Option to delete object by index

Signed-off-by: Raul Metsma <raul@metsma.ee>

doc/tools/pkcs11-tool.1.xml

@@ -77,9 +77,9 @@
 					</term>
 					<listitem>
 						<para>
-		  					Specify hash algorithm used with RSA-PKCS-PSS signature or RSA-OAEP decryption.
-          					Allowed values are "SHA-1", "SHA256", "SHA384", "SHA512", and some tokens may 
-          					also allow "SHA224". Default is "SHA-1".
+							Specify hash algorithm used with RSA-PKCS-PSS signature or RSA-OAEP decryption.
+							Allowed values are "SHA-1", "SHA256", "SHA384", "SHA512", and some tokens may 
+							also allow "SHA224". Default is "SHA-1".
 						</para>
 						<para> 
 							Note that the input to RSA-PKCS-PSS has to be of the size equal to
@@ -396,6 +396,13 @@
 					<listitem><para>Specify the index of the slot to use.</para></listitem>
 				</varlistentry>
 
+				<varlistentry>
+					<term>
+						<option>--object-index</option> <replaceable>index</replaceable>
+					</term>
+					<listitem><para>Specify the index of the object to use.</para></listitem>
+				</varlistentry>
+
 				<varlistentry>
 					<term>
 						<option>--token-label</option> <replaceable>label</replaceable>
@@ -444,13 +451,13 @@
 					viewable after a login).</para></listitem>
 				</varlistentry>
 
-                                <varlistentry>
+				<varlistentry>
 					<term>
 						<option>--always-auth</option>
 					</term>
 					<listitem><para>Set the CKA_ALWAYS_AUTHENTICATE attribute to a private key object.
-                                        If set, the user has to supply the PIN for each use (sign or decrypt) with the key.</para>
-                                        </listitem>
+					If set, the user has to supply the PIN for each use (sign or decrypt) with the key.</para>
+					</listitem>
 				</varlistentry>
 
                                 <varlistentry>
@@ -580,7 +587,7 @@
 					</term>
 					<listitem><para>Write a key or certificate object to the token.
 					<replaceable>filename</replaceable> points to the DER-encoded certificate or key file.
-                                        </para></listitem>
+					</para></listitem>
 				</varlistentry>
 
 				<varlistentry>
@@ -588,7 +595,7 @@
 						<option>--generate-random</option> <replaceable>num</replaceable>
 					</term>
 					<listitem><para>Get <replaceable>num</replaceable> bytes of random data.
-                                        </para></listitem>
+					</para></listitem>
 				</varlistentry>
 
 			</variablelist>
@@ -603,7 +610,7 @@
 
 			To read the certificate with ID <replaceable>KEY_ID</replaceable>
 			in DER format from smart card:
-				<programlisting>pkcs11-tool --read-object  --id KEY_ID --type cert --output-file cert.der</programlisting>
+				<programlisting>pkcs11-tool --read-object --id KEY_ID --type cert --output-file cert.der</programlisting>
 
 			To convert the certificate in DER format to PEM format, use OpenSSL
 			tools:

src/tools/pkcs11-tool.c

@@ -155,7 +155,8 @@ enum {
 	OPT_VERIFY,
 	OPT_SIGNATURE_FILE,
 	OPT_ALWAYS_AUTH,
-	OPT_ALLOWED_MECHANISMS
+	OPT_ALLOWED_MECHANISMS,
+	OPT_OBJECT_INDEX
 };
 
 static const struct option options[] = {
@@ -206,6 +207,7 @@ static const struct option options[] = {
 	{ "slot",		1, NULL,		OPT_SLOT },
 	{ "slot-description",	1, NULL,		OPT_SLOT_DESCRIPTION },
 	{ "slot-index",		1, NULL,		OPT_SLOT_INDEX },
+	{ "object-index",		1, NULL,		OPT_OBJECT_INDEX },
 	{ "token-label",	1, NULL,		OPT_TOKEN_LABEL },
 	{ "set-id",		1, NULL,		'e' },
 	{ "attr-from",		1, NULL,		OPT_ATTR_FROM },
@@ -279,6 +281,7 @@ static const char *option_help[] = {
 	"Specify the ID of the slot to use",
 	"Specify the description of the slot to use",
 	"Specify the index of the slot to use",
+	"Specify the index of the object to use",
 	"Specify the token label of the slot to use",
 	"Set the CKA_ID of an object, <args>= the (new) CKA_ID",
 	"Use <arg> to create some attributes when writing an object",
@@ -315,6 +318,8 @@ static const char *	opt_slot_description = NULL;
 static const char *	opt_token_label = NULL;
 static CK_ULONG		opt_slot_index = 0;
 static int		opt_slot_index_set = 0;
+static CK_ULONG		opt_object_index = 0;
+static int		opt_object_index_set = 0;
 static CK_MECHANISM_TYPE opt_mechanism = 0;
 static int		opt_mechanism_used = 0;
 static const char *	opt_file_to_write = NULL;
@@ -799,6 +804,10 @@ int main(int argc, char * argv[])
 			opt_slot_index = (CK_ULONG) strtoul(optarg, NULL, 0);
 			opt_slot_index_set = 1;
 			break;
+		case OPT_OBJECT_INDEX:
+			opt_object_index = (CK_ULONG) strtoul(optarg, NULL, 0);
+			opt_object_index_set = 1;
+			break;
 		case OPT_TOKEN_LABEL:
 			if (opt_slot_set || opt_slot_description || opt_slot_index_set) {
 				fprintf(stderr, "Error: Only one of --slot, --slot-label, --slot-index or --token-label can be used\n");
@@ -1153,9 +1162,10 @@ int main(int argc, char * argv[])
 		if (opt_object_class_str == NULL)
 			util_fatal("You should specify type of the object to delete");
 		if (opt_object_id_len == 0 && opt_object_label == NULL &&
-				opt_application_label == NULL && opt_application_id == NULL)
+				opt_application_label == NULL && opt_application_id == NULL &&
+				opt_object_index_set == 0)
 			 util_fatal("You should specify at least one of the "
-					 "object ID, object label, application label or application ID");
+					 "object ID, object label, application label, application ID or object index");
 		delete_object(session);
 	}
 
@@ -4398,7 +4408,7 @@ static int delete_object(CK_SESSION_HANDLE session)
 		nn_attrs++;
 	}
 
-	rv = find_object_with_attributes(session, &obj, attrs, nn_attrs, 0);
+	rv = find_object_with_attributes(session, &obj, attrs, nn_attrs, opt_object_index);
 	if (rv != CKR_OK)
 		p11_fatal("find_object_with_attributes()", rv);
 	else if (obj==CK_INVALID_HANDLE)