rust-keylime icon indicating copy to clipboard operation
rust-keylime copied to clipboard

Published 20 hours ago verified publisher icon keylime

Fail adding keylime agent when tenant use --payload and --key options

Open Koncpa opened this issue 2 years ago • 3 comments

When is adding keylime agent with with payload and key via tenant command, the adding of agent had failed. For python agent is operation succesfull.

PR keylime tests

LOG: 2022-09-21 11:55:27.310 - keylime.tenant - ERROR - Posting of Encrypted U to the Cloud Agent failed with response code 500 (base64 decode error: Invalid byte 10, offset 64.) :: [ 11:55:27 ] :: [ FAIL ] :: Command 'keylime_tenant -v 127.0.0.1 -t 127.0.0.1 -u d432fbb3-d2f1-4a97-9ef7-75bd81c00000 --allowlist allowlist.txt --exclude excludelist.txt --payload payload/secret_encrypted.txt --key payload/key.txt -c update' (Expected 0, got 1)

MORE LOGS

Koncpa avatar Sep 21 '22 13:09 Koncpa

@Koncpa Could you please check if this is still valid?

ansasaki avatar Feb 08 '23 13:02 ansasaki

Hi @ansasaki, I checked it again after IMA policy overhaul merge and I can confirm, that this issue is still valid for upstream rust keylime.

2023-02-10 06:25:48.418 - keylime.tenant - ERROR - Posting of Encrypted U to the Cloud Agent failed with response code 400 ({"code":400,"status":"Invalid base64 encoding in payload: base64 decode error: Invalid byte 10, offset 64.","results":{}})

Koncpa avatar Feb 10 '23 11:02 Koncpa

2023-02-10 06:25:48.418 - keylime.tenant - ERROR - Posting of Encrypted U to the Cloud Agent failed with response code 400 ({"code":400,"status":"Invalid base64 encoding in payload: base64 decode error: Invalid byte 10, offset 64.","results":{}})

This looks like an issue on the tenant that is not correctly encoding the payload as base64.

ansasaki avatar Feb 10 '23 12:02 ansasaki