[23.04 FEAT] openCryptoki key generation with expected MKVP only on CCA and EP11 tokens
Bug #2003639 reported by
bugproxy
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
opencryptoki (Ubuntu) |
Fix Released
|
High
|
Skipper Bug Screeners |
Bug Description
Feature Description:
For the EP11 and CCA tokens allow to configure expected MKVPs.
Upon generation of a new secure key with C_GenerateKey, C_UnwrapKey, C_DeriveKey or C_CreateObject ensure that the MKVP of the generated key is equal to an expected MKVP.
Note that for CCA there are 4 different MKVPs for 4 different key classes. Return an error if that is not the case.
affects: | linux (Ubuntu) → opencryptoki (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in opencryptoki (Ubuntu): | |
importance: | Undecided → High |
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
Changed in opencryptoki (Ubuntu): | |
status: | New → Triaged |
Changed in ubuntu-z-systems: | |
status: | New → Triaged |
Changed in ubuntu-z-systems: | |
status: | Triaged → Fix Committed |
Changed in opencryptoki (Ubuntu): | |
status: | Triaged → Fix Committed |
information type: | Private → Public |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
------- Comment From <email address hidden> 2023-01-21 21:16 EDT------- /github. com/opencryptok i/opencryptoki/ releases/ tag/v3. 19.0
This feature is included in the latest released opencryptoki 3.19.0 as available at
https:/