C_GetAttributeValue
This function operates as specified in PKCS#11 with the following extensions. With SafeNet ProtectToolkit-C it is possible to enumerate through all attributes for a given object. This extension is supported as follows.
Synopsis
C_GetAttributeValue( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount );
The first call C_GetAttributeValue operates as follows to initialize the enumeration.
CK_ATTRIBUTE at;
rv = C_GetAttributeValue(hSession, hObject, &at, 0);
Then, to get all the attributes, loop as follows:
for (;;) { at.type = CKA_ENUM_ATTRIBUTE; at.pValue = 0; rv = C_GetAttributeValue(hSession, hObject, &at, 1); if ( rv == CKR_ATTRIBUTE_TYPE_INVALID ) break; /* got all the attributes */ }
Sensitive attributes are returned with the type and length information but an empty value, and also return a result value of CKR_ATTRIBUTE_SENSITIVE. On implementations where this extension is not supported, the calls to C_GetAttributeType are likely to fail with the CKR_ATTRIBUTE_TYPE_INVALID error code.
With a result code of CKR_OK or CKR_ATTRIBUTE_SENSITIVE, the CK_ATTRIBUTE structure has the type and valueLen fields set appropriately for the next attribute, however the pValuefield will be NULL_PTR. To retrieve the actual value of the attribute, it is necessary to allocate the required room for the value and then make a second call to C_GetAttributeValue.
Special processing or access checks may be made if the object is a Hardware Feature. See Hardware Feature Objects.