From a1e125ea4e71fc612ac9d8d1f58d9135376f7657 Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 5 Dec 2022 14:42:06 +0900 Subject: [PATCH] Split crates into library and applications This is a start of refactoring the codebase into three sub-crates: keylime, keylime_agent, and keylime_ima_emulator. The keylime crate provides common facility used by the other crates as a library (currently only IMA parser). Signed-off-by: Daiki Ueno --- Cargo.lock | 27 +++++++ Cargo.toml | 68 +----------------- GNUmakefile | 2 +- keylime-agent/Cargo.toml | 58 +++++++++++++++ {src => keylime-agent/src}/common.rs | 8 ++- {src => keylime-agent/src}/config.rs | 9 ++- {src => keylime-agent/src}/crypto.rs | 0 {src => keylime-agent/src}/error.rs | 5 +- {src => keylime-agent/src}/errors_handler.rs | 0 {src => keylime-agent/src}/keys_handler.rs | 0 {src => keylime-agent/src}/main.rs | 38 +++++----- .../src}/notifications_handler.rs | 0 {src => keylime-agent/src}/permissions.rs | 0 {src => keylime-agent/src}/quotes_handler.rs | 2 +- {src => keylime-agent/src}/registrar_agent.rs | 0 {src => keylime-agent/src}/revocation.rs | 0 {src => keylime-agent/src}/secure_mount.rs | 0 {src => keylime-agent/src}/serialization.rs | 0 {src => keylime-agent/src}/tpm.rs | 0 {src => keylime-agent/src}/version_handler.rs | 0 .../test-data}/ima/ascii_runtime_measurements | 0 .../test-data}/payload.zip | Bin .../test-data}/revocation.sig | 0 .../test-data}/test-cert.pem | 0 .../test-data}/test-quote.txt | 0 .../test-data}/test-rsa.pem | 0 .../test-data}/test-rsa.sig | 0 .../test-data}/test.json | 0 .../test-data}/test_input.txt | 0 .../test-data}/test_ok.json | 0 .../test-data}/tpmdata_test.json | 0 .../tests}/actions/local_action_hello.py | 0 .../actions/local_action_hello_shell.sh | 0 .../actions/local_action_stand_alone.py | 0 keylime-agent/tests/actions/shim.py | 38 ++++++++++ .../tests}/unzipped/action_list | 0 .../tests}/unzipped/local_action_payload.py | 0 .../unzipped/local_action_payload_shell.sh | 0 .../unzipped/local_action_rev_script1.py | 0 .../unzipped/local_action_rev_script2.py | 0 .../tests}/unzipped/test_err.json | 0 .../tests}/unzipped/test_ok.json | 0 keylime-ima-emulator/Cargo.toml | 15 ++++ .../src/main.rs | 7 +- keylime/Cargo.toml | 17 +++++ {src => keylime/src}/algorithms.rs | 0 {src => keylime/src}/ima.rs | 19 ++--- {src => keylime/src}/ima_entry.rs | 0 keylime/src/lib.rs | 3 + tests/nopanic.ci | 12 +++- 50 files changed, 215 insertions(+), 113 deletions(-) create mode 100644 keylime-agent/Cargo.toml rename {src => keylime-agent/src}/common.rs (98%) rename {src => keylime-agent/src}/config.rs (99%) rename {src => keylime-agent/src}/crypto.rs (100%) rename {src => keylime-agent/src}/error.rs (97%) rename {src => keylime-agent/src}/errors_handler.rs (100%) rename {src => keylime-agent/src}/keys_handler.rs (100%) rename {src => keylime-agent/src}/main.rs (97%) rename {src => keylime-agent/src}/notifications_handler.rs (100%) rename {src => keylime-agent/src}/permissions.rs (100%) rename {src => keylime-agent/src}/quotes_handler.rs (99%) rename {src => keylime-agent/src}/registrar_agent.rs (100%) rename {src => keylime-agent/src}/revocation.rs (100%) rename {src => keylime-agent/src}/secure_mount.rs (100%) rename {src => keylime-agent/src}/serialization.rs (100%) rename {src => keylime-agent/src}/tpm.rs (100%) rename {src => keylime-agent/src}/version_handler.rs (100%) rename {test-data => keylime-agent/test-data}/ima/ascii_runtime_measurements (100%) rename {test-data => keylime-agent/test-data}/payload.zip (100%) rename {test-data => keylime-agent/test-data}/revocation.sig (100%) rename {test-data => keylime-agent/test-data}/test-cert.pem (100%) rename {test-data => keylime-agent/test-data}/test-quote.txt (100%) rename {test-data => keylime-agent/test-data}/test-rsa.pem (100%) rename {test-data => keylime-agent/test-data}/test-rsa.sig (100%) rename {test-data => keylime-agent/test-data}/test.json (100%) rename {test-data => keylime-agent/test-data}/test_input.txt (100%) rename {test-data => keylime-agent/test-data}/test_ok.json (100%) rename {test-data => keylime-agent/test-data}/tpmdata_test.json (100%) rename {tests => keylime-agent/tests}/actions/local_action_hello.py (100%) rename {tests => keylime-agent/tests}/actions/local_action_hello_shell.sh (100%) rename {tests => keylime-agent/tests}/actions/local_action_stand_alone.py (100%) create mode 100755 keylime-agent/tests/actions/shim.py rename {tests => keylime-agent/tests}/unzipped/action_list (100%) rename {tests => keylime-agent/tests}/unzipped/local_action_payload.py (100%) rename {tests => keylime-agent/tests}/unzipped/local_action_payload_shell.sh (100%) rename {tests => keylime-agent/tests}/unzipped/local_action_rev_script1.py (100%) rename {tests => keylime-agent/tests}/unzipped/local_action_rev_script2.py (100%) rename {tests => keylime-agent/tests}/unzipped/test_err.json (100%) rename {tests => keylime-agent/tests}/unzipped/test_ok.json (100%) create mode 100644 keylime-ima-emulator/Cargo.toml rename src/ima_emulator.rs => keylime-ima-emulator/src/main.rs (98%) create mode 100644 keylime/Cargo.toml rename {src => keylime/src}/algorithms.rs (100%) rename {src => keylime/src}/ima.rs (94%) rename {src => keylime/src}/ima_entry.rs (100%) create mode 100644 keylime/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index 669ec0f35..2725d55be 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1151,6 +1151,19 @@ dependencies = [ "serde", ] +[[package]] +name = "keylime" +version = "0.1.0" +dependencies = [ + "hex", + "openssl", + "serde", + "serde_derive", + "tempfile", + "thiserror", + "tss-esapi", +] + [[package]] name = "keylime_agent" version = "0.1.0" @@ -1165,6 +1178,7 @@ dependencies = [ "futures", "glob", "hex", + "keylime", "libc", "log", "openssl", @@ -1185,6 +1199,19 @@ dependencies = [ "zmq", ] +[[package]] +name = "keylime_ima_emulator" +version = "0.1.0" +dependencies = [ + "clap 3.1.18", + "hex", + "keylime", + "log", + "openssl", + "thiserror", + "tss-esapi", +] + [[package]] name = "language-tags" version = "0.3.2" diff --git a/Cargo.toml b/Cargo.toml index 16ac45088..523c5db95 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,67 +1,3 @@ -[package] -authors = ["Keylime Authors"] -edition = "2018" -name = "keylime_agent" -version = "0.1.0" -license = "Apache-2.0" -description = "Rust agent for Keylime" -repository = "https://github.com/keylime/rust-keylime" +[workspace] -[[bin]] -name = "keylime_agent" -path = "src/main.rs" -doc = false - -[[bin]] -name = "keylime_ima_emulator" -path = "src/ima_emulator.rs" -doc = false - -[dependencies] -actix-web = { version = "4", features = ["openssl"] } -base64 = "0.13" -cfg-if = "1" -clap = { version = "~3.1.18", features = ["derive"] } -compress-tools = "0.12" -config = { version = "0.13", features = ["toml"] } -futures = "0.3.6" -glob = "0.3" -hex = "0.4" -libc = "0.2.43" -log = "0.4" -openssl = "0.10.15" -picky-asn1-der = "0.3.1" -picky-asn1-x509 = "0.6.1" -pretty_env_logger = "0.4" -reqwest = {version = "0.11", features = ["json"]} -serde = "1.0.80" -serde_derive = "1.0.80" -serde_json = { version = "1.0", features = ["raw_value"] } -static_assertions = "1" -tempfile = "3.0.4" -tokio = {version = "1.13.1", features = ["full"]} -tss-esapi = {version = "7.1.0", features = ["generate-bindings"]} -thiserror = "1.0" -uuid = {version = "0.8", features = ["v4"]} -zmq = {version = "0.9.2", optional = true} -# wiremock was moved to be a regular dependency because optional -# dev-dependencies are not supported -# see: https://github.com/rust-lang/cargo/issues/1596 -wiremock = {version = "0.5", optional = true} - -[dev-dependencies] -actix-rt = "2" - -[features] -# The features enabled by default -default = ["with-zmq", "legacy-python-actions"] -# this should change to dev-dependencies when we have integration testing -testing = ["wiremock"] -# Whether the agent should be compiled with support to listen for notification -# messages on ZeroMQ -with-zmq = ["zmq"] -# Whether the agent should be compiled with support for python revocation -# actions loaded as modules, which is the only kind supported by the python -# agent (unless the enhancement-55 is implemented). See: -# https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md -legacy-python-actions = [] +members = ["keylime", "keylime-agent", "keylime-ima-emulator"] diff --git a/GNUmakefile b/GNUmakefile index 5f827229f..72f70d265 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -36,7 +36,7 @@ install: all install -D -m 644 -t ${DESTDIR}$(systemdsystemunitdir) dist/systemd/system/keylime_agent.service install -D -m 644 -t ${DESTDIR}$(systemdsystemunitdir) dist/systemd/system/var-lib-keylime-secure.mount # Remove when https://github.com/keylime/rust-keylime/issues/325 is fixed - install -D -t ${DESTDIR}/usr/libexec/keylime tests/actions/shim.py + install -D -t ${DESTDIR}/usr/libexec/keylime keylime-agent/tests/actions/shim.py # This only runs tests without TPM access. See tests/run.sh for # running full testsuite with swtpm. diff --git a/keylime-agent/Cargo.toml b/keylime-agent/Cargo.toml new file mode 100644 index 000000000..f7fa92d25 --- /dev/null +++ b/keylime-agent/Cargo.toml @@ -0,0 +1,58 @@ +[package] +authors = ["Keylime Authors"] +edition = "2021" +name = "keylime_agent" +version = "0.1.0" +license = "Apache-2.0" +description = "Rust agent for Keylime" +repository = "https://github.com/keylime/rust-keylime" + +[dependencies] +actix-web = { version = "4", features = ["openssl"] } +base64 = "0.13" +cfg-if = "1" +clap = { version = "~3.1.18", features = ["derive"] } +compress-tools = "0.12" +config = { version = "0.13", features = ["toml"] } +futures = "0.3.6" +glob = "0.3" +hex = "0.4" +keylime = { path = "../keylime" } +libc = "0.2.43" +log = "0.4" +openssl = "0.10.15" +picky-asn1-der = "0.3.1" +picky-asn1-x509 = "0.6.1" +pretty_env_logger = "0.4" +reqwest = {version = "0.11", features = ["json"]} +serde = "1.0.80" +serde_derive = "1.0.80" +serde_json = { version = "1.0", features = ["raw_value"] } +static_assertions = "1" +tempfile = "3.0.4" +tokio = {version = "1.13.1", features = ["full"]} +tss-esapi = {version = "7.1.0", features = ["generate-bindings"]} +thiserror = "1.0" +uuid = {version = "0.8", features = ["v4"]} +zmq = {version = "0.9.2", optional = true} +# wiremock was moved to be a regular dependency because optional +# dev-dependencies are not supported +# see: https://github.com/rust-lang/cargo/issues/1596 +wiremock = {version = "0.5", optional = true} + +[dev-dependencies] +actix-rt = "2" + +[features] +# The features enabled by default +default = ["with-zmq", "legacy-python-actions"] +# this should change to dev-dependencies when we have integration testing +testing = ["wiremock"] +# Whether the agent should be compiled with support to listen for notification +# messages on ZeroMQ +with-zmq = ["zmq"] +# Whether the agent should be compiled with support for python revocation +# actions loaded as modules, which is the only kind supported by the python +# agent (unless the enhancement-55 is implemented). See: +# https://github.com/keylime/enhancements/blob/master/55_revocation_actions_without_python.md +legacy-python-actions = [] diff --git a/src/common.rs b/keylime-agent/src/common.rs similarity index 98% rename from src/common.rs rename to keylime-agent/src/common.rs index 2ac417eb7..83c2b718a 100644 --- a/src/common.rs +++ b/keylime-agent/src/common.rs @@ -1,9 +1,11 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Keylime Authors -use crate::algorithms::{EncryptionAlgorithm, HashAlgorithm, SignAlgorithm}; use crate::error::{Error, Result}; use crate::{permissions, tpm}; +use keylime::algorithms::{ + EncryptionAlgorithm, HashAlgorithm, SignAlgorithm, +}; use log::*; use openssl::{ hash::{hash, MessageDigest}, @@ -236,10 +238,10 @@ pub(crate) fn hash_ek_pubkey(ek_pub: Public) -> Result { #[cfg(test)] mod tests { use super::*; - use crate::algorithms::{ + use crate::config::KeylimeConfig; + use keylime::algorithms::{ EncryptionAlgorithm, HashAlgorithm, SignAlgorithm, }; - use crate::config::KeylimeConfig; use std::convert::TryFrom; use tss_esapi::{ handles::KeyHandle, diff --git a/src/config.rs b/keylime-agent/src/config.rs similarity index 99% rename from src/config.rs rename to keylime-agent/src/config.rs index e8cee3c8d..ca835568d 100644 --- a/src/config.rs +++ b/keylime-agent/src/config.rs @@ -1,16 +1,15 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2022 Keylime Authors -use crate::{ - algorithms::{EncryptionAlgorithm, HashAlgorithm, SignAlgorithm}, - error::Error, - permissions, tpm, -}; +use crate::{error::Error, permissions, tpm}; use config::{ builder::DefaultState, Config, ConfigBuilder, ConfigError, Environment, File, FileFormat, Map, Source, Value, }; use glob::glob; +use keylime::algorithms::{ + EncryptionAlgorithm, HashAlgorithm, SignAlgorithm, +}; use log::*; use serde::{Deserialize, Serialize}; use std::{ diff --git a/src/crypto.rs b/keylime-agent/src/crypto.rs similarity index 100% rename from src/crypto.rs rename to keylime-agent/src/crypto.rs diff --git a/src/error.rs b/keylime-agent/src/error.rs similarity index 97% rename from src/error.rs rename to keylime-agent/src/error.rs index 403b9ed1e..2ca7fc5b3 100644 --- a/src/error.rs +++ b/keylime-agent/src/error.rs @@ -1,7 +1,6 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Keylime Authors -use crate::algorithms; use thiserror::Error; use tss_esapi::{ constants::response_code::Tss2ResponseCodeKind, Error::Tss2Error, @@ -71,7 +70,7 @@ pub(crate) enum Error { #[error("from hex error: {0}")] FromHex(#[from] hex::FromHexError), #[error("Keylime algorithm error: {0}")] - Algorithm(#[from] algorithms::AlgorithmError), + Algorithm(#[from] keylime::algorithms::AlgorithmError), #[error("Error converting number: {0}")] TryFromInt(#[from] std::num::TryFromIntError), #[error("C string is not NUL-terminated: {0}")] @@ -122,7 +121,7 @@ impl Error { } } -impl std::convert::TryFrom for Error { +impl TryFrom for Error { type Error = Error; fn try_from(output: std::process::Output) -> Result { let code = output.status.code(); diff --git a/src/errors_handler.rs b/keylime-agent/src/errors_handler.rs similarity index 100% rename from src/errors_handler.rs rename to keylime-agent/src/errors_handler.rs diff --git a/src/keys_handler.rs b/keylime-agent/src/keys_handler.rs similarity index 100% rename from src/keys_handler.rs rename to keylime-agent/src/keys_handler.rs diff --git a/src/main.rs b/keylime-agent/src/main.rs similarity index 97% rename from src/main.rs rename to keylime-agent/src/main.rs index 2700d2c71..a136b90bc 100644 --- a/src/main.rs +++ b/keylime-agent/src/main.rs @@ -33,13 +33,11 @@ // missing_docs: there is many functions missing documentations for now #![allow(unused, missing_docs)] -mod algorithms; mod common; mod config; mod crypto; mod error; mod errors_handler; -mod ima; mod keys_handler; mod notifications_handler; mod permissions; @@ -57,7 +55,7 @@ use common::*; use compress_tools::*; use error::{Error, Result}; use futures::{future::TryFutureExt, try_join}; -use ima::ImaMeasurementList; +use keylime::ima::ImaMeasurementList; use log::*; use openssl::{ pkey::{PKey, Private, Public}, @@ -103,9 +101,9 @@ pub struct QuoteData { payload_symm_key_cvar: Arc, encr_payload: Arc>>, auth_tag: Mutex<[u8; AUTH_TAG_LEN]>, - hash_alg: algorithms::HashAlgorithm, - enc_alg: algorithms::EncryptionAlgorithm, - sign_alg: algorithms::SignAlgorithm, + hash_alg: keylime::algorithms::HashAlgorithm, + enc_alg: keylime::algorithms::EncryptionAlgorithm, + sign_alg: keylime::algorithms::SignAlgorithm, agent_uuid: String, revocation_cert: Option, revocation_actions: Option, @@ -488,13 +486,14 @@ async fn main() -> Result<()> { })?; }; - let tpm_encryption_alg = algorithms::EncryptionAlgorithm::try_from( - config.agent.tpm_encryption_alg.as_str(), - )?; - let tpm_hash_alg = algorithms::HashAlgorithm::try_from( + let tpm_encryption_alg = + keylime::algorithms::EncryptionAlgorithm::try_from( + config.agent.tpm_encryption_alg.as_str(), + )?; + let tpm_hash_alg = keylime::algorithms::HashAlgorithm::try_from( config.agent.tpm_hash_alg.as_str(), )?; - let tpm_signing_alg = algorithms::SignAlgorithm::try_from( + let tpm_signing_alg = keylime::algorithms::SignAlgorithm::try_from( config.agent.tpm_signing_alg.as_str(), )?; @@ -981,7 +980,7 @@ mod testing { let mut ctx = tpm::get_tpm2_ctx()?; let tpm_encryption_alg = - algorithms::EncryptionAlgorithm::try_from( + keylime::algorithms::EncryptionAlgorithm::try_from( test_config.agent.tpm_encryption_alg.as_str(), )?; @@ -989,13 +988,14 @@ mod testing { let ek_result = tpm::create_ek(&mut ctx, tpm_encryption_alg.into(), None)?; - let tpm_hash_alg = algorithms::HashAlgorithm::try_from( + let tpm_hash_alg = keylime::algorithms::HashAlgorithm::try_from( test_config.agent.tpm_hash_alg.as_str(), )?; - let tpm_signing_alg = algorithms::SignAlgorithm::try_from( - test_config.agent.tpm_signing_alg.as_str(), - )?; + let tpm_signing_alg = + keylime::algorithms::SignAlgorithm::try_from( + test_config.agent.tpm_signing_alg.as_str(), + )?; let ak_result = tpm::create_ak( &mut ctx, @@ -1065,9 +1065,9 @@ mod testing { payload_symm_key_cvar: symm_key_cvar_arc, encr_payload: encr_payload_arc, auth_tag: Mutex::new([0u8; AUTH_TAG_LEN]), - hash_alg: algorithms::HashAlgorithm::Sha256, - enc_alg: algorithms::EncryptionAlgorithm::Rsa, - sign_alg: algorithms::SignAlgorithm::RsaSsa, + hash_alg: keylime::algorithms::HashAlgorithm::Sha256, + enc_alg: keylime::algorithms::EncryptionAlgorithm::Rsa, + sign_alg: keylime::algorithms::SignAlgorithm::RsaSsa, agent_uuid: test_config.agent.uuid, revocation_cert, revocation_actions: None, diff --git a/src/notifications_handler.rs b/keylime-agent/src/notifications_handler.rs similarity index 100% rename from src/notifications_handler.rs rename to keylime-agent/src/notifications_handler.rs diff --git a/src/permissions.rs b/keylime-agent/src/permissions.rs similarity index 100% rename from src/permissions.rs rename to keylime-agent/src/permissions.rs diff --git a/src/quotes_handler.rs b/keylime-agent/src/quotes_handler.rs similarity index 99% rename from src/quotes_handler.rs rename to keylime-agent/src/quotes_handler.rs index fb8a5f78a..91aa1e72c 100644 --- a/src/quotes_handler.rs +++ b/keylime-agent/src/quotes_handler.rs @@ -5,9 +5,9 @@ use crate::{tpm, Error as KeylimeError, QuoteData}; use crate::common::JsonWrapper; use crate::crypto; -use crate::ima::read_measurement_list; use crate::serialization::serialize_maybe_base64; use actix_web::{web, HttpRequest, HttpResponse, Responder}; +use keylime::ima::read_measurement_list; use log::*; use serde::{Deserialize, Serialize}; use std::{ diff --git a/src/registrar_agent.rs b/keylime-agent/src/registrar_agent.rs similarity index 100% rename from src/registrar_agent.rs rename to keylime-agent/src/registrar_agent.rs diff --git a/src/revocation.rs b/keylime-agent/src/revocation.rs similarity index 100% rename from src/revocation.rs rename to keylime-agent/src/revocation.rs diff --git a/src/secure_mount.rs b/keylime-agent/src/secure_mount.rs similarity index 100% rename from src/secure_mount.rs rename to keylime-agent/src/secure_mount.rs diff --git a/src/serialization.rs b/keylime-agent/src/serialization.rs similarity index 100% rename from src/serialization.rs rename to keylime-agent/src/serialization.rs diff --git a/src/tpm.rs b/keylime-agent/src/tpm.rs similarity index 100% rename from src/tpm.rs rename to keylime-agent/src/tpm.rs diff --git a/src/version_handler.rs b/keylime-agent/src/version_handler.rs similarity index 100% rename from src/version_handler.rs rename to keylime-agent/src/version_handler.rs diff --git a/test-data/ima/ascii_runtime_measurements b/keylime-agent/test-data/ima/ascii_runtime_measurements similarity index 100% rename from test-data/ima/ascii_runtime_measurements rename to keylime-agent/test-data/ima/ascii_runtime_measurements diff --git a/test-data/payload.zip b/keylime-agent/test-data/payload.zip similarity index 100% rename from test-data/payload.zip rename to keylime-agent/test-data/payload.zip diff --git a/test-data/revocation.sig b/keylime-agent/test-data/revocation.sig similarity index 100% rename from test-data/revocation.sig rename to keylime-agent/test-data/revocation.sig diff --git a/test-data/test-cert.pem b/keylime-agent/test-data/test-cert.pem similarity index 100% rename from test-data/test-cert.pem rename to keylime-agent/test-data/test-cert.pem diff --git a/test-data/test-quote.txt b/keylime-agent/test-data/test-quote.txt similarity index 100% rename from test-data/test-quote.txt rename to keylime-agent/test-data/test-quote.txt diff --git a/test-data/test-rsa.pem b/keylime-agent/test-data/test-rsa.pem similarity index 100% rename from test-data/test-rsa.pem rename to keylime-agent/test-data/test-rsa.pem diff --git a/test-data/test-rsa.sig b/keylime-agent/test-data/test-rsa.sig similarity index 100% rename from test-data/test-rsa.sig rename to keylime-agent/test-data/test-rsa.sig diff --git a/test-data/test.json b/keylime-agent/test-data/test.json similarity index 100% rename from test-data/test.json rename to keylime-agent/test-data/test.json diff --git a/test-data/test_input.txt b/keylime-agent/test-data/test_input.txt similarity index 100% rename from test-data/test_input.txt rename to keylime-agent/test-data/test_input.txt diff --git a/test-data/test_ok.json b/keylime-agent/test-data/test_ok.json similarity index 100% rename from test-data/test_ok.json rename to keylime-agent/test-data/test_ok.json diff --git a/test-data/tpmdata_test.json b/keylime-agent/test-data/tpmdata_test.json similarity index 100% rename from test-data/tpmdata_test.json rename to keylime-agent/test-data/tpmdata_test.json diff --git a/tests/actions/local_action_hello.py b/keylime-agent/tests/actions/local_action_hello.py similarity index 100% rename from tests/actions/local_action_hello.py rename to keylime-agent/tests/actions/local_action_hello.py diff --git a/tests/actions/local_action_hello_shell.sh b/keylime-agent/tests/actions/local_action_hello_shell.sh similarity index 100% rename from tests/actions/local_action_hello_shell.sh rename to keylime-agent/tests/actions/local_action_hello_shell.sh diff --git a/tests/actions/local_action_stand_alone.py b/keylime-agent/tests/actions/local_action_stand_alone.py similarity index 100% rename from tests/actions/local_action_stand_alone.py rename to keylime-agent/tests/actions/local_action_stand_alone.py diff --git a/keylime-agent/tests/actions/shim.py b/keylime-agent/tests/actions/shim.py new file mode 100755 index 000000000..0d030cc0f --- /dev/null +++ b/keylime-agent/tests/actions/shim.py @@ -0,0 +1,38 @@ +#!/usr/bin/python3 +''' +SPDX-License-Identifier: Apache-2.0 +Copyright 2021 Keylime Authors +''' + +import argparse +import asyncio +import importlib +import json +import os +import sys + + +def main(): + # Parse arguments to get action name and input json file path + parser = argparse.ArgumentParser() + parser.add_argument('action', type=str, help='The revocation action to be' + ' executed. The module must provide an \'execute()\'' + ' method which receives a JSON as argument') + parser.add_argument('json_file', type=str, help='Input file') + + args = parser.parse_args() + + with open(args.json_file, 'r') as f: + input_json = json.load(f) + + try: + module = importlib.import_module(args.action) + execute = getattr(module, 'execute') + asyncio.run(execute(input_json)) + except Exception as e: + print("Exception during execution of revocation action {}: {}".format( + args.action, e), file=sys.stderr) + + +if __name__ == "__main__": + main() diff --git a/tests/unzipped/action_list b/keylime-agent/tests/unzipped/action_list similarity index 100% rename from tests/unzipped/action_list rename to keylime-agent/tests/unzipped/action_list diff --git a/tests/unzipped/local_action_payload.py b/keylime-agent/tests/unzipped/local_action_payload.py similarity index 100% rename from tests/unzipped/local_action_payload.py rename to keylime-agent/tests/unzipped/local_action_payload.py diff --git a/tests/unzipped/local_action_payload_shell.sh b/keylime-agent/tests/unzipped/local_action_payload_shell.sh similarity index 100% rename from tests/unzipped/local_action_payload_shell.sh rename to keylime-agent/tests/unzipped/local_action_payload_shell.sh diff --git a/tests/unzipped/local_action_rev_script1.py b/keylime-agent/tests/unzipped/local_action_rev_script1.py similarity index 100% rename from tests/unzipped/local_action_rev_script1.py rename to keylime-agent/tests/unzipped/local_action_rev_script1.py diff --git a/tests/unzipped/local_action_rev_script2.py b/keylime-agent/tests/unzipped/local_action_rev_script2.py similarity index 100% rename from tests/unzipped/local_action_rev_script2.py rename to keylime-agent/tests/unzipped/local_action_rev_script2.py diff --git a/tests/unzipped/test_err.json b/keylime-agent/tests/unzipped/test_err.json similarity index 100% rename from tests/unzipped/test_err.json rename to keylime-agent/tests/unzipped/test_err.json diff --git a/tests/unzipped/test_ok.json b/keylime-agent/tests/unzipped/test_ok.json similarity index 100% rename from tests/unzipped/test_ok.json rename to keylime-agent/tests/unzipped/test_ok.json diff --git a/keylime-ima-emulator/Cargo.toml b/keylime-ima-emulator/Cargo.toml new file mode 100644 index 000000000..ee3d5c134 --- /dev/null +++ b/keylime-ima-emulator/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "keylime_ima_emulator" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +clap = { version = "~3.1.18", features = ["derive"] } +hex = "0.4" +keylime = { path = "../keylime" } +log = "0.4" +openssl = "0.10.15" +thiserror = "1.0" +tss-esapi = "7.1.0" diff --git a/src/ima_emulator.rs b/keylime-ima-emulator/src/main.rs similarity index 98% rename from src/ima_emulator.rs rename to keylime-ima-emulator/src/main.rs index c09e41b62..bba4a90d4 100644 --- a/src/ima_emulator.rs +++ b/keylime-ima-emulator/src/main.rs @@ -1,9 +1,8 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Keylime Authors -mod algorithms; -use crate::algorithms::HashAlgorithm; -mod ima_entry; +use keylime::algorithms::HashAlgorithm; +use keylime::ima_entry; use openssl::hash::{hash, MessageDigest}; use log::*; @@ -36,7 +35,7 @@ enum ImaEmulatorError { #[error("Decoding error")] FromHexError(#[from] hex::FromHexError), #[error("Algorithm error")] - AlgorithmError(#[from] algorithms::AlgorithmError), + AlgorithmError(#[from] keylime::algorithms::AlgorithmError), #[error("OpenSSL error")] OpenSSLError(#[from] openssl::error::ErrorStack), #[error("I/O error")] diff --git a/keylime/Cargo.toml b/keylime/Cargo.toml new file mode 100644 index 000000000..55783abb5 --- /dev/null +++ b/keylime/Cargo.toml @@ -0,0 +1,17 @@ +[package] +name = "keylime" +version = "0.1.0" +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +hex = "0.4" +openssl = "0.10.15" +serde = "1.0.80" +serde_derive = "1.0.80" +thiserror = "1.0" +tss-esapi = "7.1.0" + +[dev-dependencies] +tempfile = "3.0.4" diff --git a/src/algorithms.rs b/keylime/src/algorithms.rs similarity index 100% rename from src/algorithms.rs rename to keylime/src/algorithms.rs diff --git a/src/ima.rs b/keylime/src/ima.rs similarity index 94% rename from src/ima.rs rename to keylime/src/ima.rs index ed561e6f2..3ae497ed9 100644 --- a/src/ima.rs +++ b/keylime/src/ima.rs @@ -1,31 +1,29 @@ // SPDX-License-Identifier: Apache-2.0 // Copyright 2021 Keylime Authors -use log::*; use std::{ collections::HashSet, fs::File, io::{prelude::*, Error, SeekFrom}, - path::Path, }; /// IMAMeasurementList models the IMA measurement lists's last two known /// numbers of entries in the log and filesizes at that point #[derive(Debug)] -pub(crate) struct ImaMeasurementList { +pub struct ImaMeasurementList { entries: HashSet<(u64, u64)>, } pub type IMAError = Result<(Option, Option, Option), Error>; impl ImaMeasurementList { - pub(crate) fn new() -> ImaMeasurementList { + pub fn new() -> ImaMeasurementList { ImaMeasurementList { entries: HashSet::new(), } } - pub(crate) fn reset(&mut self) { + pub fn reset(&mut self) { self.entries = HashSet::new(); } @@ -48,6 +46,12 @@ impl ImaMeasurementList { } } +impl Default for ImaMeasurementList { + fn default() -> Self { + Self::new() + } +} + /// Read the IMA measurement list starting from a given entry. /// The entry may be of any value 0 <= entry <= entries_in_log where /// entries_in_log + 1 indicates that the client wants to read the next entry @@ -55,13 +59,11 @@ impl ImaMeasurementList { /// automatically read from the 0-th entry. /// This function returns the measurement list and the entry from where it /// was read and the current number of entries in the file. -pub(crate) fn read_measurement_list( +pub fn read_measurement_list( ima_ml: &mut ImaMeasurementList, ima_file: &mut File, nth_entry: u64, ) -> IMAError { - let mut nth_entry = nth_entry; - // Try to find the closest entry to the nth_entry let (mut num_entries, filesize) = ima_ml.find(nth_entry); @@ -96,6 +98,7 @@ pub(crate) fn read_measurement_list( } } +#[cfg(test)] mod tests { use super::*; use tempfile::NamedTempFile; diff --git a/src/ima_entry.rs b/keylime/src/ima_entry.rs similarity index 100% rename from src/ima_entry.rs rename to keylime/src/ima_entry.rs diff --git a/keylime/src/lib.rs b/keylime/src/lib.rs new file mode 100644 index 000000000..f94a9a6dd --- /dev/null +++ b/keylime/src/lib.rs @@ -0,0 +1,3 @@ +pub mod algorithms; +pub mod ima; +pub mod ima_entry; diff --git a/tests/nopanic.ci b/tests/nopanic.ci index ff077cafe..b0bae3f7b 100755 --- a/tests/nopanic.ci +++ b/tests/nopanic.ci @@ -6,16 +6,22 @@ Copyright 2021 Keylime Authors To prevent CI failing for approved instance of banned words, add a comment: //#[allow_ci] ''' -import os +import pathlib banned = ["unwrap(", "panic!("] -srcs = os.listdir("src") +toplevel = ["keylime", "keylime-agent", "keylime-ima-emulator"] + +srcs = [] + +for d in toplevel: + srcs += list(pathlib.Path(d).glob("**/*.rs")) + print("Files to check: %s" % srcs) failed = False for f in srcs: - with open("src/" + f) as src_file: + with open(f) as src_file: for line_no, line in enumerate(src_file): for b in banned: if b not in line or "//#[allow_ci]" in line: