Vendor-Defined Error Codes

The table below lists the error codes that may be returned from SafeNet ProtectToolkit-C which are Vendor extensions to the PKCS#11 standard.

Table 1: SafeNet-defined Error Codes

Name

Value

Description

CKR_BIP32_CHILD_INDEX_INVALID 0x8000007B BIP32 private key cannot be produced due to passing an invalid index.
CKR_BIP32_INVALID_HARDENED_DERIVATION 0x8000007C Base public key used to derive a hardened BIP32 key. Private and hardened keys must be derived from private keys.
CKR_BIP32_MASTER_SEED_LEN_INVALID 0x8000007D CKK_GENERIC_SECRET used to derive a master BIP32 key has an invalid bit length. Use a seed within the accepted range of 128-512 bits.
CKR_BIP32_MASTER_SEED_INVALID 0x8000007E Invalid BIP32 public key generated from the seed provided.
CKR_BIP32_INVALID_KEY_PATH_LEN 0x8000007F  
CKR_TIME_STAMP

0x80000101

Not used

CKR_ACCESS_DENIED

0x80000102

Attempting to call C_InitToken when HSM configured for “No Clear Pins”
Use CT_InitToken instead.

CKR_CRYPTOKI_UNUSABLE

0x80000103

Not used

CKR_ENCODE_ERROR

0x80000104

Template encode/decode error. Usually internal error but may be caused by badly formed function request parameters.

CKR_V_CONFIG

0x80000105

Not used

CKR_SO_NOT_LOGGED_IN

0x80000106

Operation requires session to be in SO RW mode.

CKR_CERT_NOT_VALIDATED

0x80000107

Public key certificate chain not terminated by a TRUSTED certificate.

CKR_PIN_ALREADY_INITIALIZED

0x80000108

Calling C_InitPIN when PIN is already initialized. Use C_SetPIN instead.

CKR_REMOTE_SERVER_ERROR

0x8000010A

Not used

CKR_CSA_HW_ERROR

0x8000010B

Not used

CKR_NO_CHALLENGE

0x80000110

Not used

CKR_RESPONSE_INVALID

0x80000111

Failure to disable an FM

CKR_EVENT_LOG_NOT_FULL

0x80000113

Attempting to erase Event log when it is not full.

CKR_OBJECT_READ_ONLY

0x80000114

Attempting to C_DestroyObject with CKA_DELETABLE=TRUE

CKR_TOKEN_READ_ONLY

0x80000115

Not used

CKR_TOKEN_NOT_INITIALIZED

0x80000116

Attempting to Reset a Token that is not initialized

CKR_NOT_ADMIN_TOKEN

0x80000117

Attempting to create an object or write an attribute of an object on a normal token that should only be on an Admin token

CKR_AUTHENTICATION_REQUIRED

0x80000130

Not used

CKR_OPERATION_NOT_PERMITTED

0x80000131

Attempting to generate a timestamp when the RTC is not working or trusted.
PKCS#12 import package has more than one private key.

CKR_PKCS12_DECODE

0x80000132

PKCS#12 package corrupt

CKR_PKCS12_UNSUPPORTED_SAFEBAG_TYPE

0x80000133

PKCS#12 package contains unrecognised SAFEBAG

CKR_PKCS12_UNSUPPORTED_PRIVACY_MODE

0x80000134

PKCS#12 package contains unrecognised privacy (public key mode not psupported)

CKR_PKCS12_UNSUPPORTED_INTEGRITY_MODE

0x80000135

PKCS#12 package contains unrecognised integrity (should be MAC)

CKR_KEY_NOT_ACTIVE

0x80000136

Key has exceeded its usage limit or dates.

CKR_ET_NOT_ODD_PARITY

0x80000140

DES key being loaded into HSM has bad parity (should be odd) – fix key or enable “Des Keys Even Parity Allowed” mode (ctconf –fd)

CKR_CANNOT_DERIVE_KEYS

0x80000381

Internal error when establishing a secure messaging connection.

CKR_BAD_REQ_SIGNATURE

0x80000382

Corrupt request to HSM when using secure messaging (network or device driver error)

CKR_BAD_REPLY_SIGNATURE

0x80000383

Corrupt reply from HSM when using secure messaging (network or device driver error)

CKR_SMS_ERROR

0x80000384

General error from secure messaging system – probably caused by HSM failure or network failure.

CKR_BAD_PROTECTION

0x80000385

Cryptoki library has failed to apply proper secure message protection – internal error.

CKR_DEVICE_RESET

0x80000386

HSM has unexpectantly shutdown. Check the event log for errors (ctconf –e)

CKR_NO_SESSION_KEYS

0x80000387

Cryptoki library has failed to establish keys for secure message protection – internal error.

CKR_BAD_REPLY

0x80000388

Reply message from HSM is badly formatted (network or device driver error).

CKR_KEY_ROLLOVER

0x80000389

Secure messaging system has not implemented key rollover protocol properly

CKR_NEED_IV_UPDATE

0x80000310

Secure messaging system has not implemented key rollover protocol properly

CKR_DUPLICATE_IV_FOUND

0x80000311

Not used

CKR_BAD_REQUEST

0x80001001

Badly formed request message (network or device driver error)

CKR_BAD_ATTRIBUTE_PACKING

0x80001002

Cryptoki client has failed to encode attribute list correctly.

CKR_BAD_ATTRIBUTE_COUNT

0x80001003

Cryptoki client has failed to encode attribute list correctly.

CKR_BAD_PARAM_PACKING

0x80001004

Cryptoki client has failed to encode function parameters correctly.

CKR_EXTERN_DCP_ERROR

0x80001386

Not used

CKR_WLD_CONFIG_NOT_FOUND

0x80002001

ET_PTKC_WLD configuration data not consistent

CKR_WLD_CONFIG_ITEM_READ_FAILED

0x80002002

ET_PTKC_WLD configuration data not available

CKR_WLD_CONFIG_NO_TOKEN_LABEL

0x80002003

ET_PTKC_WLD configuration data not formatted correctly

CKR_WLD_CONFIG_TOKEN_LABEL_LEN

0x80002004

ET_PTKC_WLD configuration data not formatted correctly

CKR_WLD_CONFIG_TOKEN_SERIAL_NUM_LEN

0x80002005

ET_PTKC_WLD configuration data not formatted correctly

CKR_WLD_CONFIG_SLOT_DESCRIPTION_LEN

0x80002006

ET_PTKC_WLD configuration data not formatted correctly

CKR_WLD_CONFIG_ITEM_FORMAT_INVALID

0x80002007

ET_PTKC_WLD configuration data not formatted correctly

CKR_WLD_LOGIN_CACHE_INCONSISTENT

0x80002010

Internal error in cryptoki library where WLD values are inconsistent.

CKR_HA_MAX_SLOTS_INVALID_LEN

0x80003001

Too many virtual WLD slots are defined

CKR_HA_SESSION_HANDLE_INVALID

0x80003002

 

Unknown session handle passed to Cryptoki library.

CKR_HA_CANNOT_RECOVER_KEY

0x80003005

HA recovery process needs to create a key but is unable to

CKR_HA_NO_HSM

0x80003006

HA has tried to recover a lost session but no more working HSMs are available.

CKR_HA_OUT_OF_OBJS

0x80003007

The HA feature has reached its capacity to manage session objects – too many objects created.