From 5cf302def79beae59f4f54b655e9180bd9aad4b1 Mon Sep 17 00:00:00 2001 From: HenryJacques Date: Mon, 20 Jul 2015 10:07:08 +0200 Subject: [PATCH 1/5] Add new error codes related to PIN Not all error codes have been added, only the most common ones. --- lib/hx509/hx509_err.et | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/hx509/hx509_err.et b/lib/hx509/hx509_err.et index ae1630ae7..f0a27e836 100644 --- a/lib/hx509/hx509_err.et +++ b/lib/hx509/hx509_err.et @@ -100,4 +100,10 @@ error_code OPEN_SESSION, "Failed to open session to slot" error_code LOGIN, "Failed to login to slot" error_code LOAD, "Failed to load PKCS module" +# pkinit related errors +error_code PIN_INCORRECT, "Incorrect User PIN" +error_code PIN_LOCKED, "User PIN locked" +error_code PIN_NOT_INITIALIZED, "User PIN not initialized" +error_code PIN_EXPIRED, "User PIN expired" + end From 75a304c45254486296e319f121b5c6da19b30381 Mon Sep 17 00:00:00 2001 From: HenryJacques Date: Mon, 20 Jul 2015 10:08:57 +0200 Subject: [PATCH 2/5] Fix typo --- lib/hx509/ks_p11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index ffb59066b..67222091a 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -343,7 +343,7 @@ p11_init_slot(hx509_context context, if (ret) { hx509_set_error_string(context, 0, HX509_PKCS11_NO_TOKEN, "Failed to init PKCS11 slot %d " - "with error 0x08x", + "with error 0x%08x", num, ret); return HX509_PKCS11_NO_TOKEN; } From 1639697c975e13428d6dda7973232f3c62d0c801 Mon Sep 17 00:00:00 2001 From: HenryJacques Date: Mon, 20 Jul 2015 10:12:50 +0200 Subject: [PATCH 3/5] add error codes related to User PIN --- lib/hx509/ks_p11.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index 67222091a..899fb6cb1 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -459,7 +459,18 @@ p11_get_session(hx509_context context, "Failed to login on slot id %d " "with error: 0x%08x", (int)slot->id, ret); - return HX509_PKCS11_LOGIN; + switch(ret) { + case CKR_PIN_LOCKED: + return HX509_PKCS11_PIN_LOCKED; + case CKR_PIN_EXPIRED: + return HX509_PKCS11_PIN_EXPIRED; + case CKR_PIN_INCORRECT: + return HX509_PKCS11_PIN_INCORRECT; + case CKR_USER_PIN_NOT_INITIALIZED: + return HX509_PKCS11_USER_PIN_NOT_INITIALIZED; + default: + return HX509_PKCS11_LOGIN; + } } else slot->flags |= P11_LOGIN_DONE; From 35a569bd83c7e10322f4c121f53a109a937c5506 Mon Sep 17 00:00:00 2001 From: HenryJacques Date: Mon, 20 Jul 2015 10:14:38 +0200 Subject: [PATCH 4/5] Allow to use more than one token This is needed if the first is not usable --- lib/hx509/ks_p11.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index 899fb6cb1..627f7b76d 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -931,10 +931,10 @@ p11_init(hx509_context context, for (i = 0; i < p->num_slots; i++) { ret = p11_init_slot(context, p, lock, slot_ids[i], i, &p->slot[i]); - if (ret) - break; - if (p->slot[i].flags & P11_TOKEN_PRESENT) - num_tokens++; + if (!ret) { + if (p->slot[i].flags & P11_TOKEN_PRESENT) + num_tokens++; + } } free(slot_ids); if (ret) From 5a4e9d15393f14d03c1c103014a8db9311d61ed1 Mon Sep 17 00:00:00 2001 From: HenryJacques Date: Mon, 20 Jul 2015 10:45:06 +0200 Subject: [PATCH 5/5] Fix typo --- lib/hx509/ks_p11.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index 627f7b76d..3a06b015c 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -467,7 +467,7 @@ p11_get_session(hx509_context context, case CKR_PIN_INCORRECT: return HX509_PKCS11_PIN_INCORRECT; case CKR_USER_PIN_NOT_INITIALIZED: - return HX509_PKCS11_USER_PIN_NOT_INITIALIZED; + return HX509_PKCS11_PIN_NOT_INITIALIZED; default: return HX509_PKCS11_LOGIN; }