• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3# Copyright (c) 2020 Huawei Device Co., Ltd.
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#     http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16
17set -e
18
19function usage() {
20    echo "";
21    echo "usage:";
22    echo "     sec_os.sh <kernel bin> <kernel addr> <rootfs img> <rootfs addr> <other bin> <other addr>";
23    echo "     e.g."
24    echo "     sec_os.sh kernel.bin 0x100000 rootfs.img 0xA00000";
25    echo "";
26    exit 1;
27}
28
29function dec2hex(){
30    printf "0x%08x" $1
31}
32
33function h2nl() {
34    local tmp1=$[$1 & 0xff]
35    local tmp2=$[$[$1 & 0xff00] >> 8]
36    local tmp3=$[$[$1 & 0xff0000] >> 16]
37    local tmp4=$[$[$1 & 0xff000000] >> 24]
38    local val=$[$[$tmp1 << 24] | $[$tmp2 << 16] | $[$tmp3 << 8] | $tmp4]
39
40    echo $val
41}
42
43if [ $# == 0 ] || [ $(($#%2)) != 0 ]; then
44    usage
45fi
46
47sig_num=$(expr $# / 2)
48
49# for 2048
50if [ -f rsa_priv_2048.pem ]; then
51
52if [ -f x509_2048.bin ]; then
53  rm x509_2048.bin
54fi
55
56#add x509 len
57cp  x509_creater/rsa_public_key_2048.der rsa_public_key_2048.der
58filesize=`wc -c < rsa_public_key_2048.der`
59
60a=$(($filesize % 16))
61if [ "$a" == 0 ];then
62b=0
63else
64b=$((16-$a))
65fi
66cp  rsa_public_key_2048.der rsa_public_key_16byte_alig.bin
67for((i=1;i<=$b;i++))
68do
69    echo 0x00 | xxd -r >> rsa_public_key_16byte_alig.bin
70done
71rm rsa_public_key_2048.der;
72filesize=`wc -c < rsa_public_key_16byte_alig.bin`
73
74# add total length
75all_len=0;
76all_len=$[filesize+all_len];
77all_len=$[256+all_len];
78all_len=$[12+all_len];
79all_len=$[264*sig_num+all_len];
80
81all_len=$(dec2hex $all_len)
82all_len=$(h2nl $all_len)
83all_len=$(dec2hex $all_len)
84
85echo $all_len | xxd -r > all_len.txt
86cat all_len.txt >>x509_2048.bin
87rm all_len.txt
88
89sig_num_2048=$(dec2hex $sig_num)
90sig_num_2048=$(h2nl $sig_num_2048)
91sig_num_2048=$(dec2hex $sig_num_2048)
92echo $sig_num_2048 | xxd -r > sig_num.txt
93cat sig_num.txt >>x509_2048.bin
94rm sig_num.txt
95
96x509_len=$filesize
97x509_len=$(dec2hex $x509_len)
98x509_len=$(h2nl $x509_len)
99x509_len=$(dec2hex $x509_len)
100echo $x509_len | xxd -r > x509_len.txt
101cat x509_len.txt >>x509_2048.bin
102rm x509_len.txt
103
104cat rsa_public_key_16byte_alig.bin >>x509_2048.bin
105rm rsa_public_key_16byte_alig.bin
106
107#generate the signature
108for((i=1;i<=sig_num;i++))
109do
110    bin_name_num=$(($i * 2 - 1))
111    bin_addr_num=$(($i * 2))
112    bin_name=${!bin_name_num}
113    bin_addr=${!bin_addr_num}
114    bin_addr_head=${bin_addr:0:2}
115
116    if [ "$bin_addr_head" != "0x" ] && [ "$bin_addr_head" != "0X" ]; then
117        echo "addr err!"
118        usage
119    fi
120
121    if [ -f "$bin_name" ]; then
122        #add signature
123        openssl dgst -sha256 -sign x509_creater/rsa_private_2048.key -sigopt rsa_padding_mode:pss\
124        -sigopt rsa_pss_saltlen:-1 -out {$bin_name}.txt $bin_name
125        cat {$bin_name}.txt>> x509_2048.bin
126        rm {$bin_name}.txt
127        #add length
128        filesize=`wc -c < $bin_name`
129        filesize=$(dec2hex $filesize)
130        filesize=$(h2nl $filesize)
131        filesize=$(dec2hex $filesize)
132        echo $filesize | xxd -r > filesize.txt
133        cat filesize.txt >>x509_2048.bin
134        rm filesize.txt
135        #add address
136        addr=$(dec2hex $bin_addr)
137        addr=$(h2nl $addr)
138        addr=$(dec2hex $addr)
139        echo $addr | xxd -r > addr.txt
140        cat addr.txt >>x509_2048.bin
141        rm addr.txt
142    else
143        echo "no $bin_name!"
144    fi
145done
146
147openssl dgst -sha256 -sign rsa_priv_2048.pem -sigopt rsa_padding_mode:pss\
148 -sigopt rsa_pss_saltlen:-1 -out cert_sig.bin x509_2048.bin
149cat cert_sig.bin >> x509_2048.bin
150rm cert_sig.bin
151
152else
153    echo "no rsa_priv_2048.pem!"
154fi
155
156
157# for 4096
158if [ -f rsa_priv_4096.pem ]; then
159
160if [ -f x509_4096.bin ]; then
161  rm x509_4096.bin
162fi
163cp  x509_creater/rsa_public_key_4096.der rsa_public_key_4096.der
164#add x509 len
165filesize=`wc -c < rsa_public_key_4096.der`
166a=$(($filesize % 16))
167if [ "$a" == 0 ];then
168b=0
169else
170b=$((16-$a))
171fi
172cp rsa_public_key_4096.der rsa_public_key_16byte_alig.bin
173for((i=1;i<=$b;i++))
174do
175    echo 0x00 | xxd -r >> rsa_public_key_16byte_alig.bin
176done
177rm rsa_public_key_4096.der
178filesize=`wc -c < rsa_public_key_16byte_alig.bin`
179# add total length
180all_len=0;
181all_len=$[filesize+all_len];
182all_len=$[512+all_len];
183all_len=$[12+all_len];
184all_len=$[520*sig_num+all_len];
185
186all_len=$(dec2hex $all_len)
187all_len=$(h2nl $all_len)
188all_len=$(dec2hex $all_len)
189
190echo $all_len | xxd -r > all_len.txt
191cat all_len.txt >>x509_4096.bin
192rm all_len.txt
193
194sig_num_4096=$(dec2hex $sig_num)
195sig_num_4096=$(h2nl $sig_num_4096)
196sig_num_4096=$(dec2hex $sig_num_4096)
197echo $sig_num_4096 | xxd -r > sig_num.txt
198cat sig_num.txt >>x509_4096.bin
199rm sig_num.txt
200
201x509_len=$filesize
202x509_len=$(dec2hex $x509_len)
203x509_len=$(h2nl $x509_len)
204x509_len=$(dec2hex $x509_len)
205echo $x509_len | xxd -r > x509_len.txt
206cat x509_len.txt >>x509_4096.bin
207rm x509_len.txt
208
209cat rsa_public_key_16byte_alig.bin >>x509_4096.bin
210rm rsa_public_key_16byte_alig.bin
211
212#generate the signature
213for((i=1;i<=sig_num;i++))
214do
215    bin_name_num=$(($i * 2 - 1))
216    bin_addr_num=$(($i * 2))
217    bin_name=${!bin_name_num}
218    bin_addr=${!bin_addr_num}
219    bin_addr_head=${bin_addr:0:2}
220
221    if [ "$bin_addr_head" != "0x" ] && [ "$bin_addr_head" != "0X" ]; then
222        echo "addr err!"
223        usage
224    fi
225
226    if [ -f "$bin_name" ]; then
227        #add signature
228        openssl dgst -sha256 -sign x509_creater/rsa_private_4096.key -sigopt rsa_padding_mode:pss\
229        -sigopt rsa_pss_saltlen:-1 -out {$bin_name}.txt $bin_name
230        cat {$bin_name}.txt>> x509_4096.bin
231        rm {$bin_name}.txt
232        #add length
233        filesize=`wc -c < $bin_name`
234        filesize=$(dec2hex $filesize)
235        filesize=$(h2nl $filesize)
236        filesize=$(dec2hex $filesize)
237        echo $filesize | xxd -r > filesize.txt
238        cat filesize.txt >>x509_4096.bin
239        rm filesize.txt
240        #add address
241        addr=$(dec2hex $bin_addr)
242        addr=$(h2nl $addr)
243        addr=$(dec2hex $addr)
244        echo $addr | xxd -r > addr.txt
245        cat addr.txt >>x509_4096.bin
246        rm addr.txt
247    else
248        echo "no $bin_name!"
249    fi
250done
251
252openssl dgst -sha256 -sign rsa_priv_4096.pem -sigopt rsa_padding_mode:pss\
253 -sigopt rsa_pss_saltlen:-1 -out cert_sig.bin x509_4096.bin
254cat cert_sig.bin >> x509_4096.bin
255rm cert_sig.bin
256
257else
258    echo "no rsa_priv_4096.pem!"
259fi