TclPKCS11

Diff
Login

Diff

Differences From Artifact [9bdc58f8f5]:

To Artifact [6a093d42b0]:


58
59
60
61
62
63
64

65


66
67
68

69
70

71
72

73
74

75
76

77
78

79
80

81
82

83
84

85
86

87
88

89
90

91
92

93
94

95
96

97
98

99
100

101
102

103
104

105
106

107
108

109
110

111
112

113
114

115
116

117
118

119
120

121
122

123
124

125
126

127
128

129
130

131
132

133
134

135
136

137
138

139
140

141
142

143
144

145
146

147
148

149
150

151
152

153
154

155
156

157
158

159
160

161
162

163
164

165
166

167
168

169
170

171
172

173
174

175
176

177
178

179
180

181
182

183
184

185
186

187
188

189
190

191
192

193
194

195
196

197
198

199
200

201
202

203
204

205
206

207
208

209
210

211
212

213
214

215
216

217
218

219
220

221
222

223
224

225
226

227
228

229
230

231
232

233
234

235
236

237
238

239
240

241
242

243
244

245





246
247
248
249
250
251
252
	CK_SLOT_ID session_slot;
	CK_SESSION_HANDLE session;
};

/*
 * Tcl <--> PKCS11 Bridge Functions
 */ 

MODULE_SCOPE Tcl_Obj *tclpkcs11_pkcs11_error(CK_RV errorCode) {


	switch (errorCode) {
		case CKR_OK:
			return(Tcl_NewStringObj("PKCS11_OK OK", -1));

		case CKR_CANCEL:
			return(Tcl_NewStringObj("PKCS11_ERROR CANCEL", -1));

		case CKR_HOST_MEMORY:
			return(Tcl_NewStringObj("PKCS11_ERROR HOST_MEMORY", -1));

		case CKR_SLOT_ID_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SLOT_ID_INVALID", -1));

		case CKR_GENERAL_ERROR:
			return(Tcl_NewStringObj("PKCS11_ERROR GENERAL_ERROR", -1));

		case CKR_FUNCTION_FAILED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_FAILED", -1));

		case CKR_ARGUMENTS_BAD:
			return(Tcl_NewStringObj("PKCS11_ERROR ARGUMENTS_BAD", -1));

		case CKR_NO_EVENT:
			return(Tcl_NewStringObj("PKCS11_ERROR NO_EVENT", -1));

		case CKR_NEED_TO_CREATE_THREADS:
			return(Tcl_NewStringObj("PKCS11_ERROR NEED_TO_CREATE_THREADS", -1));

		case CKR_CANT_LOCK:
			return(Tcl_NewStringObj("PKCS11_ERROR CANT_LOCK", -1));

		case CKR_ATTRIBUTE_READ_ONLY:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_READ_ONLY", -1));

		case CKR_ATTRIBUTE_SENSITIVE:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_SENSITIVE", -1));

		case CKR_ATTRIBUTE_TYPE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_TYPE_INVALID", -1));

		case CKR_ATTRIBUTE_VALUE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_VALUE_INVALID", -1));

		case CKR_DATA_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR DATA_INVALID", -1));

		case CKR_DATA_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR DATA_LEN_RANGE", -1));

		case CKR_DEVICE_ERROR:
			return(Tcl_NewStringObj("PKCS11_ERROR DEVICE_ERROR", -1));

		case CKR_DEVICE_MEMORY:
			return(Tcl_NewStringObj("PKCS11_ERROR DEVICE_MEMORY", -1));

		case CKR_DEVICE_REMOVED:
			return(Tcl_NewStringObj("PKCS11_ERROR DEVICE_REMOVED", -1));

		case CKR_ENCRYPTED_DATA_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_INVALID", -1));

		case CKR_ENCRYPTED_DATA_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_LEN_RANGE", -1));

		case CKR_FUNCTION_CANCELED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_CANCELED", -1));

		case CKR_FUNCTION_NOT_PARALLEL:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_PARALLEL", -1));

		case CKR_FUNCTION_NOT_SUPPORTED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_SUPPORTED", -1));

		case CKR_KEY_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_HANDLE_INVALID", -1));

		case CKR_KEY_SIZE_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_SIZE_RANGE", -1));

		case CKR_KEY_TYPE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_TYPE_INCONSISTENT", -1));

		case CKR_KEY_NOT_NEEDED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_NEEDED", -1));

		case CKR_KEY_CHANGED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_CHANGED", -1));

		case CKR_KEY_NEEDED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_NEEDED", -1));

		case CKR_KEY_INDIGESTIBLE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_INDIGESTIBLE", -1));

		case CKR_KEY_FUNCTION_NOT_PERMITTED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_FUNCTION_NOT_PERMITTED", -1));

		case CKR_KEY_NOT_WRAPPABLE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_WRAPPABLE", -1));

		case CKR_KEY_UNEXTRACTABLE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_UNEXTRACTABLE", -1));

		case CKR_MECHANISM_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR MECHANISM_INVALID", -1));

		case CKR_MECHANISM_PARAM_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR MECHANISM_PARAM_INVALID", -1));

		case CKR_OBJECT_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR OBJECT_HANDLE_INVALID", -1));

		case CKR_OPERATION_ACTIVE:
			return(Tcl_NewStringObj("PKCS11_ERROR OPERATION_ACTIVE", -1));

		case CKR_OPERATION_NOT_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR OPERATION_NOT_INITIALIZED", -1));

		case CKR_PIN_INCORRECT:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_INCORRECT", -1));

		case CKR_PIN_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_INVALID", -1));

		case CKR_PIN_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_LEN_RANGE", -1));

		case CKR_PIN_EXPIRED:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_EXPIRED", -1));

		case CKR_PIN_LOCKED:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_LOCKED", -1));

		case CKR_SESSION_CLOSED:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_CLOSED", -1));

		case CKR_SESSION_COUNT:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_COUNT", -1));

		case CKR_SESSION_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_HANDLE_INVALID", -1));

		case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_PARALLEL_NOT_SUPPORTED", -1));

		case CKR_SESSION_READ_ONLY:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY", -1));

		case CKR_SESSION_EXISTS:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_EXISTS", -1));

		case CKR_SESSION_READ_ONLY_EXISTS:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY_EXISTS", -1));

		case CKR_SESSION_READ_WRITE_SO_EXISTS:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_WRITE_SO_EXISTS", -1));

		case CKR_SIGNATURE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_INVALID", -1));

		case CKR_SIGNATURE_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_LEN_RANGE", -1));

		case CKR_TEMPLATE_INCOMPLETE:
			return(Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCOMPLETE", -1));

		case CKR_TEMPLATE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCONSISTENT", -1));

		case CKR_TOKEN_NOT_PRESENT:
			return(Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_PRESENT", -1));

		case CKR_TOKEN_NOT_RECOGNIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_RECOGNIZED", -1));

		case CKR_TOKEN_WRITE_PROTECTED:
			return(Tcl_NewStringObj("PKCS11_ERROR TOKEN_WRITE_PROTECTED", -1));

		case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_HANDLE_INVALID", -1));

		case CKR_UNWRAPPING_KEY_SIZE_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_SIZE_RANGE", -1));

		case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_TYPE_INCONSISTENT", -1));

		case CKR_USER_ALREADY_LOGGED_IN:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_ALREADY_LOGGED_IN", -1));

		case CKR_USER_NOT_LOGGED_IN:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_NOT_LOGGED_IN", -1));

		case CKR_USER_PIN_NOT_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_PIN_NOT_INITIALIZED", -1));

		case CKR_USER_TYPE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_TYPE_INVALID", -1));

		case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_ANOTHER_ALREADY_LOGGED_IN", -1));

		case CKR_USER_TOO_MANY_TYPES:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_TOO_MANY_TYPES", -1));

		case CKR_WRAPPED_KEY_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_INVALID", -1));

		case CKR_WRAPPED_KEY_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_LEN_RANGE", -1));

		case CKR_WRAPPING_KEY_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_HANDLE_INVALID", -1));

		case CKR_WRAPPING_KEY_SIZE_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_SIZE_RANGE", -1));

		case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_TYPE_INCONSISTENT", -1));

		case CKR_RANDOM_SEED_NOT_SUPPORTED:
			return(Tcl_NewStringObj("PKCS11_ERROR RANDOM_SEED_NOT_SUPPORTED", -1));

		case CKR_RANDOM_NO_RNG:
			return(Tcl_NewStringObj("PKCS11_ERROR RANDOM_NO_RNG", -1));

		case CKR_DOMAIN_PARAMS_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR DOMAIN_PARAMS_INVALID", -1));

		case CKR_BUFFER_TOO_SMALL:
			return(Tcl_NewStringObj("PKCS11_ERROR BUFFER_TOO_SMALL", -1));

		case CKR_SAVED_STATE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SAVED_STATE_INVALID", -1));

		case CKR_INFORMATION_SENSITIVE:
			return(Tcl_NewStringObj("PKCS11_ERROR INFORMATION_SENSITIVE", -1));

		case CKR_STATE_UNSAVEABLE:
			return(Tcl_NewStringObj("PKCS11_ERROR STATE_UNSAVEABLE", -1));

		case CKR_CRYPTOKI_NOT_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_NOT_INITIALIZED", -1));

		case CKR_CRYPTOKI_ALREADY_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_ALREADY_INITIALIZED", -1));

		case CKR_MUTEX_BAD:
			return(Tcl_NewStringObj("PKCS11_ERROR MUTEX_BAD", -1));

		case CKR_MUTEX_NOT_LOCKED:
			return(Tcl_NewStringObj("PKCS11_ERROR MUTEX_NOT_LOCKED", -1));

		case CKR_NEW_PIN_MODE:
			return(Tcl_NewStringObj("PKCS11_ERROR NEW_PIN_MODE", -1));

		case CKR_NEXT_OTP:
			return(Tcl_NewStringObj("PKCS11_ERROR NEXT_OTP", -1));

		case CKR_FUNCTION_REJECTED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_REJECTED", -1));

		case CKR_VENDOR_DEFINED:
			return(Tcl_NewStringObj("PKCS11_ERROR VENDOR_DEFINED", -1));

	}


	return(Tcl_NewStringObj("PKCS11_ERROR UNKNOWN", -1));





}

MODULE_SCOPE Tcl_Obj *tclpkcs11_bytearray_to_string(const unsigned char *data, unsigned long datalen) {
	static char alphabet[] = "0123456789abcdef";
	unsigned long idx, bufidx;
	Tcl_Obj *retval;
	char buf[1024];







>
|
>
>


|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>

|
>


>
|
>
>
>
>
>







58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
	CK_SLOT_ID session_slot;
	CK_SESSION_HANDLE session;
};

/*
 * Tcl <--> PKCS11 Bridge Functions
 */ 
#define tclpkcs11_pkcs11_error(x) INTtclpkcs11_pkcs11_error(x, __LINE__)
MODULE_SCOPE Tcl_Obj *INTtclpkcs11_pkcs11_error(CK_RV errorCode, int lineNumber) {
	Tcl_Obj *retval;

	switch (errorCode) {
		case CKR_OK:
			retval = Tcl_NewStringObj("PKCS11_OK OK", -1);
			break;
		case CKR_CANCEL:
			retval = Tcl_NewStringObj("PKCS11_ERROR CANCEL", -1);
			break;
		case CKR_HOST_MEMORY:
			retval = Tcl_NewStringObj("PKCS11_ERROR HOST_MEMORY", -1);
			break;
		case CKR_SLOT_ID_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR SLOT_ID_INVALID", -1);
			break;
		case CKR_GENERAL_ERROR:
			retval = Tcl_NewStringObj("PKCS11_ERROR GENERAL_ERROR", -1);
			break;
		case CKR_FUNCTION_FAILED:
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_FAILED", -1);
			break;
		case CKR_ARGUMENTS_BAD:
			retval = Tcl_NewStringObj("PKCS11_ERROR ARGUMENTS_BAD", -1);
			break;
		case CKR_NO_EVENT:
			retval = Tcl_NewStringObj("PKCS11_ERROR NO_EVENT", -1);
			break;
		case CKR_NEED_TO_CREATE_THREADS:
			retval = Tcl_NewStringObj("PKCS11_ERROR NEED_TO_CREATE_THREADS", -1);
			break;
		case CKR_CANT_LOCK:
			retval = Tcl_NewStringObj("PKCS11_ERROR CANT_LOCK", -1);
			break;
		case CKR_ATTRIBUTE_READ_ONLY:
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_READ_ONLY", -1);
			break;
		case CKR_ATTRIBUTE_SENSITIVE:
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_SENSITIVE", -1);
			break;
		case CKR_ATTRIBUTE_TYPE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_TYPE_INVALID", -1);
			break;
		case CKR_ATTRIBUTE_VALUE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_VALUE_INVALID", -1);
			break;
		case CKR_DATA_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR DATA_INVALID", -1);
			break;
		case CKR_DATA_LEN_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR DATA_LEN_RANGE", -1);
			break;
		case CKR_DEVICE_ERROR:
			retval = Tcl_NewStringObj("PKCS11_ERROR DEVICE_ERROR", -1);
			break;
		case CKR_DEVICE_MEMORY:
			retval = Tcl_NewStringObj("PKCS11_ERROR DEVICE_MEMORY", -1);
			break;
		case CKR_DEVICE_REMOVED:
			retval = Tcl_NewStringObj("PKCS11_ERROR DEVICE_REMOVED", -1);
			break;
		case CKR_ENCRYPTED_DATA_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_INVALID", -1);
			break;
		case CKR_ENCRYPTED_DATA_LEN_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_LEN_RANGE", -1);
			break;
		case CKR_FUNCTION_CANCELED:
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_CANCELED", -1);
			break;
		case CKR_FUNCTION_NOT_PARALLEL:
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_PARALLEL", -1);
			break;
		case CKR_FUNCTION_NOT_SUPPORTED:
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_SUPPORTED", -1);
			break;
		case CKR_KEY_HANDLE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_HANDLE_INVALID", -1);
			break;
		case CKR_KEY_SIZE_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_SIZE_RANGE", -1);
			break;
		case CKR_KEY_TYPE_INCONSISTENT:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_TYPE_INCONSISTENT", -1);
			break;
		case CKR_KEY_NOT_NEEDED:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_NEEDED", -1);
			break;
		case CKR_KEY_CHANGED:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_CHANGED", -1);
			break;
		case CKR_KEY_NEEDED:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_NEEDED", -1);
			break;
		case CKR_KEY_INDIGESTIBLE:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_INDIGESTIBLE", -1);
			break;
		case CKR_KEY_FUNCTION_NOT_PERMITTED:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_FUNCTION_NOT_PERMITTED", -1);
			break;
		case CKR_KEY_NOT_WRAPPABLE:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_WRAPPABLE", -1);
			break;
		case CKR_KEY_UNEXTRACTABLE:
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_UNEXTRACTABLE", -1);
			break;
		case CKR_MECHANISM_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR MECHANISM_INVALID", -1);
			break;
		case CKR_MECHANISM_PARAM_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR MECHANISM_PARAM_INVALID", -1);
			break;
		case CKR_OBJECT_HANDLE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR OBJECT_HANDLE_INVALID", -1);
			break;
		case CKR_OPERATION_ACTIVE:
			retval = Tcl_NewStringObj("PKCS11_ERROR OPERATION_ACTIVE", -1);
			break;
		case CKR_OPERATION_NOT_INITIALIZED:
			retval = Tcl_NewStringObj("PKCS11_ERROR OPERATION_NOT_INITIALIZED", -1);
			break;
		case CKR_PIN_INCORRECT:
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_INCORRECT", -1);
			break;
		case CKR_PIN_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_INVALID", -1);
			break;
		case CKR_PIN_LEN_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_LEN_RANGE", -1);
			break;
		case CKR_PIN_EXPIRED:
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_EXPIRED", -1);
			break;
		case CKR_PIN_LOCKED:
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_LOCKED", -1);
			break;
		case CKR_SESSION_CLOSED:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_CLOSED", -1);
			break;
		case CKR_SESSION_COUNT:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_COUNT", -1);
			break;
		case CKR_SESSION_HANDLE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_HANDLE_INVALID", -1);
			break;
		case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_PARALLEL_NOT_SUPPORTED", -1);
			break;
		case CKR_SESSION_READ_ONLY:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY", -1);
			break;
		case CKR_SESSION_EXISTS:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_EXISTS", -1);
			break;
		case CKR_SESSION_READ_ONLY_EXISTS:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY_EXISTS", -1);
			break;
		case CKR_SESSION_READ_WRITE_SO_EXISTS:
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_WRITE_SO_EXISTS", -1);
			break;
		case CKR_SIGNATURE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_INVALID", -1);
			break;
		case CKR_SIGNATURE_LEN_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_LEN_RANGE", -1);
			break;
		case CKR_TEMPLATE_INCOMPLETE:
			retval = Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCOMPLETE", -1);
			break;
		case CKR_TEMPLATE_INCONSISTENT:
			retval = Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCONSISTENT", -1);
			break;
		case CKR_TOKEN_NOT_PRESENT:
			retval = Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_PRESENT", -1);
			break;
		case CKR_TOKEN_NOT_RECOGNIZED:
			retval = Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_RECOGNIZED", -1);
			break;
		case CKR_TOKEN_WRITE_PROTECTED:
			retval = Tcl_NewStringObj("PKCS11_ERROR TOKEN_WRITE_PROTECTED", -1);
			break;
		case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_HANDLE_INVALID", -1);
			break;
		case CKR_UNWRAPPING_KEY_SIZE_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_SIZE_RANGE", -1);
			break;
		case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
			retval = Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_TYPE_INCONSISTENT", -1);
			break;
		case CKR_USER_ALREADY_LOGGED_IN:
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_ALREADY_LOGGED_IN", -1);
			break;
		case CKR_USER_NOT_LOGGED_IN:
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_NOT_LOGGED_IN", -1);
			break;
		case CKR_USER_PIN_NOT_INITIALIZED:
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_PIN_NOT_INITIALIZED", -1);
			break;
		case CKR_USER_TYPE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_TYPE_INVALID", -1);
			break;
		case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_ANOTHER_ALREADY_LOGGED_IN", -1);
			break;
		case CKR_USER_TOO_MANY_TYPES:
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_TOO_MANY_TYPES", -1);
			break;
		case CKR_WRAPPED_KEY_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_INVALID", -1);
			break;
		case CKR_WRAPPED_KEY_LEN_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_LEN_RANGE", -1);
			break;
		case CKR_WRAPPING_KEY_HANDLE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_HANDLE_INVALID", -1);
			break;
		case CKR_WRAPPING_KEY_SIZE_RANGE:
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_SIZE_RANGE", -1);
			break;
		case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_TYPE_INCONSISTENT", -1);
			break;
		case CKR_RANDOM_SEED_NOT_SUPPORTED:
			retval = Tcl_NewStringObj("PKCS11_ERROR RANDOM_SEED_NOT_SUPPORTED", -1);
			break;
		case CKR_RANDOM_NO_RNG:
			retval = Tcl_NewStringObj("PKCS11_ERROR RANDOM_NO_RNG", -1);
			break;
		case CKR_DOMAIN_PARAMS_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR DOMAIN_PARAMS_INVALID", -1);
			break;
		case CKR_BUFFER_TOO_SMALL:
			retval = Tcl_NewStringObj("PKCS11_ERROR BUFFER_TOO_SMALL", -1);
			break;
		case CKR_SAVED_STATE_INVALID:
			retval = Tcl_NewStringObj("PKCS11_ERROR SAVED_STATE_INVALID", -1);
			break;
		case CKR_INFORMATION_SENSITIVE:
			retval = Tcl_NewStringObj("PKCS11_ERROR INFORMATION_SENSITIVE", -1);
			break;
		case CKR_STATE_UNSAVEABLE:
			retval = Tcl_NewStringObj("PKCS11_ERROR STATE_UNSAVEABLE", -1);
			break;
		case CKR_CRYPTOKI_NOT_INITIALIZED:
			retval = Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_NOT_INITIALIZED", -1);
			break;
		case CKR_CRYPTOKI_ALREADY_INITIALIZED:
			retval = Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_ALREADY_INITIALIZED", -1);
			break;
		case CKR_MUTEX_BAD:
			retval = Tcl_NewStringObj("PKCS11_ERROR MUTEX_BAD", -1);
			break;
		case CKR_MUTEX_NOT_LOCKED:
			retval = Tcl_NewStringObj("PKCS11_ERROR MUTEX_NOT_LOCKED", -1);
			break;
		case CKR_NEW_PIN_MODE:
			retval = Tcl_NewStringObj("PKCS11_ERROR NEW_PIN_MODE", -1);
			break;
		case CKR_NEXT_OTP:
			retval = Tcl_NewStringObj("PKCS11_ERROR NEXT_OTP", -1);
			break;
		case CKR_FUNCTION_REJECTED:
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_REJECTED", -1);
			break;
		case CKR_VENDOR_DEFINED:
			retval = Tcl_NewStringObj("PKCS11_ERROR VENDOR_DEFINED", -1);
			break;
	}

	if (!retval) {
		retval = Tcl_NewStringObj("PKCS11_ERROR UNKNOWN", -1);
	}

	Tcl_AppendPrintfToObj(retval, " LINE %i", lineNumber);

	return(retval);
}

MODULE_SCOPE Tcl_Obj *tclpkcs11_bytearray_to_string(const unsigned char *data, unsigned long datalen) {
	static char alphabet[] = "0123456789abcdef";
	unsigned long idx, bufidx;
	Tcl_Obj *retval;
	char buf[1024];
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302

	return(TCL_OK);
}

MODULE_SCOPE int tclpkcs11_perform_pki(int encrypt, ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
	struct tclpkcs11_interpdata *interpdata;
	struct tclpkcs11_handle *handle;
	unsigned char *input, resultbuf[1024];
	unsigned long tcl_strtobytearray_rv;
	Tcl_HashEntry *tcl_handle_entry;
	Tcl_Obj *pki_real_cmd;
	Tcl_Obj *tcl_keylist, **tcl_keylist_values, *tcl_keylist_key, *tcl_keylist_val;
	Tcl_Obj *tcl_mode, *tcl_input;
	Tcl_Obj *tcl_handle = NULL, *tcl_slotid = NULL, *tcl_objid = NULL;
	Tcl_Obj *tcl_result;
	long slotid_long;
	int tcl_keylist_llength, idx;
	int input_len;
	CK_ULONG resultbuf_len;
	int sign, terminate;
	int tcl_rv;

	CK_SLOT_ID slotid;
	CK_OBJECT_HANDLE hObject;
	CK_ULONG foundObjs;
	CK_OBJECT_CLASS objectclass_pk;







|










|







1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399

	return(TCL_OK);
}

MODULE_SCOPE int tclpkcs11_perform_pki(int encrypt, ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
	struct tclpkcs11_interpdata *interpdata;
	struct tclpkcs11_handle *handle;
	unsigned char *input, resultbuf[1024], *dummybuf;
	unsigned long tcl_strtobytearray_rv;
	Tcl_HashEntry *tcl_handle_entry;
	Tcl_Obj *pki_real_cmd;
	Tcl_Obj *tcl_keylist, **tcl_keylist_values, *tcl_keylist_key, *tcl_keylist_val;
	Tcl_Obj *tcl_mode, *tcl_input;
	Tcl_Obj *tcl_handle = NULL, *tcl_slotid = NULL, *tcl_objid = NULL;
	Tcl_Obj *tcl_result;
	long slotid_long;
	int tcl_keylist_llength, idx;
	int input_len;
	CK_ULONG resultbuf_len, dummybuf_len;
	int sign, terminate;
	int tcl_rv;

	CK_SLOT_ID slotid;
	CK_OBJECT_HANDLE hObject;
	CK_ULONG foundObjs;
	CK_OBJECT_CLASS objectclass_pk;
1464
1465
1466
1467
1468
1469
1470

1471
1472
1473
1474
1475
1476
1477
	chk_rv = handle->pkcs11->C_FindObjectsInit(handle->session, template, sizeof(template) / sizeof(template[0]));
	if (chk_rv != CKR_OK) {
		Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

		return(TCL_ERROR);
	}


	chk_rv = handle->pkcs11->C_FindObjects(handle->session, &hObject, 1, &foundObjs);
	if (chk_rv != CKR_OK) {
		Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

		handle->pkcs11->C_FindObjectsFinal(handle->session);

		return(TCL_ERROR);







>







1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
	chk_rv = handle->pkcs11->C_FindObjectsInit(handle->session, template, sizeof(template) / sizeof(template[0]));
	if (chk_rv != CKR_OK) {
		Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

		return(TCL_ERROR);
	}

	foundObjs = 0;
	chk_rv = handle->pkcs11->C_FindObjects(handle->session, &hObject, 1, &foundObjs);
	if (chk_rv != CKR_OK) {
		Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

		handle->pkcs11->C_FindObjectsFinal(handle->session);

		return(TCL_ERROR);
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497

1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510

	/* Perform the PKI operation (encrypt/decrypt) */
	input = Tcl_GetByteArrayFromObj(tcl_input, &input_len);
	if (encrypt) {
		sign = 0;
		chk_rv = handle->pkcs11->C_EncryptInit(handle->session, &mechanism, hObject);
		if (chk_rv != CKR_OK) {
			if (chk_rv == CKR_FUNCTION_NOT_SUPPORTED) {
				sign = 1;
				chk_rv = handle->pkcs11->C_SignInit(handle->session, &mechanism, hObject);

				if (chk_rv != CKR_OK) {
					Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

					return(TCL_ERROR);
				}
			}
		}

		resultbuf_len = sizeof(resultbuf);
		if (!sign) {
			chk_rv = handle->pkcs11->C_Encrypt(handle->session, input, input_len, resultbuf, &resultbuf_len);
		} else {
			/* Some PKCS#11 drivers will not accept pre-padded input, so we must unpad it here */







<
|
|
>
|
|

|
<
<







1586
1587
1588
1589
1590
1591
1592

1593
1594
1595
1596
1597
1598
1599


1600
1601
1602
1603
1604
1605
1606

	/* Perform the PKI operation (encrypt/decrypt) */
	input = Tcl_GetByteArrayFromObj(tcl_input, &input_len);
	if (encrypt) {
		sign = 0;
		chk_rv = handle->pkcs11->C_EncryptInit(handle->session, &mechanism, hObject);
		if (chk_rv != CKR_OK) {

			sign = 1;
			chk_rv = handle->pkcs11->C_SignInit(handle->session, &mechanism, hObject);
		}
		if (chk_rv != CKR_OK) {
			Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

			return(TCL_ERROR);


		}

		resultbuf_len = sizeof(resultbuf);
		if (!sign) {
			chk_rv = handle->pkcs11->C_Encrypt(handle->session, input, input_len, resultbuf, &resultbuf_len);
		} else {
			/* Some PKCS#11 drivers will not accept pre-padded input, so we must unpad it here */
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541


1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
					}
				}
			}

			chk_rv = handle->pkcs11->C_Sign(handle->session, input, input_len, resultbuf, &resultbuf_len);
		}

		terminate = 0;
		if (chk_rv == CKR_OK) {
			terminate = 1;
		} else {
			if (chk_rv == CKR_BUFFER_TOO_SMALL) {
				terminate = 1;
			}
		}

		if (terminate) {


			if (!sign) {
				handle->pkcs11->C_EncryptFinal(handle->session, NULL, 0);
			} else {
				handle->pkcs11->C_SignFinal(handle->session, NULL, 0);
			}
		}

		if (chk_rv != CKR_OK) {
			Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

			return(TCL_ERROR);







|
|
|
<
<
<
<



>
>

|

|







1621
1622
1623
1624
1625
1626
1627
1628
1629
1630




1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
					}
				}
			}

			chk_rv = handle->pkcs11->C_Sign(handle->session, input, input_len, resultbuf, &resultbuf_len);
		}

		terminate = 1;
		if (chk_rv == CKR_OK || chk_rv == CKR_BUFFER_TOO_SMALL) {
			terminate = 0;




		}

		if (terminate) {
			dummybuf = (unsigned char *) "";
			dummybuf_len = 0;
			if (!sign) {
				handle->pkcs11->C_EncryptFinal(handle->session, dummybuf, &dummybuf_len);
			} else {
				handle->pkcs11->C_SignFinal(handle->session, dummybuf, &dummybuf_len);
			}
		}

		if (chk_rv != CKR_OK) {
			Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

			return(TCL_ERROR);