112 lines
2.4 KiB
Bash
Executable File
112 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
#@Description: 1. use private_key to sign the input parameter.
|
|
# 2. if "signed_file_name" is not appointed in the parameter,
|
|
# the output is named "xxx_sign.bin" by default.
|
|
|
|
rs_signature="rs_sample.bin"
|
|
key_dir="ecc_key"
|
|
gen_ecc256_key="gen_ecc256_key.sh"
|
|
private_key=$key_dir/"ecc_private_key.pem"
|
|
public_key=$key_dir/"ecc_public_key.pem"
|
|
pk_coordinate=$key_dir/"pk_sample.bin"
|
|
input=$1
|
|
output=$2
|
|
|
|
if [ $# -lt 1 ] || [ $# -gt 2 ]; then
|
|
echo "Usage $0 <input_file> <signed_file_name>"
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -e $1 ]; then
|
|
echo "The input file does not exist."
|
|
exit 1
|
|
fi
|
|
|
|
extract_signature_rs()
|
|
{
|
|
local offset=0
|
|
local length=0
|
|
|
|
dd if=$1 of=temp.txt bs=1 count=1 skip=3
|
|
length=`cat temp.txt`;length=`printf "%x" "'$length"`
|
|
if [[ "$length" == "21" ]]; then
|
|
dd if=$1 of=$rs_signature bs=1 count=32 skip=5
|
|
offset=37
|
|
else
|
|
dd if=$1 of=$rs_signature bs=1 count=32 skip=4
|
|
offset=36
|
|
fi
|
|
|
|
dd if=$1 of=temp.txt bs=1 count=1 skip=$(($offset+1))
|
|
length=`cat temp.txt`;length=`printf "%x" "'$length"`
|
|
if [[ "$length" == "21" ]]; then
|
|
dd if=$1 of=$rs_signature bs=1 count=32 skip=$(($offset+3)) seek=32
|
|
else
|
|
dd if=$1 of=$rs_signature bs=1 count=32 skip=$(($offset+2)) seek=32
|
|
fi
|
|
|
|
rm -f temp.txt
|
|
}
|
|
|
|
calculate_signature()
|
|
{
|
|
openssl dgst -sign $private_key -sha256 -out ecc_signature.bin $1
|
|
}
|
|
|
|
verify_signature()
|
|
{
|
|
openssl dgst -verify $public_key -sha256 -signature ecc_signature.bin $1
|
|
}
|
|
|
|
gen_sign()
|
|
{
|
|
calculate_signature $input
|
|
extract_signature_rs ecc_signature.bin
|
|
verify_signature $input
|
|
if [ $? -ne 0 ]; then
|
|
printf "input image verified signature failure!\n"
|
|
exit 1
|
|
fi
|
|
|
|
rm -f ecc_signature.bin
|
|
}
|
|
|
|
check_key_exist()
|
|
{
|
|
if [ ! -e ${private_key} ] || [ ! -e ${public_key} ] || [ ! -e ${pk_coordinate} ]; then
|
|
printf "\033[0;31;1m"
|
|
echo "The secret key file in directory("$key_dir") is incomplete, Try to auto generate it!"
|
|
printf "\033[0m"
|
|
cd $key_dir && ./$gen_ecc256_key && cd -
|
|
fi
|
|
}
|
|
|
|
main_func()
|
|
{
|
|
check_key_exist
|
|
gen_sign $input
|
|
|
|
if [ $# -eq 2 ]; then
|
|
if [ "$input" == "boot.bin" ]; then
|
|
cat $pk_coordinate > $output
|
|
cat $rs_signature >> $output
|
|
else
|
|
cat $rs_signature > $output
|
|
fi
|
|
else
|
|
echo "Output by default name: xxx_sign.bin!"
|
|
local prefix=${input%.*}
|
|
if [ "$input" == "boot.bin" ]; then
|
|
cat $pk_coordinate > boot_pubk_sign.bin
|
|
cat $rs_signature >> boot_pubk_sign.bin
|
|
else
|
|
cat $rs_signature > ${prefix}_sign.bin
|
|
fi
|
|
fi
|
|
|
|
rm -f $rs_signature $input
|
|
}
|
|
|
|
main_func $input $output
|