From 798827a706c3b0bcfae3d399fb8d59d06db3783e Mon Sep 17 00:00:00 2001
From: Kichan Kwon <k_c.kwon@samsung.com>
Date: Fri, 28 Aug 2020 17:30:26 +0900
Subject: [PATCH] Parse command options to allow empty PKCS password

- Somebody can make PKCS file without password
- But, shell script function can't distinguish
  between NULL argument and whitespace
- To distinguish, use command options and
  input password option if user wants

Change-Id: I5c37a705be4eef274222b4cebb8f3f353459cca7
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>
---
 mk_delta/common/bin/mk_delta.sh      |  7 ++++--
 mk_delta/common/bin/sign_img.sh      | 49 +++++++++++++++++++++++++-----------
 recovery/scripts/generate_package.sh |  7 ++++--
 3 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/mk_delta/common/bin/mk_delta.sh b/mk_delta/common/bin/mk_delta.sh
index 2226ab2..b4ac91b 100755
--- a/mk_delta/common/bin/mk_delta.sh
+++ b/mk_delta/common/bin/mk_delta.sh
@@ -360,8 +360,11 @@ sudo tar --overwrite -cf ../delta.tar *
 
 SIGN_PKCS_FILE=$1
 SIGN_PKCS_PASSWORD=$2
-if [ "z${SIGN_PKCS_FILE}" != "z" ] && [ "z${SIGN_PKCS_PASSWORD}" != "z" ]; then
-	sudo ${COMMON_BINDIR}/sign_img.sh ${SIGN_PKCS_FILE} ${SIGN_PKCS_PASSWORD} ../delta.tar
+if [ "z${SIGN_PKCS_FILE}" != "z" ]; then
+	if [ "z${SIGN_PKCS_PASSWORD}" != "z" ]; then
+		SIGNER_OPTIONAL_ARGUMENT="-p ${SIGN_PKCS_PASSWORD}"
+	fi
+	sudo ${COMMON_BINDIR}/sign_img.sh -k ${SIGN_PKCS_FILE} -i ../delta.tar ${SIGNER_OPTIONAL_ARGUMENT}
 fi
 cd -
 
diff --git a/mk_delta/common/bin/sign_img.sh b/mk_delta/common/bin/sign_img.sh
index ffea4fa..b66de96 100755
--- a/mk_delta/common/bin/sign_img.sh
+++ b/mk_delta/common/bin/sign_img.sh
@@ -31,23 +31,51 @@ CheckNull() {
 	fi
 }
 
-PKCS=$1
-PKCS_PASSWORD=$2
-FILE=$3
+Help() {
+	echo "Usage : sign_img.sh OPTS"
+	echo "  -k PKCS_FILE (essential)"
+	echo "    - PKCS_FILE should include private key and certificate"
+	echo "  -p PKCS_PASSWORD (optional)"
+	echo "  -i FILE_NAME (essential)"
+	echo "  -o SIGNED_FILE_NAME (optional)"
+	echo "    - If SIGNED_FILE_NAME is NULL, signature will be overwritten to FILE_NAME"
+	echo "  -h : print this message"
+	Finalize
+}
+
+PKCS=""
+PKCS_PASSWORD=""
+KEY_PASSWORD="SignImgTmpPw"
+FILE=""
 FILE_SIZE=""
-SIGNED_FILE=$4
+SIGNED_FILE=""
 CheckArgument() {
 	ArgumentList=(
 		${PKCS}
 		${FILE}
 	)
 
+	while getopts "hk:p:i:o:" OPT; do
+		case ${OPT} in
+			h) Help ;;
+			k) PKCS=${OPTARG} ;;
+			p) PKCS_PASSWORD=${OPTARG} ;;
+			i) FILE=${OPTARG} ;;
+			o) SIGNED_FILE=${OPTARG} ;;
+			?) Help ;;
+		esac
+	done
+
 	echo "Checking argument..."
 
 	for ARGUMENT in ${ArgumentList[@]}; do
 		CheckFile ${ARGUMENT} ${ARGUMENT}" not exist"
 	done
 
+	if [ ! -z ${PKCS_PASSWORD} ]; then
+		KEY_PASSWORD=${PKCS_PASSWORD}
+	fi
+
 	FILE_SIZE=$(${STAT} -c %s ${FILE})
 	CheckNull ${FILE_SIZE} "Failed to get the size of file"
 
@@ -81,7 +109,7 @@ ExtractFromPKCSFile() {
 	echo "Extract from PKCS file..."
 
 	KEY=${TMP_DIR}/key.pem
-	${OPENSSL} pkcs12 -in ${PKCS} -nocerts -passin pass:${PKCS_PASSWORD} -passout pass:${PKCS_PASSWORD} -out ${KEY}
+	${OPENSSL} pkcs12 -in ${PKCS} -nocerts -passin pass:${PKCS_PASSWORD} -passout pass:${KEY_PASSWORD} -out ${KEY}
 	CheckFile ${KEY}
 
 	CERT=${TMP_DIR}/cert.pem
@@ -97,7 +125,7 @@ SignFile() {
 	SIGNATURE=${TMP_DIR}/$(${BASENAME} ${FILE}).sign
 	CheckNull ${SIGNATURE} "Failed to name signature"
 
-	${OPENSSL} dgst -sha256 -sign ${KEY} -passin pass:${PKCS_PASSWORD} -out ${SIGNATURE} ${FILE}
+	${OPENSSL} dgst -sha256 -sign ${KEY} -passin pass:${KEY_PASSWORD} -out ${SIGNATURE} ${FILE}
 	CheckFile ${SIGNATURE} "Failed to sign"
 
 	SIGNATURE_SIZE=$(${STAT} -c %s ${SIGNATURE})
@@ -159,14 +187,7 @@ InsertSignature() {
 
 echo "********** Package Signing Start **********"
 
-if [ "$#" -lt 3 ]; then
-	echo "Usage : sign_img.sh PKCS_FILE PKCS_PASSWORD FILE_NAME [SIGNED_FILE_NAME]"
-	echo "  - PKCS_FILE should include private key and certificate"
-	echo "  - If SIGNED_FILE_NAME is NULL, signature will be overwritten to FILE_NAME"
-	exit
-fi
-
-CheckArgument
+CheckArgument $*
 CheckTool
 
 Initialize
diff --git a/recovery/scripts/generate_package.sh b/recovery/scripts/generate_package.sh
index 097f61b..39a382d 100755
--- a/recovery/scripts/generate_package.sh
+++ b/recovery/scripts/generate_package.sh
@@ -71,9 +71,12 @@ function __pack__() {
 function __sign__() {
 	SIGN_PKCS_FILE=$1
 	SIGN_PKCS_PASSWORD=$2
-	if [ "z$SIGN_PKCS_FILE" != "z" ] && [ "z$SIGN_PKCS_PASSWORD" != "z" ]; then
+	if [ "z$SIGN_PKCS_FILE" != "z" ]; then
+		if [ "z$SIGN_PKCS_PASSWORD" != "z" ]; then
+			SIGNER_OPTIONAL_ARGUMENT="-p $SIGN_PKCS_PASSWORD"
+		fi
 		cd $TOTA_UPG_DIR
-		./mk_delta/common/bin/sign_img.sh $SIGN_PKCS_FILE $SIGN_PKCS_PASSWORD $RESULT_DIR/$IMAGE_NAME
+		./mk_delta/common/bin/sign_img.sh -k $SIGN_PKCS_FILE -i $RESULT_DIR/$IMAGE_NAME $SIGNER_OPTIONAL_ARGUMENT
 	fi
 }
 
-- 
2.7.4