Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_oneplus_sm8150 / e2a666d52b4825c26c857cada211f3baac26a600 / . / scripts / sign-file
blob: 095a953bdb8e6078e0d654bc23d928513d58b7a4 [file] [log] [blame]
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]1#!/bin/bash
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]2#
3# Sign a module file using the given key.
4#
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]5# Format: sign-file <key> <x509> <keyid-script> <module>
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]6#
7
8scripts=`dirname $0`
9
10CONFIG_MODULE_SIG_SHA512=y
11if [ -r .config ]
12then
13 . ./.config
14fi
15
16key="$1"
17x509="$2"
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]18keyid_script="$3"
19mod="$4"
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]20
21if [ ! -r "$key" ]
22then
23 echo "Can't read private key" >&2
24 exit 2
25fi
26
27if [ ! -r "$x509" ]
28then
29 echo "Can't read X.509 certificate" >&2
30 exit 2
31fi
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]32
33#
34# Signature parameters
35#
36algo=1 # Public-key crypto algorithm: RSA
37hash= # Digest algorithm
38id_type=1 # Identifier type: X.509
39
40#
41# Digest the data
42#
43dgst=
44if [ "$CONFIG_MODULE_SIG_SHA1" = "y" ]
45then
46 prologue="0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14"
47 dgst=-sha1
48 hash=2
49elif [ "$CONFIG_MODULE_SIG_SHA224" = "y" ]
50then
51 prologue="0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C"
52 dgst=-sha224
53 hash=7
54elif [ "$CONFIG_MODULE_SIG_SHA256" = "y" ]
55then
56 prologue="0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20"
57 dgst=-sha256
58 hash=4
59elif [ "$CONFIG_MODULE_SIG_SHA384" = "y" ]
60then
61 prologue="0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30"
62 dgst=-sha384
63 hash=5
64elif [ "$CONFIG_MODULE_SIG_SHA512" = "y" ]
65then
66 prologue="0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40"
67 dgst=-sha512
68 hash=6
69else
70 echo "$0: Can't determine hash algorithm" >&2
71 exit 2
72fi
73
74(
75perl -e "binmode STDOUT; print pack(\"C*\", $prologue)" || exit $?
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]76openssl dgst $dgst -binary $mod || exit $?
77) >$mod.dig || exit $?
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]78
79#
80# Generate the binary signature, which will be just the integer that comprises
81# the signature with no metadata attached.
82#
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]83openssl rsautl -sign -inkey $key -keyform PEM -in $mod.dig -out $mod.sig || exit $?
84
85SIGNER="`perl $keyid_script $x509 signer-name`"
86KEYID="`perl $keyid_script $x509 keyid`"
87keyidlen=${#KEYID}
88siglen=${#SIGNER}
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]89
90#
91# Build the signed binary
92#
93(
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]94 cat $mod || exit $?
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]95 echo '~Module signature appended~' || exit $?
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]96 echo -n "$SIGNER" || exit $?
97 echo -n "$KEYID" || exit $?
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]98
99 # Preface each signature integer with a 2-byte BE length
100 perl -e "binmode STDOUT; print pack(\"n\", $siglen)" || exit $?
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]101 cat $mod.sig || exit $?
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]102
103 # Generate the information block
104 perl -e "binmode STDOUT; print pack(\"CCCCCxxxN\", $algo, $hash, $id_type, $signerlen, $keyidlen, $siglen + 2)" || exit $?
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]105) >$mod~ || exit $?
David Howells80d65e52012-09-26 10:11:06 +0100[diff] [blame]106
Rusty Russelle2a666d2012-10-19 11:53:15 +1030[diff] [blame^]107mv $mod~ $mod || exit $?