Closed Bug 298513 Opened 15 years ago Closed 15 years ago

Implement pairwise consistency test for key transport key generation FIPS 140-2

Categories

(NSS :: Libraries, defect, P1)

3.10
Sun
Solaris
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: glenbeasley, Assigned: wtc)

References

Details

Implement pairwise consistency test after the generation of keys for key transport
when ever we generate a new key pair. (Conditional self test.)

VE 09.31.01
we are already doing this in pk11wrap, we need to move it into the softoken
under the PKCS#11 boundary. 
Summary: Implement pairwise consistency test for key transport key generation FIPS 140-2 → Implement pairwise consistency test for key transport key generation FIPS 140-2
Blocks: 298340
How is this bug different from bug 298514?
What needs to be done for this bug that does not also 
need to be done for bug 298514, and vice versa?
Are different functions involved? or ??
Nelson: bug 298514 is for public/private keypairs used for
*digital signature*.  This bug is for keypairs used for key
transport.

Although the patch in bug 298514 addresses this bug, I can't
mark this bug fixed until I've confirmed that all the FIPS
key transport methods have been covered.  (I've confirmed
that all the FIPS digital signature methods have been covered,
which is why bug 298514 was marked fixed.)
Status: NEW → ASSIGNED
This bug has been fixed by the patch in bug 298514.

RSA encryption is the only FIPS approved key transport
method that VE.09.31.01 applies to.  The other key
transport/establishment methods either use a symmetric
wrapping key (encrypting/wrapping with TDES or AES) or
require two public/private key pairs (Diffie-Hellman or
its elliptic curve variants).
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → 3.11
You need to log in before you can comment on or make changes to this bug.