--- /dev/null
+#!/bin/bash
+
+TMP_DIR=./sign_tmp
+Initialize() {
+ if [ ! -d ${TMP_DIR} ]; then
+ mkdir ${TMP_DIR}
+ fi
+}
+
+Finalize() {
+ if [ -d ${TMP_DIR} ]; then
+ rm -r ${TMP_DIR}
+ fi
+ echo "********** Package Signing End **********"
+ exit
+}
+
+# CheckFile FILE MESSAGE
+CheckFile() {
+ if [ ! -f $1 ]; then
+ echo $2
+ Finalize
+ fi
+}
+
+# CheckNull VAR MESSAGE
+CheckNull() {
+ if [ -z $1 ]; then
+ echo $2
+ Finalize
+ fi
+}
+
+KEY=$1
+CERT=$2
+FILE=$3
+SIGNED_FILE=$4
+CheckArgument() {
+ ArgumentList=(
+ ${KEY}
+ ${CERT}
+ ${FILE}
+ )
+
+ echo "Checking argument..."
+
+ for ARGUMENT in ${ArgumentList[@]}; do
+ CheckFile ${ARGUMENT} ${ARGUMENT}" not exist"
+ done
+
+ if [ -z ${SIGNED_FILE} ]; then
+ SIGNED_FILE=${FILE}
+ fi
+}
+
+BASENAME=/usr/bin/basename
+OPENSSL=/usr/bin/openssl
+PERL=/usr/bin/perl
+STAT=/usr/bin/stat
+CheckTool() {
+ ToolList=(
+ ${BASENAME}
+ ${OPENSSL}
+ ${PERL}
+ ${STAT}
+ )
+
+ echo "Checking tool..."
+
+ for TOOL in ${ToolList[@]}; do
+ CheckFile ${TOOL} ${TOOL}" not exist"
+ done
+}
+
+SIGNATURE=""
+SIGNATURE_SIZE=""
+SignFile() {
+ echo "Signing file..."
+
+ SIGNATURE=${TMP_DIR}/$(${BASENAME} ${FILE}).sign
+ CheckNull ${SIGNATURE} "Failed to name signature"
+
+ ${OPENSSL} dgst -sha256 -sign ${KEY} -out ${SIGNATURE} ${FILE}
+ CheckFile ${SIGNATURE} "Failed to sign"
+
+ SIGNATURE_SIZE=$(${STAT} -c %s ${SIGNATURE})
+ CheckNull ${SIGNATURE_SIZE} "Failed to get the size of signature"
+}
+
+CERT_CONVERTED=""
+CERT_CONVERTED_SIZE=""
+ConvertCert() {
+ echo "Converting certificate..."
+
+ CERT_CONVERTED=${TMP_DIR}/$(${BASENAME} ${CERT}).der
+ CheckNull ${CERT_CONVERTED} "Failed to name converted certificate"
+
+ ${OPENSSL} x509 -in ${CERT} -outform DER -out ${CERT_CONVERTED}
+ CheckFile ${CERT_CONVERTED} "Failed to convert certificate"
+
+ CERT_CONVERTED_SIZE=$(${STAT} -c %s ${CERT_CONVERTED})
+ CheckNull ${CERT_CONVERTED_SIZE} "Failed to get the size of converted certificate"
+}
+
+RESULT_FILE=""
+MAGIC_NUMBER="TOTA_SIGNED"
+AttachSignature() {
+ echo "Attaching signature..."
+
+ RESULT_FILE=${TMP_DIR}/result
+
+ echo -n ${MAGIC_NUMBER} > ${RESULT_FILE}
+ cat ${SIGNATURE} ${CERT_CONVERTED} >> ${RESULT_FILE}
+ ${PERL} -e "print pack('L', ${SIGNATURE_SIZE})" >> ${RESULT_FILE}
+ ${PERL} -e "print pack('L', ${CERT_CONVERTED_SIZE})" >> ${RESULT_FILE}
+}
+
+VerifySignature() {
+ echo "Verifying signature..."
+
+ EXPECTED_SIZE=$(expr ${#MAGIC_NUMBER} + ${SIGNATURE_SIZE} + ${CERT_CONVERTED_SIZE} + 8)
+ REAL_SIZE=$(${STAT} -c %s ${RESULT_FILE})
+
+ if [ ${EXPECTED_SIZE} -ne ${REAL_SIZE} ]; then
+ echo "Invalid result size : Expected("${EXPECTED_SIZE}") Real("${REAL_SIZE}")"
+ Finalize
+ fi
+}
+
+InsertSignature() {
+ echo "Inserting signature..."
+
+ if [ ${FILE} != ${SIGNED_FILE} ]; then
+ cp ${FILE} ${SIGNED_FILE}
+ fi
+
+ cat ${RESULT_FILE} >> ${SIGNED_FILE}
+}
+
+# Main
+
+echo "********** Package Signing Start **********"
+
+if [ "$#" -lt 3 ]; then
+ echo "Usage : sign_upg.sh KEY CERT FILE_NAME [SIGNED_FILE_NAME]"
+ echo " - KEY and CERT should be PEM format"
+ echo " - If SIGNED_FILE_NAME is NULL, signature will be overwritten to FILE_NAME"
+ exit
+fi
+
+CheckArgument
+CheckTool
+
+Initialize
+SignFile
+ConvertCert
+AttachSignature
+VerifySignature
+InsertSignature
+
+echo "Succeed to sign file!"
+
+Finalize