Fix issues with Unwrapping keys using tokens in FIPS mode.
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
People
(Reporter: rrelyea, Assigned: rrelyea)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
Currently, If we try to unwrap a key in FIPS mode using a private key stored in a token, but the key needs to be stored in the FIPS token, the unwrap fails. This shows up as CAC cards trying to read email when the token is in FIPS mode. This is because we aren' t able to just import a raw key value into the token in FIPS mode.
| Assignee | ||
Comment 1•4 months ago
|
||
Currently, If we try to unwrap a key in FIPS mode using a private key stored in a token, but the key needs to be stored in the FIPS token, the unwrap fails. This shows up as CAC cards trying to read email when the token is in FIPS mode. This is because we aren' t able to just import a raw key value into the token in FIPS mode.
The solution is to teach the internal pk11_ImportSymKeyWithTempl() how to import a key into a FIPS token, and allow it to do so when it's used in an unwrap simulation context.
Updated•4 months ago
|
| Assignee | ||
Updated•4 months ago
|
Description
•