pam_pkcs11
0.6.8
|
00001 /* ***** BEGIN LICENSE BLOCK ***** 00002 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 00003 * 00004 * The contents of this file are subject to the Mozilla Public License Version 00005 * 1.1 (the "License"); you may not use this file except in compliance with 00006 * the License. You may obtain a copy of the License at 00007 * http://www.mozilla.org/MPL/ 00008 * 00009 * Software distributed under the License is distributed on an "AS IS" basis, 00010 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 00011 * for the specific language governing rights and limitations under the 00012 * License. 00013 * 00014 * The Original Code is the Netscape security libraries. 00015 * 00016 * The Initial Developer of the Original Code is 00017 * Netscape Communications Corporation. 00018 * Portions created by the Initial Developer are Copyright (C) 1994-2000 00019 * the Initial Developer. All Rights Reserved. 00020 * 00021 * Contributor(s): 00022 * 00023 * Alternatively, the contents of this file may be used under the terms of 00024 * either the GNU General Public License Version 2 or later (the "GPL"), or 00025 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 00026 * in which case the provisions of the GPL or the LGPL are applicable instead 00027 * of those above. If you wish to allow use of your version of this file only 00028 * under the terms of either the GPL or the LGPL, and not to allow others to 00029 * use your version of this file under the terms of the MPL, indicate your 00030 * decision by deleting the provisions above and replace them with the notice 00031 * and other provisions required by the GPL or the LGPL. If you do not delete 00032 * the provisions above, a recipient may use your version of this file under 00033 * the terms of any one of the MPL, the GPL or the LGPL. 00034 * 00035 * ***** END LICENSE BLOCK ***** */ 00036 00037 /* SSL-specific security error codes */ 00038 /* caller must include "sslerr.h" */ 00039 00040 ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, 00041 "Unable to communicate securely. Peer does not support high-grade encryption.") 00042 00043 ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, 00044 "Unable to communicate securely. Peer requires high-grade encryption which is not supported.") 00045 00046 ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, 00047 "Cannot communicate securely with peer: no common encryption algorithm(s).") 00048 00049 ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, 00050 "Unable to find the certificate or key necessary for authentication.") 00051 00052 ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, 00053 "Unable to communicate securely with peer: peers's certificate was rejected.") 00054 00055 /* unused (SSL_ERROR_BASE + 5),*/ 00056 00057 ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, 00058 "The server has encountered bad data from the client.") 00059 00060 ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, 00061 "The client has encountered bad data from the server.") 00062 00063 ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, 00064 "Unsupported certificate type.") 00065 00066 ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, 00067 "Peer using unsupported version of security protocol.") 00068 00069 /* unused (SSL_ERROR_BASE + 10),*/ 00070 00071 ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, 00072 "Client authentication failed: private key in key database does not match public key in certificate database.") 00073 00074 ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, 00075 "Unable to communicate securely with peer: requested domain name does not match the server's certificate.") 00076 00077 /* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), 00078 defined in sslerr.h 00079 */ 00080 00081 ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), 00082 "Peer only supports SSL version 2, which is locally disabled.") 00083 00084 00085 ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), 00086 "SSL received a record with an incorrect Message Authentication Code.") 00087 00088 ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), 00089 "SSL peer reports incorrect Message Authentication Code.") 00090 00091 ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), 00092 "SSL peer cannot verify your certificate.") 00093 00094 ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), 00095 "SSL peer rejected your certificate as revoked.") 00096 00097 ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), 00098 "SSL peer rejected your certificate as expired.") 00099 00100 ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), 00101 "Cannot connect: SSL is disabled.") 00102 00103 ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), 00104 "Cannot connect: SSL peer is in another FORTEZZA domain.") 00105 00106 00107 ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), 00108 "An unknown SSL cipher suite has been requested.") 00109 00110 ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), 00111 "No cipher suites are present and enabled in this program.") 00112 00113 ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), 00114 "SSL received a record with bad block padding.") 00115 00116 ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), 00117 "SSL received a record that exceeded the maximum permissible length.") 00118 00119 ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), 00120 "SSL attempted to send a record that exceeded the maximum permissible length.") 00121 00122 /* 00123 * Received a malformed (too long or short or invalid content) SSL handshake. 00124 */ 00125 ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), 00126 "SSL received a malformed Hello Request handshake message.") 00127 00128 ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), 00129 "SSL received a malformed Client Hello handshake message.") 00130 00131 ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), 00132 "SSL received a malformed Server Hello handshake message.") 00133 00134 ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), 00135 "SSL received a malformed Certificate handshake message.") 00136 00137 ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), 00138 "SSL received a malformed Server Key Exchange handshake message.") 00139 00140 ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), 00141 "SSL received a malformed Certificate Request handshake message.") 00142 00143 ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), 00144 "SSL received a malformed Server Hello Done handshake message.") 00145 00146 ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), 00147 "SSL received a malformed Certificate Verify handshake message.") 00148 00149 ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), 00150 "SSL received a malformed Client Key Exchange handshake message.") 00151 00152 ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), 00153 "SSL received a malformed Finished handshake message.") 00154 00155 /* 00156 * Received a malformed (too long or short) SSL record. 00157 */ 00158 ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), 00159 "SSL received a malformed Change Cipher Spec record.") 00160 00161 ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), 00162 "SSL received a malformed Alert record.") 00163 00164 ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), 00165 "SSL received a malformed Handshake record.") 00166 00167 ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), 00168 "SSL received a malformed Application Data record.") 00169 00170 /* 00171 * Received an SSL handshake that was inappropriate for the state we're in. 00172 * E.g. Server received message from server, or wrong state in state machine. 00173 */ 00174 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), 00175 "SSL received an unexpected Hello Request handshake message.") 00176 00177 ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), 00178 "SSL received an unexpected Client Hello handshake message.") 00179 00180 ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), 00181 "SSL received an unexpected Server Hello handshake message.") 00182 00183 ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), 00184 "SSL received an unexpected Certificate handshake message.") 00185 00186 ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), 00187 "SSL received an unexpected Server Key Exchange handshake message.") 00188 00189 ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), 00190 "SSL received an unexpected Certificate Request handshake message.") 00191 00192 ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), 00193 "SSL received an unexpected Server Hello Done handshake message.") 00194 00195 ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), 00196 "SSL received an unexpected Certificate Verify handshake message.") 00197 00198 ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), 00199 "SSL received an unexpected Cllient Key Exchange handshake message.") 00200 00201 ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), 00202 "SSL received an unexpected Finished handshake message.") 00203 00204 /* 00205 * Received an SSL record that was inappropriate for the state we're in. 00206 */ 00207 ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), 00208 "SSL received an unexpected Change Cipher Spec record.") 00209 00210 ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), 00211 "SSL received an unexpected Alert record.") 00212 00213 ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), 00214 "SSL received an unexpected Handshake record.") 00215 00216 ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), 00217 "SSL received an unexpected Application Data record.") 00218 00219 /* 00220 * Received record/message with unknown discriminant. 00221 */ 00222 ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), 00223 "SSL received a record with an unknown content type.") 00224 00225 ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), 00226 "SSL received a handshake message with an unknown message type.") 00227 00228 ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), 00229 "SSL received an alert record with an unknown alert description.") 00230 00231 /* 00232 * Received an alert reporting what we did wrong. (more alerts above) 00233 */ 00234 ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), 00235 "SSL peer has closed this connection.") 00236 00237 ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), 00238 "SSL peer was not expecting a handshake message it received.") 00239 00240 ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), 00241 "SSL peer was unable to succesfully decompress an SSL record it received.") 00242 00243 ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), 00244 "SSL peer was unable to negotiate an acceptable set of security parameters.") 00245 00246 ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), 00247 "SSL peer rejected a handshake message for unacceptable content.") 00248 00249 ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), 00250 "SSL peer does not support certificates of the type it received.") 00251 00252 ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), 00253 "SSL peer had some unspecified issue with the certificate it received.") 00254 00255 00256 ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), 00257 "SSL experienced a failure of its random number generator.") 00258 00259 ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), 00260 "Unable to digitally sign data required to verify your certificate.") 00261 00262 ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), 00263 "SSL was unable to extract the public key from the peer's certificate.") 00264 00265 ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), 00266 "Unspecified failure while processing SSL Server Key Exchange handshake.") 00267 00268 ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), 00269 "Unspecified failure while processing SSL Client Key Exchange handshake.") 00270 00271 ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), 00272 "Bulk data encryption algorithm failed in selected cipher suite.") 00273 00274 ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), 00275 "Bulk data decryption algorithm failed in selected cipher suite.") 00276 00277 ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), 00278 "Attempt to write encrypted data to underlying socket failed.") 00279 00280 ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), 00281 "MD5 digest function failed.") 00282 00283 ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), 00284 "SHA-1 digest function failed.") 00285 00286 ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), 00287 "MAC computation failed.") 00288 00289 ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), 00290 "Failure to create Symmetric Key context.") 00291 00292 ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), 00293 "Failure to unwrap the Symmetric key in Client Key Exchange message.") 00294 00295 ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), 00296 "SSL Server attempted to use domestic-grade public key with export cipher suite.") 00297 00298 ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), 00299 "PKCS11 code failed to translate an IV into a param.") 00300 00301 ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), 00302 "Failed to initialize the selected cipher suite.") 00303 00304 ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), 00305 "Client failed to generate session keys for SSL session.") 00306 00307 ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), 00308 "Server has no key for the attempted key exchange algorithm.") 00309 00310 ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), 00311 "PKCS#11 token was inserted or removed while operation was in progress.") 00312 00313 ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), 00314 "No PKCS#11 token could be found to do a required operation.") 00315 00316 ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), 00317 "Cannot communicate securely with peer: no common compression algorithm(s).") 00318 00319 ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), 00320 "Cannot initiate another SSL handshake until current handshake is complete.") 00321 00322 ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), 00323 "Received incorrect handshakes hash values from peer.") 00324 00325 ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), 00326 "The certificate provided cannot be used with the selected key exchange algorithm.") 00327 00328 ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), 00329 "No certificate authority is trusted for SSL client authentication.") 00330 00331 ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), 00332 "Client's SSL session ID not found in server's session cache.") 00333 00334 ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), 00335 "Peer was unable to decrypt an SSL record it received.") 00336 00337 ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), 00338 "Peer received an SSL record that was longer than is permitted.") 00339 00340 ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), 00341 "Peer does not recognize and trust the CA that issued your certificate.") 00342 00343 ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), 00344 "Peer received a valid certificate, but access was denied.") 00345 00346 ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), 00347 "Peer could not decode an SSL handshake message.") 00348 00349 ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), 00350 "Peer reports failure of signature verification or key exchange.") 00351 00352 ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), 00353 "Peer reports negotiation not in compliance with export regulations.") 00354 00355 ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), 00356 "Peer reports incompatible or unsupported protocol version.") 00357 00358 ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), 00359 "Server requires ciphers more secure than those supported by client.") 00360 00361 ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), 00362 "Peer reports it experienced an internal error.") 00363 00364 ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), 00365 "Peer user canceled handshake.") 00366 00367 ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), 00368 "Peer does not permit renegotiation of SSL security parameters.") 00369 00370 ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103), 00371 "SSL server cache not configured and not disabled for this socket.")