Persist payload keys to avoid attestation failure on restart

Previously, when the agent was restarted while being monitored by the
verifier, it would fail attestation because the PCR#16 would be extended
with the new ephemeral payload public key.

With this change, the payload key is persisted, making the agent to
reuse the previously generated payload key instead of generating a new
ephemeral key on restart.

Resolves: #1136

Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>

Author: ansasaki

keylime-agent.conf

@@ -87,6 +87,28 @@ server_key = "default"
 # environment variable.
 server_key_password = ""
 
+# The name of the file containing the payload encryption private key.
+# This private key is used to decrypt U and V keys sent by the verifier/tenant
+# for secure payload transmission.
+# A new RSA 2048 private key is generated in case it is not found.
+# If an existing key is provided, it MUST be RSA 2048, otherwise the agent will
+# fail to start.
+# If set as "default", the "payload-private.pem" value is used.
+# If a relative path is set, it will be considered relative from the keylime_dir.
+# If an absolute path is set, it is used without change.
+#
+# To override payload_key, set KEYLIME_AGENT_PAYLOAD_KEY environment variable.
+payload_key = "default"
+
+# Set the password used to encrypt the payload private key file.
+# This password will also be used to protect the generated private key used for
+# payload encryption.
+# If left empty, the private key will not be encrypted.
+#
+# To override payload_key_password, set KEYLIME_AGENT_PAYLOAD_KEY_PASSWORD
+# environment variable.
+payload_key_password = ""
+
 # The name of the file containing the X509 certificate used as the Keylime agent
 # server TLS certificate.
 # This certificate must be self signed.

keylime-agent/src/main.rs

@@ -490,47 +490,38 @@ async fn main() -> Result<()> {
         (None, None)
     };
 
-    // Generate ephemeral RSA key pair for secure transmission of u, v keys.
+    // Load or generate RSA key pair for secure transmission of u, v keys.
     // The u, v keys are two halves of the key used to decrypt the workload after
     // the Identity and Integrity Quotes sent by the agent are validated
     // by the Tenant and Cloud Verifier, respectively.
-    debug!("Generating ephemeral RSA key pair for payload mechanism");
-    let (payload_pub_key, payload_priv_key) =
-        crypto::rsa_generate_pair(2048)?;
-
-    // Generate mTLS key pair (separate from payload keys)
-    let (mtls_pub, mtls_priv) = match config.server_key.as_ref() {
-        "" => {
-            debug!(
-                "The server_key option was not set in the configuration file"
-            );
-            debug!("Generating new mTLS key pair");
-            crypto::rsa_generate_pair(2048)?
-        }
-        path => {
-            let key_path = Path::new(&path);
-            if key_path.exists() {
-                debug!(
-                    "Loading existing mTLS key pair from {}",
-                    key_path.display()
-                );
-                crypto::load_key_pair(
-                    key_path,
-                    Some(config.server_key_password.as_ref()),
-                )?
-            } else {
-                debug!("Generating new mTLS key pair");
-                let (public, private) = crypto::rsa_generate_pair(2048)?;
-                // Write the generated key to the file
-                crypto::write_key_pair(
-                    &private,
-                    key_path,
-                    Some(config.server_key_password.as_ref()),
-                );
-                (public, private)
-            }
-        }
-    };
+    // The payload key is always persistent, stored at the configured path.
+    let key_path = Path::new(&config.payload_key);
+    let (payload_pub_key, payload_priv_key) = crypto::load_or_generate_key(
+        key_path,
+        Some(config.payload_key_password.as_ref()),
+        keylime::algorithms::EncryptionAlgorithm::Rsa2048,
+        true, // Validate that loaded keys are RSA 2048
+    )
+    .map_err(|e| {
+        error!(
+            "Failed to load or generate payload key from {}: {e}",
+            key_path.display()
+        );
+        Error::Configuration(config::KeylimeConfigError::Generic(format!(
+            "Failed to load or generate payload key from {}: {e}",
+            key_path.display()
+        )))
+    })?;
+
+    // Load or generate mTLS key pair (separate from payload keys)
+    // The mTLS key is always persistent, stored at the configured path.
+    let key_path = Path::new(&config.server_key);
+    let (mtls_pub, mtls_priv) = crypto::load_or_generate_key(
+        key_path,
+        Some(config.server_key_password.as_ref()),
+        keylime::algorithms::EncryptionAlgorithm::Rsa2048,
+        false, // Don't validate algorithm for mTLS keys (for backward compatibility)
+    )?;
 
     let cert: X509;
     let mtls_cert;
@@ -1000,7 +991,7 @@ mod testing {
             let (mtls_pub, mtls_priv) =
                 crypto::testing::rsa_import_pair(rsa_key_path.clone())?;
 
-            // Generate separate ephemeral payload keys for testing
+            // Generate ephemeral payload keys for testing
             debug!("Generating ephemeral RSA key pair for payload mechanism");
             let (payload_pub_key, payload_priv_key) =
                 crypto::rsa_generate_pair(2048)?;

keylime/src/config/base.rs

@@ -80,6 +80,8 @@ pub static DEFAULT_SECURE_SIZE: &str = "1m";
 pub static DEFAULT_SERVER_CERT: &str = "server-cert.crt";
 pub static DEFAULT_SERVER_KEY: &str = "server-private.pem";
 pub static DEFAULT_SERVER_KEY_PASSWORD: &str = "";
+pub static DEFAULT_PAYLOAD_KEY: &str = "payload-private.pem";
+pub static DEFAULT_PAYLOAD_KEY_PASSWORD: &str = "";
 // The DEFAULT_TRUSTED_CLIENT_CA is relative from KEYLIME_DIR
 pub static DEFAULT_TRUSTED_CLIENT_CA: &str = "cv_ca/cacert.crt";
 
@@ -157,6 +159,8 @@ pub struct AgentConfig {
     pub server_cert: String,
     pub server_key: String,
     pub server_key_password: String,
+    pub payload_key: String,
+    pub payload_key_password: String,
 
     // Push attestation options
     pub certification_keys_server_identifier: String,
@@ -307,6 +311,8 @@ impl Default for AgentConfig {
             server_cert: "default".to_string(),
             server_key: "default".to_string(),
             server_key_password: DEFAULT_SERVER_KEY_PASSWORD.to_string(),
+            payload_key: "default".to_string(),
+            payload_key_password: DEFAULT_PAYLOAD_KEY_PASSWORD.to_string(),
             tpm_encryption_alg: DEFAULT_TPM_ENCRYPTION_ALG.to_string(),
             tpm_hash_alg: DEFAULT_TPM_HASH_ALG.to_string(),
             tpm_ownerpassword: DEFAULT_TPM_OWNERPASSWORD.to_string(),
@@ -415,6 +421,14 @@ pub(crate) fn config_translate_keywords(
         false,
     );
 
+    let payload_key = config_get_file_path(
+        "payload_key",
+        &config.payload_key,
+        keylime_dir,
+        DEFAULT_PAYLOAD_KEY,
+        false,
+    );
+
     let trusted_client_ca: String = parse_list(&config.trusted_client_ca)?
         .iter()
         .map(|t| {
@@ -612,6 +626,7 @@ pub(crate) fn config_translate_keywords(
         revocation_cert,
         server_cert,
         server_key,
+        payload_key,
         trusted_client_ca,
         uuid,
         ..config.clone()

keylime/src/config/env.rs

@@ -145,6 +145,11 @@ mod test {
                 "KEYLIME_AGENT_SERVER_KEY_PASSWORD",
                 "override_server_key_password",
             ),
+            ("KEYLIME_AGENT_PAYLOAD_KEY", "override_payload_key"),
+            (
+                "KEYLIME_AGENT_PAYLOAD_KEY_PASSWORD",
+                "override_payload_key_password",
+            ),
             (
                 "KEYLIME_AGENT_TPM_ENCRYPTION_ALG",
                 "override_tpm_encryption_alg",

keylime/src/config/testing.rs

@@ -150,6 +150,8 @@ fn apply_config_overrides(
             "server_cert" => config.server_cert = value,
             "server_key" => config.server_key = value,
             "server_key_password" => config.server_key_password = value,
+            "payload_key" => config.payload_key = value,
+            "payload_key_password" => config.payload_key_password = value,
             // Push attestation options
             "certification_keys_server_identifier" => {
                 config.certification_keys_server_identifier = value