summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-09-19Fix bugs in startup script and move scripts to binKiran Kamineni4-23/+34
Testing in kubernetes revealed some issues that needed to be fixed. This patch contains those changes. Issue-ID: AAF-510 Change-Id: Ib7956a2d49f4f7f663f18522e71758dffe35bcb0 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-09-18Add support for PRK password in TPM pluginKiran Kamineni4-20/+60
PRK Password needs to be passed to TPM Plugin for load key operations to work. P7: Moved readPassword to calling function P8: Check size of password string before memcpy P9: Updated readme Issue-ID: AAF-484 Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-09-13Merge "Add import scripts to base image"Kiran Kamineni4-0/+176
2018-09-13Add import scripts to base imageManjunath Ranganathaiah4-0/+176
These scripts imports the CA key to either tpm or softhsm. Updates the pkcs11 config file and adds the required config for softhsm Change-Id: If45cfb514756bf4ab03081d458ed728921fa1d51 Issue-ID: AAF-483 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-09-12Merge "Fix key pair loading in plugin"Girish Havaldar1-6/+20
2018-09-10Fix key pair loading in pluginKiran Kamineni1-6/+20
Key pair reading in TPM plugin assumes a particular order for input buffers. This patch checks the buffers and removes that assumption Issue-ID: AAF-478 Change-Id: I4fff17c912a0890138d1f432e5bfab5c9946b1cb Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-09-07Remove hardcoded paths and use CWD insteadKiran Kamineni1-4/+4
Removed hardcoded paths and using CWD instead. Makes deployment testing simpler in kubernetes. Makes data localized and easier to debug. Issue-ID: AAF-474 Change-Id: Ic671a8de2442bb9ca11bbc994a6e84bb12053617 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-09-05Merge "Script for SoftHSMv2 fallback mechanism"Kiran Kamineni6-148/+183
2018-09-05Fix missing init.sh while building abrmd containerManjunath Ranganathaiah1-1/+0
The init.sh file is removed as part of ownership change hence needs to be removed from dockerfile as well. Change-Id: I62fc1e3e15f98caf68c78be6b3ab0dbb326c2eb4 Issue-ID: AAF-409 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-09-05Merge "Add option to provide password to import tool"Girish Havaldar1-24/+31
2018-09-05Merge "Use base image for building abrmd"Girish Havaldar1-66/+1
2018-09-05Merge "Modify initialization to remove ownership step"Girish Havaldar4-109/+91
2018-09-04Add option to provide password to import toolKiran Kamineni1-24/+31
Add -password command line argument to take the primary key password to import keys. Issue-ID: AAF-464 Change-Id: I68b87139405427d065883ffe714e1072d3e987df Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-09-04Script for SoftHSMv2 fallback mechanismPramod Raghavendra Jayathirth6-148/+183
This will facilitate the SoftHSMv2 implementation when TPM is unavailable Change-Id: Ic77627702db514213cece200a259f723e6d66d34 Issue-ID: AAF-414 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-08-31Modify initialization to remove ownership stepKiran Kamineni4-109/+91
TPM ownership and primary key creation is assumed to be a step that is executed by the system administrator who will provide the credentials to pods during startup [Srini]. Now, init only reads the public portion of the primary key and puts it the host folder. P9: Remove init.sh. Not needed as initialize will directly talk to device now. Initialize is called during Step 1 and run_abrmd is called during Step 2 Issue-ID: AAF-409 Change-Id: Id0d1860f257c98045613e90b6b88e37858a9aceb Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-08-29Use base image for building abrmdKiran Kamineni1-66/+1
Use base image for building abrmd container Removes needless compilation steps involved Issue-ID: AAF-461 Change-Id: Ib9e1606b24223f235f5e60ff94add29e142f6bda Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-08-27Add build script for testcaservice containerManjunath Ranganathaiah2-0/+43
Add script to build and push the image to nexus repo. Invoke the script from top level build script. Issue-ID: AAF-447 Change-Id: I112efd4b484ee05e0ba0811efcb8ba7082a5d621 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-08-27Add build script for initabrmd containerManjunath Ranganathaiah2-0/+47
Add script to build and push the image to nexus repo. Invoke the script from top level build script. Change-Id: I644428d2da3bbc4688a3a45d34b8b7e9148314b0 Issue-ID: AAF-443 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-08-23Merge "Add build scripts and tabrmd"Kiran Kamineni5-6/+62
2018-08-23Merge "Containerize TPM Initialization tool"Kiran Kamineni6-21/+192
2018-08-22Add build scripts and tabrmdManjunath Ranganathaiah5-6/+62
There is a dependency on tabrmd while building duplicate tool and this is required for now. Cleanup and use base container from nexus repo. Add build scripts for nightly build. Change-Id: I4c3487d22988927084d7336671b81144374ccb5d Issue-ID: AAF-418 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-08-22Containerize TPM Initialization toolPramod Raghavendra Jayathirth6-21/+192
Modifying ABRMD container to support Init tool Change-Id: I8b2f8171688b67567e3ad4a3e4942ae76737bdfc Issue-ID: AAF-342 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-08-17Copy out encrypted private key selectivelyManjunath Ranganathaiah1-17/+22
Only in the case where no tpm hosts are present, then encrypt and copy out the private key Change-Id: I34fbcf65e61c4e6803f594ffe1c527c9afd8f184 Issue-ID: AAF-376 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-08-17Merge "Base images build and dockerfiles"Kiran Kamineni3-0/+219
2018-08-16Base images build and dockerfilesManjunath Ranganathaiah3-0/+219
This patch provides a build script that can be triggered by jenkins job to build base containers for AAF. Change-Id: I029784e7adbd7076967b756c23678b562438e06f Issue-ID: AAF-418 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-08-15Change to container based naming conventionKiran Kamineni2-13/+14
Changed naming and folder structure to allow for easy integration with kubernetes. Changed createca to distcenter name, after the container name. Issue-ID: AAF-409 Change-Id: I6f9f290f7c1f02b42a11aea85c26b95b334082d1 Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
2018-08-08Merge "Cleanup to remove the added sample files"Kiran Kamineni5-0/+0
2018-08-06Merge "Changes to encrypt and copy out private key"Kiran Kamineni4-21/+44
2018-08-03Cleanup to remove the added sample filesPramod Raghavendra Jayathirth5-0/+0
The output files from Init, Duplicate and Import is different and unique to each TPM and host Change-Id: I718fedec07130cfb2ba7959aa2b964c2b59dbae5 Issue-ID: AAF-342 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-08-01Changes to encrypt and copy out private keyManjunath Ranganathaiah4-21/+44
Using the given passphrase, encrypt the private key and copy out. Use the public key from the mount for generating out files. Change-Id: I5de42ad4c8a781201ed559b04b1457fe9e661e42 Issue-ID: AAF-376 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-07-27Cleanup unused jar fileManjunath Ranganathaiah1-1/+0
bctest jar file is not used and can be removed Change-Id: I9121a9f3ce8312a73454e51725f2d6f57522560d Issue-ID: AAF-342 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-07-26Remove already installed packagesManjunath Ranganathaiah1-4/+0
These are installed and present in the base container. Change-Id: Ibf591476e1fb9e036398043614e2a92ac939f6ba Issue-ID: AAF-342 Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
2018-07-25Merge "Adding the CA service container"Kiran Kamineni3-0/+183
2018-07-25Bug - Private Handle mandatoryRitu Sood1-1/+1
Private handle should not be mandatory as it is not needed in no HW support case Change-Id: I92158cb0b90f2b661ac091afc4131ad048887e17 Issue-ID: AAF-405 Signed-off-by: Ritu Sood <ritu.sood@intel.com>
2018-07-19Adding the CA service containerPramod Raghavendra Jayathirth3-0/+183
Adding the dockerfile and required scripts to implement CA service container functionality Issue-ID: AAF-342 Change-Id: I8ea086008d0d8e50bfad3886c741ba21642ac974 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-07-17Merge "Key distribution center container"Kiran Kamineni4-0/+57
2018-07-16Key distribution center containerManjunath Ranganathaiah4-0/+57
This container generates the ca key and certificate and encrypts it using SRK public key and stores the generated files on host folder shared with this container. The public key is built into the image for sample known target host. Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com> Issue-ID: AAF-376
2018-07-16Merge "Changing the directory of ABRMD container files"Kiran Kamineni3-1/+1
2018-07-16Changing the directory of ABRMD container filesPramod Raghavendra Jayathirth3-1/+1
Including the ABRMD in a seperare directory for better organization Change-Id: I1097a2d7be5bc99b40b0bd59a4bdb939478d5129 Issue-ID: AAF-342 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-07-12Adding the sample files for the toolsPramod Raghavendra Jayathirth5-0/+0
the tools used are Init and duplicate Change-Id: Ib3298f5cc1970d49834089ba969d4ddc1f41fe27 Issue-ID: AAF-342 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-07-11Adding the sample directory for applicationPramod Raghavendra Jayathirth5-0/+293
This can be considered as a sample for shared voulume which holds application content Change-Id: Id46d33869402c22ae9902d1cdff4c1704e422362 Issue-ID: AAF-342 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-07-02Change installation directory for tpm-utilPramod Raghavendra Jayathirth2-13/+12
changing the path from the user's home directory to root's home directory for duplicate and import utlity Change-Id: I1550492925fdd0e3096e7aab853c16896819d61c Issue-ID: AAF-334 Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
2018-05-25Merge "Add INFO.yaml file"2.0.0-ONAPbeijing2.0.0-ONAPKiran Kamineni1-0/+52
2018-05-25Merge "Allocating memory for modulus and exponent"Kiran Kamineni1-2/+9
2018-05-24Merge "Added 3 more TPM2 Plugin APIs"Kiran Kamineni7-51/+202
2018-05-24Add INFO.yaml fileJessica Wagantall1-0/+52
Add INFO.yaml to list: - Project description - Properties - PTL information - Meeting information - Committer information Change-Id: I9e1a7b8db453fe1558a2f52a859d62c3767f115b Issue-ID: CIMAN-134 Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
2018-05-24Added 3 more TPM2 Plugin APIsNingSun7-55/+208
Added tpm2_plugin_rsa_sign_update(...), tpm2_plugin_rsa_sign_final(...), tpm2_plugin_rsa_sign_cleanup(...) APIs. Issue-ID: AAF-94 Change-Id: I104ff7b979329c03e91206d19371d3904f163993 Signed-off-by: NingSun <ning.sun@intel.com>
2018-05-23Merge "Added a new Attribute to store TPM key handle"Kiran Kamineni12-97/+464
2018-05-24Added a new Attribute to store TPM key handleRitu Sood12-97/+464
Includes changes to detect existing instances of key and also some bug fixes. Also added new functionality for RSA_SignUpdate, RSA_SignFinal and RSA_Cleanup Issue-ID: AAF-260 Change-Id: Ib064e86b8f112784ed6d352ab1557ab9a13c5978 Signed-off-by: Ritu Sood <ritu.sood@intel.com>
2018-05-23Merge "Adding support for containerized tss and abrmd"Girish Havaldar3-0/+100