Re: [Touch-packages] [Bug 1629370] Re: PKINIT fails with PKCS#11 middlware that implements PKCS#1 V2.1

Mon, 31 Oct 2016 14:35:57 -0700 

Thanks for the confirmation!

What name should I use for you in acknowledgments?


** Changed in: krb5 (Ubuntu)
       Status: New => Confirmed

** Tags added: patch-accepted-upstream

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1629370

Title:
  PKINIT fails with PKCS#11 middlware that implements PKCS#1 V2.1

Status in krb5 package in Ubuntu:
  Confirmed

Bug description:
  Problem: can't do PK-INIT with a smartcard PKCS#11 middleware that
  implements PKCS#1 v2.10

  $ kinit -E name.surname@something@REALM

  -> fails

  Diagnostic using PKCS11-SPY from OpenSC:

  16: C_Sign
  2016-09-16 14:31:53.265
  [in] hSession = 0x6bc3a70e
  [in] pData[ulDataLen] 0931e898 / 33
      00000000  30 1F 30 07 06 05 2B 0E 03 02 1A 04 14 17 07 D3  
0.0...+.........
      00000010  5A 2B F8 78 C0 FD CD 87 EE 25 08 C2 DD AA 50 3D  
Z+.x.....%....P=
      00000020  DC                                               .              
 
  Returned:  32 CKR_DATA_INVALID

  The signing algorithm is SHA1. However the Data Formatting is
  incorrect:

  30 1F 30 07 06 05 2B 0E 03 02 1A 04 14 17 07 D3 5A 2B F8 78 C0 FD CD
  87 EE 25 08 C2 DD AA 50 3D DC

  instead it should be:

  30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 17 07 D3 5A 2B F8 78 C0 FD CD 87 
EE 25 08 C2 DD AA 50 3D DC  
                        
  See the PKCS#1 paper (page 43) https://tools.ietf.org/html/rfc3447

  Extract:
  " 
  1. For the six hash functions mentioned in Appendix B.1, the DER
        encoding T of the DigestInfo value is equal to the following:

        MD2:     (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 02 05 00 04
                     10 || H.
        MD5:     (0x)30 20 30 0c 06 08 2a 86 48 86 f7 0d 02 05 05 00 04
                     10 || H.
        SHA-1:   (0x)30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 || H.
  "
                
  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: krb5-pkinit 1.12+dfsg-2ubuntu5.2
  Uname: Linux 3.13.0-68-generic x86_64
  Architecture: amd64
  Date: Fri Sep 30 12:49:09 CEST 2016
  ProcEnviron:
   PATH=(custom, user)
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  SourcePackage: krb5-pkinit

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1629370/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to