From a0865eeaad17733a2d21cc141fba168663c9f539 Mon Sep 17 00:00:00 2001 From: Pramod Raghavendra Jayathirth Date: Mon, 27 Aug 2018 09:05:45 -0700 Subject: Script for SoftHSMv2 fallback mechanism This will facilitate the SoftHSMv2 implementation when TPM is unavailable Change-Id: Ic77627702db514213cece200a259f723e6d66d34 Issue-ID: AAF-414 Signed-off-by: Pramod Raghavendra Jayathirth --- bin/caservicecontainer/test.sh | 109 ----------------------------------------- 1 file changed, 109 deletions(-) delete mode 100755 bin/caservicecontainer/test.sh (limited to 'bin/caservicecontainer/test.sh') diff --git a/bin/caservicecontainer/test.sh b/bin/caservicecontainer/test.sh deleted file mode 100755 index 9ef4cf9..0000000 --- a/bin/caservicecontainer/test.sh +++ /dev/null @@ -1,109 +0,0 @@ - -#NOTE - This scripts expects the Init and the Duplicate tools to be already run and the output files to be present at the -# shared volume (input for Import tool) - -#!/bin/bash -set -e - -#Placeholder of Input files to the Import tool which is the output of duplicate tool -duplicatetooldir="/tmp/files/duplicatetoolfiles" -#Pluginlibrary -pluginlibrary="/usr/local/lib/libtpm2-plugin.so" -#key_id is the parameter expected by SoftHSM -key_id="8738" -#TPM handle -tpm_handle="0x81000011" -#Key_label is the parameter expected by SoftHSM -key_label="ABC" -#UserPin for the SoftHSM operations -upin="123456789" -#SoPin for the SoftHSM operations -sopin="123456789" -#Slot number for the SoftHSM operations. Initially it should be started with 0 -slot_no="0" -#Name for creating the slot used by SoftHSM -token_no="Token1" -#Location for the application to fecth SoftHSM library -applicationlibrary="/usr/local/lib/softhsm/libsofthsm2.so" -#cert_id is the input for the application which is hexadecimal equivalent of key_id -cert_id=$(printf '%x' ${key_id}) - -#Plugin directory for the SoftHSM to load plugin and for further operations -if [ ! "$SSHSM_HW_PLUGINS_PARENT_DIR" ] -then - echo "There is no Plugin directory assigned. Hence creating the directory required by SoftHSM" - SSHSM_HW_PLUGINS_PARENT_DIR="/tmp/hwparent" -fi - mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR} -echo "The newly assigned plugin directory is ${SSHSM_HW_PLUGINS_PARENT_DIR}" - -mkdir -p /var/run/dbus - -# Initialize the token -softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" --pin ${upin} --so-pin ${sopin} -softhsm2-util --show-slots | grep 'Slot ' | cut -d\ -f2 | head -1 >> slotinfo.txt -SoftHSMv2SlotID="$(cat slotinfo.txt)" -echo "${SoftHSMv2SlotID}" - -# 1. Create the directory as expected by the SoftHSM to read the files -mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm -mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate -mkdir -p ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01 - -cp ${pluginlibrary} ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/plugin.so -touch ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1 -chmod 755 ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1 -echo "$tpm_handle" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/activate/Afile1.id1 - -# 2. Generate the pkcs11.cfg file required for the SoftHSM opeations -touch ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg -chmod 755 ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg -echo "${key_id}" -echo "key_id:${key_id}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg -echo "${key_label}" -echo "key_label:${key_label}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg -echo "upin:${upin}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg -echo "sopin:${sopin}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg -echo "sopin is ${sopin}" -echo "slot:${SoftHSMv2SlotID}" >> ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/pkcs11.cfg - -# 3.a Copy the required input files for the Import tool -cp ${duplicatetooldir}/* /sshsm/tpm-util/initandverify - -# 3.b Run the Import Utility -cd /sshsm/tpm-util/initandverify -./ImportTpmKey.sh - -# 3.c Copy the output of the Import utility to the directory that SoftHSMv2 expects -cp /sshsm/tpm-util/initandverify/outPriv ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/Kfile1.priv -cp /sshsm/tpm-util/initandverify/outPub ${SSHSM_HW_PLUGINS_PARENT_DIR}/S01tpm/key01/Kfile1.pub - -# Setting up the java application and running the application -# 4. Create the configuration pkcs11.cfg for the application -touch /tmp/pkcs11.cfg -chmod 755 /tmp/pkcs11.cfg -echo "name = ${key_label}" >> /tmp/pkcs11.cfg -echo "${applicationlibrary}" -echo "library = ${applicationlibrary}" >> /tmp/pkcs11.cfg -echo "slot = ${SoftHSMv2SlotID}" >> /tmp/pkcs11.cfg - -# 5. Compile the Application -cd /tmp/files/applicationfiles -cp test.csr /tmp/test.csr -javac CaSign.java - -# 6. Convert the crt to der format -openssl x509 -in ca.cert -outform der -out ca.der - -# 7. Add the ca certificate -pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} --write-object ./ca.der --type cert --id ${cert_id} - -# 8. Run the Application -java CaSign ${upin} 0x${cert_id} - -# 9. Verify the generated certificate -openssl verify -verbose -CAfile ca.cert /tmp/test.cert - -# 10. CleanUp -cd / -rm -rf slotinfo.txt -- cgit 1.2.3-korg