Commit | Line | Data |
---|---|---|
cb77f0d6 | 1 | #!/usr/bin/env perl |
4adc605e DH |
2 | # |
3 | # extract-mod-sig <part> <module-file> | |
4 | # | |
5 | # Reads the module file and writes out some or all of the signature | |
6 | # section to stdout. Part is the bit to be written and is one of: | |
7 | # | |
8 | # -0: The unsigned module, no signature data at all | |
9 | # -a: All of the signature data, including magic number | |
10 | # -d: Just the descriptor values as a sequence of numbers | |
11 | # -n: Just the signer's name | |
12 | # -k: Just the key ID | |
13 | # -s: Just the crypto signature or PKCS#7 message | |
14 | # | |
cb77f0d6 | 15 | use warnings; |
4adc605e DH |
16 | use strict; |
17 | ||
18 | die "Format: $0 -[0adnks] module-file >out\n" | |
19 | if ($#ARGV != 1); | |
20 | ||
21 | my $part = $ARGV[0]; | |
22 | my $modfile = $ARGV[1]; | |
23 | ||
24 | my $magic_number = "~Module signature appended~\n"; | |
25 | ||
26 | # | |
27 | # Read the module contents | |
28 | # | |
29 | open FD, "<$modfile" || die $modfile; | |
30 | binmode(FD); | |
31 | my @st = stat(FD); | |
32 | die "$modfile" unless (@st); | |
33 | my $buf = ""; | |
34 | my $len = sysread(FD, $buf, $st[7]); | |
35 | die "$modfile" unless (defined($len)); | |
36 | die "Short read on $modfile\n" unless ($len == $st[7]); | |
37 | close(FD) || die $modfile; | |
38 | ||
39 | print STDERR "Read ", $len, " bytes from module file\n"; | |
40 | ||
41 | die "The file is too short to have a sig magic number and descriptor\n" | |
42 | if ($len < 12 + length($magic_number)); | |
43 | ||
44 | # | |
45 | # Check for the magic number and extract the information block | |
46 | # | |
47 | my $p = $len - length($magic_number); | |
48 | my $raw_magic = substr($buf, $p); | |
49 | ||
50 | die "Magic number not found at $len\n" | |
51 | if ($raw_magic ne $magic_number); | |
52 | print STDERR "Found magic number at $len\n"; | |
53 | ||
54 | $p -= 12; | |
55 | my $raw_info = substr($buf, $p, 12); | |
56 | ||
57 | my @info = unpack("CCCCCxxxN", $raw_info); | |
58 | my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info; | |
59 | ||
60 | if ($id_type == 0) { | |
61 | print STDERR "Found PGP key identifier\n"; | |
62 | } elsif ($id_type == 1) { | |
63 | print STDERR "Found X.509 cert identifier\n"; | |
64 | } elsif ($id_type == 2) { | |
65 | print STDERR "Found PKCS#7/CMS encapsulation\n"; | |
66 | } else { | |
67 | print STDERR "Found unsupported identifier type $id_type\n"; | |
68 | } | |
69 | ||
70 | # | |
71 | # Extract the three pieces of info data | |
72 | # | |
73 | die "Insufficient name+kid+sig data in file\n" | |
74 | unless ($p >= $name_len + $kid_len + $sig_len); | |
75 | ||
76 | $p -= $sig_len; | |
77 | my $raw_sig = substr($buf, $p, $sig_len); | |
78 | $p -= $kid_len; | |
79 | my $raw_kid = substr($buf, $p, $kid_len); | |
80 | $p -= $name_len; | |
81 | my $raw_name = substr($buf, $p, $name_len); | |
82 | ||
83 | my $module_len = $p; | |
84 | ||
85 | if ($sig_len > 0) { | |
86 | print STDERR "Found $sig_len bytes of signature ["; | |
87 | my $n = $sig_len > 16 ? 16 : $sig_len; | |
88 | foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) { | |
89 | printf STDERR "%02x", $i; | |
90 | } | |
91 | print STDERR "]\n"; | |
92 | } | |
93 | ||
94 | if ($kid_len > 0) { | |
95 | print STDERR "Found $kid_len bytes of key identifier ["; | |
96 | my $n = $kid_len > 16 ? 16 : $kid_len; | |
97 | foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) { | |
98 | printf STDERR "%02x", $i; | |
99 | } | |
100 | print STDERR "]\n"; | |
101 | } | |
102 | ||
103 | if ($name_len > 0) { | |
104 | print STDERR "Found $name_len bytes of signer's name [$raw_name]\n"; | |
105 | } | |
106 | ||
107 | # | |
108 | # Produce the requested output | |
109 | # | |
110 | if ($part eq "-0") { | |
111 | # The unsigned module, no signature data at all | |
112 | binmode(STDOUT); | |
113 | print substr($buf, 0, $module_len); | |
114 | } elsif ($part eq "-a") { | |
115 | # All of the signature data, including magic number | |
116 | binmode(STDOUT); | |
117 | print substr($buf, $module_len); | |
118 | } elsif ($part eq "-d") { | |
119 | # Just the descriptor values as a sequence of numbers | |
120 | print join(" ", @info), "\n"; | |
121 | } elsif ($part eq "-n") { | |
122 | # Just the signer's name | |
123 | print STDERR "No signer's name for PKCS#7 message type sig\n" | |
124 | if ($id_type == 2); | |
125 | binmode(STDOUT); | |
126 | print $raw_name; | |
127 | } elsif ($part eq "-k") { | |
128 | # Just the key identifier | |
129 | print STDERR "No key ID for PKCS#7 message type sig\n" | |
130 | if ($id_type == 2); | |
131 | binmode(STDOUT); | |
132 | print $raw_kid; | |
133 | } elsif ($part eq "-s") { | |
134 | # Just the crypto signature or PKCS#7 message | |
135 | binmode(STDOUT); | |
136 | print $raw_sig; | |
137 | } |