Closed Bug 1920671 Opened 16 days ago Closed 16 days ago

The X25519 deriveBits function should reject small-order points

Categories

(Firefox :: Untriaged, defect)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1920672

People

(Reporter: u738353, Unassigned)

Details

The Secure Curves spec [1] states the following in the X25519 DeriveBits operations:

  1. If secret is the all-zero value, then throw a OperationError. This check must be performed in constant-time, as per [RFC7748] Section 6.1.

This is the root cause of the following errors in WPT

https://wpt.fyi/results/WebCryptoAPI/derive_bits_keys/cfrg_curves_bits_curve25519.https.any.html?label=experimental&label=master&aligned

[1] https://wicg.github.io/webcrypto-secure-curves/#x25519-operations

Status: NEW → RESOLVED
Closed: 16 days ago
Duplicate of bug: 1920672
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.