summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-08-06 17:38:45 +0000
committerGerrit Code Review <gerrit@onap.org>2018-08-06 17:38:45 +0000
commit0aac0026726488762e58ca41d2b4a7918488a274 (patch)
treec05720af3656f90f7081f6ace684e512c415c63c
parentc5bc5aae60f1bd4e0c0ed61d909cd41cdc20abe2 (diff)
parent4c48eea00420dff7a46104c0cf0b9a550362c34b (diff)
Merge "Changes to encrypt and copy out private key"
-rw-r--r--bin/distcenter/Dockerfile3
-rw-r--r--bin/distcenter/README.md17
-rw-r--r--bin/distcenter/README.txt33
-rwxr-xr-xbin/distcenter/entrypoint.sh12
4 files changed, 44 insertions, 21 deletions
diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile
index f79c7ef..afa5b7d 100644
--- a/bin/distcenter/Dockerfile
+++ b/bin/distcenter/Dockerfile
@@ -9,12 +9,9 @@ RUN cd sshsm && \
RUN mkdir /createca
COPY ./create_ca.sh /createca/
RUN mkdir /dup
-RUN mkdir /dup/database
-RUN mkdir /dup/database/host_sample
RUN mkdir /dup/bin
RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin
-RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample
ADD entrypoint.sh /entrypoint.sh
ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md
deleted file mode 100644
index 973cbf9..0000000
--- a/bin/distcenter/README.md
+++ /dev/null
@@ -1,17 +0,0 @@
-Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now.
-
-Build the container using
-
- docker build --no-cache -t dist-center .
-
-Run it mounting the volume
-
- docker run -v /tmp/volume:/volume dist-center
-
-This will output the following files in /tmp/volume/host_sample
-
- ca.cert
- dupEncKey
- dupPriv
- dupPub
- dupSymseed
diff --git a/bin/distcenter/README.txt b/bin/distcenter/README.txt
new file mode 100644
index 0000000..fe39395
--- /dev/null
+++ b/bin/distcenter/README.txt
@@ -0,0 +1,33 @@
+Create folder under /tmp/volume/host_<host name> for each host (example
+host_sample where sample is the name of the tpm capable host).
+This folder will be mounted into the container as shared volume for now.
+
+Expects the input SRK pulic key "out_parent_public" for each host under
+the corresponding host directory and file "passphrase" under /tmp/volume/
+containing the passphrase to encrypt the key.
+
+example
+
+ /tmp/volume/host_sample/out_parent_public
+ /tmp/volume/passphrase
+
+Build the container using
+
+ docker build --no-cache -t dist-center .
+
+Run it mounting the volume
+
+ docker run -v /tmp/volume:/volume dist-center
+
+This will output the following files in /tmp/volume/host_<host name>
+
+ ca.cert
+ dupEncKey
+ dupPriv
+ dupPub
+ dupSymseed
+
+Encrypted private key and certificate under /tmp/volume
+
+ ca.cert
+ privkey.pem.gpg
diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh
index 85cdf52..641c529 100755
--- a/bin/distcenter/entrypoint.sh
+++ b/bin/distcenter/entrypoint.sh
@@ -2,11 +2,21 @@
set -e
cd /createca
/createca/create_ca.sh
+cd /createca/ca
+cat /volume/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \
+ --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \
+ --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \
+ --passphrase-fd 0 privkey.pem
+cp /createca/ca/privkey.pem.gpg /volume
+cp /createca/ca/ca.cert /volume
+
cd /volume
DLIST=`ls -d host_*`
for DIR in $DLIST; do
echo $DIR
cp /createca/ca/ca.cert /volume/$DIR
cd /volume/$DIR
- /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey
+ /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub \
+ /volume/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \
+ dupSymseed -dupEncKey dupEncKey
done