Closed Bug 1989477 Opened 2 months ago Closed 1 month ago

CKM_ML_KEM_KEY_PAIR_GEN for CKK_ML_KEM fails

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: joachim, Unassigned)

Details

Attachments

(1 file)

Bug 1989477 - Ensure CKK_ML_KEM has derive CK_FALSE r=rrelyea
48 bytes, text/x-phabricator-request
Details | Review

Steps to reproduce:

C_GenerateKeyPair with a CKM_ML_KEM_KEY_PAIR_GEN mechanism with a CKK_ML_KEM key type.

Actual results:

Key pair fails to generate due to a failure in pair-wise consistency test (PCT). PCT fails because CKA_DERIVE attribute is erroneously set to CK_TRUE for the generated private key, even though CKK_ML_KEM cannot be used for derivation. This results in canDerive = true and switch (keyType) { ending up in the default case. CKA_DERIVE is erroneously set to CK_TRUE in sftk_handlePrivateKeyObject because it is not set to CK_FALSE for CKK_ML_KEM.

Expected results:

Key pair generation succeeds

(Note: this bug is almost identical to 1918965, so its solution will be as well)

Pushed by rrelyea@redhat.com:
https://hg.mozilla.org/projects/nss/rev/19c0b073c522
Ensure CKK_ML_KEM has derive CK_FALSE r=rrelyea

Status: UNCONFIRMED → RESOLVED
Closed: 1 month ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: