pkcs11: Function added to retrieve multiple attributes from a single object.

2 files changed, 62 insertions, 6 deletions

diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
index 4839ce3c8..97c3d2fcf 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
@@ -619,6 +619,8 @@ typedef struct {
 	CK_ATTRIBUTE_PTR attr;
 	/* number of attributes */
 	CK_ULONG count;
+	/* object handle in case of a single object */
+	CK_OBJECT_HANDLE object;
 	/* currently allocated attributes, to free */
 	linked_list_t *freelist;
 } object_enumerator_t;
@@ -685,11 +687,19 @@ METHOD(enumerator_t, object_enumerate, bool,
 	CK_ULONG found;
 	CK_RV rv;
 
-	rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
-	if (rv != CKR_OK)
+	if (!this->object)
 	{
-		DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
-		return FALSE;
+		rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
+		if (rv != CKR_OK)
+		{
+			DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
+			return FALSE;
+		}
+	}
+	else
+	{
+		object = this->object;
+		found = 1;
 	}
 	if (found)
 	{
@@ -700,7 +710,10 @@ METHOD(enumerator_t, object_enumerate, bool,
 				return FALSE;
 			}
 		}
-		*out = object;
+		if (out)
+		{
+			*out = object;
+		}
 		return TRUE;
 	}
 	return FALSE;
@@ -709,7 +722,10 @@ METHOD(enumerator_t, object_enumerate, bool,
 METHOD(enumerator_t, object_destroy, void,
 	object_enumerator_t *this)
 {
-	this->lib->f->C_FindObjectsFinal(this->session);
+	if (!this->object)
+	{
+		this->lib->f->C_FindObjectsFinal(this->session);
+	}
 	free_attrs(this);
 	this->freelist->destroy(this->freelist);
 	free(this);
@@ -744,6 +760,27 @@ METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*,
 	return &enumerator->public;
 }
 
+METHOD(pkcs11_library_t, create_object_attr_enumerator, enumerator_t*,
+	private_pkcs11_library_t *this, CK_SESSION_HANDLE session,
+	CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attr, CK_ULONG count)
+{
+	object_enumerator_t *enumerator;
+
+	INIT(enumerator,
+		.public = {
+			.enumerate = (void*)_object_enumerate,
+			.destroy = _object_destroy,
+		},
+		.session = session,
+		.lib = &this->public,
+		.attr = attr,
+		.count = count,
+		.object = object,
+		.freelist = linked_list_create(),
+	);
+	return &enumerator->public;
+}
+
 /**
  * Enumerator over mechanisms
  */
@@ -1035,6 +1072,7 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking)
 			.get_name = _get_name,
 			.get_features = _get_features,
 			.create_object_enumerator = _create_object_enumerator,
+			.create_object_attr_enumerator = _create_object_attr_enumerator,
 			.create_mechanism_enumerator = _create_mechanism_enumerator,
 			.get_ck_attribute = _get_ck_attribute,
 			.destroy = _destroy,
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
index 9cfc0169d..e76e65e07 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
@@ -85,6 +85,24 @@ struct pkcs11_library_t {
 			CK_ATTRIBUTE_PTR attr, CK_ULONG acount);
 
 	/**
+	 * This is very similar to the object enumerator but is only used to
+	 * easily retrieve multiple attributes from a single object for which
+	 * a handle is already known.
+	 *
+	 * The given attribute array is automatically filled in with the
+	 * associated attributes. If the value of an output attribute is NULL,
+	 * the required memory gets allocated/freed during enumeration.
+	 *
+	 * @param session	session to use
+	 * @param object	object handle
+	 * @param attr		attributes to read from object
+	 * @param count		number of attributes to read
+	 */
+	enumerator_t* (*create_object_attr_enumerator)(pkcs11_library_t *this,
+			CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+			CK_ATTRIBUTE_PTR attr, CK_ULONG count);
+
+	/**
 	 * Create an enumerator over supported mechanisms of a token.
 	 *
 	 * The resulting enumerator enumerates over the mechanism type, and if