pkcs11: Function added to retrieve multiple attributes from a single object.
authorTobias Brunner <tobias@strongswan.org>
Wed, 2 Nov 2011 16:09:43 +0000 (17:09 +0100)
committerTobias Brunner <tobias@strongswan.org>
Wed, 2 Nov 2011 19:27:54 +0000 (20:27 +0100)
src/libstrongswan/plugins/pkcs11/pkcs11_library.c
src/libstrongswan/plugins/pkcs11/pkcs11_library.h

index 4839ce3..97c3d2f 100644 (file)
@@ -619,6 +619,8 @@ typedef struct {
        CK_ATTRIBUTE_PTR attr;
        /* number of attributes */
        CK_ULONG count;
+       /* object handle in case of a single object */
+       CK_OBJECT_HANDLE object;
        /* currently allocated attributes, to free */
        linked_list_t *freelist;
 } object_enumerator_t;
@@ -685,11 +687,19 @@ METHOD(enumerator_t, object_enumerate, bool,
        CK_ULONG found;
        CK_RV rv;
 
-       rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
-       if (rv != CKR_OK)
+       if (!this->object)
        {
-               DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
-               return FALSE;
+               rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
+               if (rv != CKR_OK)
+               {
+                       DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
+                       return FALSE;
+               }
+       }
+       else
+       {
+               object = this->object;
+               found = 1;
        }
        if (found)
        {
@@ -700,7 +710,10 @@ METHOD(enumerator_t, object_enumerate, bool,
                                return FALSE;
                        }
                }
-               *out = object;
+               if (out)
+               {
+                       *out = object;
+               }
                return TRUE;
        }
        return FALSE;
@@ -709,7 +722,10 @@ METHOD(enumerator_t, object_enumerate, bool,
 METHOD(enumerator_t, object_destroy, void,
        object_enumerator_t *this)
 {
-       this->lib->f->C_FindObjectsFinal(this->session);
+       if (!this->object)
+       {
+               this->lib->f->C_FindObjectsFinal(this->session);
+       }
        free_attrs(this);
        this->freelist->destroy(this->freelist);
        free(this);
@@ -744,6 +760,27 @@ METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*,
        return &enumerator->public;
 }
 
+METHOD(pkcs11_library_t, create_object_attr_enumerator, enumerator_t*,
+       private_pkcs11_library_t *this, CK_SESSION_HANDLE session,
+       CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attr, CK_ULONG count)
+{
+       object_enumerator_t *enumerator;
+
+       INIT(enumerator,
+               .public = {
+                       .enumerate = (void*)_object_enumerate,
+                       .destroy = _object_destroy,
+               },
+               .session = session,
+               .lib = &this->public,
+               .attr = attr,
+               .count = count,
+               .object = object,
+               .freelist = linked_list_create(),
+       );
+       return &enumerator->public;
+}
+
 /**
  * Enumerator over mechanisms
  */
@@ -1035,6 +1072,7 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking)
                        .get_name = _get_name,
                        .get_features = _get_features,
                        .create_object_enumerator = _create_object_enumerator,
+                       .create_object_attr_enumerator = _create_object_attr_enumerator,
                        .create_mechanism_enumerator = _create_mechanism_enumerator,
                        .get_ck_attribute = _get_ck_attribute,
                        .destroy = _destroy,
index 9cfc016..e76e65e 100644 (file)
@@ -85,6 +85,24 @@ struct pkcs11_library_t {
                        CK_ATTRIBUTE_PTR attr, CK_ULONG acount);
 
        /**
+        * This is very similar to the object enumerator but is only used to
+        * easily retrieve multiple attributes from a single object for which
+        * a handle is already known.
+        *
+        * The given attribute array is automatically filled in with the
+        * associated attributes. If the value of an output attribute is NULL,
+        * the required memory gets allocated/freed during enumeration.
+        *
+        * @param session       session to use
+        * @param object        object handle
+        * @param attr          attributes to read from object
+        * @param count         number of attributes to read
+        */
+       enumerator_t* (*create_object_attr_enumerator)(pkcs11_library_t *this,
+                       CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+                       CK_ATTRIBUTE_PTR attr, CK_ULONG count);
+
+       /**
         * Create an enumerator over supported mechanisms of a token.
         *
         * The resulting enumerator enumerates over the mechanism type, and if