diff options
author | Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> | 2018-08-27 09:05:45 -0700 |
---|---|---|
committer | Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com> | 2018-09-04 08:37:12 -0700 |
commit | a0865eeaad17733a2d21cc141fba168663c9f539 (patch) | |
tree | 1951c969c43bf5335eeea8d75003168179b52935 /bin/caservicecontainer/import.sh | |
parent | a5c07a62289e05e3fc7ee0d3baa702c8c3299356 (diff) |
Script for SoftHSMv2 fallback mechanism
This will facilitate the SoftHSMv2 implementation
when TPM is unavailable
Change-Id: Ic77627702db514213cece200a259f723e6d66d34
Issue-ID: AAF-414
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
Diffstat (limited to 'bin/caservicecontainer/import.sh')
-rwxr-xr-x | bin/caservicecontainer/import.sh | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh new file mode 100755 index 0000000..f7aaca8 --- /dev/null +++ b/bin/caservicecontainer/import.sh @@ -0,0 +1,88 @@ +#!/bin/bash + +# NOTE - This scripts expects the Init and the Duplicate tools to be already +# run and the output files(listedb in README) to be present at the +# shared volume (input for Import tool) + +set -e + +#Placeholder of Input files to the Import tool which is the output of duplicate tool +sharedvolume="/tmp/files" +#key_id is the parameter expected by SoftHSM +key_id="8738" +#TPM handle +tpm_handle="0x81000011" +#Key_label is the parameter expected by SoftHSM +key_label="ABC" +#UserPin for the SoftHSM operations +upin="123456789" +#SoPin for the SoftHSM operations +sopin="123456789" +#Slot number for the SoftHSM operations. Initially it should be started with 0 +slot_no="0" +#Name for creating the slot used by SoftHSM +token_no="Token1" +#cert_id is the input for the application which is hexadecimal equivalent of key_id +cert_id=$(printf '%x' ${key_id}) + +# 1.Initialize the token/ + softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" \ + --pin ${upin} --so-pin ${sopin} + softhsm2-util --show-slots | grep 'Slot ' | cut -d\ -f2 | head -1 >> slotinfo.txt + SoftHSMv2SlotID="$(cat slotinfo.txt)" + echo "The slot ID used is ${SoftHSMv2SlotID}" + +# 2.Plugin directory for the SoftHSM to load plugin and for further operations +if [ -f ${sharedvolume}/out_parent_public ]; then + + # 2.a Copy the required input files for the Import tool + cp ${sharedvolume}/dup* /tpm-util/bin/ + + # 2.b Run the Import Utility + cd /tpm-util/bin + ./ossl_tpm_import -H $tpm_handle -dupPub dupPub -dupPriv dupPriv \ +-dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv + + cd / + chmod 755 softhsmconfig.sh + ./softhsmconfig.sh $tpm_handle $key_id $key_label $upin $sopin $SoftHSMv2SlotID +else + +# 3 SoftHSM mode implementation + + echo "TPM hardware unavailable. Using SoftHSM implementation" + + cd ${sharedvolume} + + # 3.a Extract the Private key using passphrase + passphrase="$(cat passphrase)" + echo "${passphrase}" + echo "${passphrase}" | gpg --batch --yes --passphrase-fd 0 privkey.pem.gpg + + # 3.b Convert the Private key pem into der format + openssl rsa -in ./privkey.pem -outform DER -out privatekey.der + + # 3.c Load the Private key into SoftHSM + pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \ + --write-object ./privatekey.der --type privkey --id ${cert_id} --label ${key_label} + +fi + +# 3.a Application operation +cd ${sharedvolume} + +# 3.b Convert the crt to der format +openssl x509 -in ca.cert -outform der -out ca.der + +# 3.c Add the ca certificate +pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \ +--write-object ./ca.der --type cert --id ${cert_id} + +# 4. Calling the functionalities of the sample application +cd / +chmod 755 application.sh +./application.sh $key_label $SoftHSMv2SlotID $upin $cert_id + +# 5. Cleanup +cd / +rm -rf slotinfo.txt |