diff options
author | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-09-18 11:58:58 -0700 |
---|---|---|
committer | Kiran Kamineni <kiran.k.kamineni@intel.com> | 2018-09-18 16:56:13 -0700 |
commit | cd713d4de6c3d08478d6f6ca27b0f9e1afd439fe (patch) | |
tree | 9e88a2bafa6f0a61e1d5b538a61783f32f5e09ff /bin/caservicecontainer | |
parent | 4c55afa7b4d870c4fb366699b5e83efa5a9944a3 (diff) |
Add support for PRK password in TPM plugin
PRK Password needs to be passed to TPM Plugin
for load key operations to work.
P7: Moved readPassword to calling function
P8: Check size of password string before memcpy
P9: Updated readme
Issue-ID: AAF-484
Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'bin/caservicecontainer')
-rwxr-xr-x | bin/caservicecontainer/import.sh | 20 | ||||
-rwxr-xr-x | bin/caservicecontainer/softhsmconfig.sh | 1 |
2 files changed, 13 insertions, 8 deletions
diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh index f7aaca8..0efff37 100755 --- a/bin/caservicecontainer/import.sh +++ b/bin/caservicecontainer/import.sh @@ -1,17 +1,22 @@ #!/bin/bash # NOTE - This scripts expects the Init and the Duplicate tools to be already -# run and the output files(listedb in README) to be present at the +# run and the output files(listed in README) to be present at the # shared volume (input for Import tool) +# It also requires the following ENVIRONMENT variables to be set +# SECRETS_FOLDER - containing the srk_handl and prk_passwd files in base64 +# DATA_FOLDER - containing the files that are produced from the distcenter set -e +#Primary Key Password used by TPM Plugin to load keys +TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)" +#Handle to the aforementioned Primary Key +SRK_HANDLE="$(cat ${SECRETS_FOLDER}/srk_handle | base64 -d)" #Placeholder of Input files to the Import tool which is the output of duplicate tool -sharedvolume="/tmp/files" +sharedvolume="${DATA_FOLDER}" #key_id is the parameter expected by SoftHSM key_id="8738" -#TPM handle -tpm_handle="0x81000011" #Key_label is the parameter expected by SoftHSM key_label="ABC" #UserPin for the SoftHSM operations @@ -40,12 +45,13 @@ if [ -f ${sharedvolume}/out_parent_public ]; then # 2.b Run the Import Utility cd /tpm-util/bin - ./ossl_tpm_import -H $tpm_handle -dupPub dupPub -dupPriv dupPriv \ --dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv + ./ossl_tpm_import -H $SRK_HANDLE -dupPub dupPub -dupPriv dupPriv \ + -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv \ + -password $TPM_PRK_PASSWORD cd / chmod 755 softhsmconfig.sh - ./softhsmconfig.sh $tpm_handle $key_id $key_label $upin $sopin $SoftHSMv2SlotID + ./softhsmconfig.sh $SRK_HANDLE $key_id $key_label $upin $sopin $SoftHSMv2SlotID else # 3 SoftHSM mode implementation diff --git a/bin/caservicecontainer/softhsmconfig.sh b/bin/caservicecontainer/softhsmconfig.sh index 5464263..316d507 100755 --- a/bin/caservicecontainer/softhsmconfig.sh +++ b/bin/caservicecontainer/softhsmconfig.sh @@ -17,7 +17,6 @@ echo "The newly assigned plugin directory is ${SSHSM_HW_PLUGINS_PARENT_DIR}" # Configuration generation for SoftHSM # 1.a Create the directory as expected by the SoftHSM to read the files -mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01 |