Closed
Bug 1920671
Opened 16 days ago
Closed 16 days ago
The X25519 deriveBits function should reject small-order points
Categories
(Firefox :: Untriaged, defect)
Firefox
Untriaged
Tracking
()
RESOLVED
DUPLICATE
of bug 1920672
People
(Reporter: u738353, Unassigned)
Details
The Secure Curves spec [1] states the following in the X25519 DeriveBits operations:
- If secret is the all-zero value, then throw a OperationError. This check must be performed in constant-time, as per [RFC7748] Section 6.1.
This is the root cause of the following errors in WPT
[1] https://wicg.github.io/webcrypto-secure-curves/#x25519-operations
You need to log in
before you can comment on or make changes to this bug.
Description
•