3 # NOTE - This scripts expects the Init and the Duplicate tools to be already
4 # run and the output files(listed in README) to be present at the
5 # shared volume (input for Import tool)
6 # It also requires the following ENVIRONMENT variables to be set
7 # SECRETS_FOLDER - containing the srk_handl and prk_passwd files in base64
8 # DATA_FOLDER - containing the files that are produced from the distcenter
12 #Primary Key Password used by TPM Plugin to load keys
13 export TPM_PRK_PASSWORD="$(cat ${SECRETS_FOLDER}/prk_passwd | base64 -d)"
14 #Handle to the aforementioned Primary Key
15 SRK_HANDLE="$(cat ${SECRETS_FOLDER}/srk_handle | base64 -d)"
16 #key_id is the parameter expected by SoftHSM
18 #Key_label is the parameter expected by SoftHSM
20 #UserPin for the SoftHSM operations
22 #SoPin for the SoftHSM operations
24 #Slot number for the SoftHSM operations. Initially it should be started with 0
26 #Name for creating the slot used by SoftHSM
28 #cert_id is the input for the application which is hexadecimal equivalent of key_id
29 cert_id=$(printf '%x' ${key_id})
32 #Process count for the Stress test
35 # 1.Initialize the token/
36 softhsm2-util --init-token --slot ${slot_no} --label "${token_name}" \
37 --pin ${upin} --so-pin ${sopin}
38 softhsm2-util --show-slots | grep 'Slot ' | cut -d\ -f2 | head -1 >> slotinfo.txt
39 SoftHSMv2SlotID="$(cat slotinfo.txt)"
40 echo "The slot ID used is ${SoftHSMv2SlotID}"
42 # 2.Plugin directory for the SoftHSM to load plugin and for further operations
43 if [ -f ${DATA_FOLDER}/out_parent_public ]; then
45 # 2.a Copy the required input files for the Import tool
46 cp ${DATA_FOLDER}/dup* /tpm-util/bin/
48 # 2.b Run the Import Utility
50 ./ossl_tpm_import -H $SRK_HANDLE -dupPub dupPub -dupPriv dupPriv \
51 -dupSymSeed dupSymseed -dupEncKey dupEncKey -pub outPub -priv outPriv \
52 -password $TPM_PRK_PASSWORD
55 ./softhsmconfig.sh $SRK_HANDLE $key_id $key_label $upin $sopin $SoftHSMv2SlotID
58 # 3 SoftHSM mode implementation
60 echo "TPM hardware unavailable. Using SoftHSM implementation"
64 # 3.a Extract the Private key using passphrase
65 cat passphrase | gpg --batch --yes --passphrase-fd 0 privkey.pem.gpg
67 # 3.b Convert the Private key pem into der format
68 openssl rsa -in ./privkey.pem -outform DER -out privatekey.der
70 # 3.c Load the Private key into SoftHSM
71 pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \
72 --write-object ./privatekey.der --type privkey --id ${cert_id} --label ${key_label}
76 # 3.a Application operation
79 # 3.b Convert the crt to der format
80 openssl x509 -in ca.cert -outform der -out ca.der
81 cp ca.cert /testca/tests/multithread/
83 # 3.c Add the ca certificate
84 pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -l --pin ${upin} \
85 --write-object ./ca.der --type cert --id ${cert_id}
87 # 4. Calling the functionalities of the sample application
89 ./multithreadapplication.sh $key_label $SoftHSMv2SlotID $upin $cert_id