Age | Commit message (Collapse) | Author | Files | Lines |
|
Issue-ID: AAF-729
Change-Id: Idcfecb548ce51c5e092eb8c4aea100e97aed9056
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
|
|
change "thread_count" variable in the
CaSignMultThread.java file to control
the number of threads created
Change-Id: I2296c01d476a7cf18e7fa221d5dd74044cd87293
Issue-ID: AAF-471
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
|
|
Change-Id: Ib2c44f05aebe8799c5b5f970cc2ceb22a4db2887
Signed-off-by: Stanislav Chlebec <stanislav.chlebec@pantheon.tech>
Issue-ID: AAF-582
|
|
Issue-ID: AAF-549
Change-Id: Idca602a0960467d933d339790ee4c16c3f747ad7
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
Create the required directory for abrmd data
before creating files
Issue-ID: AAF-527
Change-Id: I0fbc77d8eaa5b012b01dd01664ee810bce18a1d0
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Fix code formatting in Hwinfra module to match
rest of SoftHSM code.
Issue-ID: AAF-555
Change-Id: Ibbb39b72f90c7589b4999a1e2b10acf03d5c5818
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
This patch adds test framework and tests
for TPM based CA key protection import and signing.
Change-Id: I7bdd602f7275dd8613faeced11aad6c09a8aab52
Issue-ID: AAF-527
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
Testca and any other container that depends on
abrmd needs a script to check if it is up and ready
to accept commands. This scripts addresses that via the
tpm2_listpcrs command.
Issue-ID: AAF-520
Change-Id: I432b6f16a78d8eb6f18118ca64f040a70b2cab25
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Location for passphrase needed to be updated in
scenarios where tpm is not available
P2: Add more changes to get the passphrase to be passed
correctly
Issue-ID: AAF-521
Change-Id: Ibf022e05489e77cdcec642a543abf5cec3c21e53
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Changing the file permission immediately followed
by running the script results in text file busy
error intermittently.
Change-Id: Ib1aa2273135cb42a8837af2b5a3aa630ca61dd9e
Issue-ID: AAF-519
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
Testing in kubernetes revealed some issues that
needed to be fixed. This patch contains those changes.
Issue-ID: AAF-510
Change-Id: Ib7956a2d49f4f7f663f18522e71758dffe35bcb0
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Remove global variable for storing session info.
Instead this is populated by the calling function
as required.
Issue-ID: AAF-334
Change-Id: I146b52bcee758fd053129fdf4f7a75691575e6e9
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
PRK Password needs to be passed to TPM Plugin
for load key operations to work.
P7: Moved readPassword to calling function
P8: Check size of password string before memcpy
P9: Updated readme
Issue-ID: AAF-484
Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
These scripts imports the CA key to either tpm or
softhsm. Updates the pkcs11 config file and adds
the required config for softhsm
Change-Id: If45cfb514756bf4ab03081d458ed728921fa1d51
Issue-ID: AAF-483
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
Key pair reading in TPM plugin assumes a particular order for input buffers.
This patch checks the buffers and removes that assumption
Issue-ID: AAF-478
Change-Id: I4fff17c912a0890138d1f432e5bfab5c9946b1cb
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Removed hardcoded paths and using CWD instead.
Makes deployment testing simpler in kubernetes.
Makes data localized and easier to debug.
Issue-ID: AAF-474
Change-Id: Ic671a8de2442bb9ca11bbc994a6e84bb12053617
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
The init.sh file is removed as part of ownership change
hence needs to be removed from dockerfile as well.
Change-Id: I62fc1e3e15f98caf68c78be6b3ab0dbb326c2eb4
Issue-ID: AAF-409
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
|
|
|
|
Add -password command line argument to take the
primary key password to import keys.
Issue-ID: AAF-464
Change-Id: I68b87139405427d065883ffe714e1072d3e987df
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
This will facilitate the SoftHSMv2 implementation
when TPM is unavailable
Change-Id: Ic77627702db514213cece200a259f723e6d66d34
Issue-ID: AAF-414
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
TPM ownership and primary key creation is assumed to be a step that is
executed by the system administrator who will provide the credentials
to pods during startup [Srini]. Now, init only reads the public portion of the
primary key and puts it the host folder.
P9: Remove init.sh. Not needed as initialize will directly talk to device now.
Initialize is called during Step 1 and run_abrmd is called during Step 2
Issue-ID: AAF-409
Change-Id: Id0d1860f257c98045613e90b6b88e37858a9aceb
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Use base image for building abrmd container
Removes needless compilation steps involved
Issue-ID: AAF-461
Change-Id: Ib9e1606b24223f235f5e60ff94add29e142f6bda
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Add script to build and push the image to
nexus repo. Invoke the script from top level
build script.
Issue-ID: AAF-447
Change-Id: I112efd4b484ee05e0ba0811efcb8ba7082a5d621
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Add script to build and push the image to
nexus repo. Invoke the script from top level
build script.
Change-Id: I644428d2da3bbc4688a3a45d34b8b7e9148314b0
Issue-ID: AAF-443
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
|
|
There is a dependency on tabrmd while building duplicate tool
and this is required for now. Cleanup and use base container
from nexus repo. Add build scripts for nightly build.
Change-Id: I4c3487d22988927084d7336671b81144374ccb5d
Issue-ID: AAF-418
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Modifying ABRMD container to support Init tool
Change-Id: I8b2f8171688b67567e3ad4a3e4942ae76737bdfc
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
Only in the case where no tpm hosts are present, then encrypt
and copy out the private key
Change-Id: I34fbcf65e61c4e6803f594ffe1c527c9afd8f184
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
This patch provides a build script that can be triggered
by jenkins job to build base containers for AAF.
Change-Id: I029784e7adbd7076967b756c23678b562438e06f
Issue-ID: AAF-418
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Changed naming and folder structure to allow for
easy integration with kubernetes. Changed createca
to distcenter name, after the container name.
Issue-ID: AAF-409
Change-Id: I6f9f290f7c1f02b42a11aea85c26b95b334082d1
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
|
|
The output files from Init, Duplicate and Import
is different and unique to each TPM and host
Change-Id: I718fedec07130cfb2ba7959aa2b964c2b59dbae5
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
Using the given passphrase, encrypt the private key and copy out.
Use the public key from the mount for generating out files.
Change-Id: I5de42ad4c8a781201ed559b04b1457fe9e661e42
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
bctest jar file is not used and can be removed
Change-Id: I9121a9f3ce8312a73454e51725f2d6f57522560d
Issue-ID: AAF-342
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
These are installed and present in the base container.
Change-Id: Ibf591476e1fb9e036398043614e2a92ac939f6ba
Issue-ID: AAF-342
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
Private handle should not be mandatory
as it is not needed in no HW support case
Change-Id: I92158cb0b90f2b661ac091afc4131ad048887e17
Issue-ID: AAF-405
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
|
|
Adding the dockerfile and required scripts
to implement CA service container functionality
Issue-ID: AAF-342
Change-Id: I8ea086008d0d8e50bfad3886c741ba21642ac974
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|