From 9b90f051cddce7c62b7b2fb6f6349f8db9bcabb5 Mon Sep 17 00:00:00 2001 From: Sergio Correia Date: Mon, 6 Oct 2025 14:37:29 +0000 Subject: [PATCH 7/7] Fix ECC/RSA algorithm selection and reporting for keylime agent Backport of upstream PRs: - https://github.com/keylime/rust-keylime/pull/1132 - https://github.com/keylime/rust-keylime/pull/1134 Signed-off-by: Sergio Correia --- keylime-agent/src/agent_handler.rs | 2 +- keylime-agent/src/quotes_handler.rs | 6 +++--- keylime/src/algorithms.rs | 4 ++-- keylime/src/tpm.rs | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/keylime-agent/src/agent_handler.rs b/keylime-agent/src/agent_handler.rs index 13bcc37..ec7f8ed 100644 --- a/keylime-agent/src/agent_handler.rs +++ b/keylime-agent/src/agent_handler.rs @@ -109,7 +109,7 @@ mod tests { let result: JsonWrapper = test::read_body_json(resp).await; assert_eq!(result.results.agent_uuid.as_str(), "DEADBEEF"); assert_eq!(result.results.tpm_hash_alg.as_str(), "sha256"); - assert_eq!(result.results.tpm_enc_alg.as_str(), "rsa"); + assert_eq!(result.results.tpm_enc_alg.as_str(), "rsa2048"); assert_eq!(result.results.tpm_sign_alg.as_str(), "rsassa"); // Explicitly drop QuoteData to cleanup keys diff --git a/keylime-agent/src/quotes_handler.rs b/keylime-agent/src/quotes_handler.rs index d61adf2..bc0ddaa 100644 --- a/keylime-agent/src/quotes_handler.rs +++ b/keylime-agent/src/quotes_handler.rs @@ -405,7 +405,7 @@ mod tests { let result: JsonWrapper = test::read_body_json(resp).await; assert_eq!(result.results.hash_alg.as_str(), "sha256"); - assert_eq!(result.results.enc_alg.as_str(), "rsa"); + assert_eq!(result.results.enc_alg.as_str(), "rsa2048"); assert_eq!(result.results.sign_alg.as_str(), "rsassa"); assert!( pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci] @@ -451,7 +451,7 @@ mod tests { let result: JsonWrapper = test::read_body_json(resp).await; assert_eq!(result.results.hash_alg.as_str(), "sha256"); - assert_eq!(result.results.enc_alg.as_str(), "rsa"); + assert_eq!(result.results.enc_alg.as_str(), "rsa2048"); assert_eq!(result.results.sign_alg.as_str(), "rsassa"); assert!( pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci] @@ -513,7 +513,7 @@ mod tests { let result: JsonWrapper = test::read_body_json(resp).await; assert_eq!(result.results.hash_alg.as_str(), "sha256"); - assert_eq!(result.results.enc_alg.as_str(), "rsa"); + assert_eq!(result.results.enc_alg.as_str(), "rsa2048"); assert_eq!(result.results.sign_alg.as_str(), "rsassa"); if let Some(ima_mutex) = "edata.ima_ml_file { diff --git a/keylime/src/algorithms.rs b/keylime/src/algorithms.rs index cda8966..4b4205a 100644 --- a/keylime/src/algorithms.rs +++ b/keylime/src/algorithms.rs @@ -195,12 +195,12 @@ impl fmt::Display for EncryptionAlgorithm { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { let value = match self { EncryptionAlgorithm::Rsa1024 => "rsa1024", - EncryptionAlgorithm::Rsa2048 => "rsa", /* for backwards compatibility */ + EncryptionAlgorithm::Rsa2048 => "rsa2048", EncryptionAlgorithm::Rsa3072 => "rsa3072", EncryptionAlgorithm::Rsa4096 => "rsa4096", EncryptionAlgorithm::Ecc192 => "ecc192", EncryptionAlgorithm::Ecc224 => "ecc224", - EncryptionAlgorithm::Ecc256 => "ecc", /* for backwards compatibility */ + EncryptionAlgorithm::Ecc256 => "ecc256", EncryptionAlgorithm::Ecc384 => "ecc384", EncryptionAlgorithm::Ecc521 => "ecc521", EncryptionAlgorithm::EccSm2 => "ecc_sm2", diff --git a/keylime/src/tpm.rs b/keylime/src/tpm.rs index 5e27f3a..f907aca 100644 --- a/keylime/src/tpm.rs +++ b/keylime/src/tpm.rs @@ -31,7 +31,7 @@ use tss_esapi::{ abstraction::{ ak, ek, pcr::{read_all, PcrData}, - DefaultKey, + AsymmetricAlgorithmSelection, DefaultKey, }, attributes::{ object::ObjectAttributesBuilder, session::SessionAttributesBuilder, @@ -682,7 +682,7 @@ impl Context<'_> { &mut self.inner.lock().unwrap(), //#[allow_ci] handle, hash_alg.into(), - key_alg.into(), + Into::::into(key_alg), sign_alg.into(), None, DefaultKey, -- 2.47.3