keylime · ansasaki · Sep 24, 2025 · Sep 19, 2025
diff --git a/keylime-agent/src/keys_handler.rs b/keylime-agent/src/keys_handler.rs
@@ -166,7 +166,7 @@ async fn u_key(
     // https://github.com/keylime/keylime/blob/f3c31b411dd3dd971fd9d614a39a150655c6797c/ \
     // keylime/crypto.py#L118
     let decrypted_key = match crypto::rsa_oaep_decrypt(
-        &quote_data.priv_key,
+        &quote_data.payload_priv_key,
         &encrypted_key,
     )
     .map_err(Error::from)
@@ -278,7 +278,7 @@ async fn v_key(
     // https://github.com/keylime/keylime/blob/f3c31b411dd3dd971fd9d614a39a150655c6797c/ \
     // keylime/crypto.py#L118
     let decrypted_key = match crypto::rsa_oaep_decrypt(
-        &quote_data.priv_key,
+        &quote_data.payload_priv_key,
         &encrypted_key,
     )
     .map_err(Error::from)
@@ -323,7 +323,7 @@ async fn pubkey(
     req: HttpRequest,
     data: web::Data<QuoteData<'_>>,
 ) -> impl Responder {
-    match crypto::pkey_pub_to_pem(&data.pub_key) {
+    match crypto::pkey_pub_to_pem(&data.payload_pub_key) {
         Ok(pubkey) => {
             let response = JsonWrapper::success(KeylimePubkey { pubkey });
             info!("GET pubkey returning 200 response.");
@@ -902,7 +902,7 @@ mod tests {
         fixture.keys_tx = keys_tx.clone();
 
         let quotedata = web::Data::new(fixture);
-        let pubkey = quotedata.pub_key.clone();
+        let pubkey = quotedata.payload_pub_key.clone();
 
         // Run server
         let mut app = test::init_service(
@@ -968,7 +968,7 @@ mod tests {
         })));
 
         let encrypted_key =
-            rsa_oaep_encrypt(&quotedata.pub_key, u.as_ref()).unwrap(); //#[allow_ci]
+            rsa_oaep_encrypt(&quotedata.payload_pub_key, u.as_ref()).unwrap(); //#[allow_ci]
 
         let ukey = KeylimeUKey {
             encrypted_key: general_purpose::STANDARD.encode(&encrypted_key),
@@ -985,7 +985,7 @@ mod tests {
         assert!(resp.status().is_success());
 
         let encrypted_key =
-            rsa_oaep_encrypt(&quotedata.pub_key, v.as_ref()).unwrap(); //#[allow_ci]
+            rsa_oaep_encrypt(&quotedata.payload_pub_key, v.as_ref()).unwrap(); //#[allow_ci]
 
         let vkey = KeylimeVKey {
             encrypted_key: general_purpose::STANDARD.encode(&encrypted_key),
@@ -1110,7 +1110,7 @@ mod tests {
             test::read_body_json(resp).await;
         assert!(pkey_pub_from_pem(&result.results.pubkey)
             .unwrap() //#[allow_ci]
-            .public_eq(&quotedata.pub_key));
+            .public_eq(&quotedata.payload_pub_key));
 
         // Explicitly drop QuoteData to cleanup keys
         drop(quotedata);

diff --git a/keylime-agent/src/main.rs b/keylime-agent/src/main.rs
@@ -114,6 +114,8 @@ pub struct QuoteData<'a> {
     )>,
     measuredboot_ml_file: Option<Mutex<fs::File>>,
     payload_tx: mpsc::Sender<payloads::PayloadMessage>,
+    payload_priv_key: PKey<Private>,
+    payload_pub_key: PKey<Public>,
     priv_key: PKey<Private>,
     pub_key: PKey<Public>,
     revocation_tx: mpsc::Sender<revocation::RevocationMessage>,
@@ -488,35 +490,36 @@ async fn main() -> Result<()> {
         (None, None)
     };
 
-    // Generate key pair for secure transmission of u, v keys. The u, v
-    // keys are two halves of the key used to decrypt the workload after
+    // Generate ephemeral RSA key pair for secure transmission of u, v keys.
+    // The u, v keys are two halves of the key used to decrypt the workload after
     // the Identity and Integrity Quotes sent by the agent are validated
     // by the Tenant and Cloud Verifier, respectively.
-    //
-    // Since we store the u key in memory, discarding this key, which
-    // safeguards u and v keys in transit, is not part of the threat model.
+    debug!("Generating ephemeral RSA key pair for payload mechanism");
+    let (payload_pub_key, payload_priv_key) =
+        crypto::rsa_generate_pair(2048)?;
 
-    let (nk_pub, nk_priv) = match config.server_key.as_ref() {
+    // Generate mTLS key pair (separate from payload keys)
+    let (mtls_pub, mtls_priv) = match config.server_key.as_ref() {
         "" => {
             debug!(
                 "The server_key option was not set in the configuration file"
             );
-            debug!("Generating new key pair");
+            debug!("Generating new mTLS key pair");
             crypto::rsa_generate_pair(2048)?
         }
         path => {
             let key_path = Path::new(&path);
             if key_path.exists() {
                 debug!(
-                    "Loading existing key pair from {}",
+                    "Loading existing mTLS key pair from {}",
                     key_path.display()
                 );
                 crypto::load_key_pair(
                     key_path,
                     Some(config.server_key_password.as_ref()),
                 )?
             } else {
-                debug!("Generating new key pair");
+                debug!("Generating new mTLS key pair");
                 let (public, private) = crypto::rsa_generate_pair(2048)?;
                 // Write the generated key to the file
                 crypto::write_key_pair(
@@ -539,7 +542,7 @@ async fn main() -> Result<()> {
                 debug!("The server_cert option was not set in the configuration file");
 
                 crypto::x509::CertificateBuilder::new()
-                    .private_key(&nk_priv)
+                    .private_key(&mtls_priv)
                     .common_name(&agent_uuid)
                     .add_ips(contact_ips)
                     .build()?
@@ -555,7 +558,7 @@ async fn main() -> Result<()> {
                 } else {
                     debug!("Generating new mTLS certificate");
                     let cert = crypto::x509::CertificateBuilder::new()
-                        .private_key(&nk_priv)
+                        .private_key(&mtls_priv)
                         .common_name(&agent_uuid)
                         .add_ips(contact_ips)
                         .build()?;
@@ -598,7 +601,7 @@ async fn main() -> Result<()> {
         mtls_cert = Some(cert.clone());
         ssl_context = Some(crypto::generate_tls_context(
             &cert,
-            &nk_priv,
+            &mtls_priv,
             keylime_ca_certs,
         )?);
     } else {
@@ -694,8 +697,10 @@ async fn main() -> Result<()> {
         keys_tx: keys_tx.clone(),
         measuredboot_ml_file,
         payload_tx: payload_tx.clone(),
-        priv_key: nk_priv,
-        pub_key: nk_pub,
+        payload_priv_key,
+        payload_pub_key,
+        priv_key: mtls_priv,
+        pub_key: mtls_pub,
         revocation_tx: revocation_tx.clone(),
         secure_mount: PathBuf::from(&mount),
         secure_size,
@@ -992,8 +997,13 @@ mod testing {
                 .join("test-data")
                 .join("test-rsa.pem");
 
-            let (nk_pub, nk_priv) =
-                crypto::testing::rsa_import_pair(rsa_key_path)?;
+            let (mtls_pub, mtls_priv) =
+                crypto::testing::rsa_import_pair(rsa_key_path.clone())?;
+
+            // Generate separate ephemeral payload keys for testing
+            debug!("Generating ephemeral RSA key pair for payload mechanism");
+            let (payload_pub_key, payload_priv_key) =
+                crypto::rsa_generate_pair(2048)?;
 
             let (mut payload_tx, mut payload_rx) =
                 mpsc::channel::<payloads::PayloadMessage>(1);
@@ -1046,8 +1056,10 @@ mod testing {
                 QuoteData {
                     api_versions,
                     tpmcontext: Mutex::new(ctx),
-                    priv_key: nk_priv,
-                    pub_key: nk_pub,
+                    payload_priv_key,
+                    payload_pub_key,
+                    priv_key: mtls_priv,
+                    pub_key: mtls_pub,
                     ak_handle,
                     keys_tx,
                     payload_tx,

diff --git a/keylime-agent/src/quotes_handler.rs b/keylime-agent/src/quotes_handler.rs
@@ -25,7 +25,7 @@ pub struct Ident {
 
 // This is a Quote request from the tenant, which does not check
 // integrity measurement. It should return this data:
-// { QuoteAIK(nonce, 16:H(NK_pub)), NK_pub }
+// { QuoteAIK(nonce, 16:H(payload_pub)), payload_pub }
 async fn identity(
     req: HttpRequest,
     param: web::Query<Ident>,
@@ -67,7 +67,7 @@ async fn identity(
     let tpm_quote = match context.quote(
         param.nonce.as_bytes(),
         0,
-        &data.pub_key,
+        &data.payload_pub_key,
         data.ak_handle,
         data.hash_alg,
         data.sign_alg,
@@ -92,7 +92,7 @@ async fn identity(
         ..Default::default()
     };
 
-    match crypto::pkey_pub_to_pem(&data.pub_key) {
+    match crypto::pkey_pub_to_pem(&data.payload_pub_key) {
         Ok(pubkey) => quote.pubkey = Some(pubkey),
         Err(e) => {
             debug!("Unable to retrieve public key for quote: {e:?}");
@@ -113,7 +113,7 @@ async fn identity(
 // This is a Quote request from the cloud verifier, which will check
 // integrity measurement. The PCRs included in the Quote will be specified
 // by the mask. It should return this data:
-// { QuoteAIK(nonce, 16:H(NK_pub), xi:yi), NK_pub}
+// { QuoteAIK(nonce, 16:H(payload_pub), xi:yi), payload_pub}
 // where xi:yi are additional PCRs to be included in the quote.
 async fn integrity(
     req: HttpRequest,
@@ -169,7 +169,8 @@ async fn integrity(
     // If partial="0", include the public key in the quote
     let pubkey = match &param.partial[..] {
         "0" => {
-            let pubkey = match crypto::pkey_pub_to_pem(&data.pub_key) {
+            let pubkey = match crypto::pkey_pub_to_pem(&data.payload_pub_key)
+            {
                 Ok(pubkey) => pubkey,
                 Err(e) => {
                     debug!("Unable to retrieve public key: {e:?}");
@@ -214,7 +215,7 @@ async fn integrity(
     let tpm_quote = match context.quote(
         param.nonce.as_bytes(),
         mask,
-        &data.pub_key,
+        &data.payload_pub_key,
         data.ak_handle,
         data.hash_alg,
         data.sign_alg,
@@ -389,7 +390,7 @@ mod tests {
         assert!(
             pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci]
                 .unwrap() //#[allow_ci]
-                .public_eq(&quotedata.pub_key)
+                .public_eq(&quotedata.payload_pub_key)
         );
         assert!(result.results.quote.starts_with('r'));
 
@@ -435,7 +436,7 @@ mod tests {
         assert!(
             pkey_pub_from_pem(&result.results.pubkey.unwrap()) //#[allow_ci]
                 .unwrap() //#[allow_ci]
-                .public_eq(&quotedata.pub_key)
+                .public_eq(&quotedata.payload_pub_key)
         );
 
         if let Some(ima_mutex) = &quotedata.ima_ml_file {

diff --git a/keylime/src/cert.rs b/keylime/src/cert.rs
@@ -17,7 +17,7 @@ pub fn cert_from_server_key(
     config: &CertificateConfig,
 ) -> Result<(X509, PKey<Public>)> {
     let cert: X509;
-    let (nk_pub, nk_priv) = match config.server_key.as_ref() {
+    let (mtls_pub, mtls_priv) = match config.server_key.as_ref() {
         "" => {
             debug!(
                 "The server_key option was not set in the configuration file"
@@ -56,7 +56,7 @@ pub fn cert_from_server_key(
             debug!("The server_cert option was not set in the configuration file");
 
             crypto::x509::CertificateBuilder::new()
-                .private_key(&nk_priv)
+                .private_key(&mtls_priv)
                 .common_name(&config.agent_uuid)
                 .add_ips(contact_ips)
                 .build()?
@@ -72,7 +72,7 @@ pub fn cert_from_server_key(
             } else {
                 debug!("Generating new mTLS certificate");
                 let cert = crypto::x509::CertificateBuilder::new()
-                    .private_key(&nk_priv)
+                    .private_key(&mtls_priv)
                     .common_name(&config.agent_uuid)
                     .add_ips(contact_ips)
                     .build()?;
@@ -81,7 +81,7 @@ pub fn cert_from_server_key(
             }
         }
     };
-    Ok((cert, nk_pub))
+    Ok((cert, mtls_pub))
 }
 
 #[cfg(test)]