""" PKCS#11 return codes are exposed as Python exceptions inheriting from :class:`PKCS11Error`. """ class PKCS11Error(RuntimeError): """ Base exception for all PKCS#11 exceptions. """ class AnotherUserAlreadyLoggedIn(PKCS11Error): pass class AttributeTypeInvalid(PKCS11Error): pass class AttributeValueInvalid(PKCS11Error): pass class AttributeReadOnly(PKCS11Error): """ An attempt was made to set a value for an attribute which may not be set by the application, or which may not be modified by the application. """ class AttributeSensitive(PKCS11Error): """ An attempt was made to obtain the value of an attribute of an object which cannot be satisfied because the object is either sensitive or un-extractable. """ class ArgumentsBad(PKCS11Error): """ Bad arguments were passed into PKCS#11. This can indicate missing parameters to a mechanism or some other issue. Consult your PKCS#11 vendor documentation. """ class DataInvalid(PKCS11Error): """ The plaintext input data to a cryptographic operation is invalid. """ class DataLenRange(PKCS11Error): """ The plaintext input data to a cryptographic operation has a bad length. Depending on the operation's mechanism, this could mean that the plaintext data is too short, too long, or is not a multiple of some particular block size. """ class DomainParamsInvalid(PKCS11Error): """ Invalid or unsupported domain parameters were supplied to the function. Which representation methods of domain parameters are supported by a given mechanism can vary from token to token. """ class DeviceError(PKCS11Error): pass class DeviceMemory(PKCS11Error): """ The token does not have sufficient memory to perform the requested function. """ class DeviceRemoved(PKCS11Error): """ The token was removed from its slot during the execution of the function. """ class EncryptedDataInvalid(PKCS11Error): """ The encrypted input to a decryption operation has been determined to be invalid ciphertext. """ class EncryptedDataLenRange(PKCS11Error): """ The ciphertext input to a decryption operation has been determined to be invalid ciphertext solely on the basis of its length. Depending on the operation's mechanism, this could mean that the ciphertext is too short, too long, or is not a multiple of some particular block size. """ class ExceededMaxIterations(PKCS11Error): """ An iterative algorithm (for key pair generation, domain parameter generation etc.) failed because we have exceeded the maximum number of iterations. """ class FunctionCancelled(PKCS11Error): pass class FunctionFailed(PKCS11Error): pass class FunctionRejected(PKCS11Error): pass class FunctionNotSupported(PKCS11Error): pass class KeyHandleInvalid(PKCS11Error): pass class KeyIndigestible(PKCS11Error): pass class KeyNeeded(PKCS11Error): pass class KeyNotNeeded(PKCS11Error): pass class KeyNotWrappable(PKCS11Error): pass class KeySizeRange(PKCS11Error): pass class KeyTypeInconsistent(PKCS11Error): pass class KeyUnextractable(PKCS11Error): pass class GeneralError(PKCS11Error): """ In unusual (and extremely unpleasant!) circumstances, a function can fail with the return value CKR_GENERAL_ERROR. When this happens, the token and/or host computer may be in an inconsistent state, and the goals of the function may have been partially achieved. """ class HostMemory(PKCS11Error): """ The computer that the Cryptoki library is running on has insufficient memory to perform the requested function. """ class MechanismInvalid(PKCS11Error): """ Mechanism can not be used with requested operation. """ class MechanismParamInvalid(PKCS11Error): pass class MultipleObjectsReturned(PKCS11Error): """ Multiple objects matched the search parameters. """ class MultipleTokensReturned(PKCS11Error): """ Multiple tokens matched the search parameters. """ class NoEvent(PKCS11Error): """ No slot events were detected. """ class NoSuchKey(PKCS11Error): """ No key matching the parameters was found. """ class NoSuchToken(PKCS11Error): """ No token matching the parameters was found. """ class ObjectHandleInvalid(PKCS11Error): pass class OperationActive(PKCS11Error): """ There is already an active operation (or combination of active operations) which prevents Cryptoki from activating the specified operation. For example, an active object-searching operation would prevent Cryptoki from activating an encryption operation with C_EncryptInit. Or, an active digesting operation and an active encryption operation would prevent Cryptoki from activating a signature operation. Or, on a token which doesn't support simultaneous dual cryptographic operations in a session (see the description of the CKF_DUAL_CRYPTO_OPERATIONS flag in the CK_TOKEN_INFO structure), an active signature operation would prevent Cryptoki from activating an encryption operation. """ class OperationNotInitialized(PKCS11Error): pass class PinExpired(PKCS11Error): pass class PinIncorrect(PKCS11Error): pass class PinInvalid(PKCS11Error): pass class PinLenRange(PKCS11Error): """The specified PIN is too long or too short.""" class PinLocked(PKCS11Error): pass class PinTooWeak(PKCS11Error): pass class PublicKeyInvalid(PKCS11Error): pass class RandomNoRNG(PKCS11Error): pass class RandomSeedNotSupported(PKCS11Error): pass class SessionClosed(PKCS11Error): """ The session was closed during the execution of the function. """ class SessionCount(PKCS11Error): """ An attempt to open a session which does not succeed because there are too many existing sessions. """ class SessionExists(PKCS11Error): pass class SessionHandleInvalid(PKCS11Error): """ The session handle was invalid. This is usually caused by using an old session object that is not known to PKCS#11. """ class SessionReadOnly(PKCS11Error): """Attempted to write to a read-only session.""" class SessionReadOnlyExists(PKCS11Error): pass class SessionReadWriteSOExists(PKCS11Error): """ If the application calling :meth:`Token.open` already has a R/W SO session open with the token, then any attempt to open a R/O session with the token fails with this exception. """ class SignatureLenRange(PKCS11Error): pass class SignatureInvalid(PKCS11Error): pass class SlotIDInvalid(PKCS11Error): pass class TemplateIncomplete(PKCS11Error): """ Required attributes to create the object were missing. """ class TemplateInconsistent(PKCS11Error): """ Template values (including vendor defaults) are contradictory. """ class TokenNotPresent(PKCS11Error): """ The token was not present in its slot at the time that the function was invoked. """ class TokenNotRecognised(PKCS11Error): pass class TokenWriteProtected(PKCS11Error): pass class UnwrappingKeyHandleInvalid(PKCS11Error): pass class UnwrappingKeySizeRange(PKCS11Error): pass class UnwrappingKeyTypeInconsistent(PKCS11Error): pass class UserAlreadyLoggedIn(PKCS11Error): pass class UserNotLoggedIn(PKCS11Error): pass class UserPinNotInitialized(PKCS11Error): pass class UserTooManyTypes(PKCS11Error): """ An attempt was made to have more distinct users simultaneously logged into the token than the token and/or library permits. For example, if some application has an open SO session, and another application attempts to log the normal user into a session, the attempt may return this error. It is not required to, however. Only if the simultaneous distinct users cannot be supported does C_Login have to return this value. Note that this error code generalizes to true multi-user tokens. """ class WrappedKeyInvalid(PKCS11Error): pass class WrappedKeyLenRange(PKCS11Error): pass class WrappingKeyHandleInvalid(PKCS11Error): pass class WrappingKeySizeRange(PKCS11Error): pass class WrappingKeyTypeInconsistent(PKCS11Error): pass