** Description changed:
- Description will follow
+ Problem description (Tested with 18.04.2 but need be fixed with 18.04.3)
+ Summary
+ =======
+ Ubuntu 18.04.2 system installed ( 4.15.0-55-generic kernel ) providing
+ opencryptoki version 3.9.0, and libica version 3.2.1
+ The digest_tests being part of the github opencryptoki package show failures.
+ Total=641, Ran=521, Passed=391, Failed=130, Skipped=120, Errors=0
+ The problem is immediately reproducible.
+ Independent of crypto cards being online.
+
+ Details
+ =======
+ Set up Ubuntu 18.04.2 with opencryptoki and libica3.
+ Initialize the opencryptoki ICA token, compile and build the opencryptoki
tests
+ being part of the github opencryptoki package tagged as 3.9.0.
+ After successful initialization, the ICA token is expected to be readily
initialized
+ as follows:
+
+ # pkcsconf -t -c 0
+ Token #0 Info:
+ Label: icatest
+ Manufacturer: IBM Corp.
+ Model: IBM ICA
+ Serial Number: 123
+ Flags: 0x44D
(RNG|LOGIN_REQUIRED|USER_PIN_INITIALIZED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED)
+ Sessions: 0/18446744073709551614
+ R/W Sessions: 18446744073709551615/18446744073709551614
+ PIN Length: 4-8
+ Public Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF
+ Private Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF
+ Hardware Version: 1.0
+ Firmware Version: 1.0
+ Time: 17:48:54
+
+ Terminal ouptut
+ ===============
+ Output of the failing tests for digest_tests
+ ...
+ ------
+ * TESTSUITE do_SignVerify_HMAC BEGIN SHA-512 HMAC Sign Verify.
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector
0.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector
1.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector
2.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector
3.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector
4.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector
5.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not
match test vector's hashed data
+ ------
+
+ Debug data
+ ==========
+ See attached output of the digest_tests run.
+
+ ---uname output---
+ Linux system 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:21:03 UTC 2019
s390x s390x s390x GNU/Linux
+
+ Machine Type = IBM 3906
+
+ ---Steps to Reproduce---
+ 1.) Install the opencryptoki and libica3 packages
+ 2.) Add your user to the pkcs11 group: usermod -aG pkcs11 root and re-login
+ 3.) run: systemctl start pkcsslotd.service
+ 4.) compile and build the opencryptoki version 3.9.0 test cases using the
+ GitHub package version 3.9
+ 5.) run the digest_tests from the testcases/crypto/ directory, against the
ICA slot
+ ./digest_tests -slot <N>
+
+ The userspace tool has the following bit modes: 64bit
+
+ Userspace rpm: opencryptoki
+
+ ------- Comment From [email protected] 2019-08-16 04:14 EDT-------
+ Solution : Backport for 3.9.0
+ This is fixed with commit
https://github.com/opencryptoki/opencryptoki/commit/363f465755399e124b6f503db111c2b8390cfffe
that came after 3.9.0.
** Changed in: ubuntu-z-systems
Status: New => Triaged
** Changed in: ubuntu-z-systems
Importance: Undecided => Critical
** Changed in: ubuntu-z-systems
Assignee: (unassigned) => Canonical Foundations Team
(canonical-foundations)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1840420
Title:
[UBUNTU] 18.04.3 - hash verification error with SHA-512 HMAC running
the opencryptoki digest_tests on the ICA token
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1840420/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
