Cryptoki: a cryptographic Token Interface



Download 360.55 Kb.
Page73/196
Date22.12.2023
Size360.55 Kb.
#63026
1   ...   69   70   71   72   73   74   75   76   ...   196
v201-95
pkcs11-base-v2.40-cos01

10.1. Function return values


The Cryptoki interface possesses a large number of functions and return values. In Section , we enumerate the various possible return values for Cryptoki functions; most of the remainder of Section details the behavior of Cryptoki functions, including what values each of them may return.
Because of the complexity of the Cryptoki specification, it is recommended that Cryptoki applications attempt to give some leeway when interpreting Cryptoki functions’ return values. We have attempted to specify the behavior of Cryptoki functions as completely as was feasible; nevertheless, there are presumably some gaps. For example, it is possible that a particular error code which might apply to a particular Cryptoki function is unfortunately not actually listed in the description of that function as a possible error code. It is conceivable that the developer of a Cryptoki library might nevertheless permit his/her implementation of that function to return that error code. It would clearly be somewhat ungraceful if a Cryptoki application using that library were to terminate by abruptly dumping core upon receiving that error code for that function. It would be far preferable for the application to examine the function’s return value, see that it indicates some sort of error (even if the application doesn’t know precisely what kind of error), and behave accordingly.
See Section for some specific details on how a developer might attempt to make an application that accommodates a range of behaviors from Cryptoki libraries.

10.1.1. Universal Cryptoki function return values


Any Cryptoki function can return any of the following values:

  • CKR_GENERAL_ERROR: Some horrible, unrecoverable error has occurred. In the worst case, it is possible that the function only partially succeeded, and that the computer and/or token is in an inconsistent state.

  • CKR_HOST_MEMORY: The computer that the Cryptoki library is running on has insufficient memory to perform the requested function.

  • CKR_FUNCTION_FAILED: The requested function could not be performed, but detailed information about why not is not available in this error return. If the failed function uses a session, it is possible that the CK_SESSION_INFO structure that can be obtained by calling C_GetSessionInfo will hold useful information about what happened in its ulDeviceError field. In any event, although the function call failed, the situation is not necessarily totally hopeless, as it is likely to be when CKR_GENERAL_ERROR is returned. Depending on what the root cause of the error actually was, it is possible that an attempt to make the exact same function call again would succeed.

  • CKR_OK: The function executed successfully. Technically, CKR_OK is not quite a “universal” return value; in particular, the legacy functions C_GetFunctionStatus and C_CancelFunction (see Section ) cannot return CKR_OK.

The relative priorities of these errors are in the order listed above, e.g., if either of CKR_GENERAL_ERROR or CKR_HOST_MEMORY would be an appropriate error return, then CKR_GENERAL_ERROR should be returned.

Download 360.55 Kb.

Share with your friends:
1   ...   69   70   71   72   73   74   75   76   ...   196



The database is protected by copyright ©ininet.org 2024
send message
    Main page
project coordinator