keylime-agent-rust/0007-Fix-ECC-RSA-algorithm-selection-and-reporting-for-ke.patch

From 9b90f051cddce7c62b7b2fb6f6349f8db9bcabb5 Mon Sep 17 00:00:00 2001
From: Sergio Correia <scorreia@redhat.com>
Date: Mon, 6 Oct 2025 14:37:29 +0000
Subject: [PATCH 7/7] Fix ECC/RSA algorithm selection and reporting for keylime
 agent

Backport of upstream PRs:
- https://github.com/keylime/rust-keylime/pull/1132
- https://github.com/keylime/rust-keylime/pull/1134

Signed-off-by: Sergio Correia <scorreia@redhat.com>
---
 keylime-agent/src/agent_handler.rs  | 2 +-
 keylime-agent/src/quotes_handler.rs | 6 +++---
 keylime/src/algorithms.rs           | 4 ++--
 keylime/src/tpm.rs                  | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/keylime-agent/src/agent_handler.rs b/keylime-agent/src/agent_handler.rs
index 13bcc37..ec7f8ed 100644
--- a/keylime-agent/src/agent_handler.rs
+++ b/keylime-agent/src/agent_handler.rs
@@ -109,7 +109,7 @@ mod tests {
         let result: JsonWrapper<AgentInfo> = test::read_body_json(resp).await;
         assert_eq!(result.results.agent_uuid.as_str(), "DEADBEEF");
         assert_eq!(result.results.tpm_hash_alg.as_str(), "sha256");
-        assert_eq!(result.results.tpm_enc_alg.as_str(), "rsa");
+        assert_eq!(result.results.tpm_enc_alg.as_str(), "rsa2048");
         assert_eq!(result.results.tpm_sign_alg.as_str(), "rsassa");
 
         // Explicitly drop QuoteData to cleanup keys
diff --git a/keylime-agent/src/quotes_handler.rs b/keylime-agent/src/quotes_handler.rs
index d61adf2..bc0ddaa 100644
--- a/keylime-agent/src/quotes_handler.rs
+++ b/keylime-agent/src/quotes_handler.rs
@@ -405,7 +405,7 @@ mod tests {
         let result: JsonWrapper<KeylimeQuote> =
             test::read_body_json(resp).await;
         assert_eq!(result.results.hash_alg.as_str(), "sha256");
-        assert_eq!(result.results.enc_alg.as_str(), "rsa");
+        assert_eq!(result.results.enc_alg.as_str(), "rsa2048");
         assert_eq!(result.results.sign_alg.as_str(), "rsassa");
         assert!(
             pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci]
@@ -451,7 +451,7 @@ mod tests {
         let result: JsonWrapper<KeylimeQuote> =
             test::read_body_json(resp).await;
         assert_eq!(result.results.hash_alg.as_str(), "sha256");
-        assert_eq!(result.results.enc_alg.as_str(), "rsa");
+        assert_eq!(result.results.enc_alg.as_str(), "rsa2048");
         assert_eq!(result.results.sign_alg.as_str(), "rsassa");
         assert!(
             pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci]
@@ -513,7 +513,7 @@ mod tests {
         let result: JsonWrapper<KeylimeQuote> =
             test::read_body_json(resp).await;
         assert_eq!(result.results.hash_alg.as_str(), "sha256");
-        assert_eq!(result.results.enc_alg.as_str(), "rsa");
+        assert_eq!(result.results.enc_alg.as_str(), "rsa2048");
         assert_eq!(result.results.sign_alg.as_str(), "rsassa");
 
         if let Some(ima_mutex) = &quotedata.ima_ml_file {
diff --git a/keylime/src/algorithms.rs b/keylime/src/algorithms.rs
index cda8966..4b4205a 100644
--- a/keylime/src/algorithms.rs
+++ b/keylime/src/algorithms.rs
@@ -195,12 +195,12 @@ impl fmt::Display for EncryptionAlgorithm {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
         let value = match self {
             EncryptionAlgorithm::Rsa1024 => "rsa1024",
-            EncryptionAlgorithm::Rsa2048 => "rsa", /* for backwards compatibility */
+            EncryptionAlgorithm::Rsa2048 => "rsa2048",
             EncryptionAlgorithm::Rsa3072 => "rsa3072",
             EncryptionAlgorithm::Rsa4096 => "rsa4096",
             EncryptionAlgorithm::Ecc192 => "ecc192",
             EncryptionAlgorithm::Ecc224 => "ecc224",
-            EncryptionAlgorithm::Ecc256 => "ecc", /* for backwards compatibility */
+            EncryptionAlgorithm::Ecc256 => "ecc256",
             EncryptionAlgorithm::Ecc384 => "ecc384",
             EncryptionAlgorithm::Ecc521 => "ecc521",
             EncryptionAlgorithm::EccSm2 => "ecc_sm2",
diff --git a/keylime/src/tpm.rs b/keylime/src/tpm.rs
index 5e27f3a..f907aca 100644
--- a/keylime/src/tpm.rs
+++ b/keylime/src/tpm.rs
@@ -31,7 +31,7 @@ use tss_esapi::{
     abstraction::{
         ak, ek,
         pcr::{read_all, PcrData},
-        DefaultKey,
+        AsymmetricAlgorithmSelection, DefaultKey,
     },
     attributes::{
         object::ObjectAttributesBuilder, session::SessionAttributesBuilder,
@@ -682,7 +682,7 @@ impl Context<'_> {
             &mut self.inner.lock().unwrap(), //#[allow_ci]
             handle,
             hash_alg.into(),
-            key_alg.into(),
+            Into::<AsymmetricAlgorithmSelection>::into(key_alg),
             sign_alg.into(),
             None,
             DefaultKey,
-- 
2.47.3