From 7d4941715b5afc2ef8ea18716990d28965737c70 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 4 Jul 2013 15:48:38 +0200 Subject: trust: Port to use CKA_PUBLIC_KEY_INFO and updated trust store spec * Use the concepts and PKCS#11 objects described in the recently updated (still work in progress) storing trust spec. * Define our own CKA_X_PUBLIC_KEY_INFO define for now, since the the CKA_PUBLIC_KEY_INFO isn't defined yet. * Most notably, the association between certificates and stapled extensions is by public key. * Rework some of the tests to take into account the above. --- common/attrs.c | 1 + common/constants.c | 1 + common/pkcs11x.h | 1 + 3 files changed, 3 insertions(+) (limited to 'common') diff --git a/common/attrs.c b/common/attrs.c index 88906f4..8054e38 100644 --- a/common/attrs.c +++ b/common/attrs.c @@ -657,6 +657,7 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr, X (CKA_X_PEER) X (CKA_X_DISTRUSTED) X (CKA_X_CRITICAL) + X (CKA_X_PUBLIC_KEY_INFO) X (CKA_NSS_URL) X (CKA_NSS_EMAIL) X (CKA_NSS_SMIME_INFO) diff --git a/common/constants.c b/common/constants.c index 3ff93bd..ca956d3 100644 --- a/common/constants.c +++ b/common/constants.c @@ -175,6 +175,7 @@ const p11_constant p11_constant_types[] = { CT (CKA_X_PEER, "x-peer") CT (CKA_X_DISTRUSTED, "x-distrusted") CT (CKA_X_CRITICAL, "x-critical") + CT (CKA_X_PUBLIC_KEY_INFO, "x-public-key-info") { CKA_INVALID }, }; diff --git a/common/pkcs11x.h b/common/pkcs11x.h index dfb2a6c..d1c52c3 100644 --- a/common/pkcs11x.h +++ b/common/pkcs11x.h @@ -146,6 +146,7 @@ typedef CK_ULONG CK_X_ASSERTION_TYPE; #define CKO_X_CERTIFICATE_EXTENSION (CKO_X_VENDOR + 200) #define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100) #define CKA_X_CRITICAL (CKA_X_VENDOR + 101) +#define CKA_X_PUBLIC_KEY_INFO (CKA_X_VENDOR + 102) #endif /* CRYPTOKI_X_VENDOR_DEFINED */ -- cgit v1.1