mk_delta/common/bin/sign_upg.sh

   1 #!/bin/bash
   2
   3 TMP_DIR=./sign_tmp
   4 Initialize() {
   5         if [ ! -d ${TMP_DIR} ]; then
   6                 mkdir ${TMP_DIR}
   7         fi
   8 }
   9
  10 Finalize() {
  11         if [ -d ${TMP_DIR} ]; then
  12                 rm -r ${TMP_DIR}
  13         fi
  14         echo "********** Package Signing End **********"
  15         exit
  16 }
  17
  18 # CheckFile FILE MESSAGE
  19 CheckFile() {
  20         if [ ! -f $1 ]; then
  21                 echo $2
  22                 Finalize
  23         fi
  24 }
  25
  26 # CheckNull VAR MESSAGE
  27 CheckNull() {
  28         if [ -z $1 ]; then
  29                 echo $2
  30                 Finalize
  31         fi
  32 }
  33
  34 PKCS=$1
  35 PKCS_PASSWORD=$2
  36 FILE=$3
  37 SIGNED_FILE=$4
  38 CheckArgument() {
  39         ArgumentList=(
  40                 ${PKCS}
  41                 ${FILE}
  42         )
  43
  44         echo "Checking argument..."
  45
  46         for ARGUMENT in ${ArgumentList[@]}; do
  47                 CheckFile ${ARGUMENT} ${ARGUMENT}" not exist"
  48         done
  49
  50         if [ -z ${SIGNED_FILE} ]; then
  51                 SIGNED_FILE=${FILE}
  52         fi
  53 }
  54
  55 BASENAME=/usr/bin/basename
  56 OPENSSL=/usr/bin/openssl
  57 PERL=/usr/bin/perl
  58 STAT=/usr/bin/stat
  59 CheckTool() {
  60         ToolList=(
  61                 ${BASENAME}
  62                 ${OPENSSL}
  63                 ${PERL}
  64                 ${STAT}
  65         )
  66
  67         echo "Checking tool..."
  68
  69         for TOOL in ${ToolList[@]}; do
  70                 CheckFile ${TOOL} ${TOOL}" not exist"
  71         done
  72 }
  73
  74 KEY=""
  75 CERT=""
  76 ExtractFromPKCSFile() {
  77         echo "Extract from PKCS file..."
  78
  79         KEY=${TMP_DIR}/key.pem
  80         ${OPENSSL} pkcs12 -in ${PKCS} -nocerts -passin pass:${PKCS_PASSWORD} -passout pass:${PKCS_PASSWORD} -out ${KEY}
  81         CheckFile ${KEY}
  82
  83         CERT=${TMP_DIR}/cert.pem
  84         ${OPENSSL} pkcs12 -in ${PKCS} -clcerts -nokeys -passin pass:${PKCS_PASSWORD} -out ${CERT}
  85         CheckFile ${CERT}
  86 }
  87
  88 SIGNATURE=""
  89 SIGNATURE_SIZE=""
  90 SignFile() {
  91         echo "Signing file..."
  92
  93         SIGNATURE=${TMP_DIR}/$(${BASENAME} ${FILE}).sign
  94         CheckNull ${SIGNATURE} "Failed to name signature"
  95
  96         ${OPENSSL} dgst -sha256 -sign ${KEY} -passin pass:${PKCS_PASSWORD} -out ${SIGNATURE} ${FILE}
  97         CheckFile ${SIGNATURE} "Failed to sign"
  98
  99         SIGNATURE_SIZE=$(${STAT} -c %s ${SIGNATURE})
 100         CheckNull ${SIGNATURE_SIZE} "Failed to get the size of signature"
 101 }
 102
 103 CERT_CONVERTED=""
 104 CERT_CONVERTED_SIZE=""
 105 ConvertCert() {
 106         echo "Converting certificate..."
 107
 108         CERT_CONVERTED=${TMP_DIR}/$(${BASENAME} ${CERT}).der
 109         CheckNull ${CERT_CONVERTED} "Failed to name converted certificate"
 110
 111         ${OPENSSL} x509 -in ${CERT} -outform DER -out ${CERT_CONVERTED}
 112         CheckFile ${CERT_CONVERTED} "Failed to convert certificate"
 113
 114         CERT_CONVERTED_SIZE=$(${STAT} -c %s ${CERT_CONVERTED})
 115         CheckNull ${CERT_CONVERTED_SIZE} "Failed to get the size of converted certificate"
 116 }
 117
 118 RESULT_FILE=""
 119 MAGIC_NUMBER="TOTA_SIGNED"
 120 AttachSignature() {
 121         echo "Attaching signature..."
 122
 123         RESULT_FILE=${TMP_DIR}/result
 124
 125         echo -n ${MAGIC_NUMBER} > ${RESULT_FILE}
 126         cat ${SIGNATURE} ${CERT_CONVERTED} >> ${RESULT_FILE}
 127         ${PERL} -e "print pack('L', ${SIGNATURE_SIZE})" >> ${RESULT_FILE}
 128         ${PERL} -e "print pack('L', ${CERT_CONVERTED_SIZE})" >> ${RESULT_FILE}
 129 }
 130
 131 VerifySignature() {
 132         echo "Verifying signature..."
 133
 134         EXPECTED_SIZE=$(expr ${#MAGIC_NUMBER} + ${SIGNATURE_SIZE} + ${CERT_CONVERTED_SIZE} + 8)
 135         REAL_SIZE=$(${STAT} -c %s ${RESULT_FILE})
 136
 137         if [ ${EXPECTED_SIZE} -ne ${REAL_SIZE} ]; then
 138                 echo "Invalid result size : Expected("${EXPECTED_SIZE}") Real("${REAL_SIZE}")"
 139                 Finalize
 140         fi
 141 }
 142
 143 InsertSignature() {
 144         echo "Inserting signature..."
 145
 146         if [ ${FILE} != ${SIGNED_FILE} ]; then
 147                 cp ${FILE} ${SIGNED_FILE}
 148         fi
 149
 150         cat ${RESULT_FILE} >> ${SIGNED_FILE}
 151 }
 152
 153 # Main
 154
 155 echo "********** Package Signing Start **********"
 156
 157 if [ "$#" -lt 3 ]; then
 158         echo "Usage : sign_upg.sh PKCS_FILE PKCS_PASSWORD FILE_NAME [SIGNED_FILE_NAME]"
 159         echo "  - PKCS_FILE should include private key and certificate"
 160         echo "  - If SIGNED_FILE_NAME is NULL, signature will be overwritten to FILE_NAME"
 161         exit
 162 fi
 163
 164 CheckArgument
 165 CheckTool
 166
 167 Initialize
 168 ExtractFromPKCSFile
 169 SignFile
 170 ConvertCert
 171 AttachSignature
 172 VerifySignature
 173 InsertSignature
 174
 175 echo "Succeed to sign file!"
 176
 177 Finalize