FreeRTOS: PKCS11
PKCS11 Cryptoki Library
Return to main page ↑
C_FindObjects

Initializes an object search operation.

CK_DECLARE_FUNCTION( CK_RV, C_FindObjects )( CK_SESSION_HANDLE hSession,
CK_OBJECT_HANDLE_PTR phObject,
CK_ULONG ulMaxObjectCount,
CK_ULONG_PTR pulObjectCount )
{
P11Session_t * pxSession = prvSessionPointerFromHandle( hSession );
CK_RV xResult = prvCheckValidSessionAndModule( pxSession );
CK_BYTE_PTR pucObjectValue = NULL;
CK_ULONG xObjectLength = 0;
/* See explanation in prvCheckValidSessionAndModule for this exception. */
/* coverity[misra_c_2012_rule_10_5_violation] */
CK_BBOOL xIsPrivate = ( CK_BBOOL ) CK_TRUE;
CK_BYTE xByte = 0;
CK_OBJECT_HANDLE xPalHandle = CK_INVALID_HANDLE;
CK_ULONG ulIndex;
/*
* Check parameters.
*/
if( ( NULL == phObject ) ||
( NULL == pulObjectCount ) )
{
xResult = CKR_ARGUMENTS_BAD;
}
if( xResult == CKR_OK )
{
if( pxSession->pxFindObjectLabel == NULL )
{
xResult = CKR_OPERATION_NOT_INITIALIZED;
}
if( 1u != ulMaxObjectCount )
{
xResult = CKR_ARGUMENTS_BAD;
PKCS11_WARNING_PRINT( ( "WARN: Searching for anything other than 1 object not supported. \r\n" ) );
}
}
if( xResult == CKR_OK )
{
/* Try to find the object in module's list first. */
prvFindObjectInListByLabel( pxSession->pxFindObjectLabel, pxSession->xFindObjectLabelLen, &xPalHandle, phObject );
/* Check with the PAL if the object was previously stored. */
if( *phObject == CK_INVALID_HANDLE )
{
xPalHandle = PKCS11_PAL_FindObject( pxSession->pxFindObjectLabel, pxSession->xFindObjectLabelLen );
}
if( xPalHandle != CK_INVALID_HANDLE )
{
xResult = PKCS11_PAL_GetObjectValue( xPalHandle, &pucObjectValue, &xObjectLength, &xIsPrivate );
if( xResult == CKR_OK )
{
for( ulIndex = 0; ulIndex < xObjectLength; ulIndex++ )
{
xByte = pucObjectValue[ ulIndex ];
if( xByte != 0UL )
{
break;
}
}
if( xByte == 0UL ) /* Deleted objects are overwritten completely w/ zero. */
{
*phObject = CK_INVALID_HANDLE;
}
else
{
xResult = prvAddObjectToList( xPalHandle, phObject, pxSession->pxFindObjectLabel, pxSession->xFindObjectLabelLen );
*pulObjectCount = 1;
}
PKCS11_PAL_GetObjectValueCleanup( pucObjectValue, xObjectLength );
}
}
else
{
/* Note: Objects living in header files are not destroyed. */
/* According to the PKCS #11 standard, not finding an object results in a CKR_OK return value with an object count of 0. */
*pulObjectCount = 0;
PKCS11_WARNING_PRINT( ( "WARN: Object with label '%s' not found. \r\n", ( char * ) pxSession->pxFindObjectLabel ) );
}
}
/* Clean up memory if there was an error finding the object. */
if( xResult != CKR_OK )
{
if( pxSession != NULL )
{
vPortFree( pxSession->pxFindObjectLabel );
pxSession->pxFindObjectLabel = NULL;
pxSession->xFindObjectLabelLen = 0;
}
}
return xResult;
}
See also
C_FindObjectsInit() which must be called before calling C_FindObjects() and C_FindObjectsFinal(), which must be called after.
Note
FindObjects parameters are shared by a session. Calling C_FindObjectsInit(), C_FindObjects(), and C_FindObjectsFinal() with the same session across different tasks may lead to unexpected results.
Parameters
[in]hSessionHandle of a valid PKCS #11 session.
[out]phObjectPoints to the handle of the object to be found.
[in]ulMaxObjectCountThe size of the phObject object handle array. In this port, this value should always be set to 1, as searching for multiple objects is not supported.
[out]pulObjectCountThe actual number of objects that are found. In this port, if an object is found this value will be 1, otherwise if the object is not found, it will be set to 0.
Note
In the event that an object does not exist, CKR_OK will be returned, but pulObjectCount will be set to 0.
Returns
CKR_OK if successful. Else, see PKCS #11 specification for more information.
CK_DECLARE_FUNCTION
#define CK_DECLARE_FUNCTION(returnType, name)
Macro for defining a PKCS #11 functions.
Definition: iot_pkcs11.h:66
PKCS11_PAL_FindObject
CK_OBJECT_HANDLE PKCS11_PAL_FindObject(CK_BYTE_PTR pxLabel, CK_ULONG usLength)
Translates a PKCS #11 label into an object handle.
C_FindObjects
CK_RV C_FindObjects(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE_PTR phObject, CK_ULONG ulMaxObjectCount, CK_ULONG_PTR pulObjectCount)
Initializes an object search operation.
Definition: iot_pkcs11_mbedtls.c:2974
prvFindObjectInListByLabel
static void prvFindObjectInListByLabel(const CK_BYTE_PTR pcLabel, CK_ULONG xLabelLength, CK_OBJECT_HANDLE_PTR pxPalHandle, CK_OBJECT_HANDLE_PTR pxAppHandle)
Searches the PKCS #11 module's object list for label and provides handle.
Definition: iot_pkcs11_mbedtls.c:926
prvSessionPointerFromHandle
static P11Session_t * prvSessionPointerFromHandle(CK_SESSION_HANDLE xSession)
Maps an opaque caller session handle into its internal state structure.
Definition: iot_pkcs11_mbedtls.c:287
P11Session_t::xFindObjectLabelLen
CK_ULONG xFindObjectLabelLen
Size of current search label.
Definition: iot_pkcs11_mbedtls.c:222
PKCS11_PAL_GetObjectValueCleanup
void PKCS11_PAL_GetObjectValueCleanup(CK_BYTE_PTR pucData, CK_ULONG ulDataSize)
Cleanup after PKCS11_GetObjectValue().
prvCheckValidSessionAndModule
static CK_RV prvCheckValidSessionAndModule(const P11Session_t *pxSession)
Helper to check if the current session is initialized and valid.
Definition: iot_pkcs11_mbedtls.c:248
PKCS11_PAL_GetObjectValue
CK_RV PKCS11_PAL_GetObjectValue(CK_OBJECT_HANDLE xHandle, CK_BYTE_PTR *ppucData, CK_ULONG_PTR pulDataSize, CK_BBOOL *pIsPrivate)
Gets the value of an object in storage, by handle.
P11Session_t
Session structure.
Definition: iot_pkcs11_mbedtls.c:217
prvAddObjectToList
static CK_RV prvAddObjectToList(CK_OBJECT_HANDLE xPalHandle, CK_OBJECT_HANDLE_PTR pxAppHandle, const CK_BYTE_PTR pcLabel, CK_ULONG xLabelLength)
Add an object that exists in NVM to the application object array.
Definition: iot_pkcs11_mbedtls.c:1033
PKCS11_WARNING_PRINT
#define PKCS11_WARNING_PRINT(X)
Macro for logging warnings in PKCS #11.
Definition: iot_pkcs11_mbedtls.c:110
P11Session_t::pxFindObjectLabel
CK_BYTE * pxFindObjectLabel
Pointer to the label for the search in progress. Should be NULL if no search in progress.
Definition: iot_pkcs11_mbedtls.c:221