Closed Bug 1890069 Opened 1 year ago Closed 1 year ago

CKM_EC_EDWARDS_KEY_PAIR_GEN for CKK_EC_EDWARDS fails

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: joachim, Unassigned)

References

Details

Attachments

(1 file)

Bug 1890069 - Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys r=#nss-reviewers,rrelyea
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce:

C_GenerateKeyPair with a CKM_EC_EDWARDS_KEY_PAIR_GEN mechanism with a CKK_EC_EDWARDS key type.

Actual results:

Key pair fails to generate due to a failure in pair-wise consistency test (PCT). PCT fails because CKA_DERIVE attribute is erroneously set to CK_TRUE for the generated private key, even though CKK_EC_EDWARDS cannot be used for key derivation (shared secret computation). This results in isDerivable = true and switch (keyType) { ending up in the default case. CKA_DERIVE is erroneously set to CK_TRUE in sftk_handlePrivateKeyObject because CKK_EC, CKK_EC_EDWARDS, and CKK_EC_MONTGOMERY are all handled in the same switch case.

Expected results:

Key pair generation succeeds

https://hg.mozilla.org/projects/nss/rev/5bb0eb39d0fc368e5cd275c0fbe3df4cbaeb1459

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
See Also: → 1918965
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: