Backport testpkcs11 from master branch (!712) · Merge requests · gnutls / GnuTLS

Anderson Sasaki requested to merge ansasaki/gnutls:test_pkcs11 into gnutls_3_3_x Jul 20, 2018

This backports testpkcs11.sh from master branch. Some tests were disabled due to the use of features not supported in 3.3.x versions. Namely the missing features are:

ECC key generation without login
"--load-pubkey" option
"--test-sign" option
Certificates do not inherit its ID from the private key

Previously, certificates were being marked as private objects (CKA_PRIVATE), depending on the PKCS#11 module default. This behaviour was changed to follow the master branch; now p11tool explicitly sets the GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE flag when creating a private key object and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE when creating a certificate or public key object.

Checklist

Code modified for feature
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Backport testpkcs11 from master branch

Checklist

Reviewer's checklist:

Merge request reports