------- Comment From <email address hidden> 2019-08-16 03:47 EDT-------
Problem description (Tested with 18.04.2 but need be fixed with 18.04.3)
=======
Ubuntu 18.04.2 system installed ( 4.15.0-55-generic kernel ) providing
opencryptoki version 3.9.0, and libica version 3.2.1
The rsa_tests being part of the github opencryptoki package show failures.
Total=717, Ran=591, Passed=560, Failed=31, Skipped=126, Errors=2
The problem is immediately reproducible.
Details
=======
Set up Ubuntu 18.04.2 with opencryptoki and libica3.
Initialize the opencryptoki ICA token, compile and build the opencryptoki tests
being part of the github opencryptoki package tagged as 3.9.0.
After successful initialization, the ICA token is expected to be readily initialized
as follows:
export PKCS11_USER_PIN=<Your PIN> and run the rsa_tess against the ICA token.
Terminal ouptut
===============
...
------
* TESTCASE do_SignVerifyRSA BEGIN RSA X.509 Sign and Verify with test vector 0,
publ_exp='03', mod_bits='512', keylen='0'.
* TESTCASE do_SignVerifyRSA FAIL (rsa_func.c:491) C_Verify(), rc=CKR_SIGNATURE_INVALID
------
// Happening for test vectors 0 to 29 in the same way.
...
------
* TESTCASE do_SignVerify_RSAPSS BEGIN RSA PKCS PSS Sign and Verify with test vector 3,
publ_exp='010001', mod_bits='1024', keylen='0'.
* TESTCASE do_SignVerify_RSAPSS ERROR (rsa_func.c:642)) C_DigestInit rc=CKR_MECHANISM_INVALID
------
...
------
* TESTCASE do_EncryptDecryptRSA BEGIN RSA PKCS OAEP Encrypt and Decrypt with test vector 3.
publ_exp='010001', modbits=1024, publ_exp_len=3, inputlen=28.
* TESTCASE do_EncryptDecryptRSA ERROR (rsa_func.c:210)) C_Encrypt, rc=CKR_FUNCTION_FAILED
------
---uname output---
Linux t35lp22 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:21:03 UTC 2019 s390x s390x s390x GNU/Linux
Machine Type = IBM 3906
---Debugger---
A debugger is not configured
---Steps to Reproduce---
1.) Install the opencryptoki and libica3 packages
2.) Add your user to the pkcs11 group: usermod -aG pkcs11 root and re-login
3.) run: systemctl start pkcsslotd.service
4.) compile and build the opencryptoki version 3.9.0 test cases using the
GitHub package version 3.9
5.) run the rsa_tests from the testcases/crypto/ directory, against the ICA slot
./rsa_tests -slot <N>
Userspace tool common name: N/A
The userspace tool has the following bit modes: 64bit
------- Comment From <email address hidden> 2019-08-16 03:47 EDT-------
Problem description (Tested with 18.04.2 but need be fixed with 18.04.3)
=======
Ubuntu 18.04.2 system installed ( 4.15.0-55-generic kernel ) providing
opencryptoki version 3.9.0, and libica version 3.2.1
The rsa_tests being part of the github opencryptoki package show failures.
Total=717, Ran=591, Passed=560, Failed=31, Skipped=126, Errors=2
The problem is immediately reproducible.
Details
=======
Set up Ubuntu 18.04.2 with opencryptoki and libica3.
Initialize the opencryptoki ICA token, compile and build the opencryptoki tests
being part of the github opencryptoki package tagged as 3.9.0.
After successful initialization, the ICA token is expected to be readily initialized
as follows:
# pkcsconf -t -c 0 REQUIRED| USER_PIN_ INITIALIZED| CLOCK_ON_ TOKEN|TOKEN_ INITIALIZED) 9551614 51615/184467440 73709551614 FFF/0xFFFFFFFFF FFFFFFF FFF/0xFFFFFFFFF FFFFFFF
Token #0 Info:
Label: icatest
Manufacturer: IBM Corp.
Model: IBM ICA
Serial Number: 123
Flags: 0x44D (RNG|LOGIN_
Sessions: 0/1844674407370
R/W Sessions: 184467440737095
PIN Length: 4-8
Public Memory: 0xFFFFFFFFFFFFF
Private Memory: 0xFFFFFFFFFFFFF
Hardware Version: 1.0
Firmware Version: 1.0
Time: 17:48:54
export PKCS11_ USER_PIN= <Your PIN> and run the rsa_tess against the ICA token.
Terminal ouptut SIGNATURE_ INVALID RSAPSS BEGIN RSA PKCS PSS Sign and Verify with test vector 3, RSAPSS ERROR (rsa_func.c:642)) C_DigestInit rc=CKR_ MECHANISM_ INVALID ptRSA BEGIN RSA PKCS OAEP Encrypt and Decrypt with test vector 3. ptRSA ERROR (rsa_func.c:210)) C_Encrypt, rc=CKR_ FUNCTION_ FAILED
===============
...
------
* TESTCASE do_SignVerifyRSA BEGIN RSA X.509 Sign and Verify with test vector 0,
publ_exp='03', mod_bits='512', keylen='0'.
* TESTCASE do_SignVerifyRSA FAIL (rsa_func.c:491) C_Verify(), rc=CKR_
------
// Happening for test vectors 0 to 29 in the same way.
...
------
* TESTCASE do_SignVerify_
publ_exp='010001', mod_bits='1024', keylen='0'.
* TESTCASE do_SignVerify_
------
...
------
* TESTCASE do_EncryptDecry
publ_exp='010001', modbits=1024, publ_exp_len=3, inputlen=28.
* TESTCASE do_EncryptDecry
------
---uname output---
Linux t35lp22 4.15.0-55-generic #60-Ubuntu SMP Tue Jul 2 18:21:03 UTC 2019 s390x s390x s390x GNU/Linux
Machine Type = IBM 3906
---Debugger---
A debugger is not configured
---Steps to Reproduce---
1.) Install the opencryptoki and libica3 packages
2.) Add your user to the pkcs11 group: usermod -aG pkcs11 root and re-login
3.) run: systemctl start pkcsslotd.service
4.) compile and build the opencryptoki version 3.9.0 test cases using the
GitHub package version 3.9
5.) run the rsa_tests from the testcases/crypto/ directory, against the ICA slot
./rsa_tests -slot <N>
Userspace tool common name: N/A
The userspace tool has the following bit modes: 64bit
Userspace rpm: opencryptoki