANDLE_INVALID, SEC_ERROR_INVALID_KEY)
107	0	MAPERROR(CKR_WRAPPING_KEY_SIZE_RANGE, SEC_ERROR_INVALID_KEY)
108	0	MAPERROR(CKR_WRAPPING_KEY_TYPE_INCONSISTENT, SEC_ERROR_INVALID_KEY)
109	0	MAPERROR(CKR_VENDOR_DEFINED, SEC_ERROR_LIBRARY_FAILURE)
110	0	MAPERROR(CKR_NSS_CERTDB_FAILED, SEC_ERROR_BAD_DATABASE)
111	0	MAPERROR(CKR_NSS_KEYDB_FAILED, SEC_ERROR_BAD_DATABASE)
112	0	MAPERROR(CKR_CANT_LOCK, SEC_ERROR_INCOMPATIBLE_PKCS11)
113		/* clang-format on */
114
115		#ifdef PK11_ERROR_USE_ARRAY
116		};
117
118		int
119		PK11_MapError(CK_RV rv)
120		{
121		int size = sizeof(pk11_error_map) / sizeof(pk11_error_map[0]);
122
123		for (i = 0; i < size; i++) {
124		if (pk11_error_map[i].pk11_error == rv) {
125		return pk11_error_map[i].sec_error;
126		}
127		}
128		return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
129		}
130
131		#else
132
133		/* clang-format off */
134	0	default :
135	0	break;
136		/* clang-format on */
137	0	}
138	0	return SEC_ERROR_UNKNOWN_PKCS11_ERROR;
139	0	}
140
141		#endif

Coverage Report

Created: 2025-08-18 06:34