C_GetAttributeValue
Synopsis
C_GetAttributeValue(
CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE hObject,
CK_ATTRIBUTE_PTR pTemplate,
CK_ULONG ulCount
);
Description
This function operates as specified in PKCS#11 with the following extensions. With SafeNet ProtectToolkit-C it is possible to enumerate through all attributes for a given object. This extension is supported as follows.
The first call C_GetAttributeValue operates as follows to initialize the enumeration.
CK_ATTRIBUTE at;
rv = C_GetAttributeValue(hSession, hObject, &at, 0);
Then, to get all the attributes, loop as follows:
for (;;) {
at.type = CKA_ENUM_ATTRIBUTE;
at.pValue = 0;
rv = C_GetAttributeValue(hSession, hObject, &at, 1);
if ( rv == CKR_ATTRIBUTE_TYPE_INVALID )
break; /* got all the attributes */
}
Sensitive attributes are returned with the type and length information but an empty value, and also return a result value of CKR_ATTRIBUTE_SENSITIVE. On implementations where this extension is not supported, the calls to C_GetAttributeType are likely to fail with the CKR_ATTRIBUTE_TYPE_INVALID error code.
With a result code of CKR_OK or CKR_ATTRIBUTE_SENSITIVE, the CK_ATTRIBUTE structure has the type and valueLen fields set appropriately for the next attribute, however the pValuefield will be NULL_PTR. To retrieve the actual value of the attribute, it is necessary to allocate the required room for the value and then make a second call to C_GetAttributeValue.
Special processing or access checks may be made if the object is a Hardware Feature. See Hardware Feature Objects.