aboutsummaryrefslogtreecommitdiffstats
path: root/bin/caservicecontainer/import.sh
diff options
context:
space:
mode:
authorPramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>2018-08-27 09:05:45 -0700
committerPramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>2018-09-04 08:37:12 -0700
commita0865eeaad17733a2d21cc141fba168663c9f539 (patch)
tree1951c969c43bf5335eeea8d75003168179b52935 /bin/caservicecontainer/import.sh
parenta5c07a62289e05e3fc7ee0d3baa702c8c3299356 (diff)
Script for SoftHSMv2 fallback mechanism
This will facilitate the SoftHSMv2 implementation when TPM is unavailable Change-Id: Ic77627702db514213cece200a259f723e6d66d34 Issue-ID: AAF-414 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Diffstat (limited to 'bin/caservicecontainer/import.sh')
-rwxr-xr-xbin/caservicecontainer/import.sh88
1 files changed, 88 insertions, 0 deletions
diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh
new file mode 100755
index 0000000..f7aaca8
--- /dev/null
+++ b/bin/caservicecontainer/import.sh
@@ -0,0 +1,88 @@
+#!/bin/bash
+
+# NOTE - This scripts expects the Init and the Duplicate tools to be already
+# run and the output files(listedb in README) to be present at the
+# shared volume (input for Import tool)
+
+set -e
+
+#Placeholder of Input files to the Import tool which is the output of duplicate tool
+sharedvolume="/tmp/files"
+#key_id is the parameter expected by SoftHSM
+key_id="8738"
+#TPM handle
+tpm_handle="0x81000011"
+#Key_label is the parameter expected by SoftHSM
+key_label="ABC"
+#UserPin for the SoftHSM operations
+upin="123456789"
+#SoPin for the SoftHSM operations
+sopin="123456789"
+#Slot number for the SoftHSM operations. Initially it should be started with 0
+slot_no="0"
+#Name for creating the slot used by SoftHSM
+token_no="Token1"
+#cert_id is the input for the application which is hexadecimal equivalent of key_id
+cert_id=$(printf '%x' ${key_id})
+
+# 1.Initialize the token/
+ softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" \
+ --pin ${upin} --so-pin ${sopin}
+ softhsm2-util --show-slots | grep 'Slot ' | cut -d\ -f2 | head -1 >> slotinfo.txt
+ SoftHSMv2SlotID="$(cat slotinfo.txt)"
+ echo "The slot ID used is ${SoftHSMv2SlotID}"
+
+# 2.Plugin directory for the SoftHSM to load plugin and for further operations
+if [ -f ${sharedvolume}/out_parent_public ]; then
+
+ # 2.a Copy the required input files for the Import tool
+ cp ${sharedvolume}/dup* /tpm-util/bin/
+
+ # 2.b Run the Import Utility
+ cd /tpm-util/bin
+ ./ossl_tpm_import -H $tpm_handle -dupPub dupPub -dupPriv dupPriv \
+-dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv
+
+ cd /
+ chmod 755 softhsmconfig.sh
+ ./softhsmconfig.sh $tpm_handle $key_id $key_label $upin $sopin $SoftHSMv2SlotID
+else
+
+# 3 SoftHSM mode implementation
+
+ echo "TPM hardware unavailable. Using SoftHSM implementation"
+
+ cd ${sharedvolume}
+
+ # 3.a Extract the Private key using passphrase
+ passphrase="$(cat passphrase)"
+ echo "${passphrase}"
+ echo "${passphrase}" | gpg --batch --yes --passphrase-fd 0 privkey.pem.gpg
+
+ # 3.b Convert the Private key pem into der format
+ openssl rsa -in ./privkey.pem -outform DER -out privatekey.der
+
+ # 3.c Load the Private key into SoftHSM
+ pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \
+ --write-object ./privatekey.der --type privkey --id ${cert_id} --label ${key_label}
+
+fi
+
+# 3.a Application operation
+cd ${sharedvolume}
+
+# 3.b Convert the crt to der format
+openssl x509 -in ca.cert -outform der -out ca.der
+
+# 3.c Add the ca certificate
+pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \
+--write-object ./ca.der --type cert --id ${cert_id}
+
+# 4. Calling the functionalities of the sample application
+cd /
+chmod 755 application.sh
+./application.sh $key_label $SoftHSMv2SlotID $upin $cert_id
+
+# 5. Cleanup
+cd /
+rm -rf slotinfo.txt