[Bug 1840420] Re: [UBUNTU] 18.04.3 - hash verification error with SHA-512 HMAC running the opencryptoki digest_tests on the ICA token

Frank Heimes Fri, 16 Aug 2019 01:51:25 -0700

** Description changed:

- Description will follow
+ Problem description (Tested with 18.04.2 but need be fixed with 18.04.3)
+ Summary
+ =======
+ Ubuntu 18.04.2 system installed ( 4.15.0-55-generic kernel ) providing
+ opencryptoki version 3.9.0, and libica version 3.2.1
+ The digest_tests being part of the github opencryptoki package show failures.
+ Total=641, Ran=521, Passed=391, Failed=130, Skipped=120, Errors=0
+ The problem is immediately reproducible.
+ Independent of crypto cards being online.
+ 
+ Details
+ =======
+ Set up Ubuntu 18.04.2 with opencryptoki and libica3.
+ Initialize the opencryptoki ICA token, compile and build the opencryptoki 
tests
+ being part of the github opencryptoki package tagged as 3.9.0.
+ After successful initialization, the ICA token is expected to be readily 
initialized
+ as follows:
+ 
+ # pkcsconf -t -c 0
+ Token #0 Info:
+ Label: icatest
+ Manufacturer: IBM Corp.
+ Model: IBM ICA
+ Serial Number: 123
+ Flags: 0x44D 
(RNG|LOGIN_REQUIRED|USER_PIN_INITIALIZED|CLOCK_ON_TOKEN|TOKEN_INITIALIZED)
+ Sessions: 0/18446744073709551614
+ R/W Sessions: 18446744073709551615/18446744073709551614
+ PIN Length: 4-8
+ Public Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF
+ Private Memory: 0xFFFFFFFFFFFFFFFF/0xFFFFFFFFFFFFFFFF
+ Hardware Version: 1.0
+ Firmware Version: 1.0
+ Time: 17:48:54
+ 
+ Terminal ouptut
+ ===============
+ Output of the failing tests for digest_tests
+ ...
+ ------
+ * TESTSUITE do_SignVerify_HMAC BEGIN SHA-512 HMAC Sign Verify.
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector 
0.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not 
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector 
1.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not 
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector 
2.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not 
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector 
3.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not 
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector 
4.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not 
match test vector's hashed data
+ ------
+ * TESTCASE do_SignVerify_HMAC BEGIN Sign Verify SHA-512 HMAC with test vector 
5.
+ * TESTCASE do_SignVerify_HMAC FAIL (digest_func.c:1284) hashed data does not 
match test vector's hashed data
+ ------
+ 
+ Debug data
+ ==========
+ See attached output of the digest_tests run.
+ 
+ ---uname output---
+ Linux system 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:21:03 UTC 2019 
s390x s390x s390x GNU/Linux
+ 
+ Machine Type = IBM 3906
+ 
+ ---Steps to Reproduce---
+ 1.) Install the opencryptoki and libica3 packages
+ 2.) Add your user to the pkcs11 group: usermod -aG pkcs11 root and re-login
+ 3.) run: systemctl start pkcsslotd.service
+ 4.) compile and build the opencryptoki version 3.9.0 test cases using the
+ GitHub package version 3.9
+ 5.) run the digest_tests from the testcases/crypto/ directory, against the 
ICA slot
+ ./digest_tests -slot <N>
+ 
+ The userspace tool has the following bit modes: 64bit
+ 
+ Userspace rpm: opencryptoki
+ 
+ ------- Comment From heinz-werner_se...@de.ibm.com 2019-08-16 04:14 EDT-------
+ Solution : Backport for 3.9.0
+ This is fixed with commit 
https://github.com/opencryptoki/opencryptoki/commit/363f465755399e124b6f503db111c2b8390cfffe
 that came after 3.9.0.


** Changed in: ubuntu-z-systems
       Status: New => Triaged

** Changed in: ubuntu-z-systems
   Importance: Undecided => Critical

** Changed in: ubuntu-z-systems
     Assignee: (unassigned) => Canonical Foundations Team 
(canonical-foundations)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1840420

Title:
  [UBUNTU] 18.04.3 - hash verification error with SHA-512 HMAC running
  the opencryptoki digest_tests on the ICA token

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1840420/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1840420] Re: [UBUNTU] 18.04.3 - hash verification error with SHA-512 HMAC running the opencryptoki digest_tests on the ICA token

Reply via email to