diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/module.c | 48 | ||||
-rw-r--r-- | src/session.c | 32 | ||||
-rw-r--r-- | src/slot.c | 62 |
3 files changed, 69 insertions, 73 deletions
diff --git a/src/module.c b/src/module.c index e2b2185..b1b82b0 100644 --- a/src/module.c +++ b/src/module.c @@ -25,7 +25,7 @@ create_mutex(void **mutex) if(!mutex) { - p11t_msg_print("null mutex passed to create_mutex"); + p11t_msg_print("CreateMutex: null mutex passed"); return CKR_ARGUMENTS_BAD; } @@ -45,7 +45,7 @@ destroy_mutex (void *mutex) if(!mutex) { - p11t_msg_print("destroying null mutex"); + p11t_msg_print("DestroyMutex: null mutex"); return CKR_MUTEX_BAD; } @@ -54,17 +54,17 @@ destroy_mutex (void *mutex) { if(res == EBUSY) { - p11t_msg_print("trying to destroy locked mutex"); + p11t_msg_print("DestroyMutex: mutex is locked"); return CKR_GENERAL_ERROR; } else if(res == EINVAL) { - p11t_msg_print("destroying invalid mutex used"); + p11t_msg_print("DestroyMutex: mutex is invalid"); return CKR_MUTEX_BAD; } else { - p11t_msg_print("couldn't destroy mutex: %d", res); + p11t_msg_print("DestroyMutex: failed: %d", res); return CKR_GENERAL_ERROR; } @@ -79,7 +79,7 @@ lock_mutex (void *mutex) int res; if (!mutex) { - p11t_msg_print("locking null mutex"); + p11t_msg_print("LockMutex: null mutex"); return CKR_MUTEX_BAD; } @@ -88,17 +88,17 @@ lock_mutex (void *mutex) { if(res == EDEADLK) { - p11t_msg_print("locking mutex would deadlock"); + p11t_msg_print("LockMutex: would deadlock"); return CKR_CANT_LOCK; } else if(res == EINVAL) { - p11t_msg_print("locking invalid mutex used"); + p11t_msg_print("LockMutex: invalid mutex used"); return CKR_MUTEX_BAD; } else { - p11t_msg_print("couldn't lock mutex: %d", res); + p11t_msg_print("LockMutex: failed: %d", res); return CKR_GENERAL_ERROR; } @@ -113,7 +113,7 @@ unlock_mutex (void *mutex) int res; if (!mutex) { - p11t_msg_print("unlocking null mutex"); + p11t_msg_print("UnlockMutex: null mutex"); return CKR_MUTEX_BAD; } @@ -122,17 +122,17 @@ unlock_mutex (void *mutex) { if(res == EPERM) { - p11t_msg_print("unlocking mutex without locked"); + p11t_msg_print("UnlockMutex: mutex not locked"); return CKR_MUTEX_NOT_LOCKED; } else if(res == EINVAL) { - p11t_msg_print("unlocking invalid mutex used"); + p11t_msg_print("UnlockMutex: invalid mutex used"); return CKR_MUTEX_BAD; } else { - p11t_msg_print("couldn't unlock mutex: %d", res); + p11t_msg_print("UnlockMutex: failed: %d", res); return CKR_GENERAL_ERROR; } @@ -159,21 +159,21 @@ p11t_module_load(const char *filename) /* Lookup the appropriate function in library */ get_function_list = (CK_C_GetFunctionList)dlsym (module, "C_GetFunctionList"); if(!get_function_list) - p11t_msg_fatal("couldn't find C_GetFunctionList function in library: %s: %s", filename, dlerror()); + p11t_msg_fatal("C_GetFunctionList: couldn't find function in library: %s: %s", filename, dlerror()); /* Get the function list */ rv = (get_function_list)(&p11t_module_funcs); if(rv != CKR_OK) - p11t_msg_fatal("couldn't get function list: %s", p11t_msg_rv(rv)); + p11t_msg_fatal("C_GetFunctiontList: couldn't get function list: %s", p11t_msg_rv(rv)); /** C_GetFunctionList */ rv = (p11t_module_funcs->C_GetFunctionList)(&list); if(rv != CKR_OK) - p11t_msg_print("C_GetFunctionList call through function list failed: %s", p11t_msg_rv(rv)); + p11t_msg_print("C_GetFunctionList: call through function list failed: %s", p11t_msg_rv(rv)); /** - See if returns same data as library entry point */ if(!memcmp(list, p11t_module_funcs, sizeof(*list)) != 0) - p11t_msg_print("function lists returned directly and recursively differ"); + p11t_msg_print("C_GetFunctionList: function lists returned directly and recursively differ"); } static int @@ -190,7 +190,7 @@ initialize_common(const char *mode) if (rv != CKR_OK) { if(rv != CKR_CANT_LOCK) - p11t_msg_print("C_Initialize failed (%s): %s", mode, p11t_msg_rv(rv)); + p11t_msg_print("C_Initialize: failed (%s): %s", mode, p11t_msg_rv(rv)); return 0; } else @@ -265,7 +265,7 @@ p11t_module_initialize(void) /** - NULL argument */ rv = (p11t_module_funcs->C_Initialize) (NULL); - p11t_check_returns("should succeed with null argument", rv, CKR_OK); + p11t_check_returns("C_Initialize: should succeed with null argument", rv, CKR_OK); is_initialized = 1; p11t_module_finalize(); @@ -281,16 +281,16 @@ p11t_module_initialize(void) /* Actually initialize with whatever succeeded last */ if(!init_func) - p11t_msg_fatal("no initialize succeded cannot continue"); + p11t_msg_fatal("C_Initialize: no initialize succeded cannot continue"); (init_func)(); if(!is_initialized) - p11t_msg_fatal("couldn't initialize pkcs11 module"); + p11t_msg_fatal("C_Initialize: couldn't initialize pkcs11 module"); /** - Double initialize in a row */ rv = (p11t_module_funcs->C_Initialize) (&init_args); if (rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) { - p11t_msg_print("double initialize should return CKR_CRYPTOKI_ALREADY_INITIALIZED: %s", p11t_msg_rv(rv)); + p11t_msg_print("C_Initialize: double initialize should return CKR_CRYPTOKI_ALREADY_INITIALIZED: %s", p11t_msg_rv(rv)); } else { @@ -308,7 +308,7 @@ p11t_module_finalize(void) { /** - With invalid argument */ rv = p11t_module_funcs->C_Finalize(&rv); - p11t_check_returns("C_Finalize bad argument", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_Finalize: bad argument", rv, CKR_ARGUMENTS_BAD); /** - Normal call */ assert(p11t_module_funcs); @@ -319,7 +319,7 @@ p11t_module_finalize(void) /** - Double finalize in a row */ rv = p11t_module_funcs->C_Finalize(NULL); - p11t_check_returns("C_Finalize not initialized", rv, CKR_CRYPTOKI_NOT_INITIALIZED); + p11t_check_returns("C_Finalize: double finalize", rv, CKR_CRYPTOKI_NOT_INITIALIZED); } void diff --git a/src/session.c b/src/session.c index a11fb50..d7dac8a 100644 --- a/src/session.c +++ b/src/session.c @@ -20,11 +20,11 @@ session_info(CK_SESSION_HANDLE session, CK_SLOT_ID slot, CK_FLAGS flags, CK_STAT /** - Invalid session */ rv = (p11t_module_funcs->C_GetSessionInfo)((CK_SESSION_HANDLE)-33, &info); - p11t_check_returns("C_GetSessionInfo with invalid session", rv, CKR_SESSION_HANDLE_INVALID); + p11t_check_returns("C_GetSessionInfo: with invalid session", rv, CKR_SESSION_HANDLE_INVALID); /** - NULL arguments */ rv = (p11t_module_funcs->C_GetSessionInfo)(session, NULL); - p11t_check_returns("C_GetSessionInfo with null", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_GetSessionInfo: with null", rv, CKR_ARGUMENTS_BAD); /** - Valid call */ rv = (p11t_module_funcs->C_GetSessionInfo)(session, &info); @@ -56,32 +56,32 @@ session_main(CK_SLOT_ID slot) /** - Invalid slot */ rv = (p11t_module_funcs->C_OpenSession)((CK_SLOT_ID)-5, CKF_SERIAL_SESSION, NULL, NULL, &session_ro); - p11t_check_returns("C_OpenSession with invalid slot", rv, CKR_SLOT_ID_INVALID); + p11t_check_returns("C_OpenSession: with invalid slot", rv, CKR_SLOT_ID_INVALID); /** - Null arguments */ rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_SERIAL_SESSION, NULL, NULL, NULL); - p11t_check_returns("C_OpenSession with invalid slot", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_OpenSession: with invalid slot", rv, CKR_ARGUMENTS_BAD); /** - No flags */ rv = (p11t_module_funcs->C_OpenSession)(slot, 0, NULL, NULL, &session_ro); - p11t_check_returns("C_OpenSession with 0 flags", rv, CKR_SESSION_PARALLEL_NOT_SUPPORTED); + p11t_check_returns("C_OpenSession: with 0 flags", rv, CKR_SESSION_PARALLEL_NOT_SUPPORTED); /** - Without serial flag */ rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_RW_SESSION, NULL, NULL, &session_ro); - p11t_check_returns("C_OpenSession with RW flags", rv, CKR_SESSION_PARALLEL_NOT_SUPPORTED); + p11t_check_returns("C_OpenSession: with RW flags", rv, CKR_SESSION_PARALLEL_NOT_SUPPORTED); /** - Valid flags */ rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_SERIAL_SESSION, NULL, NULL, &session_ro); - p11t_check_returns("C_OpenSession with serial flags", rv, CKR_OK); + p11t_check_returns("C_OpenSession: with serial flags", rv, CKR_OK); rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_SERIAL_SESSION, NULL, NULL, &session_ro2); - p11t_check_returns("C_OpenSession with serial flags", rv, CKR_OK); + p11t_check_returns("C_OpenSession: with serial flags", rv, CKR_OK); /** - Read write session */ rv = (p11t_module_funcs->C_OpenSession)(slot, CKF_SERIAL_SESSION | CKF_RW_SESSION, NULL, NULL, &session_rw); if(rv == CKR_TOKEN_WRITE_PROTECTED) session_rw = CK_INVALID; else - p11t_check_returns("C_OpenSession with read write flags", rv, CKR_OK); + p11t_check_returns("C_OpenSession: with read write flags", rv, CKR_OK); /* Test all the sessions and validate their state */ session_info(session_ro, slot, CKF_SERIAL_SESSION, CKS_RO_PUBLIC_SESSION); @@ -93,17 +93,17 @@ session_main(CK_SLOT_ID slot) /** - Invalid session */ rv = (p11t_module_funcs->C_CloseSession)((CK_SESSION_HANDLE)-10); - p11t_check_returns("C_CloseSession invalid handle", rv, CKR_SESSION_HANDLE_INVALID); + p11t_check_returns("C_CloseSession: invalid handle", rv, CKR_SESSION_HANDLE_INVALID); if(session_ro != CK_INVALID) { /** - Normal call */ rv = (p11t_module_funcs->C_CloseSession)(session_ro); - p11t_check_returns("C_CloseSession valid", rv, CKR_OK); + p11t_check_returns("C_CloseSession: valid", rv, CKR_OK); /** - Check open session was closed */ rv = (p11t_module_funcs->C_GetSessionInfo)(session_ro, &info); - p11t_check_returns("C_GetSessionInfo after close", rv, CKR_SESSION_HANDLE_INVALID); + p11t_check_returns("C_GetSessionInfo: after close", rv, CKR_SESSION_HANDLE_INVALID); /** - Close twice */ @@ -115,20 +115,20 @@ session_main(CK_SLOT_ID slot) */ rv = (p11t_module_funcs->C_CloseSession)(session_ro); - p11t_check_returns("C_CloseSession valid", rv, CKR_SESSION_HANDLE_INVALID); + p11t_check_returns("C_CloseSession: valid", rv, CKR_SESSION_HANDLE_INVALID); } if(session_rw != CK_INVALID) { rv = (p11t_module_funcs->C_CloseSession)(session_rw); - p11t_check_returns("C_CloseSession read write", rv, CKR_OK); + p11t_check_returns("C_CloseSession: read write", rv, CKR_OK); } /** C_CloseAllSessions */ /** - Invalid slot id */ rv = (p11t_module_funcs->C_CloseAllSessions)((CK_SLOT_ID)-34); - p11t_check_returns("C_CloseAllSessions invalid slot", rv, CKR_SLOT_ID_INVALID); + p11t_check_returns("C_CloseAllSessions: invalid slot", rv, CKR_SLOT_ID_INVALID); /** - Normal call */ rv = (p11t_module_funcs->C_CloseAllSessions)(slot); @@ -136,7 +136,7 @@ session_main(CK_SLOT_ID slot) /** - Check open session was closed */ rv = (p11t_module_funcs->C_GetSessionInfo)(session_ro2, &info); - p11t_check_returns("C_GetSessionInfo after close all", rv, CKR_SESSION_HANDLE_INVALID); + p11t_check_returns("C_GetSessionInfo: after close all", rv, CKR_SESSION_HANDLE_INVALID); /** - Call when no sessions open */ rv = (p11t_module_funcs->C_CloseAllSessions)(slot); @@ -28,7 +28,7 @@ slot_global(void) /** - NULL argument */ rv = (p11t_module_funcs->C_GetInfo)(NULL); - p11t_check_returns("C_GetInfo", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_GetInfo: null argument", rv, CKR_ARGUMENTS_BAD); /* Obvious crap fill */ memset(&p11t_slot_global, 0xFF, sizeof(CK_INFO)); @@ -41,10 +41,6 @@ slot_global(void) return; } - /** - Cryptoki version matches that in library entry point data */ - if(memcmp(&p11t_slot_global.cryptokiVersion, &p11t_module_funcs->version, sizeof(CK_VERSION)) != 0) - p11t_msg_print("version from CK_INFO.cryptokiVersion does not match from CK_FUNCTION_LIST.version"); - /** - Space padded strings in CK_INFO */ p11t_check_padded("CK_INFO.manufacturerID", p11t_slot_global.manufacturerID); p11t_check_padded("CK_INFO.libraryDescription", p11t_slot_global.libraryDescription); @@ -79,7 +75,7 @@ slot_info(void) /** - NULL arguments */ rv = (p11t_module_funcs->C_GetSlotList)(FALSE, NULL, NULL); - p11t_check_returns("C_GetSlotList", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_GetSlotList: null argument", rv, CKR_ARGUMENTS_BAD); /** - Retrieving the count */ rv = (p11t_module_funcs->C_GetSlotList)(FALSE, NULL, &p11t_slot_count); @@ -87,7 +83,7 @@ slot_info(void) if(p11t_slot_count == 0) { - p11t_msg_print("no slots to test"); + p11t_msg_print("C_GetSlotList: no slots to test"); return; } @@ -104,16 +100,16 @@ slot_info(void) /** - Passing buffer space along with zero count. */ count = 0; rv = (p11t_module_funcs->C_GetSlotList)(FALSE, p11t_slot_ids, &count); - p11t_check_returns("C_GetSlotList", rv, CKR_BUFFER_TOO_SMALL); - p11t_check_ulong("Count invalid zero space passed to C_GetSlotList", count, p11t_slot_count); + p11t_check_returns("C_GetSlotList: zero buffer", rv, CKR_BUFFER_TOO_SMALL); + p11t_check_ulong("C_GetSlotList: count invalid zero space passed", count, p11t_slot_count); if(p11t_slot_count > 1) { /** - Passing buffer space along with low count. */ count = 1; rv = (p11t_module_funcs->C_GetSlotList)(FALSE, p11t_slot_ids, &count); - p11t_check_returns("C_GetSlotList", rv, CKR_BUFFER_TOO_SMALL); - p11t_check_ulong("Count invalid when too little space passed to C_GetSlotList", count, p11t_slot_count); + p11t_check_returns("C_GetSlotList: low buffer", rv, CKR_BUFFER_TOO_SMALL); + p11t_check_ulong("C_GetSlotList: count invalid when too little space passed", count, p11t_slot_count); } /** - Passing too much buffer space. */ @@ -125,7 +121,7 @@ slot_info(void) return; } - p11t_check_ulong("Count invalid when too much space passed to C_GetSlotList", count, p11t_slot_count); + p11t_check_ulong("C_GetSlotList: count invalid when too much space passed", count, p11t_slot_count); /* When we ask for just token valid ones, they should only be the ones we noted with flags */ present = calloc(p11t_slot_count, sizeof(CK_SLOT_ID)); @@ -140,7 +136,7 @@ slot_info(void) /** - NULL argument */ rv = (p11t_module_funcs->C_GetSlotInfo)(p11t_slot_ids[i], NULL); - p11t_check_returns("C_GetSlotInfo", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_GetSlotInfo: null argument", rv, CKR_ARGUMENTS_BAD); /** - Normal call */ rv = (p11t_module_funcs->C_GetSlotInfo)(p11t_slot_ids[i], &p11t_slot_info[i]); @@ -164,11 +160,11 @@ slot_info(void) /** - Null arguments */ rv = (p11t_module_funcs->C_GetTokenInfo)(p11t_slot_ids[i], NULL); - p11t_check_returns("C_GetSlotInfo", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_GetTokenInfo: null arguments", rv, CKR_ARGUMENTS_BAD); /** - Normal call */ rv = (p11t_module_funcs->C_GetTokenInfo)(p11t_slot_ids[i], &p11t_slot_token_info[i]); - p11t_check_returns("C_GetSlotInfo", rv, CKR_OK); + p11t_check_returns("C_GetTokenInfo", rv, CKR_OK); /** - Space padded CK_TOKEN_INFO fields */ p11t_check_padded("CK_TOKEN_INFO.label", p11t_slot_token_info[i].label); @@ -209,7 +205,7 @@ slot_info(void) second < 0 || second > 50 || extra != 0) { - p11t_msg_print("invalid time on token: %s", buffer); + p11t_msg_print("C_GetTokenInfo: invalid time on token: %s", buffer); } } } @@ -217,19 +213,19 @@ slot_info(void) { /** - Calling on slot without token */ rv = (p11t_module_funcs->C_GetTokenInfo)(p11t_slot_ids[i], &p11t_slot_token_info[i]); - p11t_check_returns("C_GetSlotInfo", rv, CKR_TOKEN_NOT_PRESENT); + p11t_check_returns("C_GetSlotInfo: without token", rv, CKR_TOKEN_NOT_PRESENT); } } rv = (p11t_module_funcs->C_GetSlotList)(TRUE, only, &n_only); - p11t_check_returns("C_GetSlotList (only tokens)", rv, CKR_OK); + p11t_check_returns("C_GetSlotList: only tokens", rv, CKR_OK); - p11t_check_ulong("number of present tokens doesn't match token info flags. ie: CKF_TOKEN_PRESENT", n_only, n_present); + p11t_check_ulong("C_GetSlotInfo: number of present tokens doesn't match token info flags. ie: CKF_TOKEN_PRESENT", n_only, n_present); qsort(only, n_only, sizeof(CK_SLOT_ID), compar_slot_id); qsort(present, n_present, sizeof(CK_SLOT_ID), compar_slot_id); if(memcmp(only, present, sizeof(CK_SLOT_ID) * n_only) != 0) - p11t_msg_print("present tokens don't match those in token info flags. ie: CKF_TOKEN_PRESENT"); + p11t_msg_print("C_GetSlotInfo: present tokens don't match those in token info flags. ie: CKF_TOKEN_PRESENT"); } void @@ -259,7 +255,7 @@ slot_mechanisms(void) /* - Invalid Slot */ mech_count = 0; rv = (p11t_module_funcs->C_GetMechanismList)((CK_ULONG)-10, NULL, &mech_count); - p11t_check_returns("C_GetMechanismList invalid slot id", rv, CKR_SLOT_ID_INVALID); + p11t_check_returns("C_GetMechanismList: invalid slot id", rv, CKR_SLOT_ID_INVALID); p11t_slot_mech_count = calloc(p11t_slot_count, sizeof(CK_ULONG)); assert(p11t_slot_mech_count); @@ -274,11 +270,11 @@ slot_mechanisms(void) /** - Null arguments */ rv = (p11t_module_funcs->C_GetMechanismList)(slot_id, NULL, NULL); - p11t_check_returns("C_GetMechanismList null arguments", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_GetMechanismList: null arguments", rv, CKR_ARGUMENTS_BAD); /** - Without buffer */ rv = (p11t_module_funcs->C_GetMechanismList)(slot_id, NULL, &mech_count); - p11t_check_returns("C_GetMechanismList without buffer", rv, CKR_OK); + p11t_check_returns("C_GetMechanismList: without buffer", rv, CKR_OK); if(mech_count > 0) { @@ -288,23 +284,23 @@ slot_mechanisms(void) /** - Zero count but buffer present */ value = 0; rv = (p11t_module_funcs->C_GetMechanismList)(slot_id, mech_list, &value); - p11t_check_returns("C_GetMechanismList zero buffer", rv, CKR_BUFFER_TOO_SMALL); - p11t_check_ulong("should have number of mechs", value, mech_count); + p11t_check_returns("C_GetMechanismList: zero buffer", rv, CKR_BUFFER_TOO_SMALL); + p11t_check_ulong("C_GetMechanismList: should have number of mechs", value, mech_count); if(mech_count > 1) { /** - Low count but buffer present */ value = 1; rv = (p11t_module_funcs->C_GetMechanismList)(slot_id, mech_list, &value); - p11t_check_returns("C_GetMechanismList low buffer", rv, CKR_BUFFER_TOO_SMALL); - p11t_check_ulong("should have number of mechs", value, mech_count); + p11t_check_returns("C_GetMechanismList: low buffer", rv, CKR_BUFFER_TOO_SMALL); + p11t_check_ulong("C_GetMechanismList: should have number of mechs", value, mech_count); } /* - Call with too much buffer */ value = mech_count + 5; rv = (p11t_module_funcs->C_GetMechanismList)(slot_id, mech_list, &value); - p11t_check_returns("C_GetMechanismList high buffer", rv, CKR_OK); - p11t_check_ulong("should have number of mechs", value, mech_count); + p11t_check_returns("C_GetMechanismList: high buffer", rv, CKR_OK); + p11t_check_ulong("C_GetMechanismList: should have number of mechs", value, mech_count); mech_info = calloc(mech_count, sizeof(CK_MECHANISM_INFO)); @@ -314,15 +310,15 @@ slot_mechanisms(void) /** - Invalid mechanism */ rv = (p11t_module_funcs->C_GetMechanismInfo)(slot_id, (CK_ULONG)-10, mech_info); - p11t_check_returns("C_GetMechanismInfo with invalid mech", rv, CKR_MECHANISM_INVALID); + p11t_check_returns("C_GetMechanismInfo: with invalid mech", rv, CKR_MECHANISM_INVALID); /** - Null arguments */ rv = (p11t_module_funcs->C_GetMechanismInfo)(slot_id, mech_list[0], NULL); - p11t_check_returns("C_GetMechanismInfo with null arg", rv, CKR_ARGUMENTS_BAD); + p11t_check_returns("C_GetMechanismInfo: with null arg", rv, CKR_ARGUMENTS_BAD); /** - Invalid slot id */ rv = (p11t_module_funcs->C_GetMechanismInfo)((CK_ULONG)-11, mech_list[0], mech_info); - p11t_check_returns("C_GetMechanismInfo with invalid slot", rv, CKR_SLOT_ID_INVALID); + p11t_check_returns("C_GetMechanismInfo: with invalid slot", rv, CKR_SLOT_ID_INVALID); for(j = 0; j < mech_count; ++j) { @@ -331,7 +327,7 @@ slot_mechanisms(void) p11t_check_returns("C_GetMechanismInfo", rv, CKR_OK); if(mech_info[i].ulMinKeySize > mech_info[i].ulMaxKeySize) - p11t_msg_print("Mechanism min key size is greater than max"); + p11t_msg_print("C_GetMechanismInfo: Mechanism min key size is greater than max"); p11t_check_mask("CK_MECHANISM_INFO.flags", mech_info[i].flags, CKF_HW | CKF_ENCRYPT | CKF_DECRYPT | CKF_DIGEST | CKF_SIGN | |