Backport testpkcs11 from master branch
This backports testpkcs11.sh from master branch. Some tests were disabled due to the use of features not supported in 3.3.x versions. Namely the missing features are:
- ECC key generation without login
- "--load-pubkey" option
- "--test-sign" option
- Certificates do not inherit its ID from the private key
Previously, certificates were being marked as private objects (CKA_PRIVATE), depending on the PKCS#11 module default. This behaviour was changed to follow the master branch; now p11tool explicitly sets the GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE flag when creating a private key object and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE when creating a certificate or public key object.
Checklist
-
Code modified for feature -
Test suite updated with functionality tests -
Test suite updated with negative tests -
Documentation updated
Reviewer's checklist:
-
Any issues marked for closing are addressed -
There is a test suite reasonably covering new functionality or modifications -
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
-
This feature/change has adequate documentation added -
No obvious mistakes in the code