the-tree/scripts/extract-module-sig.pl

0001 #!/usr/bin/env perl
0002 # SPDX-License-Identifier: GPL-2.0
0003 #
0004 # extract-mod-sig <part> <module-file>
0005 #
0006 # Reads the module file and writes out some or all of the signature
0007 # section to stdout.  Part is the bit to be written and is one of:
0008 #
0009 #  -0: The unsigned module, no signature data at all
0010 #  -a: All of the signature data, including magic number
0011 #  -d: Just the descriptor values as a sequence of numbers
0012 #  -n: Just the signer's name
0013 #  -k: Just the key ID
0014 #  -s: Just the crypto signature or PKCS#7 message
0015 #
0016 use warnings;
0017 use strict;
0018
0019 die "Format: $0 -[0adnks] module-file >out\n"
0020     if ($#ARGV != 1);
0021
0022 my $part = $ARGV[0];
0023 my $modfile = $ARGV[1];
0024
0025 my $magic_number = "~Module signature appended~\n";
0026
0027 #
0028 # Read the module contents
0029 #
0030 open FD, "<$modfile" || die $modfile;
0031 binmode(FD);
0032 my @st = stat(FD);
0033 die "$modfile" unless (@st);
0034 my $buf = "";
0035 my $len = sysread(FD, $buf, $st[7]);
0036 die "$modfile" unless (defined($len));
0037 die "Short read on $modfile\n" unless ($len == $st[7]);
0038 close(FD) || die $modfile;
0039
0040 print STDERR "Read ", $len, " bytes from module file\n";
0041
0042 die "The file is too short to have a sig magic number and descriptor\n"
0043     if ($len < 12 + length($magic_number));
0044
0045 #
0046 # Check for the magic number and extract the information block
0047 #
0048 my $p = $len - length($magic_number);
0049 my $raw_magic = substr($buf, $p);
0050
0051 die "Magic number not found at $len\n"
0052     if ($raw_magic ne $magic_number);
0053 print STDERR "Found magic number at $len\n";
0054
0055 $p -= 12;
0056 my $raw_info = substr($buf, $p, 12);
0057
0058 my @info = unpack("CCCCCxxxN", $raw_info);
0059 my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info;
0060
0061 if ($id_type == 0) {
0062     print STDERR "Found PGP key identifier\n";
0063 } elsif ($id_type == 1) {
0064     print STDERR "Found X.509 cert identifier\n";
0065 } elsif ($id_type == 2) {
0066     print STDERR "Found PKCS#7/CMS encapsulation\n";
0067 } else {
0068     print STDERR "Found unsupported identifier type $id_type\n";
0069 }
0070
0071 #
0072 # Extract the three pieces of info data
0073 #
0074 die "Insufficient name+kid+sig data in file\n"
0075     unless ($p >= $name_len + $kid_len + $sig_len);
0076
0077 $p -= $sig_len;
0078 my $raw_sig = substr($buf, $p, $sig_len);
0079 $p -= $kid_len;
0080 my $raw_kid = substr($buf, $p, $kid_len);
0081 $p -= $name_len;
0082 my $raw_name = substr($buf, $p, $name_len);
0083
0084 my $module_len = $p;
0085
0086 if ($sig_len > 0) {
0087     print STDERR "Found $sig_len bytes of signature [";
0088     my $n = $sig_len > 16 ? 16 : $sig_len;
0089     foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) {
0090     printf STDERR "%02x", $i;
0091     }
0092     print STDERR "]\n";
0093 }
0094
0095 if ($kid_len > 0) {
0096     print STDERR "Found $kid_len bytes of key identifier [";
0097     my $n = $kid_len > 16 ? 16 : $kid_len;
0098     foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) {
0099     printf STDERR "%02x", $i;
0100     }
0101     print STDERR "]\n";
0102 }
0103
0104 if ($name_len > 0) {
0105     print STDERR "Found $name_len bytes of signer's name [$raw_name]\n";
0106 }
0107
0108 #
0109 # Produce the requested output
0110 #
0111 if ($part eq "-0") {
0112     # The unsigned module, no signature data at all
0113     binmode(STDOUT);
0114     print substr($buf, 0, $module_len);
0115 } elsif ($part eq "-a") {
0116     # All of the signature data, including magic number
0117     binmode(STDOUT);
0118     print substr($buf, $module_len);
0119 } elsif ($part eq "-d") {
0120     # Just the descriptor values as a sequence of numbers
0121     print join(" ", @info), "\n";
0122 } elsif ($part eq "-n") {
0123     # Just the signer's name
0124     print STDERR "No signer's name for PKCS#7 message type sig\n"
0125     if ($id_type == 2);
0126     binmode(STDOUT);
0127     print $raw_name;
0128 } elsif ($part eq "-k") {
0129     # Just the key identifier
0130     print STDERR "No key ID for PKCS#7 message type sig\n"
0131     if ($id_type == 2);
0132     binmode(STDOUT);
0133     print $raw_kid;
0134 } elsif ($part eq "-s") {
0135     # Just the crypto signature or PKCS#7 message
0136     binmode(STDOUT);
0137     print $raw_sig;
0138 }