diff options
| -rw-r--r-- | bin/distcenter/Dockerfile | 7 | ||||
| -rw-r--r-- | bin/distcenter/README.md | 17 | ||||
| -rw-r--r-- | bin/distcenter/README.txt | 33 | ||||
| -rwxr-xr-x | bin/distcenter/entrypoint.sh | 23 | ||||
| -rwxr-xr-x | test/integration/samplecaservicecontainer/duplicatetoolfiles/dupEncKey | bin | 68 -> 0 bytes | |||
| -rwxr-xr-x | test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPriv | bin | 912 -> 0 bytes | |||
| -rwxr-xr-x | test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPub | bin | 360 -> 0 bytes | |||
| -rwxr-xr-x | test/integration/samplecaservicecontainer/duplicatetoolfiles/dupSymseed | bin | 258 -> 0 bytes | |||
| -rwxr-xr-x | test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public | bin | 360 -> 0 bytes |
9 files changed, 52 insertions, 28 deletions
diff --git a/bin/distcenter/Dockerfile b/bin/distcenter/Dockerfile index f79c7ef..cb6f000 100644 --- a/bin/distcenter/Dockerfile +++ b/bin/distcenter/Dockerfile @@ -6,15 +6,12 @@ RUN cd sshsm && \ cd duplicate && \ make -f sampleMakefile -RUN mkdir /createca -COPY ./create_ca.sh /createca/ +RUN mkdir -p /distcenter/bin +COPY ./create_ca.sh /distcenter/bin RUN mkdir /dup -RUN mkdir /dup/database -RUN mkdir /dup/database/host_sample RUN mkdir /dup/bin RUN cp sshsm/tpm-util/duplicate/ossl_tpm_duplicate /dup/bin -RUN cp sshsm/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public /dup/database/host_sample ADD entrypoint.sh /entrypoint.sh ENTRYPOINT [ "/entrypoint.sh" ] diff --git a/bin/distcenter/README.md b/bin/distcenter/README.md deleted file mode 100644 index 973cbf9..0000000 --- a/bin/distcenter/README.md +++ /dev/null @@ -1,17 +0,0 @@ -Create folder under /tmp/volume/host_sample on host. This will be mounted into the container as shared volume for now. - -Build the container using - - docker build --no-cache -t dist-center . - -Run it mounting the volume - - docker run -v /tmp/volume:/volume dist-center - -This will output the following files in /tmp/volume/host_sample - - ca.cert - dupEncKey - dupPriv - dupPub - dupSymseed diff --git a/bin/distcenter/README.txt b/bin/distcenter/README.txt new file mode 100644 index 0000000..fe39395 --- /dev/null +++ b/bin/distcenter/README.txt @@ -0,0 +1,33 @@ +Create folder under /tmp/volume/host_<host name> for each host (example +host_sample where sample is the name of the tpm capable host). +This folder will be mounted into the container as shared volume for now. + +Expects the input SRK pulic key "out_parent_public" for each host under +the corresponding host directory and file "passphrase" under /tmp/volume/ +containing the passphrase to encrypt the key. + +example + + /tmp/volume/host_sample/out_parent_public + /tmp/volume/passphrase + +Build the container using + + docker build --no-cache -t dist-center . + +Run it mounting the volume + + docker run -v /tmp/volume:/volume dist-center + +This will output the following files in /tmp/volume/host_<host name> + + ca.cert + dupEncKey + dupPriv + dupPub + dupSymseed + +Encrypted private key and certificate under /tmp/volume + + ca.cert + privkey.pem.gpg diff --git a/bin/distcenter/entrypoint.sh b/bin/distcenter/entrypoint.sh index 85cdf52..25cefd6 100755 --- a/bin/distcenter/entrypoint.sh +++ b/bin/distcenter/entrypoint.sh @@ -1,12 +1,23 @@ #!/bin/sh set -e -cd /createca -/createca/create_ca.sh -cd /volume +cd /distcenter +/distcenter/bin/create_ca.sh +cd /distcenter/ca +cat /distcenter/passphrase/passphrase | gpg --no-tty --symmetric -z 9 --require-secmem \ + --cipher-algo AES256 --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 \ + --s2k-mode 3 --s2k-count 65000000 --compress-algo BZIP2 \ + --passphrase-fd 0 privkey.pem +cp /distcenter/ca/privkey.pem.gpg /distcenter/data +cp /distcenter/ca/ca.cert /distcenter/data + +cd /distcenter/data DLIST=`ls -d host_*` +#Iterate over all hosts (host in k8s corresponds node) for DIR in $DLIST; do echo $DIR - cp /createca/ca/ca.cert /volume/$DIR - cd /volume/$DIR - /dup/bin/ossl_tpm_duplicate -pemfile /createca/ca/privkey.pem -parentPub /dup/database/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed dupSymseed -dupEncKey dupEncKey + cp /distcenter/ca/ca.cert /distcenter/data/$DIR + cd /distcenter/data/$DIR + /dup/bin/ossl_tpm_duplicate -pemfile /distcenter/ca/privkey.pem -parentPub \ + /distcenter/data/$DIR/out_parent_public -dupPub dupPub -dupPriv dupPriv -dupSymSeed \ + dupSymseed -dupEncKey dupEncKey done diff --git a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupEncKey b/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupEncKey Binary files differdeleted file mode 100755 index e0ddac1..0000000 --- a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupEncKey +++ /dev/null diff --git a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPriv b/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPriv Binary files differdeleted file mode 100755 index d646455..0000000 --- a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPriv +++ /dev/null diff --git a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPub b/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPub Binary files differdeleted file mode 100755 index 1f82fed..0000000 --- a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupPub +++ /dev/null diff --git a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupSymseed b/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupSymseed Binary files differdeleted file mode 100755 index c894299..0000000 --- a/test/integration/samplecaservicecontainer/duplicatetoolfiles/dupSymseed +++ /dev/null diff --git a/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public b/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public Binary files differdeleted file mode 100755 index 4768154..0000000 --- a/test/integration/samplecaservicecontainer/inittoolfiles/out_parent_public +++ /dev/null |