Ubuntu
s390-tools package

[UBUNTU 20.04] zkey: Fix display of clear key size for XTS keys

Bug #1860574 reported by bugproxy
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Canonical Foundations Team
s390-tools (Ubuntu)
Fix Released
Undecided
Skipper Bug Screeners
Bionic
Invalid
Undecided
Unassigned
Eoan
Won't Fix
Undecided
Unassigned
Focal
Fix Released
Undecided
Skipper Bug Screeners

Bug Description

Description: zkey: Fix display of clear key size for XTS keys
Symptom: The 'zkey list' command shows bogus values for the
               keys 'Clear key size' for XTS keys of type CCA-AESDATA
               or CCA-AESCIPHER.
Problem: XTS keys consist of 2 keys concatenated to each other.
               To calculate the clear key size, the clear key size of
               both keys must be added. The code does not address the
               second key correctly, and thus reads the clear key size
               of the second key from an invalid memory location. This
               results in bogus values reported as clear key size.
               This bug has been introduced with feature "Cipher
               key support" with commit 298fab68fee8 "zkey: Preparations
               for introducing a new key type".
Solution: Correct the addressing of the second key.
Reproduction: Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
               and then run 'zkey list'.

Upstream commit:
https://github.com/ibm-s390-tools/s390-tools/commit/e7f446432b92b293e758099842843cfb1f18fa97

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-183404 severity-high targetmilestone-inin2004
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
affects: linux (Ubuntu) → s390-tools (Ubuntu)
Changed in ubuntu-z-systems:
importance: Undecided → High
status: New → Triaged
assignee: nobody → Canonical Foundations Team (canonical-foundations)
Dimitri John Ledkov (xnox)
Changed in s390-tools (Ubuntu Focal):
status: New → Fix Committed
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package s390-tools - 2.12.0-0ubuntu1

---------------
s390-tools (2.12.0-0ubuntu1) focal; urgency=medium

  * New upstream release, plus cherrypick patches from master.
    LP: #1860574 LP: #1860531 LP: #1859018 LP: #1853308

 -- Dimitri John Ledkov <email address hidden> Wed, 29 Jan 2020 22:27:05 +0000

Changed in s390-tools (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Frank Heimes (fheimes) wrote :

Changing the Eoan entry to Invalid, since Eoan reached it's EOL:
https://lists.ubuntu.com/archives/ubuntu-announce/2020-July/000258.html

Changed in s390-tools (Ubuntu Eoan):
status: New → Invalid
Frank Heimes (fheimes)
Changed in s390-tools (Ubuntu Eoan):
status: Invalid → Won't Fix
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2020-10-27 07:48 EDT-------
Fix Released with focal, what about bionic ?

Matthieu Clemenceau (mclemenceau)
tags: added: fr-884
Revision history for this message
Lukas Märdian (slyon) wrote :

The 'zkey list' command does not seem to be available in Bionic (s390-tools v2.3.0), so it looks like this bug isn't available either:

ubuntu@juju-96c787-test-0:~$ zkey list
zkey: Invalid command 'list'
Try 'zkey --help' for more information.
ubuntu@juju-96c787-test-0:~$ zkey --help
Usage: zkey COMMAND SECURE-KEY-FILE [OPTIONS]

Generate, re-encipher, and validate secure AES keys

COMMANDS
  GENerate Generate a secure AES key
  REencipher Re-encipher an existing secure AES key
  VALidate Validate an existing secure AES key

COMMON OPTIONS
 -V, --verbose Print additional information messages during processing
 -h, --help Print this help, then exit
 -v, --version Print version information, then exit

For more information use 'zkey COMMAND --help'.
ubuntu@juju-96c787-test-0:~$ zkey -v
zkey version 2.3.0-build-20191025
Copyright IBM Corp. 2017

Changed in s390-tools (Ubuntu Bionic):
status: New → Invalid
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2020-11-18 07:03 EDT-------
After internal discussion, this feature is not required for bionic..

Revision history for this message
Frank Heimes (fheimes) wrote :

Thx, so I am closing this ticket in this case and I'm setting the project entry to Fix Released (aligning it's state to the focal entry).

Changed in ubuntu-z-systems:
status: In Progress → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2020-11-18 08:01 EDT-------
IBM Buzgilla status-> closed, Fix released for all requested distros

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.