Use Rust agent-specific config in Makefile

GNUmakefile

@@ -3,6 +3,7 @@
 
 RELEASE ?= 0
 TARGETDIR ?= target
+CONFFILE ?= ./keylime-agent.conf
 
 ifeq ($(RELEASE),1)
         PROFILE ?= release
@@ -26,6 +27,7 @@ $(programs):
 
 .PHONY: install
 install: all
+	cp ${CONFFILE} /etc/${CONFFILE}
 	for f in $(programs); do \
 		install -D -t ${DESTDIR}/usr/bin "$$f"; \
 	done

docker/fedora/keylime_py.Dockerfile

@@ -76,8 +76,8 @@ RUN dnf install -y \
 WORKDIR ${HOME}
 RUN git clone https://github.com/keylime/keylime.git && \
 cd keylime && \
-sed -e 's/127.0.0.1/0.0.0.0/g' keylime.conf > tmp_keylime.conf && \
-mv tmp_keylime.conf keylime.conf && \
+sed -e 's/127.0.0.1/0.0.0.0/g' keylime-agent.conf > tmp_keylime-agent.conf && \
+mv tmp_keylime-agent.conf keylime-agent.conf && \
 python3 ${KEYLIME_HOME}/setup.py install && \
 pip3 install -r $KEYLIME_HOME/requirements.txt && \
 ${KEYLIME_HOME}/services/installer.sh

src/common.rs

@@ -37,7 +37,7 @@ pub const STUB_VTPM: bool = false;
 pub const STUB_IMA: bool = true;
 pub const TPM_DATA_PCR: usize = 16;
 pub const IMA_PCR: usize = 10;
-pub static DEFAULT_CONFIG: &str = "/etc/keylime.conf";
+pub static DEFAULT_CONFIG: &str = "/etc/keylime-agent.conf";
 pub static RSA_PUBLICKEY_EXPORTABLE: &str = "rsa placeholder";
 pub static TPM_TOOLS_PATH: &str = "/usr/local/bin/";
 pub static IMA_ML: &str =
@@ -466,14 +466,14 @@ impl KeylimeConfig {
             match config_get(&conf_name, &conf, "cloud_agent", "run_as") {
                 Ok(user_group) => {
                     if user_group.is_empty() {
-                        warn!("Cannot drop privileges since 'run_as' is empty in 'cloud_agent' section of keylime.conf.");
+                        warn!("Cannot drop privileges since 'run_as' is empty in 'cloud_agent' section of keylime-agent.conf.");
                         None
                     } else {
                         Some(user_group)
                     }
                 }
                 Err(_) => {
-                    warn!("Cannot drop privileges since 'run_as' is missing in 'cloud_agent' section of keylime.conf.");
+                    warn!("Cannot drop privileges since 'run_as' is missing in 'cloud_agent' section of keylime-agent.conf.");
                     None
                 }
             }
@@ -562,7 +562,7 @@ impl KeylimeConfig {
     }
 }
 
-// Default test configuration. This should match the defaults in keylime.conf
+// Default test configuration. This should match the defaults in keylime-agent.conf
 #[cfg(any(test, feature = "testing"))]
 impl Default for KeylimeConfig {
     fn default() -> Self {
@@ -641,7 +641,7 @@ fn get_uuid(agent_uuid_config: &str) -> String {
 
 /*
  * Return: Returns the configuration file provided in the environment variable
- * KEYLIME_CONFIG or defaults to /etc/keylime.conf
+ * KEYLIME_CONFIG or defaults to /etc/keylime-agent.conf
  *
  * Example call:
  * let config = config_file_get();
@@ -774,7 +774,7 @@ mod tests {
 
     #[test]
     fn test_config_get_parameters_exist() {
-        //let result = config_get("keylime.conf", "general", "cloudagent_port");
+        //let result = config_get("keylime-agent.conf", "general", "cloudagent_port");
         //assert_eq!(result, "9002");
     }
 
@@ -784,7 +784,10 @@ mod tests {
 
         // Test with no environment variable
         env::set_var("KEYLIME_CONFIG", "");
-        assert_eq!(config_file_get(), String::from("/etc/keylime.conf"));
+        assert_eq!(
+            config_file_get(),
+            String::from("/etc/keylime-agent.conf")
+        );
 
         // Test with an environment variable
         env::set_var("KEYLIME_CONFIG", "/tmp/testing.conf");

src/main.rs

@@ -217,7 +217,7 @@ pub(crate) fn run(dir: &Path, script: &str, agent_uuid: &str) -> Result<()> {
     }
 }
 
-// checks if keylime.conf indicates the payload should be unzipped, and does so if needed.
+// checks if keylime-agent.conf indicates the payload should be unzipped, and does so if needed.
 // the input string is the directory where the unzipped file(s) should be stored.
 pub(crate) fn optional_unzip_payload(
     unzipped: &Path,
@@ -413,7 +413,7 @@ async fn main() -> Result<()> {
     if let Some(user_group) = &config.run_as {
         permissions::chown(user_group, &mount);
         if let Err(e) = permissions::run_as(user_group) {
-            let message = "The user running the Keylime agent should be set in keylime.conf, using the parameter `run_as`, with the format `user:group`".to_string();
+            let message = "The user running the Keylime agent should be set in keylime-agent.conf, using the parameter `run_as`, with the format `user:group`".to_string();
 
             error!("Configuration error: {}", &message);
             return Err(Error::Configuration(message));

src/tpm.rs

@@ -268,6 +268,20 @@ pub(crate) fn pcrdata_to_vec(
     data_vec
 }
 
+/* Converts a hex value in the form of a string (ex. from keylime-agent.conf's
+ * ek_handle) to a key handle.
+ *
+ * Input: &str
+ * Return: Key handle
+ *
+ * Example call:
+ * let ek_handle = tpm::ek_from_hex_str("0x81000000");
+ */
+pub(crate) fn ek_from_hex_str(val: &str) -> Result<KeyHandle> {
+    let val = val.trim_start_matches("0x");
+    Ok(KeyHandle::from(u32::from_str_radix(val, 16)?))
+}
+
 #[derive(Debug, Clone)]
 pub(crate) struct AKResult {
     pub public: tss_esapi::structures::Public,
@@ -425,7 +439,7 @@ pub(crate) fn pubkey_to_tpm_digest(
 //
 // The masks are sent from the tenant and cloud verifier to indicate
 // the PCRs to include in a Quote. The LSB in the mask corresponds to
-// PCR0. For example, keylime.conf specifies PCRs 15 and 22 under
+// PCR0. For example, keylime-agent.conf specifies PCRs 15 and 22 under
 // [tenant][tpm_policy]. As a bit mask, this would be represented as
 // 0b010000001000000000000000, which translates to 0x408000.
 //
@@ -908,7 +922,8 @@ fn quote_encode_decode() {
     assert_eq!(encoded, buf);
 }
 
-#[ignore] // This will only work as an integration test because it needs keylime.conf
+#[ignore]
+// This will only work as an integration test because it needs keylime-agent.conf
 #[test]
 fn pubkey_to_digest() {
     let (key, _) = crate::crypto::rsa_generate_pair(2048).unwrap(); //#[allow_ci]

tests/run.sh

@@ -34,12 +34,12 @@ RUST_BACKTRACE=1 cargo build
 echo "-------- Testing"
 mkdir -p /var/lib/keylime
 TCTI=tabrmd:bus_type=session RUST_BACKTRACE=1 RUST_LOG=info \
-KEYLIME_CONFIG=$PWD/keylime.conf \
+KEYLIME_CONFIG=$PWD/keylime-agent.conf \
 cargo test --features testing -- --nocapture
 
 echo "-------- Testing with coverage"
 TCTI=tabrmd:bus_type=session RUST_BACKTRACE=1 RUST_LOG=info \
-KEYLIME_CONFIG=$PWD/keylime.conf \
+KEYLIME_CONFIG=$PWD/keylime-agent.conf \
 cargo tarpaulin -v \
       --target-dir target/tarpaulin \
       --workspace \