Commit | Line | Data |
---|---|---|
cb77f0d6 | 1 | #!/usr/bin/env perl |
b2441318 | 2 | # SPDX-License-Identifier: GPL-2.0 |
4adc605e DH |
3 | # |
4 | # extract-mod-sig <part> <module-file> | |
5 | # | |
6 | # Reads the module file and writes out some or all of the signature | |
7 | # section to stdout. Part is the bit to be written and is one of: | |
8 | # | |
9 | # -0: The unsigned module, no signature data at all | |
10 | # -a: All of the signature data, including magic number | |
11 | # -d: Just the descriptor values as a sequence of numbers | |
12 | # -n: Just the signer's name | |
13 | # -k: Just the key ID | |
14 | # -s: Just the crypto signature or PKCS#7 message | |
15 | # | |
cb77f0d6 | 16 | use warnings; |
4adc605e DH |
17 | use strict; |
18 | ||
19 | die "Format: $0 -[0adnks] module-file >out\n" | |
20 | if ($#ARGV != 1); | |
21 | ||
22 | my $part = $ARGV[0]; | |
23 | my $modfile = $ARGV[1]; | |
24 | ||
25 | my $magic_number = "~Module signature appended~\n"; | |
26 | ||
27 | # | |
28 | # Read the module contents | |
29 | # | |
30 | open FD, "<$modfile" || die $modfile; | |
31 | binmode(FD); | |
32 | my @st = stat(FD); | |
33 | die "$modfile" unless (@st); | |
34 | my $buf = ""; | |
35 | my $len = sysread(FD, $buf, $st[7]); | |
36 | die "$modfile" unless (defined($len)); | |
37 | die "Short read on $modfile\n" unless ($len == $st[7]); | |
38 | close(FD) || die $modfile; | |
39 | ||
40 | print STDERR "Read ", $len, " bytes from module file\n"; | |
41 | ||
42 | die "The file is too short to have a sig magic number and descriptor\n" | |
43 | if ($len < 12 + length($magic_number)); | |
44 | ||
45 | # | |
46 | # Check for the magic number and extract the information block | |
47 | # | |
48 | my $p = $len - length($magic_number); | |
49 | my $raw_magic = substr($buf, $p); | |
50 | ||
51 | die "Magic number not found at $len\n" | |
52 | if ($raw_magic ne $magic_number); | |
53 | print STDERR "Found magic number at $len\n"; | |
54 | ||
55 | $p -= 12; | |
56 | my $raw_info = substr($buf, $p, 12); | |
57 | ||
58 | my @info = unpack("CCCCCxxxN", $raw_info); | |
59 | my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info; | |
60 | ||
61 | if ($id_type == 0) { | |
62 | print STDERR "Found PGP key identifier\n"; | |
63 | } elsif ($id_type == 1) { | |
64 | print STDERR "Found X.509 cert identifier\n"; | |
65 | } elsif ($id_type == 2) { | |
66 | print STDERR "Found PKCS#7/CMS encapsulation\n"; | |
67 | } else { | |
68 | print STDERR "Found unsupported identifier type $id_type\n"; | |
69 | } | |
70 | ||
71 | # | |
72 | # Extract the three pieces of info data | |
73 | # | |
74 | die "Insufficient name+kid+sig data in file\n" | |
75 | unless ($p >= $name_len + $kid_len + $sig_len); | |
76 | ||
77 | $p -= $sig_len; | |
78 | my $raw_sig = substr($buf, $p, $sig_len); | |
79 | $p -= $kid_len; | |
80 | my $raw_kid = substr($buf, $p, $kid_len); | |
81 | $p -= $name_len; | |
82 | my $raw_name = substr($buf, $p, $name_len); | |
83 | ||
84 | my $module_len = $p; | |
85 | ||
86 | if ($sig_len > 0) { | |
87 | print STDERR "Found $sig_len bytes of signature ["; | |
88 | my $n = $sig_len > 16 ? 16 : $sig_len; | |
89 | foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) { | |
90 | printf STDERR "%02x", $i; | |
91 | } | |
92 | print STDERR "]\n"; | |
93 | } | |
94 | ||
95 | if ($kid_len > 0) { | |
96 | print STDERR "Found $kid_len bytes of key identifier ["; | |
97 | my $n = $kid_len > 16 ? 16 : $kid_len; | |
98 | foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) { | |
99 | printf STDERR "%02x", $i; | |
100 | } | |
101 | print STDERR "]\n"; | |
102 | } | |
103 | ||
104 | if ($name_len > 0) { | |
105 | print STDERR "Found $name_len bytes of signer's name [$raw_name]\n"; | |
106 | } | |
107 | ||
108 | # | |
109 | # Produce the requested output | |
110 | # | |
111 | if ($part eq "-0") { | |
112 | # The unsigned module, no signature data at all | |
113 | binmode(STDOUT); | |
114 | print substr($buf, 0, $module_len); | |
115 | } elsif ($part eq "-a") { | |
116 | # All of the signature data, including magic number | |
117 | binmode(STDOUT); | |
118 | print substr($buf, $module_len); | |
119 | } elsif ($part eq "-d") { | |
120 | # Just the descriptor values as a sequence of numbers | |
121 | print join(" ", @info), "\n"; | |
122 | } elsif ($part eq "-n") { | |
123 | # Just the signer's name | |
124 | print STDERR "No signer's name for PKCS#7 message type sig\n" | |
125 | if ($id_type == 2); | |
126 | binmode(STDOUT); | |
127 | print $raw_name; | |
128 | } elsif ($part eq "-k") { | |
129 | # Just the key identifier | |
130 | print STDERR "No key ID for PKCS#7 message type sig\n" | |
131 | if ($id_type == 2); | |
132 | binmode(STDOUT); | |
133 | print $raw_kid; | |
134 | } elsif ($part eq "-s") { | |
135 | # Just the crypto signature or PKCS#7 message | |
136 | binmode(STDOUT); | |
137 | print $raw_sig; | |
138 | } |