Closed Bug 298513 Opened 15 years ago Closed 15 years ago
Implement pairwise consistency test for key transport key generation FIPS 140-2
Implement pairwise consistency test after the generation of keys for key transport when ever we generate a new key pair. (Conditional self test.) VE 09.31.01
we are already doing this in pk11wrap, we need to move it into the softoken under the PKCS#11 boundary.
Summary: Implement pairwise consistency test for key transport key generation FIPS 140-2 → Implement pairwise consistency test for key transport key generation FIPS 140-2
How is this bug different from bug 298514? What needs to be done for this bug that does not also need to be done for bug 298514, and vice versa? Are different functions involved? or ??
Nelson: bug 298514 is for public/private keypairs used for *digital signature*. This bug is for keypairs used for key transport. Although the patch in bug 298514 addresses this bug, I can't mark this bug fixed until I've confirmed that all the FIPS key transport methods have been covered. (I've confirmed that all the FIPS digital signature methods have been covered, which is why bug 298514 was marked fixed.)
Status: NEW → ASSIGNED
This bug has been fixed by the patch in bug 298514. RSA encryption is the only FIPS approved key transport method that VE.09.31.01 applies to. The other key transport/establishment methods either use a symmetric wrapping key (encrypting/wrapping with TDES or AES) or require two public/private key pairs (Diffie-Hellman or its elliptic curve variants).
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.11
You need to log in before you can comment on or make changes to this bug.