I remembered LP#1928780 and thought we can run the test from there here as well (for regression testing). It would be like this:
[Test Case]
* Have an Ubuntu noble or mantic installation on LPAR, z/VM or KVM and install opencryptoki: ubuntu@zbox:~$ sudo apt install opencryptoki
* Now check if there is a soft token available (should be by default): ubuntu@zbox:~$ pkcsconf -t Token #1 Info: Label: icatok Manufacturer: IBM Model: ICA Serial Number: Flags: 0x880045 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGE)| Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062111512600 URI: pkcs11:manufacturer=IBM;model=ICA;token=icatok Token #3 Info: Label: softtok Manufacturer: IBM Model: Soft Serial Number: Flags: 0x880045 (RNG|LOGIN_REQUIRED|CLOCK_ON_TOKEN|USER_PIN_TO_BE_CHANGED|SO_PIN_TO_BE_CHANGE)| Sessions: 0/[effectively infinite] R/W Sessions: 0/[effectively infinite] PIN Length: 4-8 Public Memory: [information unavailable]/[information unavailable] Private Memory: [information unavailable]/[information unavailable] Hardware Version: 0.0 Firmware Version: 0.0 Time: 2023062111512600 URI: pkcs11:manufacturer=IBM;model=Soft;token=softtok
* Now initialize and re-label the soft token: ubuntu@zbox:~$ pkcsconf -I -c 3 Enter the SO PIN: Enter a unique token label: mysofttok
* And set the user password to be 1234 (since it's hardcoded in the testfile). ubuntu@zbox:~$ sudo pkcsconf -c 3 -u
* Now install the opencryptoki lib headers: ubuntu@zbox:~$ sudo apt install libopencryptoki-dev
* Download this test code: https://launchpadlibrarian.net/551280308/test.c and compile it: ubuntu@zbox:~$ gcc test.c -o test -lopencryptoki
* And run the resulting binary as root: ubuntu@zbox:~$ sudo ./test It'll return 56 is the correct key is rejected (0 for the incorrect).
I remembered LP#1928780 and thought we can run the test from there here as well (for regression testing).
It would be like this:
[Test Case]
* Have an Ubuntu noble or mantic installation on LPAR, z/VM or KVM
and install opencryptoki:
ubuntu@zbox:~$ sudo apt install opencryptoki
* Now check if there is a soft token available (should be by default): REQUIRED| CLOCK_ON_ TOKEN|USER_ PIN_TO_ BE_CHANGED| SO_PIN_ TO_BE_CHANGE) | /[information unavailable] /[information unavailable] manufacturer= IBM;model= ICA;token= icatok REQUIRED| CLOCK_ON_ TOKEN|USER_ PIN_TO_ BE_CHANGED| SO_PIN_ TO_BE_CHANGE) | /[information unavailable] /[information unavailable] manufacturer= IBM;model= Soft;token= softtok
ubuntu@zbox:~$ pkcsconf -t
Token #1 Info:
Label: icatok
Manufacturer: IBM
Model: ICA
Serial Number:
Flags: 0x880045 (RNG|LOGIN_
Sessions: 0/[effectively infinite]
R/W Sessions: 0/[effectively infinite]
PIN Length: 4-8
Public Memory: [information unavailable]
Private Memory: [information unavailable]
Hardware Version: 0.0
Firmware Version: 0.0
Time: 2023062111512600
URI: pkcs11:
Token #3 Info:
Label: softtok
Manufacturer: IBM
Model: Soft
Serial Number:
Flags: 0x880045 (RNG|LOGIN_
Sessions: 0/[effectively infinite]
R/W Sessions: 0/[effectively infinite]
PIN Length: 4-8
Public Memory: [information unavailable]
Private Memory: [information unavailable]
Hardware Version: 0.0
Firmware Version: 0.0
Time: 2023062111512600
URI: pkcs11:
* Now initialize and re-label the soft token:
ubuntu@zbox:~$ pkcsconf -I -c 3
Enter the SO PIN:
Enter a unique token label: mysofttok
* And set the user password to be 1234 (since it's hardcoded in the testfile).
ubuntu@zbox:~$ sudo pkcsconf -c 3 -u
* Now install the opencryptoki lib headers:
ubuntu@zbox:~$ sudo apt install libopencryptoki-dev
* Download this test code: /launchpadlibra rian.net/ 551280308/ test.c
https:/
and compile it:
ubuntu@zbox:~$ gcc test.c -o test -lopencryptoki
* And run the resulting binary as root:
ubuntu@zbox:~$ sudo ./test
It'll return 56 is the correct key is rejected (0 for the incorrect).