TclPKCS11

Check-in [dfd4dfccb3]
Login

Check-in [dfd4dfccb3]

Overview
Comment:Better handling of singlepart signing
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: dfd4dfccb3ab18166d627f3cc5d3aead27c8a5016c3af4628ccc8c2586063118
User & Date: rkeene on 2019-06-12 21:03:33
Other Links: manifest | tags
Context
2019-06-12
21:04
Additional cleanup check-in: 71e86b341f user: rkeene tags: trunk
21:03
Better handling of singlepart signing check-in: dfd4dfccb3 user: rkeene tags: trunk
06:22
More work on updating build system check-in: a09823afee user: rkeene tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Modified tclpkcs11.c from [9bdc58f8f5] to [6a093d42b0]. 

58
59
60
61
62
63
64

65



66
67
68


69
70


71
72


73
74


75
76


77
78


79
80


81
82


83
84


85
86


87
88


89
90


91
92


93
94


95
96


97
98


99
100


101
102


103
104


105
106


107
108


109
110


111
112


113
114


115
116


117
118


119
120


121
122


123
124


125
126


127
128


129
130


131
132


133
134


135
136


137
138


139
140


141
142


143
144


145
146


147
148


149
150


151
152


153
154


155
156


157
158


159
160


161
162


163
164


165
166


167
168


169
170


171
172


173
174


175
176


177
178


179
180


181
182


183
184


185
186


187
188


189
190


191
192


193
194


195
196


197
198


199
200


201
202


203
204


205
206


207
208


209
210


211
212


213
214


215
216


217
218


219
220


221
222


223
224


225
226


227
228


229
230


231
232


233
234


235
236


237
238


239
240


241
242


243
244

245






246
247
248
249
250
251
252

58
59
60
61
62
63
64
65

66
67
68
69
70

71
72
73

74
75
76

77
78
79

80
81
82

83
84
85

86
87
88

89
90
91

92
93
94

95
96
97

98
99
100

101
102
103

104
105
106

107
108
109

110
111
112

113
114
115

116
117
118

119
120
121

122
123
124

125
126
127

128
129
130

131
132
133

134
135
136

137
138
139

140
141
142

143
144
145

146
147
148

149
150
151

152
153
154

155
156
157

158
159
160

161
162
163

164
165
166

167
168
169

170
171
172

173
174
175

176
177
178

179
180
181

182
183
184

185
186
187

188
189
190

191
192
193

194
195
196

197
198
199

200
201
202

203
204
205

206
207
208

209
210
211

212
213
214

215
216
217

218
219
220

221
222
223

224
225
226

227
228
229

230
231
232

233
234
235

236
237
238

239
240
241

242
243
244

245
246
247

248
249
250

251
252
253

254
255
256

257
258
259

260
261
262

263
264
265

266
267
268

269
270
271

272
273
274

275
276
277

278
279
280

281
282
283

284
285
286

287
288
289

290
291
292

293
294
295

296
297
298

299
300
301

302
303
304

305
306
307

308
309
310

311
312
313

314
315
316

317
318
319

320
321
322

323
324
325

326
327
328

329
330
331

332
333
334
335
336

337
338
339
340
341
342
343
344
345
346
347
348
349








+
-
+
+
+


-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+

-
+
+


+
-
+
+
+
+
+
+








	CK_SLOT_ID session_slot;
	CK_SESSION_HANDLE session;
};

/*
 * Tcl <--> PKCS11 Bridge Functions
 */ 
#define tclpkcs11_pkcs11_error(x) INTtclpkcs11_pkcs11_error(x, __LINE__)
MODULE_SCOPE Tcl_Obj *tclpkcs11_pkcs11_error(CK_RV errorCode) {
MODULE_SCOPE Tcl_Obj *INTtclpkcs11_pkcs11_error(CK_RV errorCode, int lineNumber) {
	Tcl_Obj *retval;

	switch (errorCode) {
		case CKR_OK:
			return(Tcl_NewStringObj("PKCS11_OK OK", -1));
			retval = Tcl_NewStringObj("PKCS11_OK OK", -1);
			break;
		case CKR_CANCEL:
			return(Tcl_NewStringObj("PKCS11_ERROR CANCEL", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR CANCEL", -1);
			break;
		case CKR_HOST_MEMORY:
			return(Tcl_NewStringObj("PKCS11_ERROR HOST_MEMORY", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR HOST_MEMORY", -1);
			break;
		case CKR_SLOT_ID_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SLOT_ID_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SLOT_ID_INVALID", -1);
			break;
		case CKR_GENERAL_ERROR:
			return(Tcl_NewStringObj("PKCS11_ERROR GENERAL_ERROR", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR GENERAL_ERROR", -1);
			break;
		case CKR_FUNCTION_FAILED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_FAILED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_FAILED", -1);
			break;
		case CKR_ARGUMENTS_BAD:
			return(Tcl_NewStringObj("PKCS11_ERROR ARGUMENTS_BAD", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR ARGUMENTS_BAD", -1);
			break;
		case CKR_NO_EVENT:
			return(Tcl_NewStringObj("PKCS11_ERROR NO_EVENT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR NO_EVENT", -1);
			break;
		case CKR_NEED_TO_CREATE_THREADS:
			return(Tcl_NewStringObj("PKCS11_ERROR NEED_TO_CREATE_THREADS", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR NEED_TO_CREATE_THREADS", -1);
			break;
		case CKR_CANT_LOCK:
			return(Tcl_NewStringObj("PKCS11_ERROR CANT_LOCK", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR CANT_LOCK", -1);
			break;
		case CKR_ATTRIBUTE_READ_ONLY:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_READ_ONLY", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_READ_ONLY", -1);
			break;
		case CKR_ATTRIBUTE_SENSITIVE:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_SENSITIVE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_SENSITIVE", -1);
			break;
		case CKR_ATTRIBUTE_TYPE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_TYPE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_TYPE_INVALID", -1);
			break;
		case CKR_ATTRIBUTE_VALUE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_VALUE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR ATTRIBUTE_VALUE_INVALID", -1);
			break;
		case CKR_DATA_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR DATA_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR DATA_INVALID", -1);
			break;
		case CKR_DATA_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR DATA_LEN_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR DATA_LEN_RANGE", -1);
			break;
		case CKR_DEVICE_ERROR:
			return(Tcl_NewStringObj("PKCS11_ERROR DEVICE_ERROR", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR DEVICE_ERROR", -1);
			break;
		case CKR_DEVICE_MEMORY:
			return(Tcl_NewStringObj("PKCS11_ERROR DEVICE_MEMORY", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR DEVICE_MEMORY", -1);
			break;
		case CKR_DEVICE_REMOVED:
			return(Tcl_NewStringObj("PKCS11_ERROR DEVICE_REMOVED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR DEVICE_REMOVED", -1);
			break;
		case CKR_ENCRYPTED_DATA_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_INVALID", -1);
			break;
		case CKR_ENCRYPTED_DATA_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_LEN_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR ENCRYPTED_DATA_LEN_RANGE", -1);
			break;
		case CKR_FUNCTION_CANCELED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_CANCELED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_CANCELED", -1);
			break;
		case CKR_FUNCTION_NOT_PARALLEL:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_PARALLEL", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_PARALLEL", -1);
			break;
		case CKR_FUNCTION_NOT_SUPPORTED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_SUPPORTED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_NOT_SUPPORTED", -1);
			break;
		case CKR_KEY_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_HANDLE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_HANDLE_INVALID", -1);
			break;
		case CKR_KEY_SIZE_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_SIZE_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_SIZE_RANGE", -1);
			break;
		case CKR_KEY_TYPE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_TYPE_INCONSISTENT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_TYPE_INCONSISTENT", -1);
			break;
		case CKR_KEY_NOT_NEEDED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_NEEDED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_NEEDED", -1);
			break;
		case CKR_KEY_CHANGED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_CHANGED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_CHANGED", -1);
			break;
		case CKR_KEY_NEEDED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_NEEDED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_NEEDED", -1);
			break;
		case CKR_KEY_INDIGESTIBLE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_INDIGESTIBLE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_INDIGESTIBLE", -1);
			break;
		case CKR_KEY_FUNCTION_NOT_PERMITTED:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_FUNCTION_NOT_PERMITTED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_FUNCTION_NOT_PERMITTED", -1);
			break;
		case CKR_KEY_NOT_WRAPPABLE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_WRAPPABLE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_NOT_WRAPPABLE", -1);
			break;
		case CKR_KEY_UNEXTRACTABLE:
			return(Tcl_NewStringObj("PKCS11_ERROR KEY_UNEXTRACTABLE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR KEY_UNEXTRACTABLE", -1);
			break;
		case CKR_MECHANISM_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR MECHANISM_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR MECHANISM_INVALID", -1);
			break;
		case CKR_MECHANISM_PARAM_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR MECHANISM_PARAM_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR MECHANISM_PARAM_INVALID", -1);
			break;
		case CKR_OBJECT_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR OBJECT_HANDLE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR OBJECT_HANDLE_INVALID", -1);
			break;
		case CKR_OPERATION_ACTIVE:
			return(Tcl_NewStringObj("PKCS11_ERROR OPERATION_ACTIVE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR OPERATION_ACTIVE", -1);
			break;
		case CKR_OPERATION_NOT_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR OPERATION_NOT_INITIALIZED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR OPERATION_NOT_INITIALIZED", -1);
			break;
		case CKR_PIN_INCORRECT:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_INCORRECT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_INCORRECT", -1);
			break;
		case CKR_PIN_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_INVALID", -1);
			break;
		case CKR_PIN_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_LEN_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_LEN_RANGE", -1);
			break;
		case CKR_PIN_EXPIRED:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_EXPIRED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_EXPIRED", -1);
			break;
		case CKR_PIN_LOCKED:
			return(Tcl_NewStringObj("PKCS11_ERROR PIN_LOCKED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR PIN_LOCKED", -1);
			break;
		case CKR_SESSION_CLOSED:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_CLOSED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_CLOSED", -1);
			break;
		case CKR_SESSION_COUNT:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_COUNT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_COUNT", -1);
			break;
		case CKR_SESSION_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_HANDLE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_HANDLE_INVALID", -1);
			break;
		case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_PARALLEL_NOT_SUPPORTED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_PARALLEL_NOT_SUPPORTED", -1);
			break;
		case CKR_SESSION_READ_ONLY:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY", -1);
			break;
		case CKR_SESSION_EXISTS:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_EXISTS", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_EXISTS", -1);
			break;
		case CKR_SESSION_READ_ONLY_EXISTS:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY_EXISTS", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_ONLY_EXISTS", -1);
			break;
		case CKR_SESSION_READ_WRITE_SO_EXISTS:
			return(Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_WRITE_SO_EXISTS", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SESSION_READ_WRITE_SO_EXISTS", -1);
			break;
		case CKR_SIGNATURE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_INVALID", -1);
			break;
		case CKR_SIGNATURE_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_LEN_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SIGNATURE_LEN_RANGE", -1);
			break;
		case CKR_TEMPLATE_INCOMPLETE:
			return(Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCOMPLETE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCOMPLETE", -1);
			break;
		case CKR_TEMPLATE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCONSISTENT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR TEMPLATE_INCONSISTENT", -1);
			break;
		case CKR_TOKEN_NOT_PRESENT:
			return(Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_PRESENT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_PRESENT", -1);
			break;
		case CKR_TOKEN_NOT_RECOGNIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_RECOGNIZED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR TOKEN_NOT_RECOGNIZED", -1);
			break;
		case CKR_TOKEN_WRITE_PROTECTED:
			return(Tcl_NewStringObj("PKCS11_ERROR TOKEN_WRITE_PROTECTED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR TOKEN_WRITE_PROTECTED", -1);
			break;
		case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_HANDLE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_HANDLE_INVALID", -1);
			break;
		case CKR_UNWRAPPING_KEY_SIZE_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_SIZE_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_SIZE_RANGE", -1);
			break;
		case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_TYPE_INCONSISTENT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR UNWRAPPING_KEY_TYPE_INCONSISTENT", -1);
			break;
		case CKR_USER_ALREADY_LOGGED_IN:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_ALREADY_LOGGED_IN", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_ALREADY_LOGGED_IN", -1);
			break;
		case CKR_USER_NOT_LOGGED_IN:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_NOT_LOGGED_IN", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_NOT_LOGGED_IN", -1);
			break;
		case CKR_USER_PIN_NOT_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_PIN_NOT_INITIALIZED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_PIN_NOT_INITIALIZED", -1);
			break;
		case CKR_USER_TYPE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_TYPE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_TYPE_INVALID", -1);
			break;
		case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_ANOTHER_ALREADY_LOGGED_IN", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_ANOTHER_ALREADY_LOGGED_IN", -1);
			break;
		case CKR_USER_TOO_MANY_TYPES:
			return(Tcl_NewStringObj("PKCS11_ERROR USER_TOO_MANY_TYPES", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR USER_TOO_MANY_TYPES", -1);
			break;
		case CKR_WRAPPED_KEY_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_INVALID", -1);
			break;
		case CKR_WRAPPED_KEY_LEN_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_LEN_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPED_KEY_LEN_RANGE", -1);
			break;
		case CKR_WRAPPING_KEY_HANDLE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_HANDLE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_HANDLE_INVALID", -1);
			break;
		case CKR_WRAPPING_KEY_SIZE_RANGE:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_SIZE_RANGE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_SIZE_RANGE", -1);
			break;
		case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
			return(Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_TYPE_INCONSISTENT", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR WRAPPING_KEY_TYPE_INCONSISTENT", -1);
			break;
		case CKR_RANDOM_SEED_NOT_SUPPORTED:
			return(Tcl_NewStringObj("PKCS11_ERROR RANDOM_SEED_NOT_SUPPORTED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR RANDOM_SEED_NOT_SUPPORTED", -1);
			break;
		case CKR_RANDOM_NO_RNG:
			return(Tcl_NewStringObj("PKCS11_ERROR RANDOM_NO_RNG", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR RANDOM_NO_RNG", -1);
			break;
		case CKR_DOMAIN_PARAMS_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR DOMAIN_PARAMS_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR DOMAIN_PARAMS_INVALID", -1);
			break;
		case CKR_BUFFER_TOO_SMALL:
			return(Tcl_NewStringObj("PKCS11_ERROR BUFFER_TOO_SMALL", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR BUFFER_TOO_SMALL", -1);
			break;
		case CKR_SAVED_STATE_INVALID:
			return(Tcl_NewStringObj("PKCS11_ERROR SAVED_STATE_INVALID", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR SAVED_STATE_INVALID", -1);
			break;
		case CKR_INFORMATION_SENSITIVE:
			return(Tcl_NewStringObj("PKCS11_ERROR INFORMATION_SENSITIVE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR INFORMATION_SENSITIVE", -1);
			break;
		case CKR_STATE_UNSAVEABLE:
			return(Tcl_NewStringObj("PKCS11_ERROR STATE_UNSAVEABLE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR STATE_UNSAVEABLE", -1);
			break;
		case CKR_CRYPTOKI_NOT_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_NOT_INITIALIZED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_NOT_INITIALIZED", -1);
			break;
		case CKR_CRYPTOKI_ALREADY_INITIALIZED:
			return(Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_ALREADY_INITIALIZED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR CRYPTOKI_ALREADY_INITIALIZED", -1);
			break;
		case CKR_MUTEX_BAD:
			return(Tcl_NewStringObj("PKCS11_ERROR MUTEX_BAD", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR MUTEX_BAD", -1);
			break;
		case CKR_MUTEX_NOT_LOCKED:
			return(Tcl_NewStringObj("PKCS11_ERROR MUTEX_NOT_LOCKED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR MUTEX_NOT_LOCKED", -1);
			break;
		case CKR_NEW_PIN_MODE:
			return(Tcl_NewStringObj("PKCS11_ERROR NEW_PIN_MODE", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR NEW_PIN_MODE", -1);
			break;
		case CKR_NEXT_OTP:
			return(Tcl_NewStringObj("PKCS11_ERROR NEXT_OTP", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR NEXT_OTP", -1);
			break;
		case CKR_FUNCTION_REJECTED:
			return(Tcl_NewStringObj("PKCS11_ERROR FUNCTION_REJECTED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR FUNCTION_REJECTED", -1);
			break;
		case CKR_VENDOR_DEFINED:
			return(Tcl_NewStringObj("PKCS11_ERROR VENDOR_DEFINED", -1));
			retval = Tcl_NewStringObj("PKCS11_ERROR VENDOR_DEFINED", -1);
			break;
	}

	if (!retval) {
	return(Tcl_NewStringObj("PKCS11_ERROR UNKNOWN", -1));
		retval = Tcl_NewStringObj("PKCS11_ERROR UNKNOWN", -1);
	}

	Tcl_AppendPrintfToObj(retval, " LINE %i", lineNumber);

	return(retval);
}

MODULE_SCOPE Tcl_Obj *tclpkcs11_bytearray_to_string(const unsigned char *data, unsigned long datalen) {
	static char alphabet[] = "0123456789abcdef";
	unsigned long idx, bufidx;
	Tcl_Obj *retval;
	char buf[1024];

1277
1278
1279
1280
1281
1282
1283
1284

1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295

1296
1297
1298
1299
1300
1301
1302

1374
1375
1376
1377
1378
1379
1380

1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391

1392
1393
1394
1395
1396
1397
1398
1399








-
+










-
+









	return(TCL_OK);
}

MODULE_SCOPE int tclpkcs11_perform_pki(int encrypt, ClientData cd, Tcl_Interp *interp, int objc, Tcl_Obj *CONST objv[]) {
	struct tclpkcs11_interpdata *interpdata;
	struct tclpkcs11_handle *handle;
	unsigned char *input, resultbuf[1024];
	unsigned char *input, resultbuf[1024], *dummybuf;
	unsigned long tcl_strtobytearray_rv;
	Tcl_HashEntry *tcl_handle_entry;
	Tcl_Obj *pki_real_cmd;
	Tcl_Obj *tcl_keylist, **tcl_keylist_values, *tcl_keylist_key, *tcl_keylist_val;
	Tcl_Obj *tcl_mode, *tcl_input;
	Tcl_Obj *tcl_handle = NULL, *tcl_slotid = NULL, *tcl_objid = NULL;
	Tcl_Obj *tcl_result;
	long slotid_long;
	int tcl_keylist_llength, idx;
	int input_len;
	CK_ULONG resultbuf_len;
	CK_ULONG resultbuf_len, dummybuf_len;
	int sign, terminate;
	int tcl_rv;

	CK_SLOT_ID slotid;
	CK_OBJECT_HANDLE hObject;
	CK_ULONG foundObjs;
	CK_OBJECT_CLASS objectclass_pk;

1464
1465
1466
1467
1468
1469
1470

1471
1472
1473
1474
1475
1476
1477

1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575








+








	chk_rv = handle->pkcs11->C_FindObjectsInit(handle->session, template, sizeof(template) / sizeof(template[0]));
	if (chk_rv != CKR_OK) {
		Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

		return(TCL_ERROR);
	}

	foundObjs = 0;
	chk_rv = handle->pkcs11->C_FindObjects(handle->session, &hObject, 1, &foundObjs);
	if (chk_rv != CKR_OK) {
		Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

		handle->pkcs11->C_FindObjectsFinal(handle->session);

		return(TCL_ERROR);

1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499





1500
1501

1502
1503
1504
1505
1506
1507
1508
1509
1510

1586
1587
1588
1589
1590
1591
1592





1593
1594
1595
1596
1597
1598

1599


1600
1601
1602
1603
1604
1605
1606








-
-
-
-
-
+
+
+
+
+

-
+
-
-









	/* Perform the PKI operation (encrypt/decrypt) */
	input = Tcl_GetByteArrayFromObj(tcl_input, &input_len);
	if (encrypt) {
		sign = 0;
		chk_rv = handle->pkcs11->C_EncryptInit(handle->session, &mechanism, hObject);
		if (chk_rv != CKR_OK) {
			if (chk_rv == CKR_FUNCTION_NOT_SUPPORTED) {
				sign = 1;
				chk_rv = handle->pkcs11->C_SignInit(handle->session, &mechanism, hObject);
				if (chk_rv != CKR_OK) {
					Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));
			sign = 1;
			chk_rv = handle->pkcs11->C_SignInit(handle->session, &mechanism, hObject);
		}
		if (chk_rv != CKR_OK) {
			Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

					return(TCL_ERROR);
			return(TCL_ERROR);
				}
			}
		}

		resultbuf_len = sizeof(resultbuf);
		if (!sign) {
			chk_rv = handle->pkcs11->C_Encrypt(handle->session, input, input_len, resultbuf, &resultbuf_len);
		} else {
			/* Some PKCS#11 drivers will not accept pre-padded input, so we must unpad it here */

1525
1526
1527
1528
1529
1530
1531
1532
1533
1534



1535
1536
1537
1538
1539
1540
1541


1542
1543

1544
1545

1546
1547
1548
1549
1550
1551
1552

1621
1622
1623
1624
1625
1626
1627



1628
1629
1630




1631
1632
1633
1634
1635
1636

1637
1638

1639
1640
1641
1642
1643
1644
1645
1646








-
-
-
+
+
+
-
-
-
-



+
+

-
+

-
+








					}
				}
			}

			chk_rv = handle->pkcs11->C_Sign(handle->session, input, input_len, resultbuf, &resultbuf_len);
		}

		terminate = 0;
		if (chk_rv == CKR_OK) {
			terminate = 1;
		terminate = 1;
		if (chk_rv == CKR_OK || chk_rv == CKR_BUFFER_TOO_SMALL) {
			terminate = 0;
		} else {
			if (chk_rv == CKR_BUFFER_TOO_SMALL) {
				terminate = 1;
			}
		}

		if (terminate) {
			dummybuf = (unsigned char *) "";
			dummybuf_len = 0;
			if (!sign) {
				handle->pkcs11->C_EncryptFinal(handle->session, NULL, 0);
				handle->pkcs11->C_EncryptFinal(handle->session, dummybuf, &dummybuf_len);
			} else {
				handle->pkcs11->C_SignFinal(handle->session, NULL, 0);
				handle->pkcs11->C_SignFinal(handle->session, dummybuf, &dummybuf_len);
			}
		}

		if (chk_rv != CKR_OK) {
			Tcl_SetObjResult(interp, tclpkcs11_pkcs11_error(chk_rv));

			return(TCL_ERROR);