[Bug 1860574] Re: [UBUNTU 20.04] zkey: Fix display of clear key size for XTS keys

Lukas Märdian 1860574 at bugs.launchpad.net
Tue Nov 17 14:15:01 UTC 2020 

The 'zkey list' command does not seem to be available in Bionic
(s390-tools v2.3.0), so it looks like this bug isn't available either:

ubuntu at juju-96c787-test-0:~$ zkey list
zkey: Invalid command 'list'
Try 'zkey --help' for more information.
ubuntu at juju-96c787-test-0:~$ zkey --help
Usage: zkey COMMAND SECURE-KEY-FILE [OPTIONS] 

Generate, re-encipher, and validate secure AES keys

COMMANDS
  GENerate	Generate a secure AES key
  REencipher	Re-encipher an existing secure AES key
  VALidate	Validate an existing secure AES key

COMMON OPTIONS
 -V, --verbose  Print additional information messages during processing
 -h, --help     Print this help, then exit
 -v, --version  Print version information, then exit

For more information use 'zkey COMMAND --help'.
ubuntu at juju-96c787-test-0:~$ zkey -v
zkey version 2.3.0-build-20191025
Copyright IBM Corp. 2017


** Changed in: s390-tools (Ubuntu Bionic)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1860574

Title:
  [UBUNTU 20.04] zkey: Fix display of clear key size for XTS keys

Status in Ubuntu on IBM z Systems:
  In Progress
Status in s390-tools package in Ubuntu:
  Fix Released
Status in s390-tools source package in Bionic:
  Invalid
Status in s390-tools source package in Eoan:
  Won't Fix
Status in s390-tools source package in Focal:
  Fix Released

Bug description:
  Description:   zkey: Fix display of clear key size for XTS keys
  Symptom:       The 'zkey list' command shows bogus values for the
                 keys 'Clear key size' for XTS keys of type CCA-AESDATA
                 or CCA-AESCIPHER.
  Problem:       XTS keys consist of 2 keys concatenated to each other.
                 To calculate the clear key size, the clear key size of
                 both keys must be added. The code does not address the
                 second key correctly, and thus reads the clear key size
                 of the second key from an invalid memory location. This
                 results in bogus values reported as clear key size.
                 This bug has been introduced with feature "Cipher
                 key support" with commit 298fab68fee8 "zkey: Preparations 
                 for introducing a new key type".
  Solution:      Correct the addressing of the second key.
  Reproduction:  Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
                 and then run 'zkey list'.

  Upstream commit:
  https://github.com/ibm-s390-tools/s390-tools/commit/e7f446432b92b293e758099842843cfb1f18fa97

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1860574/+subscriptions

More information about the foundations-bugs mailing list