** Description changed:
- Description will follow
+ Problem description (Tested with 18.04.2 but need be fixed with 18.04.3)
+ =======
+ Ubuntu 18.04.2 system installed ( 4.15.0-55-generic kernel ) providing
+ opencryptoki version 3.9.0, and libica version 3.2.1
+ The rsa_tests being part of the github opencryptoki package show failures.
+ Total=717, Ran=591, Passed=560, Failed=31, Skipped=126, Errors=2
+ The problem is immediately reproducible.
+
+ Details
+ =======
+ Set up Ubuntu 18.04.2 with opencryptoki and libica3.
+ Initialize the opencryptoki ICA token, compile and build the opencryptoki
tests
+ being part of the github opencryptoki package tagged as 3.9.0.
+ After successful initialization, the ICA token is expected to be readily
initialized
+ as follows:
+
+ # pkcsconf -t -c 0
+ Token #0 Info:
+ Label: icatest
+ Manufacturer: IBM Corp.
+ Model: IBM ICA
+ Serial Number: 123
+ Flags: 0x44D
(RNG|LOGIN_REQUIRED|USER_PIN_INITIALIZED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED)
+ Sessions: 0/18446744073709551614
+ R/W Sessions: 18446744073709551615/18446744073709551614
+ PIN Length: 4-8
+ Public Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF
+ Private Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF
+ Hardware Version: 1.0
+ Firmware Version: 1.0
+ Time: 17:48:54
+
+ export PKCS11_USER_PIN=<Your PIN> and run the rsa_tess against the ICA
+ token.
+
+ Terminal ouptut
+ ===============
+ ...
+ ------
+ * TESTCASE do_SignVerifyRSA BEGIN RSA X.509 Sign and Verify with test vector
0,
+ publ_exp='03', mod_bits='512', keylen='0'.
+ * TESTCASE do_SignVerifyRSA FAIL (rsa_func.c:491) C_Verify(),
rc=CKR_SIGNATURE_INVALID
+ ------
+ // Happening for test vectors 0 to 29 in the same way.
+ ...
+ ------
+ * TESTCASE do_SignVerify_RSAPSS BEGIN RSA PKCS PSS Sign and Verify with test
vector 3,
+ publ_exp='010001', mod_bits='1024', keylen='0'.
+ * TESTCASE do_SignVerify_RSAPSS ERROR (rsa_func.c:642)) C_DigestInit
rc=CKR_MECHANISM_INVALID
+ ------
+ ...
+ ------
+ * TESTCASE do_EncryptDecryptRSA BEGIN RSA PKCS OAEP Encrypt and Decrypt with
test vector 3.
+ publ_exp='010001', modbits=1024, publ_exp_len=3, inputlen=28.
+ * TESTCASE do_EncryptDecryptRSA ERROR (rsa_func.c:210)) C_Encrypt,
rc=CKR_FUNCTION_FAILED
+ ------
+
+ ---uname output---
+ Linux t35lp22 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:21:03 UTC 2019
s390x s390x s390x GNU/Linux
+
+ Machine Type = IBM 3906
+
+ ---Debugger---
+ A debugger is not configured
+
+ ---Steps to Reproduce---
+ 1.) Install the opencryptoki and libica3 packages
+ 2.) Add your user to the pkcs11 group: usermod -aG pkcs11 root and re-login
+ 3.) run: systemctl start pkcsslotd.service
+ 4.) compile and build the opencryptoki version 3.9.0 test cases using the
+ GitHub package version 3.9
+ 5.) run the rsa_tests from the testcases/crypto/ directory, against the ICA
slot
+ ./rsa_tests -slot <N>
+
+ Userspace tool common name: N/A
+
+ The userspace tool has the following bit modes: 64bit
** Also affects: ubuntu-z-systems
Importance: Undecided
Status: New
** Changed in: ubuntu-z-systems
Status: New => Triaged
** Changed in: ubuntu-z-systems
Importance: Undecided => High
** Changed in: ubuntu-z-systems
Importance: High => Critical
** Changed in: ubuntu-z-systems
Assignee: (unassigned) => Canonical Foundations Team
(canonical-foundations)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1840419
Title:
[Ubuntu] 18.04.3 - CKR_SIGNATURE_INVALID, CKR_FUNCTION_FAILED when
running the rsa_tests from opencryptoki 3.9.0 on the ICA token
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1840419/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
