keylime/config: Use macro to implement PushModelConfigTrait

Use the procedural macro 'define_view_trait' to create a view limited by
a trait for the AgentConfig instead of creating a new structure.

This removes the PushModelConfig structure. The AgentConfig should be
used directly instead, which has the PushModelConfigTrait implemented
using the procedural macro.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Author: ansasaki

keylime-push-model-agent/src/main.rs

@@ -6,13 +6,13 @@ use keylime::{
     error::Result,
 };
 
-pub async fn check_registration(
+pub async fn check_registration<T: PushModelConfigTrait>(
+    config: &T,
     context_info: Option<context_info::ContextInfo>,
 ) -> Result<()> {
-    let reg_config = keylime::config::PushModelConfig::default();
     if context_info.is_some() {
         crate::registration::register_agent(
-            &reg_config,
+            config,
             &mut context_info.unwrap(),
         )
         .await?;
@@ -25,31 +25,39 @@ pub async fn register_agent<T: PushModelConfigTrait>(
     context_info: &mut context_info::ContextInfo,
 ) -> Result<()> {
     let ac = AgentRegistrationConfig {
-        contact_ip: config.get_contact_ip(),
-        contact_port: config.get_contact_port(),
-        registrar_ip: config.get_registrar_ip(),
-        registrar_port: config.get_registrar_port(),
-        enable_iak_idevid: config.get_enable_iak_idevid(),
-        ek_handle: config.get_ek_handle(),
+        contact_ip: config.contact_ip().to_string(),
+        contact_port: config.contact_port(),
+        registrar_ip: config.registrar_ip().to_string(),
+        registrar_port: config.registrar_port(),
+        enable_iak_idevid: config.enable_iak_idevid(),
+        // TODO: make it to not panic on failure
+        ek_handle: config
+            .ek_handle()
+            .expect("failed to get ek_handle")
+            .to_string(),
     };
 
     let cert_config = cert::CertificateConfig {
-        agent_uuid: config.get_uuid(),
-        contact_ip: config.get_contact_ip(),
-        contact_port: config.get_contact_port(),
-        server_cert: config.get_server_cert(),
-        server_key: config.get_server_key(),
-        server_key_password: config.get_server_key_password(),
+        agent_uuid: config.uuid().to_string(),
+        contact_ip: config.contact_ip().to_string(),
+        contact_port: config.contact_port(),
+        server_cert: config.server_cert().to_string(),
+        server_key: config.server_key().to_string(),
+        server_key_password: config.server_key_password().to_string(),
     };
 
     let server_cert_key = cert::cert_from_server_key(&cert_config)?;
 
     let aa = AgentRegistration {
         ak: context_info.ak.clone(),
         ek_result: context_info.ek_result.clone(),
-        api_versions: config.get_registrar_api_versions(),
+        api_versions: config
+            .registrar_api_versions()?
+            .iter()
+            .map(|e| e.to_string())
+            .collect(),
         agent_registration_config: ac,
-        agent_uuid: config.get_uuid(),
+        agent_uuid: config.uuid().to_string(),
         mtls_cert: Some(server_cert_key.0),
         device_id: None, // TODO: Check how to proceed with device ID
         attest: None, // TODO: Check how to proceed with attestation, normally, no device ID means no attest
@@ -63,25 +71,31 @@ pub async fn register_agent<T: PushModelConfigTrait>(
     }
 } // register_agent
 
+#[cfg(feature = "testing")]
 #[cfg(test)]
 mod tests {
     use super::*;
 
-    #[cfg(feature = "testing")]
-    use keylime::context_info::{AlgorithmConfigurationString, ContextInfo};
+    use keylime::{
+        config::get_testing_config,
+        context_info::{AlgorithmConfigurationString, ContextInfo},
+        tpm::testing,
+    };
 
     #[actix_rt::test]
     async fn test_avoid_registration() {
-        let result = check_registration(None).await;
+        let _mutex = testing::lock_tests().await;
+        let tmpdir = tempfile::tempdir().expect("failed to create tempdir");
+        let config = get_testing_config(tmpdir.path());
+        let result = check_registration(&config, None).await;
         assert!(result.is_ok());
     }
 
     #[tokio::test]
-    #[cfg(feature = "testing")]
     async fn test_register_agent() {
-        use keylime::tpm::testing;
         let _mutex = testing::lock_tests().await;
-        let config = keylime::config::PushModelConfig::default();
+        let tmpdir = tempfile::tempdir().expect("failed to create tmpdir");
+        let config = get_testing_config(tmpdir.path());
         let alg_config = AlgorithmConfigurationString {
             tpm_encryption_alg: "rsa".to_string(),
             tpm_hash_alg: "sha256".to_string(),

keylime-push-model-agent/src/registration.rs

@@ -53,15 +53,12 @@ pub struct FillerFromHardware<'a> {
 
 impl<'a> FillerFromHardware<'a> {
     pub fn new(tpm_context_info: &'a mut ContextInfo) -> Self {
-        // TODO: Change config obtaining here to avoid repetitions
+        // TODO: Change this to avoid loading the configuration multiple times
         // TODO: Modify here to avoid panic on failure
-        let global_config = AgentConfig::new();
-        let ml_path = match global_config {
-            Ok(config) => config.measuredboot_ml_path.clone(),
-            Err(_) => "".to_string(),
-        };
-        let uefi_log_handler =
-            uefi_log_handler::UefiLogHandler::new(&ml_path);
+        let config =
+            AgentConfig::new().expect("failed to load configuration");
+        let ml_path = config.measuredboot_ml_path();
+        let uefi_log_handler = uefi_log_handler::UefiLogHandler::new(ml_path);
         match uefi_log_handler {
             Ok(handler) => FillerFromHardware {
                 tpm_context_info,
@@ -81,8 +78,10 @@ impl<'a> FillerFromHardware<'a> {
     fn get_attestation_request_final(
         &mut self,
     ) -> structures::AttestationRequest {
-        // TODO: Change config obtaining here to avoid repetitions
-        let config = keylime::config::PushModelConfig::default();
+        // TODO: Change this to avoid loading the configuration multiple times
+        // TODO Modify this to not panic on failure
+        let config =
+            AgentConfig::new().expect("failed to load configuration");
         let tpmc_ref = self.tpm_context_info.get_mutable_tpm_context();
         let tpm_banks_sha1 =
             tpmc_ref.pcr_banks(HashAlgorithm::Sha1).unwrap_or_else(|_| {
@@ -95,6 +94,7 @@ impl<'a> FillerFromHardware<'a> {
                 error!("Failed to get PCR banks for SHA256");
                 vec![]
             });
+        // TODO: Change this to avoid loading the configuration multiple times
         // TODO Modify this to not panic on failure
         let default =
             AgentConfig::new().expect("failed to load default config");
@@ -139,21 +139,23 @@ impl<'a> FillerFromHardware<'a> {
                         structures::EvidenceSupported::EvidenceLog {
                             evidence_type: "uefi_log".to_string(),
                             capabilities: structures::LogCapabilities {
-                                evidence_version: Some(config.get_uefi_logs_evidence_version()),
+                                evidence_version: Some(config.uefi_logs_evidence_version().to_string()),
                                 entry_count: uefi_count,
-                                supports_partial_access: config.get_uefi_logs_supports_partial_access(),
-                                appendable: config.get_uefi_logs_appendable(),
-                                formats: config.get_uefi_logs_formats(),
+                                supports_partial_access: config.uefi_logs_supports_partial_access(),
+                                appendable: config.uefi_logs_appendable(),
+                                // TODO: make this to not panic on failure
+                                formats: config.uefi_logs_formats().expect("failed to get uefi_logs_formats").iter().map(|e| e.to_string()).collect(),
                             },
                         },
                         structures::EvidenceSupported::EvidenceLog {
                             evidence_type: "ima_log".to_string(),
                             capabilities: structures::LogCapabilities {
                                 evidence_version: None,
                                 entry_count: ima_log_count,
-                                supports_partial_access: config.get_ima_logs_supports_partial_access(),
-                                appendable: config.get_ima_logs_appendable(),
-                                formats: config.get_ima_logs_formats(),
+                                supports_partial_access: config.ima_logs_supports_partial_access(),
+                                appendable: config.ima_logs_appendable(),
+                                // TODO: make this to not panic on failure
+                                formats: config.ima_logs_formats().expect("failed to get ima_log_formats").iter().map(|e| e.to_string()).collect(),
                             },
                         },
                     ],
@@ -393,7 +395,7 @@ mod tests {
     use super::*;
 
     #[cfg(feature = "testing")]
-    use keylime::tpm::testing;
+    use keylime::{config::get_testing_config, context_info, tpm::testing};
 
     #[test]
     fn get_attestation_request_test() {
@@ -658,14 +660,14 @@ mod tests {
     #[tokio::test]
     #[cfg(feature = "testing")]
     async fn test_attestation_request_final() {
-        use keylime::context_info;
         let _mutex = testing::lock_tests().await;
-        let config = keylime::config::PushModelConfig::default();
+        let tmpdir = tempfile::tempdir().expect("failed to create tmpdir");
+        let config = get_testing_config(tmpdir.path());
         let mut context_info = context_info::ContextInfo::new_from_str(
             context_info::AlgorithmConfigurationString {
-                tpm_encryption_alg: config.get_tpm_encryption_alg(),
-                tpm_hash_alg: config.get_tpm_hash_alg(),
-                tpm_signing_alg: config.get_tpm_signing_alg(),
+                tpm_encryption_alg: config.tpm_encryption_alg().to_string(),
+                tpm_hash_alg: config.tpm_hash_alg().to_string(),
+                tpm_signing_alg: config.tpm_signing_alg().to_string(),
                 agent_data_path: "".to_string(),
             },
         )
@@ -683,12 +685,13 @@ mod tests {
     async fn test_session_request() {
         use keylime::context_info;
         let _mutex = testing::lock_tests().await;
-        let config = keylime::config::PushModelConfig::default();
+        let tmpdir = tempfile::tempdir().expect("failed to create tmpdir");
+        let config = get_testing_config(tmpdir.path());
         let mut context_info = context_info::ContextInfo::new_from_str(
             context_info::AlgorithmConfigurationString {
-                tpm_encryption_alg: config.get_tpm_encryption_alg(),
-                tpm_hash_alg: config.get_tpm_hash_alg(),
-                tpm_signing_alg: config.get_tpm_signing_alg(),
+                tpm_encryption_alg: config.tpm_encryption_alg().to_string(),
+                tpm_hash_alg: config.tpm_hash_alg().to_string(),
+                tpm_signing_alg: config.tpm_signing_alg().to_string(),
                 agent_data_path: "".to_string(),
             },
         )
@@ -706,12 +709,13 @@ mod tests {
     async fn test_evidence_handling_request() {
         use keylime::context_info;
         let _mutex = testing::lock_tests().await;
-        let config = keylime::config::PushModelConfig::default();
+        let tmpdir = tempfile::tempdir().expect("failed to create tmpdir");
+        let config = get_testing_config(tmpdir.path());
         let mut context_info = context_info::ContextInfo::new_from_str(
             context_info::AlgorithmConfigurationString {
-                tpm_encryption_alg: config.get_tpm_encryption_alg(),
-                tpm_hash_alg: config.get_tpm_hash_alg(),
-                tpm_signing_alg: config.get_tpm_signing_alg(),
+                tpm_encryption_alg: config.tpm_encryption_alg().to_string(),
+                tpm_hash_alg: config.tpm_hash_alg().to_string(),
+                tpm_signing_alg: config.tpm_signing_alg().to_string(),
                 agent_data_path: "".to_string(),
             },
         )

keylime-push-model-agent/src/struct_filler.rs

@@ -17,6 +17,7 @@ config.workspace = true
 glob.workspace = true
 hex.workspace = true
 libc.workspace = true
+keylime-macros.workspace = true
 log.workspace = true
 once_cell.workspace = true
 openssl.workspace = true