Open Bug 2017995 Opened 4 months ago Updated 4 months ago

Fix issues with Unwrapping keys using tokens in FIPS mode.

Categories

(NSS :: Libraries, defect, P3)

Tracking

(Not tracked)

ASSIGNED

People

(Reporter: rrelyea, Assigned: rrelyea)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Currently, If we try to unwrap a key in FIPS mode using a private key stored in a token, but the key needs to be stored in the FIPS token, the unwrap fails. This shows up as CAC cards trying to read email when the token is in FIPS mode. This is because we aren' t able to just import a raw key value into the token in FIPS mode.

Assignee: nobody → rrelyea
Blocks: 2017787

Currently, If we try to unwrap a key in FIPS mode using a private key stored in a token, but the key needs to be stored in the FIPS token, the unwrap fails. This shows up as CAC cards trying to read email when the token is in FIPS mode. This is because we aren' t able to just import a raw key value into the token in FIPS mode.

The solution is to teach the internal pk11_ImportSymKeyWithTempl() how to import a key into a FIPS token, and allow it to do so when it's used in an unwrap simulation context.

Severity: -- → S3
Priority: -- → P3
Status: NEW → ASSIGNED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: