Resolved. As Rob mentioned, I pulled the latest changes to libhal and rebuilt
the firmware. This fixes the error I was getting.
Thanks
________________________________
From: Tech <tech-boun...@cryptech.is> on behalf of Dominique Douglas
<doug...@dkey.org>
Sent: Saturday, March 9, 2019 9:07 AM
To: Rob Austein
Cc: tech@cryptech.is
Subject: Re: [Cryptech Tech] CrypTech parallel-signatures.py
Thanks. I'll pull those changes and test. I'll post the results to this mailing
list.
Dominque
________________________________
From: Rob Austein <s...@hactrn.net>
Sent: Friday, March 8, 2019 7:44 PM
To: Dominique Douglas
Cc: tech@cryptech.is
Subject: Re: [Cryptech Tech] CrypTech parallel-signatures.py
On Fri, 08 Mar 2019 16:41:49 -0500, Dominique Douglas wrote:
>
> I've been running performance test using a single alpha. To do this,
> I've been using the parallel-signatures.py script that's in
> libhal. It works well with one or two clients for 1024 and 2048 bit
> RSA keys. However, it crashes whenever I try to use 3+ clients. This
> includes the default 4 clients. Libhal is returning
> HAL_ERROR_ASN1_PARSE_FAILED. The failure is being returned from
> RPC_FUNC_PKEY_SIGN.
That's almost certainly the mkmif driver bug Paul mentioned having
fixed recently when we were all in Amsterdam a few weeks ago.
It's "obviously" a locking problem, because it's affected by the
number of (pseudo) threads running. That driver bug (since corrected)
causes mkmif to return garbage under load instead of the MKM KEK
value; unwrapping anything with garbage returns garbage, and garbage
fails to parse as valid PKCS #8, so this shows up as an ASN.1 error.
===
In which context, and it being a Friday evening, I feel compelled to
share the following (totally off-topic) tale from days of yore.
Date: Fri, 16 Dec 1994 23:43:33 -0500
From: Alan Bawden <a...@epilogue.com>
Cc: unix-hat...@mc.lcs.mit.edu
Subject: passwd -l
From: Rob Austein <s...@epilogue.com>
Date: Fri, 16 Dec 94 17:56:44 -0500
Date: Fri, 16 Dec 1994 17:39:46 -0500
From: Alan Bawden <a...@epilogue.com>
...
it says "passwd: connect: Connection refused".
It would be nice to be able to set my passwd, what's going on here?
Kerberos gets its fingers into the password changing stuff. The way
to change a password just on the local machine is "passwd -l".
Oh, of course, I should have guessed. "Connection refused". What else
could it mean? Obviously this means that Kerberos wants me to give the
"-l" argument to the "passwd" command. What could be more plain? Silly
me. Unix really isn't all that hard if only people would learn to -read-
the error messages.
It's perfectly straightforward -- "Connection refused" clearly means that
something -bad- happened (that's why the error message uses the negative
word "refused"), and it has something to do with -networks- (because the
error message uses the word "connection"). Put this together with the fact
that I was trying to change my password (-security-), and what do you get?
Let's see... "Bad" + "Network" + "Security"... Bad Network Security...
Hmm... Baaad Network Security. Bad. Bad dog! Bad! (Grrrrr.) Down boy.
(Grrr!!) Down! BAD! No! (GGRRRRAWWGGGRRRRRR!) Down! Bad dog! Stop
that! Eaiiii!... Right! Kerberos! The Network Security Dog From Hell!
What else could it be? The error message couldn't have been clearer.
Sorry for bothering you.
_______________________________________________
Tech mailing list
Tech@cryptech.is
https://lists.cryptech.is/listinfo/tech
