chaps: cope with inconsistent CKA_TOKEN values in keypair

Allow the user to specify different values of CKA_TOKEN for
the public and private parts of a keypair.

(Previously, if the user tried this they would end up with an
undeletable public key, because it would have the CKA_TOKEN
attribute as false, but would be stored in the token pool

This also involves separating the numbering spaces used for
handles in the fake token object pool and the fake session
object pool.

TEST=Chaps unit tests (with ASAN) plus PKCS11 tests

Change-Id: I23fa3c1781484dc6ef3c0216a785c766a019bc32
Reviewed-by: Darren Krahn <>
Commit-Queue: David Drysdale <>
Tested-by: David Drysdale <>
4 files changed