Ubuntu
opencryptoki package

[23.04 FEAT] openCryptoki ica and soft tokens: PKCS #11 3.0 - support AES_XTS

Bug #2003630 reported by bugproxy
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
opencryptoki (Ubuntu)
Fix Released
High
Skipper Bug Screeners

Bug Description

Feature Description

Extended support of openCryptoki for PKCS #11 version 3.0.
- in ica token, support AES-XTS :
CKM_AES_XTS
CKM_AES_XTS_KEY_GEN
Update p11sak tool to handle AES- XTS keys

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-201332 severity-high targetmilestone-inin2304
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Since I cannot this feature in
https://github.com/opencryptoki/opencryptoki/blob/master/ChangeLog
yet, I'm setting the status to Incomplete for now.

affects: linux (Ubuntu) → opencryptoki (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
Changed in opencryptoki (Ubuntu):
importance: Undecided → High
Changed in ubuntu-z-systems:
importance: Undecided → High
status: New → Incomplete
Changed in opencryptoki (Ubuntu):
status: New → Incomplete
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-02-06 13:01 EDT-------
This feature will be part of the upcoming new openCryptoki v3.20 which will be available in time for lunar FF

Revision history for this message
Frank Heimes (fheimes) wrote :

Thx for the update - we'll be patient ...

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-02-13 03:55 EDT-------
openCryptoki version 3.20.0 is now available at
https://github.com/opencryptoki/opencryptoki/releases/tag/v3.20.0

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Incomplete → Triaged
Changed in opencryptoki (Ubuntu):
status: Incomplete → Triaged
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Triaged → Fix Committed
Changed in opencryptoki (Ubuntu):
status: Triaged → Fix Committed
information type: Private → Public
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opencryptoki - 3.20.0+dfsg-0ubuntu1

---------------
opencryptoki (3.20.0+dfsg-0ubuntu1) lunar; urgency=medium

  * New upstream release (LP: #2003847), includes support for:
    - ep11 token: master key consistency (LP: #2003629)
    - ica and soft tokens: PKCS #11 3.0 - support AES_XTS (LP: #2003630)
    - ep11 token: PKCS #11 3.0 - support AES_XTS (LP: #2003632)
    - Support of ep11 token for new IBM Z Hardware (IBM z16) (LP: #2003635)
    - ep11 token: vendor specific key derivation (LP: #2003638)
    - key gen. with expected MKVP only on CCA and EP11 tokens (LP: #2003639)
    - p11sak support Dilithium and Kyber keys (LP: #2003669)
  * Remove patch
    d/p/lp-1982842-EP11-Fix-C_GetMechanismList-returning-CKR_BUFFER_TOO.patch
    since it's included in 3.19 and newer.
  * Remove patch
    d/p/lp-1989558-common-fix-memory-leak-in-save_private_token_object.patch
    since it's included in 3.19 and newer.
  * Adjust patch d/p/01-disable-testcases.patch due to minor change in context.
  * Refresh patch d/p/03-dlopen-soname.patch to fix 'fuzz'.
  * Modified patch
    d/p/lp-1982842-move-pkcs11-group-assigment-from-makefile-to-postinst.patch
    due to change in context, refresh it to fix 'fuzz' and remove addgroup
    from Makefile.am, since this is handled in d/opencryptoki.postinst.
  * Add opencryptoki.pc to d/libopencryptoki-dev.install.
  * Add new config file ccatok.conf to d/opencryptoki.install.s390x.
  * Consolidate multiple /etc/opencryptoki/*.conf entries in
    d/opencryptoki.install to one line and make it more generic.
  * Migrate in d/rules from 'dh_install --fail-missing --sourcedir=debian/tmp'
    to 'dh_install --sourcedir=debian/tmp' and 'dh_missing --fail-missing'.
  * Update 'Standards-Version' field in d/control to latest version 4.6.1.0.
  * Expand the copyright year range in d/copyright relfecting the latest code.

 -- Frank Heimes <email address hidden> Mon, 13 Feb 2023 10:10:45 +0100

Changed in opencryptoki (Ubuntu):
status: Fix Committed → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.