[Bug 1840419] Comment bridged from LTC Bugzilla
--- Comment From heinz-werner_se...@de.ibm.com 2019-09-17 03:40 EDT--- IBM Bugzilla status -> closed, Fix Released with Ubuntu 18.04.3 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840419 Title: [Ubuntu] 18.04.3 - CKR_SIGNATURE_INVALID, CKR_FUNCTION_FAILED when running the rsa_tests from opencryptoki 3.9.0 on the ICA token To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1840419/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840419] Comment bridged from LTC Bugzilla
--- Comment From heinz-werner_se...@de.ibm.com 2019-09-13 06:05 EDT--- The tests are execute on opencryptoki/bionic-proposed (opencryptoki/bionic-proposed 3.9.0+dfsg-0ubuntu1.2 s390x) and run the rsa_test on the ICA token. Hands verified successfull done.. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840419 Title: [Ubuntu] 18.04.3 - CKR_SIGNATURE_INVALID, CKR_FUNCTION_FAILED when running the rsa_tests from opencryptoki 3.9.0 on the ICA token To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1840419/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840419] Comment bridged from LTC Bugzilla
--- Comment From heinz-werner_se...@de.ibm.com 2019-09-13 05:13 EDT--- this bugzilla can be closed, OCK behaves correctly, it returns CKR_MECHANISM_INVALID when an unsupported mechanism is specified in the PSS or OQEP parameters. That's as expected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840419 Title: [Ubuntu] 18.04.3 - CKR_SIGNATURE_INVALID, CKR_FUNCTION_FAILED when running the rsa_tests from opencryptoki 3.9.0 on the ICA token To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1840419/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840419] Comment bridged from LTC Bugzilla
--- Comment From heinz-werner_se...@de.ibm.com 2019-08-16 03:50 EDT--- Solution Backport of following git-commits - CKR_SIGNATURE_INVALID error => https://github.com/opencryptoki/opencryptoki/commit/02a5840afef2fd3b5879d4bed35e17c809341cf0 that came after 3.9.0. - CKR_MECHANISM_INVALID with RSA PKCS PSS Sign - RSA PKCS OAEP Encrypt and Decrypt: This test vector uses CKG_MGF1_SHA224 as MGF. SHA224 was not supported as MGF until commit => https://github.com/opencryptoki/opencryptoki/commit/f5e55194748fc52360adbf69f7a7e8168644cc3b that came after 3.9.0. All these problems are already fixed in 3.10.0 and need to be backported into 3.9.0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840419 Title: [Ubuntu] 18.04.3 - CKR_SIGNATURE_INVALID, CKR_FUNCTION_FAILED when running the rsa_tests from opencryptoki 3.9.0 on the ICA token To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1840419/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1840419] Comment bridged from LTC Bugzilla
--- Comment From heinz-werner_se...@de.ibm.com 2019-08-16 03:47 EDT--- Problem description (Tested with 18.04.2 but need be fixed with 18.04.3) === Ubuntu 18.04.2 system installed ( 4.15.0-55-generic kernel ) providing opencryptoki version 3.9.0, and libica version 3.2.1 The rsa_tests being part of the github opencryptoki package show failures. Total=717, Ran=591, Passed=560, Failed=31, Skipped=126, Errors=2 The problem is immediately reproducible. Details === Set up Ubuntu 18.04.2 with opencryptoki and libica3. Initialize the opencryptoki ICA token, compile and build the opencryptoki tests being part of the github opencryptoki package tagged as 3.9.0. After successful initialization, the ICA token is expected to be readily initialized as follows: # pkcsconf -t -c 0 Token #0 Info: Label: icatest Manufacturer: IBM Corp. Model: IBM ICA Serial Number: 123 Flags: 0x44D (RNG|LOGIN_REQUIRED|USER_PIN_INITIALIZED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED) Sessions: 0/18446744073709551614 R/W Sessions: 18446744073709551615/18446744073709551614 PIN Length: 4-8 Public Memory: 0x/0x Private Memory: 0x/0x Hardware Version: 1.0 Firmware Version: 1.0 Time: 17:48:54 export PKCS11_USER_PIN= and run the rsa_tess against the ICA token. Terminal ouptut === ... -- * TESTCASE do_SignVerifyRSA BEGIN RSA X.509 Sign and Verify with test vector 0, publ_exp='03', mod_bits='512', keylen='0'. * TESTCASE do_SignVerifyRSA FAIL (rsa_func.c:491) C_Verify(), rc=CKR_SIGNATURE_INVALID -- // Happening for test vectors 0 to 29 in the same way. ... -- * TESTCASE do_SignVerify_RSAPSS BEGIN RSA PKCS PSS Sign and Verify with test vector 3, publ_exp='010001', mod_bits='1024', keylen='0'. * TESTCASE do_SignVerify_RSAPSS ERROR (rsa_func.c:642)) C_DigestInit rc=CKR_MECHANISM_INVALID -- ... -- * TESTCASE do_EncryptDecryptRSA BEGIN RSA PKCS OAEP Encrypt and Decrypt with test vector 3. publ_exp='010001', modbits=1024, publ_exp_len=3, inputlen=28. * TESTCASE do_EncryptDecryptRSA ERROR (rsa_func.c:210)) C_Encrypt, rc=CKR_FUNCTION_FAILED -- ---uname output--- Linux t35lp22 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:21:03 UTC 2019 s390x s390x s390x GNU/Linux Machine Type = IBM 3906 ---Debugger--- A debugger is not configured ---Steps to Reproduce--- 1.) Install the opencryptoki and libica3 packages 2.) Add your user to the pkcs11 group: usermod -aG pkcs11 root and re-login 3.) run: systemctl start pkcsslotd.service 4.) compile and build the opencryptoki version 3.9.0 test cases using the GitHub package version 3.9 5.) run the rsa_tests from the testcases/crypto/ directory, against the ICA slot ./rsa_tests -slot Userspace tool common name: N/A The userspace tool has the following bit modes: 64bit Userspace rpm: opencryptoki -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1840419 Title: [Ubuntu] 18.04.3 - CKR_SIGNATURE_INVALID, CKR_FUNCTION_FAILED when running the rsa_tests from opencryptoki 3.9.0 on the ICA token To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1840419/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs