Split crates into library and applications

This is a start of refactoring the codebase into three sub-crates:
keylime, keylime_agent, and keylime_ima_emulator.  The keylime crate
provides common facility used by the other crates as a
library (currently only IMA parser).

Signed-off-by: Daiki Ueno <[email protected]>

Cargo.toml

@@ -1,67 +1,3 @@
-[package]
-authors = ["Keylime Authors"]
-edition = "2018"
-name = "keylime_agent"
-version = "0.1.0"
-license = "Apache-2.0"
-description = "Rust agent for Keylime"
-repository = "https://github.com/keylime/rust-keylime"
+[workspace]
 
-[[bin]]
-name = "keylime_agent"
-path = "src/main.rs"
-doc = false
-
-[[bin]]
-name = "keylime_ima_emulator"
-path = "src/ima_emulator.rs"
-doc = false
-
-[dependencies]
-actix-web =  { version = "4", features = ["openssl"] }
-base64 = "0.13"
-cfg-if = "1"
-clap = { version = "~3.1.18", features = ["derive"] }
-compress-tools = "0.12"
-config = { version = "0.13", features = ["toml"] }
-futures = "0.3.6"
-glob = "0.3"
-hex = "0.4"
-libc = "0.2.43"
-log = "0.4"
-openssl = "0.10.15"
-picky-asn1-der = "0.3.1"
-picky-asn1-x509 = "0.6.1"
-pretty_env_logger = "0.4"
-reqwest = {version = "0.11", features = ["json"]}
-serde = "1.0.80"
-serde_derive = "1.0.80"
-serde_json = { version = "1.0", features = ["raw_value"] }
-static_assertions = "1"
-tempfile = "3.0.4"
-tokio = {version = "1.13.1", features = ["full"]}
-tss-esapi = {version = "7.1.0", features = ["generate-bindings"]}
-thiserror = "1.0"
-uuid = {version = "0.8", features = ["v4"]}
-zmq = {version = "0.9.2", optional = true}
-# wiremock was moved to be a regular dependency because optional
-# dev-dependencies are not supported
-# see: https://github.com/rust-lang/cargo/issues/1596
-wiremock = {version = "0.5", optional = true}
-
-[dev-dependencies]
-actix-rt = "2"
-
-[features]
-# The features enabled by default
-default = ["with-zmq", "legacy-python-actions"]
-# this should change to dev-dependencies when we have integration testing
-testing = ["wiremock"]
-# Whether the agent should be compiled with support to listen for notification
-# messages on ZeroMQ
-with-zmq = ["zmq"]
-# Whether the agent should be compiled with support for python revocation
-# actions loaded as modules, which is the only kind supported by the python
-# agent (unless the enhancement-55 is implemented). See:
-# https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md
-legacy-python-actions = []
+members = ["keylime", "keylime-agent", "keylime-ima-emulator"]

GNUmakefile

@@ -36,7 +36,7 @@ install: all
 	install -D -m 644 -t ${DESTDIR}$(systemdsystemunitdir) dist/systemd/system/keylime_agent.service
 	install -D -m 644 -t ${DESTDIR}$(systemdsystemunitdir) dist/systemd/system/var-lib-keylime-secure.mount
 	# Remove when https://github.com/keylime/rust-keylime/issues/325 is fixed
-	install -D -t ${DESTDIR}/usr/libexec/keylime tests/actions/shim.py
+	install -D -t ${DESTDIR}/usr/libexec/keylime keylime-agent/tests/actions/shim.py
 
 # This only runs tests without TPM access. See tests/run.sh for
 # running full testsuite with swtpm.

keylime-agent/Cargo.toml

@@ -0,0 +1,58 @@
+[package]
+authors = ["Keylime Authors"]
+edition = "2021"
+name = "keylime_agent"
+version = "0.1.0"
+license = "Apache-2.0"
+description = "Rust agent for Keylime"
+repository = "https://github.com/keylime/rust-keylime"
+
+[dependencies]
+actix-web =  { version = "4", features = ["openssl"] }
+base64 = "0.13"
+cfg-if = "1"
+clap = { version = "~3.1.18", features = ["derive"] }
+compress-tools = "0.12"
+config = { version = "0.13", features = ["toml"] }
+futures = "0.3.6"
+glob = "0.3"
+hex = "0.4"
+keylime = { path = "../keylime" }
+libc = "0.2.43"
+log = "0.4"
+openssl = "0.10.15"
+picky-asn1-der = "0.3.1"
+picky-asn1-x509 = "0.6.1"
+pretty_env_logger = "0.4"
+reqwest = {version = "0.11", features = ["json"]}
+serde = "1.0.80"
+serde_derive = "1.0.80"
+serde_json = { version = "1.0", features = ["raw_value"] }
+static_assertions = "1"
+tempfile = "3.0.4"
+tokio = {version = "1.13.1", features = ["full"]}
+tss-esapi = {version = "7.1.0", features = ["generate-bindings"]}
+thiserror = "1.0"
+uuid = {version = "0.8", features = ["v4"]}
+zmq = {version = "0.9.2", optional = true}
+# wiremock was moved to be a regular dependency because optional
+# dev-dependencies are not supported
+# see: https://github.com/rust-lang/cargo/issues/1596
+wiremock = {version = "0.5", optional = true}
+
+[dev-dependencies]
+actix-rt = "2"
+
+[features]
+# The features enabled by default
+default = ["with-zmq", "legacy-python-actions"]
+# this should change to dev-dependencies when we have integration testing
+testing = ["wiremock"]
+# Whether the agent should be compiled with support to listen for notification
+# messages on ZeroMQ
+with-zmq = ["zmq"]
+# Whether the agent should be compiled with support for python revocation
+# actions loaded as modules, which is the only kind supported by the python
+# agent (unless the enhancement-55 is implemented). See:
+# https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md
+legacy-python-actions = []

src/common.rs → keylime-agent/src/common.rs

@@ -1,9 +1,11 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2021 Keylime Authors
 
-use crate::algorithms::{EncryptionAlgorithm, HashAlgorithm, SignAlgorithm};
 use crate::error::{Error, Result};
 use crate::{permissions, tpm};
+use keylime::algorithms::{
+    EncryptionAlgorithm, HashAlgorithm, SignAlgorithm,
+};
 use log::*;
 use openssl::{
     hash::{hash, MessageDigest},
@@ -236,10 +238,10 @@ pub(crate) fn hash_ek_pubkey(ek_pub: Public) -> Result<String> {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::algorithms::{
+    use crate::config::KeylimeConfig;
+    use keylime::algorithms::{
         EncryptionAlgorithm, HashAlgorithm, SignAlgorithm,
     };
-    use crate::config::KeylimeConfig;
     use std::convert::TryFrom;
     use tss_esapi::{
         handles::KeyHandle,

src/config.rs → keylime-agent/src/config.rs

@@ -1,16 +1,15 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2022 Keylime Authors
 
-use crate::{
-    algorithms::{EncryptionAlgorithm, HashAlgorithm, SignAlgorithm},
-    error::Error,
-    permissions, tpm,
-};
+use crate::{error::Error, permissions, tpm};
 use config::{
     builder::DefaultState, Config, ConfigBuilder, ConfigError, Environment,
     File, FileFormat, Map, Source, Value,
 };
 use glob::glob;
+use keylime::algorithms::{
+    EncryptionAlgorithm, HashAlgorithm, SignAlgorithm,
+};
 use log::*;
 use serde::{Deserialize, Serialize};
 use std::{

src/error.rs → keylime-agent/src/error.rs

@@ -1,7 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2021 Keylime Authors
 
-use crate::algorithms;
 use thiserror::Error;
 use tss_esapi::{
     constants::response_code::Tss2ResponseCodeKind, Error::Tss2Error,
@@ -71,7 +70,7 @@ pub(crate) enum Error {
     #[error("from hex error: {0}")]
     FromHex(#[from] hex::FromHexError),
     #[error("Keylime algorithm error: {0}")]
-    Algorithm(#[from] algorithms::AlgorithmError),
+    Algorithm(#[from] keylime::algorithms::AlgorithmError),
     #[error("Error converting number: {0}")]
     TryFromInt(#[from] std::num::TryFromIntError),
     #[error("C string is not NUL-terminated: {0}")]
@@ -122,7 +121,7 @@ impl Error {
     }
 }
 
-impl std::convert::TryFrom<std::process::Output> for Error {
+impl TryFrom<std::process::Output> for Error {
     type Error = Error;
     fn try_from(output: std::process::Output) -> Result<Self> {
         let code = output.status.code();

src/main.rs → keylime-agent/src/main.rs

@@ -33,13 +33,11 @@
 //  missing_docs: there is many functions missing documentations for now
 #![allow(unused, missing_docs)]
 
-mod algorithms;
 mod common;
 mod config;
 mod crypto;
 mod error;
 mod errors_handler;
-mod ima;
 mod keys_handler;
 mod notifications_handler;
 mod permissions;
@@ -57,7 +55,7 @@ use common::*;
 use compress_tools::*;
 use error::{Error, Result};
 use futures::{future::TryFutureExt, try_join};
-use ima::ImaMeasurementList;
+use keylime::ima::ImaMeasurementList;
 use log::*;
 use openssl::{
     pkey::{PKey, Private, Public},
@@ -103,9 +101,9 @@ pub struct QuoteData {
     payload_symm_key_cvar: Arc<Condvar>,
     encr_payload: Arc<Mutex<Vec<u8>>>,
     auth_tag: Mutex<[u8; AUTH_TAG_LEN]>,
-    hash_alg: algorithms::HashAlgorithm,
-    enc_alg: algorithms::EncryptionAlgorithm,
-    sign_alg: algorithms::SignAlgorithm,
+    hash_alg: keylime::algorithms::HashAlgorithm,
+    enc_alg: keylime::algorithms::EncryptionAlgorithm,
+    sign_alg: keylime::algorithms::SignAlgorithm,
     agent_uuid: String,
     revocation_cert: Option<PathBuf>,
     revocation_actions: Option<String>,
@@ -488,13 +486,14 @@ async fn main() -> Result<()> {
             })?;
     };
 
-    let tpm_encryption_alg = algorithms::EncryptionAlgorithm::try_from(
-        config.agent.tpm_encryption_alg.as_str(),
-    )?;
-    let tpm_hash_alg = algorithms::HashAlgorithm::try_from(
+    let tpm_encryption_alg =
+        keylime::algorithms::EncryptionAlgorithm::try_from(
+            config.agent.tpm_encryption_alg.as_str(),
+        )?;
+    let tpm_hash_alg = keylime::algorithms::HashAlgorithm::try_from(
         config.agent.tpm_hash_alg.as_str(),
     )?;
-    let tpm_signing_alg = algorithms::SignAlgorithm::try_from(
+    let tpm_signing_alg = keylime::algorithms::SignAlgorithm::try_from(
         config.agent.tpm_signing_alg.as_str(),
     )?;
 
@@ -981,21 +980,22 @@ mod testing {
             let mut ctx = tpm::get_tpm2_ctx()?;
 
             let tpm_encryption_alg =
-                algorithms::EncryptionAlgorithm::try_from(
+                keylime::algorithms::EncryptionAlgorithm::try_from(
                     test_config.agent.tpm_encryption_alg.as_str(),
                 )?;
 
             // Gather EK and AK key values and certs
             let ek_result =
                 tpm::create_ek(&mut ctx, tpm_encryption_alg.into(), None)?;
 
-            let tpm_hash_alg = algorithms::HashAlgorithm::try_from(
+            let tpm_hash_alg = keylime::algorithms::HashAlgorithm::try_from(
                 test_config.agent.tpm_hash_alg.as_str(),
             )?;
 
-            let tpm_signing_alg = algorithms::SignAlgorithm::try_from(
-                test_config.agent.tpm_signing_alg.as_str(),
-            )?;
+            let tpm_signing_alg =
+                keylime::algorithms::SignAlgorithm::try_from(
+                    test_config.agent.tpm_signing_alg.as_str(),
+                )?;
 
             let ak_result = tpm::create_ak(
                 &mut ctx,
@@ -1065,9 +1065,9 @@ mod testing {
                 payload_symm_key_cvar: symm_key_cvar_arc,
                 encr_payload: encr_payload_arc,
                 auth_tag: Mutex::new([0u8; AUTH_TAG_LEN]),
-                hash_alg: algorithms::HashAlgorithm::Sha256,
-                enc_alg: algorithms::EncryptionAlgorithm::Rsa,
-                sign_alg: algorithms::SignAlgorithm::RsaSsa,
+                hash_alg: keylime::algorithms::HashAlgorithm::Sha256,
+                enc_alg: keylime::algorithms::EncryptionAlgorithm::Rsa,
+                sign_alg: keylime::algorithms::SignAlgorithm::RsaSsa,
                 agent_uuid: test_config.agent.uuid,
                 revocation_cert,
                 revocation_actions: None,

src/quotes_handler.rs → keylime-agent/src/quotes_handler.rs

@@ -5,9 +5,9 @@ use crate::{tpm, Error as KeylimeError, QuoteData};
 
 use crate::common::JsonWrapper;
 use crate::crypto;
-use crate::ima::read_measurement_list;
 use crate::serialization::serialize_maybe_base64;
 use actix_web::{web, HttpRequest, HttpResponse, Responder};
+use keylime::ima::read_measurement_list;
 use log::*;
 use serde::{Deserialize, Serialize};
 use std::{