mk_delta/common/bin/sign_upg.sh

   1 #!/bin/bash
   2
   3 TMP_DIR=./sign_tmp
   4 Initialize() {
   5         if [ ! -d ${TMP_DIR} ]; then
   6                 mkdir ${TMP_DIR}
   7         fi
   8 }
   9
  10 Finalize() {
  11         if [ -d ${TMP_DIR} ]; then
  12                 rm -r ${TMP_DIR}
  13         fi
  14         echo "********** Package Signing End **********"
  15         exit
  16 }
  17
  18 # CheckFile FILE MESSAGE
  19 CheckFile() {
  20         if [ ! -f $1 ]; then
  21                 echo $2
  22                 Finalize
  23         fi
  24 }
  25
  26 # CheckNull VAR MESSAGE
  27 CheckNull() {
  28         if [ -z $1 ]; then
  29                 echo $2
  30                 Finalize
  31         fi
  32 }
  33
  34 PKCS=$1
  35 PKCS_PASSWORD=$2
  36 FILE=$3
  37 FILE_SIZE=""
  38 SIGNED_FILE=$4
  39 CheckArgument() {
  40         ArgumentList=(
  41                 ${PKCS}
  42                 ${FILE}
  43         )
  44
  45         echo "Checking argument..."
  46
  47         for ARGUMENT in ${ArgumentList[@]}; do
  48                 CheckFile ${ARGUMENT} ${ARGUMENT}" not exist"
  49         done
  50
  51         FILE_SIZE=$(${STAT} -c %s ${FILE})
  52         CheckNull ${FILE_SIZE} "Failed to get the size of file"
  53
  54         if [ -z ${SIGNED_FILE} ]; then
  55                 SIGNED_FILE=${FILE}
  56         fi
  57 }
  58
  59 BASENAME=/usr/bin/basename
  60 OPENSSL=/usr/bin/openssl
  61 PERL=/usr/bin/perl
  62 STAT=/usr/bin/stat
  63 CheckTool() {
  64         ToolList=(
  65                 ${BASENAME}
  66                 ${OPENSSL}
  67                 ${PERL}
  68                 ${STAT}
  69         )
  70
  71         echo "Checking tool..."
  72
  73         for TOOL in ${ToolList[@]}; do
  74                 CheckFile ${TOOL} ${TOOL}" not exist"
  75         done
  76 }
  77
  78 KEY=""
  79 CERT=""
  80 ExtractFromPKCSFile() {
  81         echo "Extract from PKCS file..."
  82
  83         KEY=${TMP_DIR}/key.pem
  84         ${OPENSSL} pkcs12 -in ${PKCS} -nocerts -passin pass:${PKCS_PASSWORD} -passout pass:${PKCS_PASSWORD} -out ${KEY}
  85         CheckFile ${KEY}
  86
  87         CERT=${TMP_DIR}/cert.pem
  88         ${OPENSSL} pkcs12 -in ${PKCS} -clcerts -nokeys -passin pass:${PKCS_PASSWORD} -out ${CERT}
  89         CheckFile ${CERT}
  90 }
  91
  92 SIGNATURE=""
  93 SIGNATURE_SIZE=""
  94 SignFile() {
  95         echo "Signing file..."
  96
  97         SIGNATURE=${TMP_DIR}/$(${BASENAME} ${FILE}).sign
  98         CheckNull ${SIGNATURE} "Failed to name signature"
  99
 100         ${OPENSSL} dgst -sha256 -sign ${KEY} -passin pass:${PKCS_PASSWORD} -out ${SIGNATURE} ${FILE}
 101         CheckFile ${SIGNATURE} "Failed to sign"
 102
 103         SIGNATURE_SIZE=$(${STAT} -c %s ${SIGNATURE})
 104         CheckNull ${SIGNATURE_SIZE} "Failed to get the size of signature"
 105 }
 106
 107 CERT_CONVERTED=""
 108 CERT_CONVERTED_SIZE=""
 109 ConvertCert() {
 110         echo "Converting certificate..."
 111
 112         CERT_CONVERTED=${TMP_DIR}/$(${BASENAME} ${CERT}).der
 113         CheckNull ${CERT_CONVERTED} "Failed to name converted certificate"
 114
 115         ${OPENSSL} x509 -in ${CERT} -outform DER -out ${CERT_CONVERTED}
 116         CheckFile ${CERT_CONVERTED} "Failed to convert certificate"
 117
 118         CERT_CONVERTED_SIZE=$(${STAT} -c %s ${CERT_CONVERTED})
 119         CheckNull ${CERT_CONVERTED_SIZE} "Failed to get the size of converted certificate"
 120 }
 121
 122 RESULT_FILE=""
 123 MAGIC_NUMBER="TOTA_SIGNED_V1"
 124 AttachSignature() {
 125         echo "Attaching signature..."
 126
 127         RESULT_FILE=${TMP_DIR}/result
 128
 129         cat ${SIGNATURE} ${CERT_CONVERTED} > ${RESULT_FILE}
 130         ${PERL} -e "print pack('L', ${FILE_SIZE})" >> ${RESULT_FILE}
 131         ${PERL} -e "print pack('L', ${SIGNATURE_SIZE})" >> ${RESULT_FILE}
 132         ${PERL} -e "print pack('L', ${CERT_CONVERTED_SIZE})" >> ${RESULT_FILE}
 133         echo -n ${MAGIC_NUMBER} >> ${RESULT_FILE}
 134 }
 135
 136 VerifySignature() {
 137         echo "Verifying signature..."
 138
 139         EXPECTED_SIZE=$(expr ${#MAGIC_NUMBER} + ${SIGNATURE_SIZE} + ${CERT_CONVERTED_SIZE} + 12)
 140         REAL_SIZE=$(${STAT} -c %s ${RESULT_FILE})
 141
 142         if [ ${EXPECTED_SIZE} -ne ${REAL_SIZE} ]; then
 143                 echo "Invalid result size : Expected("${EXPECTED_SIZE}") Real("${REAL_SIZE}")"
 144                 Finalize
 145         fi
 146 }
 147
 148 InsertSignature() {
 149         echo "Inserting signature..."
 150
 151         if [ ${FILE} != ${SIGNED_FILE} ]; then
 152                 cp ${FILE} ${SIGNED_FILE}
 153         fi
 154
 155         cat ${RESULT_FILE} >> ${SIGNED_FILE}
 156 }
 157
 158 # Main
 159
 160 echo "********** Package Signing Start **********"
 161
 162 if [ "$#" -lt 3 ]; then
 163         echo "Usage : sign_upg.sh PKCS_FILE PKCS_PASSWORD FILE_NAME [SIGNED_FILE_NAME]"
 164         echo "  - PKCS_FILE should include private key and certificate"
 165         echo "  - If SIGNED_FILE_NAME is NULL, signature will be overwritten to FILE_NAME"
 166         exit
 167 fi
 168
 169 CheckArgument
 170 CheckTool
 171
 172 Initialize
 173 ExtractFromPKCSFile
 174 SignFile
 175 ConvertCert
 176 AttachSignature
 177 VerifySignature
 178 InsertSignature
 179
 180 echo "Succeed to sign file!"
 181
 182 Finalize