You have been subscribed to a public bug:
Description:
zkey: Fix re-enciphering of EP11 identity key of KMIP plugin
Symptom:
When re-enciphering the identity key and/or wrapping key of the zkey KMIP
plugin via 'zkey kms reencipher', the operation completes without an error, but
the secure keys are left un-reenciphered. A subsequent connection attempt with
the KMIP server will fail because the identity key is no longer valid.
Problem:
The re-enciphered secure key is not copied back into the key token buffer.
Also, the the public key part, i.e. the MACed SubjectPublicKeyInfo (SPKI)
structure must also be re-enciphered (i.e. re-MACed), since the MAC is
calculated with the EP11 master key.
Solution:
Copy the re-enciphered secure key back into the key token buffer, and also
re-encipher the public key part.
Reproduction: Perform a master key change on the EP11 APQNs used with the
KMIP plugin.
Problem-ID: 197605
Upstream-ID: 4e2ebe0370d9fb036b7554d5ac5df4418dbe0397
Preventive: yes
Date: 2022-04-08
Author: Ingo Franzki <ifran...@linux.ibm.com>
Component: s390-tools
== Comment: #1 - Ingo Franzki <ifran...@de.ibm.com> - 2022-04-08 09:57:45 ==
Upstream commit:
https://github.com/ibm-s390-linux/s390-tools/commit/4e2ebe0370d9fb036b7554d5ac5df4418dbe0397
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-197607 severity-high
targetmilestone-inin---
--
[Ubuntu 22.04] zkey: Fix re-enciphering of EP11 identity key of KMIP plugin
https://bugs.launchpad.net/bugs/1990520
You received this bug notification because you are a member of Kernel Packages,
which is subscribed to linux in Ubuntu.
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
