OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Error codes for unsupported elliptic curves

Hi Valerie,

I looked into the error code returned by NSS when it receives an
unsupported named curve.

NSS returns CKR_DOMAIN_PARAMS_INVALID under that condition. I searched
for that error code in PKCS #11 v2.20 and believe it is the right
error code for an unsupported named curve.

=====
• CKR_DOMAIN_PARAMS_INVALID: Invalid or unsupported domain parameters
were supplied to the function. Which representation methods of domain parameters
are supported by a given mechanism can vary from token to token.
=====

=====
If an attempt to create, generate, derive, or unwrap an EC key of an
unsupported variety
(or of an unsupported size of a supported variety) is made, that
attempt should fail with
the error code CKR_TEMPLATE_INCONSISTENT. If an attempt to create, generate,
derive, or unwrap an EC key with invalid or of an unsupported
representation of domain
parameters is made, that attempt should fail with the error code
CKR_DOMAIN_PARAMS_INVALID. If an attempt to create, generate, derive, or
unwrap an EC key of an unsupported form is made, that attempt should
fail with the error
code CKR_TEMPLATE_INCONSISTENT.
=====

I think the use of CKR_TEMPLATE_INCONSISTENT can be improved though.

Wan-Teh

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]