2093651 – tpm2-tools testing with the swtpm simulator fails when testing rsaencrypt with oaep padding scheme

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2093651 - tpm2-tools testing with the swtpm simulator fails when testing rsaencrypt with oaep padding scheme

Summary: tpm2-tools testing with the swtpm simulator fails when testing rsaencrypt wit...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	libtpms
Sub Component:
Version:	9.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Marc-Andre Lureau
QA Contact:	Yanqiu Zhang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-06-04 23:23 UTC by Jerry Snitselaar
Modified:	2022-11-15 11:29 UTC (History)
CC List:	5 users (show)
Fixed In Version:	libtpms-0.9.1-1.20211126git1ff6fe1f43.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-11-15 10:26:42 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-124279	0	None	None	None	2022-06-04 23:28:45 UTC
Red Hat Product Errata	RHBA-2022:8141	0	None	None	None	2022-11-15 10:26:50 UTC

Description Jerry Snitselaar 2022-06-04 23:23:39 UTC

Description of problem:

In the process of moving the tpm2-tools gating tests to use swtpm for testing
instead of tpm_server since swtpm is now shipping in RHEL, I ran into an issue
where 2 tests are failing when rsaencrypt tries to use the oaep padding scheme.
Running the tests against a real tpm device passes. Talking with Stefan it looks
like this is a known issue in libtpms, and is fixed by the following commit:

e42619843745 tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size 0 (OSSL 3) | 2022-03-02 | (Juergen Repp)

Stefan also mentioned the following commit as something we might want as well:

3d2bbe2f1947 tpm2: Fix size check in CryptSecretDecrypt | 2022-05-24 | (Ross Lagerwall)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Jerry Snitselaar 2022-06-04 23:29:25 UTC

Commit references from the stable-0.9 branch:

1de757972e97 tpm2: Do not call EVP_PKEY_CTX_set0_rsa_oaep_label() for label of size 0 (OSSL 3) | 2022-03-02 | (Juergen Repp)
78a27cf0c36e tpm2: Fix size check in CryptSecretDecrypt | 2022-05-24 | (Ross Lagerwall)

Comment 2 Yanqiu Zhang 2022-06-06 11:24:03 UTC

Tested on:
libtpms-0.9.1-0.20211126git1ff6fe1f43.el9.x86_64
swtpm-0.7.0-2.20211109gitb79fd91.el9.x86_64
libvirt-8.3.0-1.el9.x86_64
qemu-kvm-7.0.0-3.el9.x86_64

Steps:
1.Start a guest with vtpm device:
    <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'/>
      <alias name='tpm0'/>
    </tpm>

2.Login guest, install tpm2-tools pkg.

3.Create an RSA key and load it:
[root@localhost ~]# tpm2_createprimary -c primary.ctx
[root@localhost ~]# tpm2_create -C primary.ctx -Grsa2048 -u key.pub -r key.priv
[root@localhost ~]# tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx

4.Encrypt using RSA with oaep scheme(-s oaep):
[root@localhost ~]# tpm2_rsaencrypt -c key.ctx -o msg.enc -s oaep msg.dat
WARNING:esys:src/tss2-esys/api/Esys_RSA_Encrypt.c:302:Esys_RSA_Encrypt_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_RSA_Encrypt.c:103:Esys_RSA_Encrypt() Esys Finish ErrorCode (0x00000101) 
ERROR: Esys_RSA_Encrypt(0x101) - tpm:error(2.0): commands not being accepted because of a TPM failure
ERROR: Unable to run tpm2_rsaencrypt


Additional info:
Not reproduces for null or rsaes scheme:
(1)[root@localhost ~]# tpm2_rsaencrypt -c key.ctx -o msg.enc -s rsaes msg.dat
[root@localhost ~]# tpm2_rsadecrypt -c key.ctx -o msg.ptext msg.enc
[root@localhost ~]# cat msg.ptext 
my message
(2)[root@localhost ~]# tpm2_rsaencrypt -c key.ctx -o msg.enc2 -s null msg.dat
[root@localhost ~]# tpm2_rsadecrypt -c key.ctx -o msg.ptext2 -s null msg.enc2
[root@localhost ~]# cat msg.ptext2
my message

Comment 3 Karel Srot 2022-06-07 17:32:25 UTC

Hello,
I am seeing the following failure, is it related?

systemd-coredump[41991]: Process 41989 (tpm2_makecreden) of user 989 dumped core.
keylime_registrar[41843]: 2022-06-07 17:02:30.398 - keylime.tpm - ERROR - Error encrypting AIK: Command: ['tpm2_makecredential', '-T', 'none', '-e', '/tmp/tmp886n63oy', '-s', '/tmp/tmpj4jx82ko', '-n', '000b8da4cfbd971d576d492c71ebb64c599dddc0624fcbb10f0745f80593f77157a2', '-o', '/tmp/tmpoumgzhb5'] returned -11, expected 0, output [], stderr []
keylime_registrar[41843]: 2022-06-07 17:02:30.399 - keylime.tpm - ERROR - Command: ['tpm2_makecredential', '-T', 'none', '-e', '/tmp/tmp886n63oy', '-s', '/tmp/tmpj4jx82ko', '-n', '000b8da4cfbd971d576d492c71ebb64c599dddc0624fcbb10f0745f80593f77157a2', '-o', '/tmp/tmpoumgzhb5'] returned -11, expected 0, output [], stderr []
keylime_registrar[41843]: Traceback (most recent call last):
keylime_registrar[41843]:   File "/usr/local/lib/python3.9/site-packages/keylime-6.4.1-py3.9.egg/keylime/tpm/tpm_main.py", line 702, in encryptAIK
keylime_registrar[41843]:     self.__run(command, lock=False)
keylime_registrar[41843]:   File "/usr/local/lib/python3.9/site-packages/keylime-6.4.1-py3.9.egg/keylime/tpm/tpm_main.py", line 233, in __run
keylime_registrar[41843]:     raise Exception(
keylime_registrar[41843]: Exception: Command: ['tpm2_makecredential', '-T', 'none', '-e', '/tmp/tmp886n63oy', '-s', '/tmp/tmpj4jx82ko', '-n', '000b8da4cfbd971d576d492c71ebb64c599dddc0624fcbb10f0745f80593f77157a2', '-o', '/tmp/tmpoumgzhb5'] returned -11, expected 0, output [], stderr []
keylime_registrar[41843]: 2022-06-07 17:02:30.402 - keylime.registrar - WARNING - POST for d432fbb3-d2f1-4a97-9ef7-75bd81c00000 returning 400 response. Error: Command: ['tpm2_makecredential', '-T', 'none', '-e', '/tmp/tmp886n63oy', '-s', '/tmp/tmpj4jx82ko', '-n', '000b8da4cfbd971d576d492c71ebb64c599dddc0624fcbb10f0745f80593f77157a2', '-o', '/tmp/tmpoumgzhb5'] returned -11, expected 0, output [], stderr []
keylime_registrar[41843]: 2022-06-07 17:02:30.402 - keylime.registrar - ERROR - Command: ['tpm2_makecredential', '-T', 'none', '-e', '/tmp/tmp886n63oy', '-s', '/tmp/tmpj4jx82ko', '-n', '000b8da4cfbd971d576d492c71ebb64c599dddc0624fcbb10f0745f80593f77157a2', '-o', '/tmp/tmpoumgzhb5'] returned -11, expected 0, output [], stderr []
keylime_registrar[41843]: Traceback (most recent call last):
keylime_registrar[41843]:   File "/usr/local/lib/python3.9/site-packages/keylime-6.4.1-py3.9.egg/keylime/registrar_common.py", line 293, in do_POST
keylime_registrar[41843]:     (blob, key) = initialize_tpm.encryptAIK(
keylime_registrar[41843]:   File "/usr/local/lib/python3.9/site-packages/keylime-6.4.1-py3.9.egg/keylime/tpm/tpm_main.py", line 702, in encryptAIK
keylime_registrar[41843]:     self.__run(command, lock=False)
keylime_registrar[41843]:   File "/usr/local/lib/python3.9/site-packages/keylime-6.4.1-py3.9.egg/keylime/tpm/tpm_main.py", line 233, in __run
keylime_registrar[41843]:     raise Exception(
keylime_registrar[41843]: Exception: Command: ['tpm2_makecredential', '-T', 'none', '-e', '/tmp/tmp886n63oy', '-s', '/tmp/tmpj4jx82ko', '-n', '000b8da4cfbd971d576d492c71ebb64c599dddc0624fcbb10f0745f80593f77157a2', '-o', '/tmp/tmpoumgzhb5'] returned -11, expected 0, output [], stderr []

Comment 4 Jerry Snitselaar 2022-06-07 18:25:32 UTC

My initial thought is that with -T none, the simulator wouldn't be involved, but I need to look at the tpm2-tss and tpm2-tools code more. I wonder what the difference is as the gating tests for tpm2_makecredential -T none passed.

Comment 5 Karel Srot 2022-06-07 23:17:36 UTC

I think that the failure is unrelated. According to logs there was openssl-3.0.1-23.el9 installed on a system which is currently a deleted build that failed CI testing horribly. I will report back when I have fresh test results.

Comment 6 Karel Srot 2022-06-08 05:55:27 UTC

(In reply to Karel Srot from comment #5)
> I think that the failure is unrelated. According to logs there was
> openssl-3.0.1-23.el9 installed on a system which is currently a deleted
> build that failed CI testing horribly. I will report back when I have fresh
> test results.

I think it was due to openssl.. I have excluded testing-farm-tag-repository that provided it, according to my experience this repo is a source of problems.. Now tests are passing again.

Comment 8 Yanqiu Zhang 2022-06-15 09:56:24 UTC

Verified on:
libtpms-0.9.1-1.20211126git1ff6fe1f43.el9.x86_64
swtpm-0.7.0-3.20211109gitb79fd91.el9.x86_64
libvirt-8.4.0-2.el9.x86_64
qemu-kvm-7.0.0-6.el9.x86_64
Guest: tpm2-tools-5.2-1.el9.x86_64

Steps:
Upgrade libtpms to latest version on host.

Re-generate files in guest(to avoid integrity check failure):
[root@localhost ~]# tpm2_createprimary -c primary.ctx
[root@localhost ~]# tpm2_create -C primary.ctx -Grsa2048 -u key.pub -r key.priv
[root@localhost ~]# tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx

Encrypt and decrypt with oaep in guest:
[root@localhost ~]# tpm2_rsaencrypt -c key.ctx -o msg.enc -s oaep msg.dat
[root@localhost ~]# tpm2_rsadecrypt -c key.ctx -o msg.ptext -s oaep  msg.enc
[root@localhost ~]# cat msg.ptext 
my message

And no regression for the other 2 schemes.

Comment 10 Yanan Fu 2022-06-15 11:48:20 UTC

QE bot(pre verify): Set 'Verified:Tested,SanityOnly' as gating/tier1 test pass.

Comment 11 John Ferlan 2022-06-16 18:46:04 UTC

Just clearing needinfo as it seems question was self answered.

Comment 13 errata-xmlrpc 2022-11-15 10:26:42 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (libtpms bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8141

Note You need to log in before you can comment on or make changes to this bug.