Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1951

Registration of agent fail due to using ecc as default algorithm

    • None
    • Moderate
    • rhel-sst-security-special-projects
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Release Note Not Required
    • None

      Description of problem:

      When I use different encryption and signing algorithm in keylime.conf, than default RSA the agent cannot be registered and registration fail. I used ECC instead of RSA for encryption and ECSCHNORR instead of RSASSA for signing.

      Version-Release number of selected component (if applicable):

      TPM Manufacturer: swtpm
      Keylime version: keylime-99-1.noarch

      How reproducible:

      First method:

      1.Install tmt via sudo dnf install -y tmt-all
      2.Clone specific branch where is test scenario for different algorithm

      1. git clone --branch default_algorithm https://github.com/Koncpa/keylime-tests.git

      3.Run test scenario with needed setup tasks, need to be inside cloned repo dir.

      1. tmt run -vvv plan --name rust-keylime prepare discover -h fmf provision --how virtual -i Fedora-36 -c system execute --how tmt --interactive login finish

      Second method:

      1.Setup swtpm on machine
      2.Install keylime package
      3.Change in keylime.conf encryption algorithm to tpm_encryption_alg = ecc and signing algorithm to tpm_signing_alg = ecschnorr
      4.Run keylime verifier,registrar,agent and wait for registration of agent.

      Actual results:
      Agent registration will fail.

      Expected results:
      Agent registration will be succesfull.

      Additional info:

      Jul 21 12:02:17 testcloud keylime_agent[3235]: WARNING:esys:src/tss2-esys/api/Esys_NV_ReadPublic.c:309:Esys_NV_ReadPublic_Finish() Received TPM Error Jul 21 12:02:17 testcloud keylime_agent[3235]: ERROR:esys:src/tss2-esys/esys_tr.c:210:Esys_TR_FromTPMPublic_Finish() Error NV_ReadPublic ErrorCode (0x0000018b) Jul 21 12:02:17 testcloud keylime_agent[3235]: ERROR:esys:src/tss2-esys/esys_tr.c:321:Esys_TR_FromTPMPublic() Error TR FromTPMPublic ErrorCode (0x0000018b) Jul 21 12:02:17 testcloud keylime_agent[3235]: WARN keylime_agent::tpm > No EK certificate found in TPM NVRAM Jul 21 12:02:17 testcloud keylime_agent[3235]: Error: Tpm

      { err: WrapperError(ParamsMissing), kind: None, message: "some of the required parameters were not provided" }

      Jul 21 12:02:17 testcloud systemd[1]: keylime_agent.service: Main process exited, code=exited, status=1/FAILURE Jul 21 12:02:17 testcloud systemd[1]: keylime_agent.service: Failed with result 'exit-code'.

              scorreia@redhat.com Sergio Correia
              pkoncity2 Patrik Končitý
              Sergio Correia Sergio Correia
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: