trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec

 * Use the concepts and PKCS#11 objects described in the
   recently updated (still work in progress) storing trust spec.
 * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the
   the CKA_PUBLIC_KEY_INFO isn't defined yet.
 * Most notably, the association between certificates and stapled
   extensions is by public key.
 * Rework some of the tests to take into account the above.

3 files changed, 3 insertions, 0 deletions

diff --git a/common/attrs.c b/common/attrs.c
index 88906f4..8054e38 100644
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -657,6 +657,7 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr,
 	X (CKA_X_PEER)
 	X (CKA_X_DISTRUSTED)
 	X (CKA_X_CRITICAL)
+	X (CKA_X_PUBLIC_KEY_INFO)
 	X (CKA_NSS_URL)
 	X (CKA_NSS_EMAIL)
 	X (CKA_NSS_SMIME_INFO)
diff --git a/common/constants.c b/common/constants.c
index 3ff93bd..ca956d3 100644
--- a/common/constants.c
+++ b/common/constants.c
@@ -175,6 +175,7 @@ const p11_constant p11_constant_types[] = {
 	CT (CKA_X_PEER, "x-peer")
 	CT (CKA_X_DISTRUSTED, "x-distrusted")
 	CT (CKA_X_CRITICAL, "x-critical")
+	CT (CKA_X_PUBLIC_KEY_INFO, "x-public-key-info")
 	{ CKA_INVALID },
 };
 
diff --git a/common/pkcs11x.h b/common/pkcs11x.h
index dfb2a6c..d1c52c3 100644
--- a/common/pkcs11x.h
+++ b/common/pkcs11x.h
@@ -146,6 +146,7 @@ typedef CK_ULONG CK_X_ASSERTION_TYPE;
 #define CKO_X_CERTIFICATE_EXTENSION                  (CKO_X_VENDOR + 200)
 #define CKA_X_DISTRUSTED                             (CKA_X_VENDOR + 100)
 #define CKA_X_CRITICAL                               (CKA_X_VENDOR + 101)
+#define CKA_X_PUBLIC_KEY_INFO                        (CKA_X_VENDOR + 102)
 
 #endif /* CRYPTOKI_X_VENDOR_DEFINED */