Skip to content

Latest commit

 

History

History
163 lines (110 loc) · 5.87 KB

README.md

File metadata and controls

163 lines (110 loc) · 5.87 KB

Quick navigation

PKCS#11 Interface implementation for
OPTIGA™ Trust M Host library for C

PKCS#11 is a Public-Key Cryptography Standard that defines a standard method to access cryptographic services from tokens/devices such as hardware security modules (HSM), smart cards etc. In this project we intend to use a OPTIGA™ Trust M device as the cryptographic token.

Preparing the Environment

This repository tests runs on a Raspberry PI. The Raspberry PI used is running on Raspberry Pi OS.

To prepare and install Raspberry Pi OS in a raspberry PI, please refer to the official documentation here.

This tool was tested on a Raspberry Pi 4 Model B with Raspberry Pi OS Debian Bookworm release 2024-03-15.

Setting up the Linux environment on Raspberry Pi

Once the raspberry PI is set up and ready to use, the I2C interface needs to be enabled. this interface will be used to communicate with OPTIGA™ Trust M device.

Run the command below in the terminal console.

sudo raspi-config
  • Navigate to Interfacing Options.
  • Select I2C and hit enter.
  • When the window to enable the I2C interface is appeared select yes.
  • Finish the configuration window.

Hardware connections between OPTIGA™ Trust M and Raspberry Pi

Hardware connection:

I2C Connection Below table shows the I2C connection between the OPTIGA™ Trust M and Raspberry Pi(RPI).

No Description RPI Pin # Pin Description
1 I2C SCL 5 SCL1, I2C
2 I2C SDA 3 SDA1, I2C
3 VCC 17 3V3
4 GND 9 GND

Building System Test Project for PKCS#11

Get the latest version of PKCS#11 implementation with OPTIGA™ Trust M

git clone --recurse-submodules https://github.com/Infineon/pkcs11-optiga-trust-m

Build PKCS#11 library with OPTIGA™ Trust M

To Install system dependencies and build the project with installation scripts, follow the steps below.

if not installed, A tool might be needed to run the next script in Linux environment. please install dos2unix tool and apply it to the script before running the script.

sudo apt install dos2unix
  1. Navigate to tools/installation folder.
cd tools/installation
  1. Run the setup_dependencies.sh shell script provided. This will install all dependencies needed by the PKCS#11 project.
chmod +x setup_dependencies.sh
dos2unix setup_dependencies.sh
./setup_dependencies.sh
  1. Run the install_shared_lib.sh shell script provide will compile and install the shared libraries into the system.
chmod +x install_shared_lib.sh
dos2unix install_shared_lib.sh
./install_shared_lib.sh

OpenSC Examples

  1. Go to OpenSC folder to run examples in script OpenSC-pkcs11-tool-commands.sh

From root folder :

cd tests/opensc
chmod +x OpenSC-pkcs11-tool-commands.sh
dos2unix OpenSC-pkcs11-tool-commands.sh
./OpenSC-pkcs11-tool-commands.sh
  1. To clean the files generated by the execution of OpenSC-pkcs11-tool-commands.sh, the script clean.sh can be used :
chmod +x clean.sh
dos2unix clean.sh
./clean.sh

OpenSSL Examples

  1. Go to OpenSSL_Engine_folder to run examples in script openssl-pkcs11-libp11-ecc.sh for ECC algorithm and openssl-pkcs11-libp11-rsa.sh for RSA algorithm.

For examples for ECC algorithm through OpenSSL Engine interface:

From root folder :

cd tests/openssl/openssl_engine
chmod +x openssl-pkcs11-libp11-ecc.sh
dos2unix openssl-pkcs11-libp11-ecc.sh
./openssl-pkcs11-libp11-ecc.sh

For examples for RSA algorithm through OpenSSL Engine interface :

From root folder :

cd tests/openssl/openssl_engine
chmod +x openssl-pkcs11-libp11-rsa.sh
dos2unix openssl-pkcs11-libp11-rsa.sh
./openssl-pkcs11-libp11-rsa.sh
  1. To clean the files generated by the execution of openssl-pkcs11-libp11-ecc.sh and openssl-pkcs11-libp11-rsa.sh, the script clean.sh can be used :

    chmod +x clean.sh dos2unix clean.sh ./clean.sh

AWS IoT Client Example

  1. Go to the aws_python folder and follow the instructions to set up the AWS IoT and MQTT Client.

Licensing

Please see our LICENSE for copyright and license information.

This project follows the REUSE approach, so copyright and licensing information is available for every file (including third party components) either in the file header, an individual *.license file or a REUSE.toml file. All licenses can be found in the LICENSES folder.