summaryrefslogtreecommitdiffstats
path: root/bin/caservicecontainer
diff options
context:
space:
mode:
authorKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-18 11:58:58 -0700
committerKiran Kamineni <kiran.k.kamineni@intel.com>2018-09-18 16:56:13 -0700
commitcd713d4de6c3d08478d6f6ca27b0f9e1afd439fe (patch)
tree9e88a2bafa6f0a61e1d5b538a61783f32f5e09ff /bin/caservicecontainer
parent4c55afa7b4d870c4fb366699b5e83efa5a9944a3 (diff)
Add support for PRK password in TPM plugin
PRK Password needs to be passed to TPM Plugin for load key operations to work. P7: Moved readPassword to calling function P8: Check size of password string before memcpy P9: Updated readme Issue-ID: AAF-484 Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
Diffstat (limited to 'bin/caservicecontainer')
-rwxr-xr-xbin/caservicecontainer/import.sh20
-rwxr-xr-xbin/caservicecontainer/softhsmconfig.sh1
2 files changed, 13 insertions, 8 deletions
diff --git a/bin/caservicecontainer/import.sh b/bin/caservicecontainer/import.sh
index f7aaca8..0efff37 100755
--- a/bin/caservicecontainer/import.sh
+++ b/bin/caservicecontainer/import.sh
@@ -1,17 +1,22 @@
#!/bin/bash
# NOTE - This scripts expects the Init and the Duplicate tools to be already
-# run and the output files(listedb in README) to be present at the
+# run and the output files(listed in README) to be present at the
# shared volume (input for Import tool)
+# It also requires the following ENVIRONMENT variables to be set
+# SECRETS_FOLDER - containing the srk_handl and prk_passwd files in base64
+# DATA_FOLDER - containing the files that are produced from the distcenter
set -e
+#Primary Key Password used by TPM Plugin to load keys
+TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
+#Handle to the aforementioned Primary Key
+SRK_HANDLE="$(cat ${SECRETS_FOLDER}/srk_handle | base64 -d)"
#Placeholder of Input files to the Import tool which is the output of duplicate tool
-sharedvolume="/tmp/files"
+sharedvolume="${DATA_FOLDER}"
#key_id is the parameter expected by SoftHSM
key_id="8738"
-#TPM handle
-tpm_handle="0x81000011"
#Key_label is the parameter expected by SoftHSM
key_label="ABC"
#UserPin for the SoftHSM operations
@@ -40,12 +45,13 @@ if [ -f ${sharedvolume}/out_parent_public ]; then
# 2.b Run the Import Utility
cd /tpm-util/bin
- ./ossl_tpm_import -H $tpm_handle -dupPub dupPub -dupPriv dupPriv \
--dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv
+ ./ossl_tpm_import -H $SRK_HANDLE -dupPub dupPub -dupPriv dupPriv \
+ -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv \
+ -password $TPM_PRK_PASSWORD
cd /
chmod 755 softhsmconfig.sh
- ./softhsmconfig.sh $tpm_handle $key_id $key_label $upin $sopin $SoftHSMv2SlotID
+ ./softhsmconfig.sh $SRK_HANDLE $key_id $key_label $upin $sopin $SoftHSMv2SlotID
else
# 3 SoftHSM mode implementation
diff --git a/bin/caservicecontainer/softhsmconfig.sh b/bin/caservicecontainer/softhsmconfig.sh
index 5464263..316d507 100755
--- a/bin/caservicecontainer/softhsmconfig.sh
+++ b/bin/caservicecontainer/softhsmconfig.sh
@@ -17,7 +17,6 @@ echo "The newly assigned plugin directory is ${SSHSM_HW_PLUGINS_PARENT_DIR}"
# Configuration generation for SoftHSM
# 1.a Create the directory as expected by the SoftHSM to read the files
-mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm
mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate
mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01