From f8264a32459ca98b5607f1841b6a3d0876d709f0 Mon Sep 17 00:00:00 2001 From: blue Date: Thu, 14 Oct 2021 03:59:23 +0000 Subject: [PATCH] Fix format and non-standard coding of sigh_tool.sh script --- tools/sign_tool/sign_tool.sh | 205 ++++++++++++++++++++++--------------------- 1 file changed, 103 insertions(+), 102 deletions(-) diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh index 0435a67..8f50ff5 100755 --- a/tools/sign_tool/sign_tool.sh +++ b/tools/sign_tool/sign_tool.sh @@ -9,19 +9,21 @@ # See the Mulan PSL v2 for more details. #!/bin/bash -VERSION=3 API_LEVEL=2 ONE_STEP_MODE=1 -localpath="$(cd "$(dirname "$0")"; pwd)" +localpath="$( + cd "$(dirname "$0")" || exit -1 + pwd +)" pypath="/lib/secGear" -if [ -f ${localpath}/signtool_v3.py ]; then +if [ -f "${localpath}/signtool_v3.py" ]; then signtoolpath=${localpath} else signtoolpath=${pypath} fi -print_help(){ +print_help() { echo "sign tool usage: ./sign_tool.sh [options] ..." echo "[options]" echo "-c basic config file." @@ -44,81 +46,81 @@ print_help(){ } -while getopts "c:d:i:k:m:o:p:s:x:h" opt -do +while getopts "c:d:i:k:m:o:p:s:x:h" opt; do case $opt in c) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -c is missing or incorrect" - exit -1 - fi - CONFIG_FILE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -c is missing or incorrect" + exit -1 + fi + CONFIG_FILE=$OPTARG + ;; d) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -d is missing or incorrect" - exit -1 - fi - typeset -l CMD - CMD=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -d is missing or incorrect" + exit -1 + fi + typeset -l CMD + CMD=$OPTARG + ;; i) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -i is missing or incorrect" - exit -1 - fi - IN_ENCLAVE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -i is missing or incorrect" + exit -1 + fi + IN_ENCLAVE=$OPTARG + ;; k) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -k is missing or incorrect" - exit -1 - fi - SIG_KEY=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -k is missing or incorrect" + exit -1 + fi + SIG_KEY=$OPTARG + ;; m) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -m is missing or incorrect" - exit -1 - fi - A_CONFIG_FILE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -m is missing or incorrect" + exit -1 + fi + A_CONFIG_FILE=$OPTARG + ;; o) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -o is missing or incorrect" - exit -1 - fi - OUT_FILE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -o is missing or incorrect" + exit -1 + fi + OUT_FILE=$OPTARG + ;; p) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -p is missing or incorrect" - exit -1 - fi - SERVER_PUBKEY=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -p is missing or incorrect" + exit -1 + fi + SERVER_PUBKEY=$OPTARG + ;; s) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -s is missing or incorrect" - exit -1 - fi - SIGNATURE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -s is missing or incorrect" + exit -1 + fi + SIGNATURE=$OPTARG + ;; x) - if [[ $OPTARG == -* ]]; then - echo "Error: parameter for -x is missing or incorrect" - exit -1 - fi - typeset -l ENCLAVE_TYPE - ENCLAVE_TYPE=$OPTARG - ;; + if [[ $OPTARG == -* ]]; then + echo "Error: parameter for -x is missing or incorrect" + exit -1 + fi + typeset -l ENCLAVE_TYPE + ENCLAVE_TYPE=$OPTARG + ;; h) - print_help - exit 0 - ;; + print_help + exit 0 + ;; ?) - print_help - exit -1 + print_help + exit -1 + ;; esac done if [ ${OPTIND} == 1 ]; then @@ -126,103 +128,102 @@ if [ ${OPTIND} == 1 ]; then exit 0 fi -itrustee_start_sign(){ -# check_native_sign - if [ -z $A_CONFIG_FILE ]; then +itrustee_start_sign() { + # check_native_sign + if [ -z "$A_CONFIG_FILE" ]; then echo "Error: missing additional config_cloud.ini file for signing iTrustee enclave" exit -1 fi if [ "${CMD}"x == "sign"x ]; then - if [ -z $SIGNATURE ]; then + if [ -z "$SIGNATURE" ]; then ONE_STEP_MODE=1 - if [ -z $CONFIG_FILE ]; then + if [ -z "$CONFIG_FILE" ]; then echo "Error: missing basic config file for signing iTrustee enclave" exit -1 fi - if [ -z $IN_ENCLAVE ]; then + if [ -z "$IN_ENCLAVE" ]; then echo "Error: missing enclave file" exit -1 fi - python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" + python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" else ONE_STEP_MODE=0 python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "NULL" "${OUT_FILE}" "NULL" "${A_CONFIG_FILE}" "${API_LEVEL}" "${SIGNATURE}" fi elif [ "${CMD}"x == "digest"x ]; then ONE_STEP_MODE=0 - if [ -z $CONFIG_FILE ]; then + if [ -z "$CONFIG_FILE" ]; then echo "Error: missing config file for signing iTrustee enclave" exit -1 fi - if [ -z $IN_ENCLAVE ]; then + if [ -z "$IN_ENCLAVE" ]; then echo "Error: missing enclave file" exit -1 fi - python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" + python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}" else echo "Error: illegal command" fi } -sgx_start_sign(){ - if [ -z $IN_ENCLAVE ]; then +sgx_start_sign() { + if [ -z "$IN_ENCLAVE" ]; then echo "Error: missing enclave file" exit -1 fi SIGDATA_FILE="signdata" if [ "${CMD}"x == "sign"x ]; then - if [ -z $SIGNATURE ]; then - if [ -z $SIG_KEY ]; then - echo "Error: missing sign key" - exit -1 - fi - if [ -z $CONFIG_FILE ]; then - sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} + if [ -z "$SIGNATURE" ]; then + if [ -z "$SIG_KEY" ]; then + echo "Error: missing sign key" + exit -1 + fi + if [ -z "$CONFIG_FILE" ]; then + sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}" else - sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} -config ${CONFIG_FILE} + sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}" -config "${CONFIG_FILE}" fi else - if [ -z $SERVER_PUBKEY ]; then + if [ -z "$SERVER_PUBKEY" ]; then echo "Error: missing server public key" exit -1 - fi - if [ -z $CONFIG_FILE ]; then - sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} + fi + if [ -z "$CONFIG_FILE" ]; then + sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}" else - sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} -config ${CONFIG_FILE} + sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}" -config "${CONFIG_FILE}" fi rm -rf ${SIGDATA_FILE} fi elif [ "${CMD}"x == "digest"x ]; then - if [ -z $CONFIG_FILE ]; then - sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} + if [ -z "$CONFIG_FILE" ]; then + sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}" else - sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} -config ${CONFIG_FILE} + sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}" -config "${CONFIG_FILE}" fi - cp ${SIGDATA_FILE} ${OUT_FILE} + cp "${SIGDATA_FILE}" "${OUT_FILE}" elif [ "${CMD}"x == "dump"x ]; then - sgx_sign dump -enclave ${IN_ENCLAVE} -dumpfile ${OUT_FILE} + sgx_sign dump -enclave "${IN_ENCLAVE}" -dumpfile "${OUT_FILE}" else echo "Error: illegal command" fi } - -if [ -z $CMD ]; then +if [ -z "$CMD" ]; then echo "Error: missing command" exit -1 fi -if [ -z $ENCLAVE_TYPE ]; then +if [ -z "$ENCLAVE_TYPE" ]; then echo "Error: missing enclave type" exit -1 fi -if [ -z $OUT_FILE ]; then +if [ -z "$OUT_FILE" ]; then echo "Error: missing out file" exit -1 fi umask 0077 -check_results=`uname -m` +check_results=$(uname -m) if [ "${ENCLAVE_TYPE}"x == "sgx"x ]; then if [ "${check_results}"x != "x86_64"x ]; then echo "Warning: the enclave type does not comply with current architecture" -- 1.8.3.1