C_GetAttributeValue

This function operates as specified in PKCS#11 with the following extensions. With SafeNet ProtectToolkit-C it is possible to enumerate through all attributes for a given object. This extension is supported as follows.

Synopsis

C_GetAttributeValue(
        CK_SESSION_HANDLE hSession,
        CK_OBJECT_HANDLE hObject,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulCount 
);

The first call C_GetAttributeValue operates as follows to initialize the enumeration. 

CK_ATTRIBUTE at;
rv = C_GetAttributeValue(hSession, hObject, &at, 0);
 

Then, to get all the attributes, loop as follows:

for (;;) {
        at.type = CKA_ENUM_ATTRIBUTE;
        at.pValue = 0;
        rv = C_GetAttributeValue(hSession, hObject, &at, 1);
        if ( rv == CKR_ATTRIBUTE_TYPE_INVALID )
        break; /* got all the attributes */
}

Sensitive attributes are returned with the type and length information but an empty value, and also return a result value of CKR_ATTRIBUTE_SENSITIVE. On implementations where this extension is not supported, the calls to C_GetAttributeType are likely to fail with the CKR_ATTRIBUTE_TYPE_INVALID error code.

With a result code of CKR_OK or CKR_ATTRIBUTE_SENSITIVE, the CK_ATTRIBUTE structure has the type and valueLen fields set appropriately for the next attribute, however the pValuefield will be NULL_PTR. To retrieve the actual value of the attribute, it is necessary to allocate the required room for the value and then make a second call to C_GetAttributeValue.

Special processing or access checks may be made if the object is a Hardware Feature. See Hardware Feature Objects.


Customer Support Portal

SafeNet ProtectToolkit 5.7 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.