00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011 #include <net-snmp/net-snmp-config.h>
00012 #ifdef NETSNMP_USE_PKCS11
00013 #include <net-snmp/types.h>
00014 #include <net-snmp/output_api.h>
00015 #include <net-snmp/config_api.h>
00016 #include <net-snmp/library/snmp_api.h>
00017 #include <net-snmp/library/tools.h>
00018 #include <net-snmp/library/keytools.h>
00019 #include <net-snmp/library/scapi.h>
00020 #include <net-snmp/library/callback.h>
00021 #include <security/cryptoki.h>
00022
00023 typedef struct netsnmp_pkcs_slot_session_s {
00024 CK_SLOT_ID sid;
00025 CK_SESSION_HANDLE hdl;
00026 } netsnmp_pkcs_slot_session;
00027
00028 typedef struct netsnmp_pkcs_slot_info_s {
00029 int count;
00030 netsnmp_pkcs_slot_session *pSession;
00031 } netsnmp_pkcs_slot_info;
00032
00033 static CK_RV get_session_handle(CK_MECHANISM_TYPE, CK_FLAGS,\
00034 CK_SESSION_HANDLE_PTR);
00035 static CK_RV get_slot_session_handle(netsnmp_pkcs_slot_session *,\
00036 CK_SESSION_HANDLE_PTR);
00037 static char *pkcserr_string(CK_RV);
00038 static int free_slots(int, int, void *, void *);
00039
00040 static netsnmp_pkcs_slot_info *pSlot = NULL;
00041
00042
00043
00044
00045 int
00046 pkcs_init(void)
00047 {
00048 CK_RV rv;
00049 CK_ULONG slotcount;
00050 CK_SLOT_ID_PTR pSlotList = NULL;
00051 netsnmp_pkcs_slot_session *tmp;
00052 int i, rval = SNMPERR_SUCCESS;
00053
00054 if ((rv = C_Initialize(NULL)) != CKR_OK) {
00055 DEBUGMSGTL(("pkcs_init", "C_Initialize failed: %s",
00056 pkcserr_string(rv)));
00057 return SNMPERR_SC_NOT_CONFIGURED;
00058 }
00059
00060
00061 rv = C_GetSlotList(1, NULL_PTR, &slotcount);
00062 if (rv != CKR_OK || slotcount == 0) {
00063 DEBUGMSGTL(("pkcs_init", "C_GetSlotList failed: %s",
00064 pkcserr_string(rv)));
00065 QUITFUN(SNMPERR_GENERR, pkcs_init_quit);
00066 }
00067
00068
00069 pSlotList = malloc(slotcount * sizeof (CK_SLOT_ID));
00070 pSlot = malloc(sizeof (netsnmp_pkcs_slot_info));
00071 pSlot->pSession = malloc(slotcount * sizeof (netsnmp_pkcs_slot_session));
00072
00073 if (pSlotList == NULL_PTR ||
00074 pSlot == NULL_PTR ||
00075 pSlot->pSession == NULL_PTR) {
00076 DEBUGMSGTL(("pkcs_init","malloc failed."));
00077 QUITFUN(SNMPERR_GENERR, pkcs_init_quit);
00078 }
00079
00080
00081 if ((rv = C_GetSlotList(1, pSlotList, &slotcount)) != CKR_OK) {
00082 DEBUGMSGTL(("pkcs_init", "C_GetSlotList failed: %s",
00083 pkcserr_string(rv)));
00084 QUITFUN(SNMPERR_GENERR, pkcs_init_quit);
00085 }
00086
00087
00088 pSlot->count = slotcount;
00089 for (i = 0, tmp = pSlot->pSession; i < slotcount; i++, tmp++) {
00090 tmp->sid = pSlotList[i];
00091 tmp->hdl = NULL;
00092 }
00093
00094 snmp_register_callback(SNMP_CALLBACK_LIBRARY, SNMP_CALLBACK_SHUTDOWN,
00095 free_slots, NULL);
00096
00097 pkcs_init_quit:
00098 SNMP_FREE(pSlotList);
00099 return rval;
00100 }
00101
00102
00103
00104
00105 static int
00106 free_slots(int majorID, int minorID, void *serverarg, void *clientarg)
00107 {
00108 int slotcount, i;
00109
00110 (void) C_Finalize(NULL);
00111
00112 if (pSlot != NULL) {
00113 slotcount = pSlot->count;
00114 for (i = 0; i < slotcount; i++) {
00115 if (pSlot->pSession != NULL) {
00116 free(pSlot->pSession->hdl);
00117 }
00118 }
00119 free(pSlot);
00120 }
00121
00122 return 0;
00123 }
00124
00125
00126
00127
00128 int
00129 pkcs_random(u_char * buf, size_t buflen)
00130 {
00131 CK_SESSION_HANDLE hSession;
00132
00133 if (pSlot != NULL &&
00134 get_slot_session_handle(pSlot->pSession, &hSession) == CKR_OK &&
00135 C_GenerateRandom(hSession, buf, buflen) == CKR_OK) {
00136 return SNMPERR_SUCCESS;
00137 }
00138
00139 return SNMPERR_GENERR;
00140 }
00141
00142
00143
00144
00145
00146 static CK_RV
00147 get_session_handle(CK_MECHANISM_TYPE mech_type, CK_FLAGS flag,
00148 CK_SESSION_HANDLE_PTR sess)
00149 {
00150 CK_RV rv = CKR_OK;
00151 CK_MECHANISM_INFO info;
00152 netsnmp_pkcs_slot_session *p = NULL;
00153 int i, slotcount = 0;
00154
00155 if (pSlot) {
00156 slotcount = pSlot->count;
00157 p = pSlot->pSession;
00158 }
00159
00160
00161 for (i = 0; i < slotcount; i++, p++) {
00162 rv = C_GetMechanismInfo(p->sid, mech_type, &info);
00163
00164 if (rv != CKR_OK) {
00165 continue;
00166 } else {
00167 if (info.flags & flag) {
00168 rv = get_slot_session_handle(p, sess);
00169 break;
00170 }
00171 }
00172 }
00173
00174
00175 if (i == slotcount) {
00176 DEBUGMSGTL(("pkcs_init","No cryptographic provider for %s",
00177 mech_type));
00178 return CKR_SESSION_HANDLE_INVALID;
00179 }
00180
00181 return rv;
00182 }
00183
00184
00185
00186
00187 static CK_RV
00188 get_slot_session_handle(netsnmp_pkcs_slot_session *p,
00189 CK_SESSION_HANDLE_PTR sess)
00190 {
00191 CK_RV rv = CKR_OK;
00192 if (p == NULL) {
00193 *sess = NULL;
00194 return CKR_SESSION_HANDLE_INVALID;
00195 }
00196
00197 if (p->hdl == NULL) {
00198
00199 rv = C_OpenSession(p->sid, CKF_SERIAL_SESSION,
00200 NULL_PTR, NULL, &p->hdl);
00201
00202 if (rv != CKR_OK) {
00203 DEBUGMSGTL(("get_slot_session_handle","can not open PKCS #11 session: %s",
00204 pkcserr_string(rv)));
00205 }
00206 }
00207 *sess = p->hdl;
00208
00209 return rv;
00210 }
00211
00212
00213
00214
00215 int
00216 pkcs_sign(CK_MECHANISM_TYPE mech_type, u_char * key, u_int keylen,
00217 u_char * msg, u_int msglen, u_char * mac, size_t * maclen)
00218 {
00219
00220
00221
00222 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
00223 CK_KEY_TYPE keytype = CKK_GENERIC_SECRET;
00224 CK_BBOOL truevalue = TRUE;
00225 CK_BBOOL falsevalue= FALSE;
00226 CK_ATTRIBUTE template[] = {
00227 {CKA_CLASS, &class, sizeof (class)},
00228 {CKA_KEY_TYPE, &keytype, sizeof (keytype)},
00229 {CKA_SIGN, &truevalue, sizeof (truevalue)},
00230 {CKA_TOKEN, &falsevalue, sizeof (falsevalue)},
00231 {CKA_VALUE, key, keylen}
00232 };
00233 CK_SESSION_HANDLE hSession;
00234 CK_MECHANISM mech;
00235 CK_OBJECT_HANDLE hkey = (CK_OBJECT_HANDLE) 0;
00236 int rval = SNMPERR_SUCCESS;
00237 if (get_session_handle(mech_type, CKF_SIGN, &hSession) != CKR_OK ||
00238 hSession == NULL) {
00239 QUITFUN(SNMPERR_GENERR, pkcs_sign_quit);
00240 }
00241
00242
00243 if (C_CreateObject(hSession, template,
00244 (sizeof (template) / sizeof (CK_ATTRIBUTE)), &hkey) != CKR_OK) {
00245 QUITFUN(SNMPERR_GENERR, pkcs_sign_quit);
00246 }
00247
00248 mech.mechanism = mech_type;
00249 mech.pParameter = NULL_PTR;
00250 mech.ulParameterLen = 0;
00251
00252
00253 if (C_SignInit(hSession, &mech, hkey) != CKR_OK ) {
00254 QUITFUN(SNMPERR_GENERR, pkcs_sign_quit);
00255 }
00256
00257 if (C_SignUpdate(hSession, msg, msglen) != CKR_OK) {
00258 QUITFUN(SNMPERR_GENERR, pkcs_sign_quit);
00259 }
00260
00261 if (C_SignFinal(hSession, mac, maclen) != CKR_OK) {
00262 QUITFUN(SNMPERR_GENERR, pkcs_sign_quit);
00263 }
00264
00265 pkcs_sign_quit:
00266
00267 if (key != (CK_OBJECT_HANDLE) 0) {
00268 (void) C_DestroyObject(hSession, hkey);
00269 }
00270 return rval;
00271 }
00272
00273
00274
00275
00276 int
00277 pkcs_digest(CK_MECHANISM_TYPE mech_type, u_char * msg, u_int msglen,
00278 u_char * digest, size_t * digestlen)
00279 {
00280 int rval = SNMPERR_SUCCESS;
00281 CK_SESSION_HANDLE hSession;
00282 CK_MECHANISM mech;
00283 if (get_session_handle(mech_type, CKF_DIGEST, &hSession) != CKR_OK ||
00284 hSession == NULL) {
00285 QUITFUN(SNMPERR_GENERR, pkcs_digest_quit);
00286 }
00287
00288 mech.mechanism = mech_type;
00289 mech.pParameter = NULL_PTR;
00290 mech.ulParameterLen = 0;
00291
00292
00293 if (C_DigestInit(hSession, &mech)!= CKR_OK ) {
00294 QUITFUN(SNMPERR_GENERR, pkcs_digest_quit);
00295 }
00296
00297 if (C_DigestUpdate(hSession, msg, msglen) != CKR_OK ) {
00298 QUITFUN(SNMPERR_GENERR, pkcs_digest_quit);
00299 }
00300
00301 if (C_DigestFinal(hSession, digest, digestlen) != CKR_OK) {
00302 QUITFUN(SNMPERR_GENERR, pkcs_digest_quit);
00303 }
00304
00305 pkcs_digest_quit:
00306 return rval;
00307 }
00308
00309
00310
00311
00312 int
00313 pkcs_encrpyt(CK_MECHANISM_TYPE mech_type, u_char * key, u_int keylen,
00314 u_char * iv, u_int ivlen,
00315 u_char * plaintext, u_int ptlen,
00316 u_char * ciphertext, size_t * ctlen)
00317 {
00318 int rval = SNMPERR_SUCCESS;
00319 int pad_size, offset;
00320
00321
00322
00323 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
00324 CK_KEY_TYPE keytype = CKK_DES;
00325
00326 CK_BBOOL truevalue = TRUE;
00327 CK_BBOOL falsevalue = FALSE;
00328
00329 CK_ATTRIBUTE template[] = {
00330 {CKA_CLASS, &class, sizeof (class)},
00331 {CKA_KEY_TYPE, &keytype, sizeof (keytype)},
00332 {CKA_ENCRYPT, &truevalue, sizeof (truevalue)},
00333 {CKA_TOKEN, &falsevalue, sizeof (falsevalue)},
00334 {CKA_VALUE, key, keylen}
00335 };
00336
00337 CK_SESSION_HANDLE hSession;
00338 CK_MECHANISM mech;
00339 CK_OBJECT_HANDLE hkey = (CK_OBJECT_HANDLE) 0;
00340
00341 if (get_session_handle(mech_type, CKF_ENCRYPT,
00342 &hSession) != CKR_OK ||
00343 hSession == NULL) {
00344 QUITFUN(SNMPERR_GENERR, pkcs_encrypt_quit);
00345 }
00346
00347 if (C_CreateObject(hSession, template,
00348 (sizeof (template) / sizeof (CK_ATTRIBUTE)),
00349 &hkey) != CKR_OK) {
00350 QUITFUN(SNMPERR_GENERR, pkcs_encrypt_quit);
00351 }
00352
00353 mech.mechanism = mech_type;
00354 mech.pParameter = iv;
00355 mech.ulParameterLen = ivlen;
00356
00357
00358 if (C_EncryptInit(hSession, &mech, hkey) != CKR_OK ) {
00359 QUITFUN(SNMPERR_GENERR, pkcs_encrypt_quit);
00360 }
00361
00362
00363 pad_size = BYTESIZE(SNMP_TRANS_PRIVLEN_1DES);
00364
00365 if (ptlen + pad_size - ptlen % pad_size > *ctlen) {
00366 QUITFUN(SNMPERR_GENERR, pkcs_encrypt_quit);
00367 }
00368
00369 for (offset = 0; offset < ptlen; offset += pad_size) {
00370
00371 if (C_EncryptUpdate(hSession, plaintext + offset, pad_size,
00372 ciphertext + offset, ctlen) != CKR_OK) {
00373 QUITFUN(SNMPERR_GENERR, pkcs_encrypt_quit);
00374 }
00375 }
00376
00377
00378 if (C_EncryptFinal(hSession, ciphertext + offset, ctlen) != CKR_OK) {
00379 QUITFUN(SNMPERR_GENERR, pkcs_encrypt_quit);
00380 }
00381 *ctlen = offset;
00382
00383 pkcs_encrypt_quit:
00384 if (key != (CK_OBJECT_HANDLE) 0) {
00385 (void) C_DestroyObject(hSession, hkey);
00386 }
00387 return rval;
00388 }
00389
00390
00391
00392
00393 int
00394 pkcs_decrpyt(CK_MECHANISM_TYPE mech_type, u_char * key, u_int keylen,
00395 u_char * iv, u_int ivlen,
00396 u_char * ciphertext, u_int ctlen,
00397 u_char * plaintext, size_t * ptlen)
00398 {
00399 int rval = SNMPERR_SUCCESS;
00400
00401
00402
00403 CK_OBJECT_CLASS class = CKO_SECRET_KEY;
00404 CK_KEY_TYPE keytype = CKK_DES;
00405
00406 CK_BBOOL truevalue = TRUE;
00407 CK_BBOOL falsevalue= FALSE;
00408 CK_ATTRIBUTE template[] = {
00409 {CKA_CLASS, &class, sizeof (class)},
00410 {CKA_KEY_TYPE, &keytype, sizeof (keytype)},
00411 {CKA_DECRYPT, &truevalue, sizeof (truevalue)},
00412 {CKA_TOKEN, &falsevalue, sizeof (falsevalue)},
00413 {CKA_VALUE, key, keylen}
00414 };
00415 CK_SESSION_HANDLE hSession;
00416 CK_MECHANISM mech;
00417 CK_OBJECT_HANDLE hkey = (CK_OBJECT_HANDLE) 0;
00418
00419 if (get_session_handle(mech_type, CKF_DECRYPT, &hSession) != CKR_OK ||
00420 hSession == NULL) {
00421 QUITFUN(SNMPERR_GENERR, pkcs_decrypt_quit);
00422 }
00423
00424 if (C_CreateObject(hSession, template,
00425 (sizeof (template) / sizeof (CK_ATTRIBUTE)), &hkey) != CKR_OK) {
00426 QUITFUN(SNMPERR_GENERR, pkcs_decrypt_quit);
00427 }
00428
00429 mech.mechanism = mech_type;
00430 mech.pParameter = iv;
00431 mech.ulParameterLen = ivlen;
00432
00433
00434 if (C_DecryptInit(hSession, &mech, hkey) != CKR_OK ) {
00435 QUITFUN(SNMPERR_GENERR, pkcs_decrypt_quit);
00436 }
00437
00438 if (C_DecryptUpdate(hSession, ciphertext, ctlen, plaintext,
00439 ptlen) != CKR_OK) {
00440 QUITFUN(SNMPERR_GENERR, pkcs_decrypt_quit);
00441 }
00442
00443 if (C_DecryptFinal(hSession, plaintext, ptlen) != CKR_OK) {
00444 QUITFUN(SNMPERR_GENERR, pkcs_decrypt_quit);
00445 }
00446
00447 pkcs_decrypt_quit:
00448 if (key != (CK_OBJECT_HANDLE) 0) {
00449 (void) C_DestroyObject(hSession, hkey);
00450 }
00451 return rval;
00452 }
00453
00454
00455
00456
00457
00458 int
00459 pkcs_generate_Ku(CK_MECHANISM_TYPE mech_type, u_char * passphrase, u_int pplen,
00460 u_char * Ku, size_t * kulen)
00461 {
00462 int rval = SNMPERR_SUCCESS, nbytes = USM_LENGTH_EXPANDED_PASSPHRASE;
00463 CK_SESSION_HANDLE hSession;
00464 CK_MECHANISM mech;
00465 u_int i, pindex = 0;
00466 u_char buf[USM_LENGTH_KU_HASHBLOCK], *bufp;
00467
00468 if (get_session_handle(mech_type, CKF_DIGEST, &hSession) != CKR_OK ||
00469 hSession == NULL) {
00470 QUITFUN(SNMPERR_GENERR, pkcs_generate_Ku_quit);
00471 }
00472
00473 mech.mechanism = mech_type;
00474 mech.pParameter = NULL_PTR;
00475 mech.ulParameterLen = 0;
00476
00477
00478 if (C_DigestInit(hSession, &mech)!= CKR_OK ) {
00479 QUITFUN(SNMPERR_GENERR, pkcs_generate_Ku_quit);
00480 }
00481
00482 while (nbytes > 0) {
00483 bufp = buf;
00484 for (i = 0; i < USM_LENGTH_KU_HASHBLOCK; i++) {
00485
00486
00487
00488
00489 *bufp++ = passphrase[pindex++ % pplen];
00490 }
00491
00492 if (C_DigestUpdate(hSession, buf, USM_LENGTH_KU_HASHBLOCK) != CKR_OK ) {
00493 QUITFUN(SNMPERR_GENERR, pkcs_generate_Ku_quit);
00494 }
00495 nbytes -= USM_LENGTH_KU_HASHBLOCK;
00496 }
00497
00498 if (C_DigestFinal(hSession, Ku, kulen) != CKR_OK) {
00499 QUITFUN(SNMPERR_GENERR, pkcs_generate_Ku_quit);
00500 }
00501
00502 pkcs_generate_Ku_quit:
00503 return rval;
00504 }
00505
00506
00507
00508
00509
00510 static char *
00511 pkcserr_string(CK_RV rv)
00512 {
00513 static char errstr[128];
00514 switch (rv) {
00515 case CKR_OK:
00516 return ("CKR_OK");
00517 break;
00518 case CKR_CANCEL:
00519 return ("CKR_CANCEL");
00520 break;
00521 case CKR_HOST_MEMORY:
00522 return ("CKR_HOST_MEMORY");
00523 break;
00524 case CKR_SLOT_ID_INVALID:
00525 return ("CKR_SLOT_ID_INVALID");
00526 break;
00527 case CKR_GENERAL_ERROR:
00528 return ("CKR_GENERAL_ERROR");
00529 break;
00530 case CKR_FUNCTION_FAILED:
00531 return ("CKR_FUNCTION_FAILED");
00532 break;
00533 case CKR_ARGUMENTS_BAD:
00534 return ("CKR_ARGUMENTS_BAD");
00535 break;
00536 case CKR_NO_EVENT:
00537 return ("CKR_NO_EVENT");
00538 break;
00539 case CKR_NEED_TO_CREATE_THREADS:
00540 return ("CKR_NEED_TO_CREATE_THREADS");
00541 break;
00542 case CKR_CANT_LOCK:
00543 return ("CKR_CANT_LOCK");
00544 break;
00545 case CKR_ATTRIBUTE_READ_ONLY:
00546 return ("CKR_ATTRIBUTE_READ_ONLY");
00547 break;
00548 case CKR_ATTRIBUTE_SENSITIVE:
00549 return ("CKR_ATTRIBUTE_SENSITIVE");
00550 break;
00551 case CKR_ATTRIBUTE_TYPE_INVALID:
00552 return ("CKR_ATTRIBUTE_TYPE_INVALID");
00553 break;
00554 case CKR_ATTRIBUTE_VALUE_INVALID:
00555 return ("CKR_ATTRIBUTE_VALUE_INVALID");
00556 break;
00557 case CKR_DATA_INVALID:
00558 return ("CKR_DATA_INVALID");
00559 break;
00560 case CKR_DATA_LEN_RANGE:
00561 return ("CKR_DATA_LEN_RANGE");
00562 break;
00563 case CKR_DEVICE_ERROR:
00564 return ("CKR_DEVICE_ERROR");
00565 break;
00566 case CKR_DEVICE_MEMORY:
00567 return ("CKR_DEVICE_MEMORY");
00568 break;
00569 case CKR_DEVICE_REMOVED:
00570 return ("CKR_DEVICE_REMOVED");
00571 break;
00572 case CKR_ENCRYPTED_DATA_INVALID:
00573 return ("CKR_ENCRYPTED_DATA_INVALID");
00574 break;
00575 case CKR_ENCRYPTED_DATA_LEN_RANGE:
00576 return ("CKR_ENCRYPTED_DATA_LEN_RANGE");
00577 break;
00578 case CKR_FUNCTION_CANCELED:
00579 return ("CKR_FUNCTION_CANCELED");
00580 break;
00581 case CKR_FUNCTION_NOT_PARALLEL:
00582 return ("CKR_FUNCTION_NOT_PARALLEL");
00583 break;
00584 case CKR_FUNCTION_NOT_SUPPORTED:
00585 return ("CKR_FUNCTION_NOT_SUPPORTED");
00586 break;
00587 case CKR_KEY_HANDLE_INVALID:
00588 return ("CKR_KEY_HANDLE_INVALID");
00589 break;
00590 case CKR_KEY_SIZE_RANGE:
00591 return ("CKR_KEY_SIZE_RANGE");
00592 break;
00593 case CKR_KEY_TYPE_INCONSISTENT:
00594 return ("CKR_KEY_TYPE_INCONSISTENT");
00595 break;
00596 case CKR_KEY_NOT_NEEDED:
00597 return ("CKR_KEY_NOT_NEEDED");
00598 break;
00599 case CKR_KEY_CHANGED:
00600 return ("CKR_KEY_CHANGED");
00601 break;
00602 case CKR_KEY_NEEDED:
00603 return ("CKR_KEY_NEEDED");
00604 break;
00605 case CKR_KEY_INDIGESTIBLE:
00606 return ("CKR_KEY_INDIGESTIBLE");
00607 break;
00608 case CKR_KEY_FUNCTION_NOT_PERMITTED:
00609 return ("CKR_KEY_FUNCTION_NOT_PERMITTED");
00610 break;
00611 case CKR_KEY_NOT_WRAPPABLE:
00612 return ("CKR_KEY_NOT_WRAPPABLE");
00613 break;
00614 case CKR_KEY_UNEXTRACTABLE:
00615 return ("CKR_KEY_UNEXTRACTABLE");
00616 break;
00617 case CKR_MECHANISM_INVALID:
00618 return ("CKR_MECHANISM_INVALID");
00619 break;
00620 case CKR_MECHANISM_PARAM_INVALID:
00621 return ("CKR_MECHANISM_PARAM_INVALID");
00622 break;
00623 case CKR_OBJECT_HANDLE_INVALID:
00624 return ("CKR_OBJECT_HANDLE_INVALID");
00625 break;
00626 case CKR_OPERATION_ACTIVE:
00627 return ("CKR_OPERATION_ACTIVE");
00628 break;
00629 case CKR_OPERATION_NOT_INITIALIZED:
00630 return ("CKR_OPERATION_NOT_INITIALIZED");
00631 break;
00632 case CKR_PIN_INCORRECT:
00633 return ("CKR_PIN_INCORRECT");
00634 break;
00635 case CKR_PIN_INVALID:
00636 return ("CKR_PIN_INVALID");
00637 break;
00638 case CKR_PIN_LEN_RANGE:
00639 return ("CKR_PIN_LEN_RANGE");
00640 break;
00641 case CKR_PIN_EXPIRED:
00642 return ("CKR_PIN_EXPIRED");
00643 break;
00644 case CKR_PIN_LOCKED:
00645 return ("CKR_PIN_LOCKED");
00646 break;
00647 case CKR_SESSION_CLOSED:
00648 return ("CKR_SESSION_CLOSED");
00649 break;
00650 case CKR_SESSION_COUNT:
00651 return ("CKR_SESSION_COUNT");
00652 break;
00653 case CKR_SESSION_HANDLE_INVALID:
00654 return ("CKR_SESSION_HANDLE_INVALID");
00655 break;
00656 case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
00657 return ("CKR_SESSION_PARALLEL_NOT_SUPPORTED");
00658 break;
00659 case CKR_SESSION_READ_ONLY:
00660 return ("CKR_SESSION_READ_ONLY");
00661 break;
00662 case CKR_SESSION_EXISTS:
00663 return ("CKR_SESSION_EXISTS");
00664 break;
00665 case CKR_SESSION_READ_ONLY_EXISTS:
00666 return ("CKR_SESSION_READ_ONLY_EXISTS");
00667 break;
00668 case CKR_SESSION_READ_WRITE_SO_EXISTS:
00669 return ("CKR_SESSION_READ_WRITE_SO_EXISTS");
00670 break;
00671 case CKR_SIGNATURE_INVALID:
00672 return ("CKR_SIGNATURE_INVALID");
00673 break;
00674 case CKR_SIGNATURE_LEN_RANGE:
00675 return ("CKR_SIGNATURE_LEN_RANGE");
00676 break;
00677 case CKR_TEMPLATE_INCOMPLETE:
00678 return ("CKR_TEMPLATE_INCOMPLETE");
00679 break;
00680 case CKR_TEMPLATE_INCONSISTENT:
00681 return ("CKR_TEMPLATE_INCONSISTENT");
00682 break;
00683 case CKR_TOKEN_NOT_PRESENT:
00684 return ("CKR_TOKEN_NOT_PRESENT");
00685 break;
00686 case CKR_TOKEN_NOT_RECOGNIZED:
00687 return ("CKR_TOKEN_NOT_RECOGNIZED");
00688 break;
00689 case CKR_TOKEN_WRITE_PROTECTED:
00690 return ("CKR_TOKEN_WRITE_PROTECTED");
00691 break;
00692 case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
00693 return ("CKR_UNWRAPPING_KEY_HANDLE_INVALID");
00694 break;
00695 case CKR_UNWRAPPING_KEY_SIZE_RANGE:
00696 return ("CKR_UNWRAPPING_KEY_SIZE_RANGE");
00697 break;
00698 case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
00699 return ("CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT");
00700 break;
00701 case CKR_USER_ALREADY_LOGGED_IN:
00702 return ("CKR_USER_ALREADY_LOGGED_IN");
00703 break;
00704 case CKR_USER_NOT_LOGGED_IN:
00705 return ("CKR_USER_NOT_LOGGED_IN");
00706 break;
00707 case CKR_USER_PIN_NOT_INITIALIZED:
00708 return ("CKR_USER_PIN_NOT_INITIALIZED");
00709 break;
00710 case CKR_USER_TYPE_INVALID:
00711 return ("CKR_USER_TYPE_INVALID");
00712 break;
00713 case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
00714 return ("CKR_USER_ANOTHER_ALREADY_LOGGED_IN");
00715 break;
00716 case CKR_USER_TOO_MANY_TYPES:
00717 return ("CKR_USER_TOO_MANY_TYPES");
00718 break;
00719 case CKR_WRAPPED_KEY_INVALID:
00720 return ("CKR_WRAPPED_KEY_INVALID");
00721 break;
00722 case CKR_WRAPPED_KEY_LEN_RANGE:
00723 return ("CKR_WRAPPED_KEY_LEN_RANGE");
00724 break;
00725 case CKR_WRAPPING_KEY_HANDLE_INVALID:
00726 return ("CKR_WRAPPING_KEY_HANDLE_INVALID");
00727 break;
00728 case CKR_WRAPPING_KEY_SIZE_RANGE:
00729 return ("CKR_WRAPPING_KEY_SIZE_RANGE");
00730 break;
00731 case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
00732 return ("CKR_WRAPPING_KEY_TYPE_INCONSISTENT");
00733 break;
00734 case CKR_RANDOM_SEED_NOT_SUPPORTED:
00735 return ("CKR_RANDOM_SEED_NOT_SUPPORTED");
00736 break;
00737 case CKR_RANDOM_NO_RNG:
00738 return ("CKR_RANDOM_NO_RNG");
00739 break;
00740 case CKR_DOMAIN_PARAMS_INVALID:
00741 return ("CKR_DOMAIN_PARAMS_INVALID");
00742 break;
00743 case CKR_BUFFER_TOO_SMALL:
00744 return ("CKR_BUFFER_TOO_SMALL");
00745 break;
00746 case CKR_SAVED_STATE_INVALID:
00747 return ("CKR_SAVED_STATE_INVALID");
00748 break;
00749 case CKR_INFORMATION_SENSITIVE:
00750 return ("CKR_INFORMATION_SENSITIVE");
00751 break;
00752 case CKR_STATE_UNSAVEABLE:
00753 return ("CKR_STATE_UNSAVEABLE");
00754 break;
00755 case CKR_CRYPTOKI_NOT_INITIALIZED:
00756 return ("CKR_CRYPTOKI_NOT_INITIALIZED");
00757 break;
00758 case CKR_CRYPTOKI_ALREADY_INITIALIZED:
00759 return ("CKR_CRYPTOKI_ALREADY_INITIALIZED");
00760 break;
00761 case CKR_MUTEX_BAD:
00762 return ("CKR_MUTEX_BAD");
00763 break;
00764 case CKR_MUTEX_NOT_LOCKED:
00765 return ("CKR_MUTEX_NOT_LOCKED");
00766 break;
00767 case CKR_VENDOR_DEFINED:
00768 return ("CKR_VENDOR_DEFINED");
00769 break;
00770 default:
00771
00772 snprintf(errstr, sizeof (errstr),
00773 "Unknown return code: 0x%x", rv);
00774 return (errstr);
00775 break;
00776 }
00777 }
00778 #endif
