Use separate keys for payload mechanism and mTLS

This allows algorithms other than RSA to be used for mTLS.

The payload encryption mechanism requires an RSA key pair, so always
generate an RSA key for the payload mechanism.

This renames the 'nk_pub' and 'nk_priv' respectively as 'mtls_pub' and
'mtls_priv' when they are used for mTLS.

Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>

Author: ansasaki

keylime-agent/src/keys_handler.rs

@@ -166,7 +166,7 @@ async fn u_key(
     // https://github.com/keylime/keylime/blob/f3c31b411dd3dd971fd9d614a39a150655c6797c/ \
     // keylime/crypto.py#L118
     let decrypted_key = match crypto::rsa_oaep_decrypt(
-        &quote_data.priv_key,
+        &quote_data.payload_priv_key,
         &encrypted_key,
     )
     .map_err(Error::from)
@@ -278,7 +278,7 @@ async fn v_key(
     // https://github.com/keylime/keylime/blob/f3c31b411dd3dd971fd9d614a39a150655c6797c/ \
     // keylime/crypto.py#L118
     let decrypted_key = match crypto::rsa_oaep_decrypt(
-        &quote_data.priv_key,
+        &quote_data.payload_priv_key,
         &encrypted_key,
     )
     .map_err(Error::from)
@@ -323,7 +323,7 @@ async fn pubkey(
     req: HttpRequest,
     data: web::Data<QuoteData<'_>>,
 ) -> impl Responder {
-    match crypto::pkey_pub_to_pem(&data.pub_key) {
+    match crypto::pkey_pub_to_pem(&data.payload_pub_key) {
         Ok(pubkey) => {
             let response = JsonWrapper::success(KeylimePubkey { pubkey });
             info!("GET pubkey returning 200 response.");
@@ -902,7 +902,7 @@ mod tests {
         fixture.keys_tx = keys_tx.clone();
 
         let quotedata = web::Data::new(fixture);
-        let pubkey = quotedata.pub_key.clone();
+        let pubkey = quotedata.payload_pub_key.clone();
 
         // Run server
         let mut app = test::init_service(
@@ -968,7 +968,7 @@ mod tests {
         })));
 
         let encrypted_key =
-            rsa_oaep_encrypt(&quotedata.pub_key, u.as_ref()).unwrap(); //#[allow_ci]
+            rsa_oaep_encrypt(&quotedata.payload_pub_key, u.as_ref()).unwrap(); //#[allow_ci]
 
         let ukey = KeylimeUKey {
             encrypted_key: general_purpose::STANDARD.encode(&encrypted_key),
@@ -985,7 +985,7 @@ mod tests {
         assert!(resp.status().is_success());
 
         let encrypted_key =
-            rsa_oaep_encrypt(&quotedata.pub_key, v.as_ref()).unwrap(); //#[allow_ci]
+            rsa_oaep_encrypt(&quotedata.payload_pub_key, v.as_ref()).unwrap(); //#[allow_ci]
 
         let vkey = KeylimeVKey {
             encrypted_key: general_purpose::STANDARD.encode(&encrypted_key),
@@ -1110,7 +1110,7 @@ mod tests {
             test::read_body_json(resp).await;
         assert!(pkey_pub_from_pem(&result.results.pubkey)
             .unwrap() //#[allow_ci]
-            .public_eq(&quotedata.pub_key));
+            .public_eq(&quotedata.payload_pub_key));
 
         // Explicitly drop QuoteData to cleanup keys
         drop(quotedata);

keylime-agent/src/main.rs

@@ -114,6 +114,8 @@ pub struct QuoteData<'a> {
     )>,
     measuredboot_ml_file: Option<Mutex<fs::File>>,
     payload_tx: mpsc::Sender<payloads::PayloadMessage>,
+    payload_priv_key: PKey<Private>,
+    payload_pub_key: PKey<Public>,
     priv_key: PKey<Private>,
     pub_key: PKey<Public>,
     revocation_tx: mpsc::Sender<revocation::RevocationMessage>,
@@ -488,35 +490,36 @@ async fn main() -> Result<()> {
         (None, None)
     };
 
-    // Generate key pair for secure transmission of u, v keys. The u, v
-    // keys are two halves of the key used to decrypt the workload after
+    // Generate ephemeral RSA key pair for secure transmission of u, v keys.
+    // The u, v keys are two halves of the key used to decrypt the workload after
     // the Identity and Integrity Quotes sent by the agent are validated
     // by the Tenant and Cloud Verifier, respectively.
-    //
-    // Since we store the u key in memory, discarding this key, which
-    // safeguards u and v keys in transit, is not part of the threat model.
+    debug!("Generating ephemeral RSA key pair for payload mechanism");
+    let (payload_pub_key, payload_priv_key) =
+        crypto::rsa_generate_pair(2048)?;
 
-    let (nk_pub, nk_priv) = match config.server_key.as_ref() {
+    // Generate mTLS key pair (separate from payload keys)
+    let (mtls_pub, mtls_priv) = match config.server_key.as_ref() {
         "" => {
             debug!(
                 "The server_key option was not set in the configuration file"
             );
-            debug!("Generating new key pair");
+            debug!("Generating new mTLS key pair");
             crypto::rsa_generate_pair(2048)?
         }
         path => {
             let key_path = Path::new(&path);
             if key_path.exists() {
                 debug!(
-                    "Loading existing key pair from {}",
+                    "Loading existing mTLS key pair from {}",
                     key_path.display()
                 );
                 crypto::load_key_pair(
                     key_path,
                     Some(config.server_key_password.as_ref()),
                 )?
             } else {
-                debug!("Generating new key pair");
+                debug!("Generating new mTLS key pair");
                 let (public, private) = crypto::rsa_generate_pair(2048)?;
                 // Write the generated key to the file
                 crypto::write_key_pair(
@@ -539,7 +542,7 @@ async fn main() -> Result<()> {
                 debug!("The server_cert option was not set in the configuration file");
 
                 crypto::x509::CertificateBuilder::new()
-                    .private_key(&nk_priv)
+                    .private_key(&mtls_priv)
                     .common_name(&agent_uuid)
                     .add_ips(contact_ips)
                     .build()?
@@ -555,7 +558,7 @@ async fn main() -> Result<()> {
                 } else {
                     debug!("Generating new mTLS certificate");
                     let cert = crypto::x509::CertificateBuilder::new()
-                        .private_key(&nk_priv)
+                        .private_key(&mtls_priv)
                         .common_name(&agent_uuid)
                         .add_ips(contact_ips)
                         .build()?;
@@ -598,7 +601,7 @@ async fn main() -> Result<()> {
         mtls_cert = Some(cert.clone());
         ssl_context = Some(crypto::generate_tls_context(
             &cert,
-            &nk_priv,
+            &mtls_priv,
             keylime_ca_certs,
         )?);
     } else {
@@ -694,8 +697,10 @@ async fn main() -> Result<()> {
         keys_tx: keys_tx.clone(),
         measuredboot_ml_file,
         payload_tx: payload_tx.clone(),
-        priv_key: nk_priv,
-        pub_key: nk_pub,
+        payload_priv_key,
+        payload_pub_key,
+        priv_key: mtls_priv,
+        pub_key: mtls_pub,
         revocation_tx: revocation_tx.clone(),
         secure_mount: PathBuf::from(&mount),
         secure_size,
@@ -992,8 +997,13 @@ mod testing {
                 .join("test-data")
                 .join("test-rsa.pem");
 
-            let (nk_pub, nk_priv) =
-                crypto::testing::rsa_import_pair(rsa_key_path)?;
+            let (mtls_pub, mtls_priv) =
+                crypto::testing::rsa_import_pair(rsa_key_path.clone())?;
+
+            // Generate separate ephemeral payload keys for testing
+            debug!("Generating ephemeral RSA key pair for payload mechanism");
+            let (payload_pub_key, payload_priv_key) =
+                crypto::rsa_generate_pair(2048)?;
 
             let (mut payload_tx, mut payload_rx) =
                 mpsc::channel::<payloads::PayloadMessage>(1);
@@ -1046,8 +1056,10 @@ mod testing {
                 QuoteData {
                     api_versions,
                     tpmcontext: Mutex::new(ctx),
-                    priv_key: nk_priv,
-                    pub_key: nk_pub,
+                    payload_priv_key,
+                    payload_pub_key,
+                    priv_key: mtls_priv,
+                    pub_key: mtls_pub,
                     ak_handle,
                     keys_tx,
                     payload_tx,

keylime-agent/src/quotes_handler.rs

@@ -25,7 +25,7 @@ pub struct Ident {
 
 // This is a Quote request from the tenant, which does not check
 // integrity measurement. It should return this data:
-// { QuoteAIK(nonce, 16:H(NK_pub)), NK_pub }
+// { QuoteAIK(nonce, 16:H(payload_pub)), payload_pub }
 async fn identity(
     req: HttpRequest,
     param: web::Query<Ident>,
@@ -67,7 +67,7 @@ async fn identity(
     let tpm_quote = match context.quote(
         param.nonce.as_bytes(),
         0,
-        &data.pub_key,
+        &data.payload_pub_key,
         data.ak_handle,
         data.hash_alg,
         data.sign_alg,
@@ -92,7 +92,7 @@ async fn identity(
         ..Default::default()
     };
 
-    match crypto::pkey_pub_to_pem(&data.pub_key) {
+    match crypto::pkey_pub_to_pem(&data.payload_pub_key) {
         Ok(pubkey) => quote.pubkey = Some(pubkey),
         Err(e) => {
             debug!("Unable to retrieve public key for quote: {e:?}");
@@ -113,7 +113,7 @@ async fn identity(
 // This is a Quote request from the cloud verifier, which will check
 // integrity measurement. The PCRs included in the Quote will be specified
 // by the mask. It should return this data:
-// { QuoteAIK(nonce, 16:H(NK_pub), xi:yi), NK_pub}
+// { QuoteAIK(nonce, 16:H(payload_pub), xi:yi), payload_pub}
 // where xi:yi are additional PCRs to be included in the quote.
 async fn integrity(
     req: HttpRequest,
@@ -169,7 +169,8 @@ async fn integrity(
     // If partial="0", include the public key in the quote
     let pubkey = match &param.partial[..] {
         "0" => {
-            let pubkey = match crypto::pkey_pub_to_pem(&data.pub_key) {
+            let pubkey = match crypto::pkey_pub_to_pem(&data.payload_pub_key)
+            {
                 Ok(pubkey) => pubkey,
                 Err(e) => {
                     debug!("Unable to retrieve public key: {e:?}");
@@ -214,7 +215,7 @@ async fn integrity(
     let tpm_quote = match context.quote(
         param.nonce.as_bytes(),
         mask,
-        &data.pub_key,
+        &data.payload_pub_key,
         data.ak_handle,
         data.hash_alg,
         data.sign_alg,
@@ -389,7 +390,7 @@ mod tests {
         assert!(
             pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci]
                 .unwrap() //#[allow_ci]
-                .public_eq(&quotedata.pub_key)
+                .public_eq(&quotedata.payload_pub_key)
         );
         assert!(result.results.quote.starts_with('r'));
 
@@ -435,7 +436,7 @@ mod tests {
         assert!(
             pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci]
                 .unwrap() //#[allow_ci]
-                .public_eq(&quotedata.pub_key)
+                .public_eq(&quotedata.payload_pub_key)
         );
 
         if let Some(ima_mutex) = &quotedata.ima_ml_file {

keylime/src/cert.rs

@@ -17,7 +17,7 @@ pub fn cert_from_server_key(
     config: &CertificateConfig,
 ) -> Result<(X509, PKey<Public>)> {
     let cert: X509;
-    let (nk_pub, nk_priv) = match config.server_key.as_ref() {
+    let (mtls_pub, mtls_priv) = match config.server_key.as_ref() {
         "" => {
             debug!(
                 "The server_key option was not set in the configuration file"
@@ -56,7 +56,7 @@ pub fn cert_from_server_key(
             debug!("The server_cert option was not set in the configuration file");
 
             crypto::x509::CertificateBuilder::new()
-                .private_key(&nk_priv)
+                .private_key(&mtls_priv)
                 .common_name(&config.agent_uuid)
                 .add_ips(contact_ips)
                 .build()?
@@ -72,7 +72,7 @@ pub fn cert_from_server_key(
             } else {
                 debug!("Generating new mTLS certificate");
                 let cert = crypto::x509::CertificateBuilder::new()
-                    .private_key(&nk_priv)
+                    .private_key(&mtls_priv)
                     .common_name(&config.agent_uuid)
                     .add_ips(contact_ips)
                     .build()?;
@@ -81,7 +81,7 @@ pub fn cert_from_server_key(
             }
         }
     };
-    Ok((cert, nk_pub))
+    Ok((cert, mtls_pub))
 }
 
 #[cfg(test)]