Project

General

Profile

Actions
Copy link

action #101358

closed

[security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve

Added by dimstar over 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
bchou
Category:
Bugs in existing tests
Target version:
-
Start date:
2021-10-22
Due date:
% Done:

100%

Estimated time:
8.00 h
Difficulty:

Description

Observation

openQA test in scenario opensuse-Tumbleweed-DVD-x86_64-extra_tests_textmode@64bit fails in
gpg

gpg2 was updated to branch 2.3.x

Marking issue as urgent - as this currently blocks TW snapshots (and releasing with untested/unsuccessful gpg2 does not sound tempting)

Test suite description

Maintainer: slindomansilla@suse.de.
Mainly post-installation console extra tests.

Reproducible

Fails since (at least) Build 20210920

Expected result

Last good: 20210920 (or more recent)

Further details

Always latest result in this scenario: latest

Actions
Copy link
 #2

Updated by maritawerner over 3 years ago

  • Subject changed from test fails in gpg - gpg: key generation failed: Unknown elliptic curve to [qe-core] test fails in gpg - gpg: key generation failed: Unknown elliptic curve
Actions
Copy link
 #3

Updated by szarate over 3 years ago

  • Subject changed from [qe-core] test fails in gpg - gpg: key generation failed: Unknown elliptic curve to [qe-core][security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve
  • Priority changed from Urgent to High

So, 

GnuPG 2.3 also delivers on a new gpg-card tool as a front-end for all types of supported smart cards, ed25519/cv25519 as default public key algorithms, support for v5 keys and signatures, basic ECC support for GPGSM, greater support for more card readers and tokens, and a variety of other enhancements throughout.

Which is fine, because indeed, http://phobos.qa.suse.de/tests/3857596#step/gpg/18 shows that eliptic curves are being used to generate keypairs, reverting the batch file to use RSA for key and subkey seems to work.

Generating the keys manually does work (user ends up with new ed25519/cv25519 keypair), signing, verifying, etc. Calling
gpg --quick-gen-key 'Test <test@example.net>' future-default also works, but I didn't find a way to specify key lenghts and so on

I'm aiming at a bug here... I just don't know exactly where, could be somewhere in the --batch form of gpg?

Actions
Copy link
 #4

Updated by szarate over 3 years ago

  • Assignee set to bchou

Ben, can you give it a look?

Actions
Copy link
 #5

Updated by bchou over 3 years ago

Sorry I missed the poo last week.
I just quick check the gpg test in SLE15 SP4, and I did not find the problem as mentioned.
https://openqa.suse.de/tests/7585050#step/gpg/9

Looks like it is TW-specific problem. May I know the problem is still showing out continuously?
I though the call trace problem is more like a bug?
https://openqa.opensuse.org/tests/1983128#step/gpg/12

Actions
Copy link
 #6

Updated by szarate over 3 years ago

Hi Ben!

Yes, it's TW specific until it gpg gets updated in SLES.

The call trace you're seeing, is the result sysrq being sent.

The actual error is:

gpg: Note: RFC4880bis features are enabled.
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: key generation failed: Unknown elliptic curve

What the test needs is adaptation to the new behavior (so that new default is tested, but also rsa keys?) (I don't know if eliptic curves can have different sizes for instance). See my comment above

Actions
Copy link
 #7

Updated by tjyrinki_suse about 3 years ago

  • Subject changed from [qe-core][security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve to [security] test fails in gpg - gpg: key generation failed: Unknown elliptic curve

(QE Security has been looking at it)

Actions
Copy link
 #8

Updated by okurz about 3 years ago

This ticket was set to "High" priority but was not updated within the SLO period for "High" tickets (30 days) as described on https://progress.opensuse.org/projects/openqatests/wiki/Wiki#SLOs-service-level-objectives. Please consider picking up this ticket within the next 30 days or just set the ticket to the next lower priority of "Normal" (SLO: updated within 365 days).

Actions
Copy link
 #9

Updated by bchou about 3 years ago

Sorry for missing this ticket somehow. I check the issue was still reproduced in TW.
https://openqa.opensuse.org/tests/2143132#step/gpg/18

gpg: Note: RFC4880bis features are enabled.
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: key generation failed: Unknown elliptic curve

I will do it within the next 30 days. Thanks.

Actions
Copy link
 #10

Updated by bchou almost 3 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100
  • Estimated time set to 8.00 h

https://openqa.opensuse.org/tests/2222284#step/gpg/12

I think the issue was fixed in TW lately.

Actions
Copy link

Also available in: Atom PDF