| rjw | 1f88458 | 2022-01-06 17:20:42 +0800 | [diff] [blame^] | 1 | #!/bin/bash |
| 2 | |
| 3 | # |
| 4 | # Copyright (C) 2015 MediaTek Inc. All rights reserved. |
| 5 | # Tristan Shieh <tristan.shieh@mediatek.com> |
| 6 | # |
| 7 | # Redistribution and use in source and binary forms, with or without |
| 8 | # modification, are permitted provided that the following conditions |
| 9 | # are met: |
| 10 | # 1. Redistributions of source code must retain the above copyright |
| 11 | # notice, this list of conditions and the following disclaimer. |
| 12 | # 2. Redistributions in binary form must reproduce the above copyright |
| 13 | # notice, this list of conditions and the following disclaimer in the |
| 14 | # documentation and/or other materials provided with the distribution. |
| 15 | # |
| 16 | # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
| 17 | # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 18 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 19 | # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| 20 | # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 21 | # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 22 | # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 23 | # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 24 | # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 25 | # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 26 | # SUCH DAMAGE. |
| 27 | # |
| 28 | |
| 29 | if [ $# -lt 2 -o $# -gt 3 ] |
| 30 | then |
| 31 | echo "Usage: $0 private-key.pem filename [pss]" |
| 32 | exit -1 |
| 33 | fi |
| 34 | |
| 35 | TMPFILE1=$(mktemp) |
| 36 | TMPFILE2=$(mktemp) |
| 37 | |
| 38 | python -c " |
| 39 | import hashlib |
| 40 | |
| 41 | f = open('$2', 'rb') |
| 42 | b = f.read() |
| 43 | f.close() |
| 44 | |
| 45 | d = hashlib.sha256(b).digest() |
| 46 | if '$3' != 'pss': |
| 47 | b = '\0\0' |
| 48 | for i in range(0, len(d), 2): |
| 49 | b += d[i + 1] + d[i] |
| 50 | b += '\0' * 222 |
| 51 | else: |
| 52 | b = d |
| 53 | |
| 54 | f = open('${TMPFILE1}', 'wb') |
| 55 | f.write(b) |
| 56 | f.close() |
| 57 | " |
| 58 | |
| 59 | if [ -z "$3" -o "$3" != "pss" ]; then |
| 60 | openssl rsautl -sign -inkey $1 -raw -in ${TMPFILE1} -out ${TMPFILE2} |
| 61 | else |
| 62 | openssl pkeyutl -sign -inkey $1 -in ${TMPFILE1} -out ${TMPFILE2} -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:32 |
| 63 | fi |
| 64 | RET=$? |
| 65 | |
| 66 | python -c " |
| 67 | f = open('${TMPFILE2}', 'rb') |
| 68 | d = f.read() |
| 69 | f.close() |
| 70 | b = '' |
| 71 | if '$3' != 'pss': |
| 72 | for i in range(0, len(d), 2): |
| 73 | b += d[i + 1] + d[i] |
| 74 | else: |
| 75 | b = d; |
| 76 | f = open('$2.sign', 'wb') |
| 77 | f.write(b) |
| 78 | f.close() |
| 79 | " |
| 80 | |
| 81 | if [ "$3" = "pss" ]; then |
| 82 | echo "Signature file $2.sign with pss padding is generated" |
| 83 | else |
| 84 | echo "Signature file $2.sign with legacy padding is generated" |
| 85 | fi |
| 86 | |
| 87 | rm -f ${TMPFILE1} ${TMPFILE2} |
| 88 | exit ${RET} |