Expose vendor defined error code

Fixes #299

Author: thgoebel

cryptoki/src/error/rv.rs

@@ -2,13 +2,13 @@
 // SPDX-License-Identifier: Apache-2.0
 //! Function types
 
-use crate::context::Function;
+use crate::{context::Function, object::MAX_CU_ULONG};
 
 use super::{Error, Result, RvError};
 use cryptoki_sys::*;
 use log::error;
 
-#[derive(Copy, Clone, Debug)]
+#[derive(Copy, Clone, Debug, PartialEq, Eq)]
 /// Return value of a PKCS11 function
 pub enum Rv {
     /// The function exited successfully
@@ -116,7 +116,8 @@ impl From<CK_RV> for Rv {
             CKR_PIN_TOO_WEAK => Rv::Error(RvError::PinTooWeak),
             CKR_PUBLIC_KEY_INVALID => Rv::Error(RvError::PublicKeyInvalid),
             CKR_FUNCTION_REJECTED => Rv::Error(RvError::FunctionRejected),
-            CKR_VENDOR_DEFINED => Rv::Error(RvError::VendorDefined),
+            // Section 3.6 of v3.1: "Return values CKR_VENDOR_DEFINED and above are permanently reserved for token vendors."
+            CKR_VENDOR_DEFINED..=MAX_CU_ULONG => Rv::Error(RvError::VendorDefined(ck_rv)),
             other => {
                 error!(
                     "Can not find a corresponding error for {}, converting to GeneralError.",
@@ -137,3 +138,32 @@ impl Rv {
         }
     }
 }
+
+#[cfg(test)]
+mod test {
+    use super::{Rv, RvError};
+    use cryptoki_sys::*;
+
+    #[test]
+    fn vendor_defined_exact() {
+        let code = CKR_VENDOR_DEFINED;
+        let actual = Rv::from(code);
+        let expected = Rv::Error(RvError::VendorDefined(code));
+        assert_eq!(actual, expected);
+    }
+
+    #[test]
+    fn vendor_defined_higher() {
+        let code = CKR_VENDOR_DEFINED + 42;
+        let actual = Rv::from(code);
+        let expected = Rv::Error(RvError::VendorDefined(code));
+        assert_eq!(actual, expected);
+    }
+
+    #[test]
+    fn unknown_code() {
+        let actual = Rv::from(CKR_VENDOR_DEFINED - 42);
+        let expected = Rv::Error(RvError::GeneralError);
+        assert_eq!(actual, expected);
+    }
+}

cryptoki/src/error/rv_error.rs

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 //! Function types
 
+use cryptoki_sys::CK_RV;
 use std::fmt;
 
 #[derive(Debug, Copy, Clone, PartialEq, Eq)]
@@ -193,8 +194,8 @@ pub enum RvError {
     PublicKeyInvalid,
     /// The signature request is rejected by the user.
     FunctionRejected,
-    /// CKR_VENDOR_DEFINED
-    VendorDefined,
+    /// A vendor defined error code, CKR_VENDOR_DEFINED and above.
+    VendorDefined(CK_RV),
 }
 
 impl fmt::Display for RvError {
@@ -293,7 +294,7 @@ impl fmt::Display for RvError {
             RvError::PinTooWeak => write!(f, "The specified PIN is too weak so that it could be easy to guess.  If the PIN is too short, CKR_PIN_LEN_RANGE should be returned instead. This return code only applies to functions which attempt to set a PIN."),
             RvError::PublicKeyInvalid => write!(f, "The public key fails a public key validation.  For example, an EC public key fails the public key validation specified in Section 5.2.2 of ANSI X9.62. This error code may be returned by C_CreateObject, when the public key is created, or by C_VerifyInit or C_VerifyRecoverInit, when the public key is used.  It may also be returned by C_DeriveKey, in preference to  CKR_MECHANISM_PARAM_INVALID, if the other party's public key specified in the mechanism's parameters is invalid."),
             RvError::FunctionRejected => write!(f, "The signature request is rejected by the user."),
-            RvError::VendorDefined => write!(f, "CKR_VENDOR_DEFINED"),
+            RvError::VendorDefined(code) => write!(f, "CKR_VENDOR_DEFINED({code:#x})",),
         }
     }
 }

cryptoki/src/object.rs

@@ -14,7 +14,7 @@ use std::fmt::Formatter;
 use std::mem::size_of;
 use std::ops::Deref;
 
-const MAX_CU_ULONG: CK_ULONG = !0;
+pub(crate) const MAX_CU_ULONG: CK_ULONG = !0;
 
 #[derive(Debug, Copy, Clone, Ord, PartialOrd, Eq, PartialEq, Hash)]
 #[non_exhaustive]