packages/secGear
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secGear/0042-Fix-format-and-non-standard-coding-of-sigh_tool.sh-s.patch
gaoyusong 240992c8a1 backport some patches from openeuler secGear 
Signed-off-by: gaoyusong <gaoyusong1@huawei.com>
2021-10-26 15:51:01 +08:00

326 lines
11 KiB
Diff
Raw Blame History

From f8264a32459ca98b5607f1841b6a3d0876d709f0 Mon Sep 17 00:00:00 2001
From: blue <jingood@yeah.net>
Date: Thu, 14 Oct 2021 03:59:23 +0000
Subject: [PATCH] Fix format and non-standard coding of sigh_tool.sh script
---
tools/sign_tool/sign_tool.sh | 205 ++++++++++++++++++++++---------------------
1 file changed, 103 insertions(+), 102 deletions(-)
diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
index 0435a67..8f50ff5 100755
--- a/tools/sign_tool/sign_tool.sh
+++ b/tools/sign_tool/sign_tool.sh
@@ -9,19 +9,21 @@
# See the Mulan PSL v2 for more details.
#!/bin/bash
-VERSION=3
API_LEVEL=2
ONE_STEP_MODE=1
-localpath="$(cd "$(dirname "$0")"; pwd)"
+localpath="$(
+ cd "$(dirname "$0")" || exit -1
+ pwd
+)"
pypath="/lib/secGear"
-if [ -f ${localpath}/signtool_v3.py ]; then
+if [ -f "${localpath}/signtool_v3.py" ]; then
signtoolpath=${localpath}
else
signtoolpath=${pypath}
fi
-print_help(){
+print_help() {
echo "sign tool usage: ./sign_tool.sh [options] ..."
echo "[options]"
echo "-c <file> basic config file."
@@ -44,81 +46,81 @@ print_help(){
}
-while getopts "c:d:i:k:m:o:p:s:x:h" opt
-do
+while getopts "c:d:i:k:m:o:p:s:x:h" opt; do
case $opt in
c)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -c is missing or incorrect"
- exit -1
- fi
- CONFIG_FILE=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -c is missing or incorrect"
+ exit -1
+ fi
+ CONFIG_FILE=$OPTARG
+ ;;
d)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -d is missing or incorrect"
- exit -1
- fi
- typeset -l CMD
- CMD=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -d is missing or incorrect"
+ exit -1
+ fi
+ typeset -l CMD
+ CMD=$OPTARG
+ ;;
i)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -i is missing or incorrect"
- exit -1
- fi
- IN_ENCLAVE=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -i is missing or incorrect"
+ exit -1
+ fi
+ IN_ENCLAVE=$OPTARG
+ ;;
k)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -k is missing or incorrect"
- exit -1
- fi
- SIG_KEY=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -k is missing or incorrect"
+ exit -1
+ fi
+ SIG_KEY=$OPTARG
+ ;;
m)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -m is missing or incorrect"
- exit -1
- fi
- A_CONFIG_FILE=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -m is missing or incorrect"
+ exit -1
+ fi
+ A_CONFIG_FILE=$OPTARG
+ ;;
o)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -o is missing or incorrect"
- exit -1
- fi
- OUT_FILE=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -o is missing or incorrect"
+ exit -1
+ fi
+ OUT_FILE=$OPTARG
+ ;;
p)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -p is missing or incorrect"
- exit -1
- fi
- SERVER_PUBKEY=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -p is missing or incorrect"
+ exit -1
+ fi
+ SERVER_PUBKEY=$OPTARG
+ ;;
s)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -s is missing or incorrect"
- exit -1
- fi
- SIGNATURE=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -s is missing or incorrect"
+ exit -1
+ fi
+ SIGNATURE=$OPTARG
+ ;;
x)
- if [[ $OPTARG == -* ]]; then
- echo "Error: parameter for -x is missing or incorrect"
- exit -1
- fi
- typeset -l ENCLAVE_TYPE
- ENCLAVE_TYPE=$OPTARG
- ;;
+ if [[ $OPTARG == -* ]]; then
+ echo "Error: parameter for -x is missing or incorrect"
+ exit -1
+ fi
+ typeset -l ENCLAVE_TYPE
+ ENCLAVE_TYPE=$OPTARG
+ ;;
h)
- print_help
- exit 0
- ;;
+ print_help
+ exit 0
+ ;;
?)
- print_help
- exit -1
+ print_help
+ exit -1
+ ;;
esac
done
if [ ${OPTIND} == 1 ]; then
@@ -126,103 +128,102 @@ if [ ${OPTIND} == 1 ]; then
exit 0
fi
-itrustee_start_sign(){
-# check_native_sign
- if [ -z $A_CONFIG_FILE ]; then
+itrustee_start_sign() {
+ # check_native_sign
+ if [ -z "$A_CONFIG_FILE" ]; then
echo "Error: missing additional config_cloud.ini file for signing iTrustee enclave"
exit -1
fi
if [ "${CMD}"x == "sign"x ]; then
- if [ -z $SIGNATURE ]; then
+ if [ -z "$SIGNATURE" ]; then
ONE_STEP_MODE=1
- if [ -z $CONFIG_FILE ]; then
+ if [ -z "$CONFIG_FILE" ]; then
echo "Error: missing basic config file for signing iTrustee enclave"
exit -1
fi
- if [ -z $IN_ENCLAVE ]; then
+ if [ -z "$IN_ENCLAVE" ]; then
echo "Error: missing enclave file"
exit -1
fi
- python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}"
+ python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}"
else
ONE_STEP_MODE=0
python ${signtoolpath}/signtool_v3.py "sign" "${ONE_STEP_MODE}" "NULL" "${OUT_FILE}" "NULL" "${A_CONFIG_FILE}" "${API_LEVEL}" "${SIGNATURE}"
fi
elif [ "${CMD}"x == "digest"x ]; then
ONE_STEP_MODE=0
- if [ -z $CONFIG_FILE ]; then
+ if [ -z "$CONFIG_FILE" ]; then
echo "Error: missing config file for signing iTrustee enclave"
exit -1
fi
- if [ -z $IN_ENCLAVE ]; then
+ if [ -z "$IN_ENCLAVE" ]; then
echo "Error: missing enclave file"
exit -1
fi
- python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}"
+ python ${signtoolpath}/signtool_v3.py "digest" "${ONE_STEP_MODE}" "${IN_ENCLAVE}" "${OUT_FILE}" "${CONFIG_FILE}" "${A_CONFIG_FILE}" "${API_LEVEL}"
else
echo "Error: illegal command"
fi
}
-sgx_start_sign(){
- if [ -z $IN_ENCLAVE ]; then
+sgx_start_sign() {
+ if [ -z "$IN_ENCLAVE" ]; then
echo "Error: missing enclave file"
exit -1
fi
SIGDATA_FILE="signdata"
if [ "${CMD}"x == "sign"x ]; then
- if [ -z $SIGNATURE ]; then
- if [ -z $SIG_KEY ]; then
- echo "Error: missing sign key"
- exit -1
- fi
- if [ -z $CONFIG_FILE ]; then
- sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE}
+ if [ -z "$SIGNATURE" ]; then
+ if [ -z "$SIG_KEY" ]; then
+ echo "Error: missing sign key"
+ exit -1
+ fi
+ if [ -z "$CONFIG_FILE" ]; then
+ sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}"
else
- sgx_sign sign -enclave ${IN_ENCLAVE} -key ${SIG_KEY} -out ${OUT_FILE} -config ${CONFIG_FILE}
+ sgx_sign sign -enclave "${IN_ENCLAVE}" -key "${SIG_KEY}" -out "${OUT_FILE}" -config "${CONFIG_FILE}"
fi
else
- if [ -z $SERVER_PUBKEY ]; then
+ if [ -z "$SERVER_PUBKEY" ]; then
echo "Error: missing server public key"
exit -1
- fi
- if [ -z $CONFIG_FILE ]; then
- sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE}
+ fi
+ if [ -z "$CONFIG_FILE" ]; then
+ sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}"
else
- sgx_sign catsig -enclave ${IN_ENCLAVE} -key ${SERVER_PUBKEY} -sig ${SIGNATURE} -unsigned ${SIGDATA_FILE} -out ${OUT_FILE} -config ${CONFIG_FILE}
+ sgx_sign catsig -enclave "${IN_ENCLAVE}" -key "${SERVER_PUBKEY}" -sig "${SIGNATURE}" -unsigned "${SIGDATA_FILE}" -out "${OUT_FILE}" -config "${CONFIG_FILE}"
fi
rm -rf ${SIGDATA_FILE}
fi
elif [ "${CMD}"x == "digest"x ]; then
- if [ -z $CONFIG_FILE ]; then
- sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE}
+ if [ -z "$CONFIG_FILE" ]; then
+ sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}"
else
- sgx_sign gendata -enclave ${IN_ENCLAVE} -out ${SIGDATA_FILE} -config ${CONFIG_FILE}
+ sgx_sign gendata -enclave "${IN_ENCLAVE}" -out "${SIGDATA_FILE}" -config "${CONFIG_FILE}"
fi
- cp ${SIGDATA_FILE} ${OUT_FILE}
+ cp "${SIGDATA_FILE}" "${OUT_FILE}"
elif [ "${CMD}"x == "dump"x ]; then
- sgx_sign dump -enclave ${IN_ENCLAVE} -dumpfile ${OUT_FILE}
+ sgx_sign dump -enclave "${IN_ENCLAVE}" -dumpfile "${OUT_FILE}"
else
echo "Error: illegal command"
fi
}
-
-if [ -z $CMD ]; then
+if [ -z "$CMD" ]; then
echo "Error: missing command"
exit -1
fi
-if [ -z $ENCLAVE_TYPE ]; then
+if [ -z "$ENCLAVE_TYPE" ]; then
echo "Error: missing enclave type"
exit -1
fi
-if [ -z $OUT_FILE ]; then
+if [ -z "$OUT_FILE" ]; then
echo "Error: missing out file"
exit -1
fi
umask 0077
-check_results=`uname -m`
+check_results=$(uname -m)
if [ "${ENCLAVE_TYPE}"x == "sgx"x ]; then
if [ "${check_results}"x != "x86_64"x ]; then
echo "Warning: the enclave type does not comply with current architecture"
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink