[mirror_ubuntu-artful-kernel.git] / scripts / extract-module-sig.pl

#!/usr/bin/env perl
#
# extract-mod-sig <part> <module-file>
#
# Reads the module file and writes out some or all of the signature
# section to stdout.  Part is the bit to be written and is one of:
#
#  -0: The unsigned module, no signature data at all
#  -a: All of the signature data, including magic number
#  -d: Just the descriptor values as a sequence of numbers
#  -n: Just the signer's name
#  -k: Just the key ID
#  -s: Just the crypto signature or PKCS#7 message
#
use warnings;
use strict;

die "Format: $0 -[0adnks] module-file >out\n"
    if ($#ARGV != 1);

my $part = $ARGV[0];
my $modfile = $ARGV[1];

my $magic_number = "~Module signature appended~\n";

#
# Read the module contents
#
open FD, "<$modfile" || die $modfile;
binmode(FD);
my @st = stat(FD);
die "$modfile" unless (@st);
my $buf = "";
my $len = sysread(FD, $buf, $st[7]);
die "$modfile" unless (defined($len));
die "Short read on $modfile\n" unless ($len == $st[7]);
close(FD) || die $modfile;

print STDERR "Read ", $len, " bytes from module file\n";

die "The file is too short to have a sig magic number and descriptor\n"
    if ($len < 12 + length($magic_number));

#
# Check for the magic number and extract the information block
#
my $p = $len - length($magic_number);
my $raw_magic = substr($buf, $p);

die "Magic number not found at $len\n"
    if ($raw_magic ne $magic_number);
print STDERR "Found magic number at $len\n";

$p -= 12;
my $raw_info = substr($buf, $p, 12);

my @info = unpack("CCCCCxxxN", $raw_info);
my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info;

if ($id_type == 0) {
    print STDERR "Found PGP key identifier\n";
} elsif ($id_type == 1) {
    print STDERR "Found X.509 cert identifier\n";
} elsif ($id_type == 2) {
    print STDERR "Found PKCS#7/CMS encapsulation\n";
} else {
    print STDERR "Found unsupported identifier type $id_type\n";
}

#
# Extract the three pieces of info data
#
die "Insufficient name+kid+sig data in file\n"
    unless ($p >= $name_len + $kid_len + $sig_len);

$p -= $sig_len;
my $raw_sig = substr($buf, $p, $sig_len);
$p -= $kid_len;
my $raw_kid = substr($buf, $p, $kid_len);
$p -= $name_len;
my $raw_name = substr($buf, $p, $name_len);

my $module_len = $p;

if ($sig_len > 0) {
    print STDERR "Found $sig_len bytes of signature [";
    my $n = $sig_len > 16 ? 16 : $sig_len;
    foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) {
	printf STDERR "%02x", $i;
    }
    print STDERR "]\n";
}

if ($kid_len > 0) {
    print STDERR "Found $kid_len bytes of key identifier [";
    my $n = $kid_len > 16 ? 16 : $kid_len;
    foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) {
	printf STDERR "%02x", $i;
    }
    print STDERR "]\n";
}

if ($name_len > 0) {
    print STDERR "Found $name_len bytes of signer's name [$raw_name]\n";
}

#
# Produce the requested output
#
if ($part eq "-0") {
    # The unsigned module, no signature data at all
    binmode(STDOUT);
    print substr($buf, 0, $module_len);
} elsif ($part eq "-a") {
    # All of the signature data, including magic number
    binmode(STDOUT);
    print substr($buf, $module_len);
} elsif ($part eq "-d") {
    # Just the descriptor values as a sequence of numbers
    print join(" ", @info), "\n";
} elsif ($part eq "-n") {
    # Just the signer's name
    print STDERR "No signer's name for PKCS#7 message type sig\n"
	if ($id_type == 2);
    binmode(STDOUT);
    print $raw_name;
} elsif ($part eq "-k") {
    # Just the key identifier
    print STDERR "No key ID for PKCS#7 message type sig\n"
	if ($id_type == 2);
    binmode(STDOUT);
    print $raw_kid;
} elsif ($part eq "-s") {
    # Just the crypto signature or PKCS#7 message
    binmode(STDOUT);
    print $raw_sig;
}
Commit	Line	Data
cb77f0d6	1	#!/usr/bin/env perl
4adc605e DH	2	#
	3	# extract-mod-sig <part> <module-file>
	4	#
	5	# Reads the module file and writes out some or all of the signature
	6	# section to stdout. Part is the bit to be written and is one of:
	7	#
	8	# -0: The unsigned module, no signature data at all
	9	# -a: All of the signature data, including magic number
	10	# -d: Just the descriptor values as a sequence of numbers
	11	# -n: Just the signer's name
	12	# -k: Just the key ID
	13	# -s: Just the crypto signature or PKCS#7 message
	14	#
cb77f0d6	15	use warnings;
4adc605e DH	16	use strict;
	17
	18	die "Format: $0 -[0adnks] module-file >out\n"
	19	if ($#ARGV != 1);
	20
	21	my $part = $ARGV[0];
	22	my $modfile = $ARGV[1];
	23
	24	my $magic_number = "~Module signature appended~\n";
	25
	26	#
	27	# Read the module contents
	28	#
	29	open FD, "<$modfile" \|\| die $modfile;
	30	binmode(FD);
	31	my @st = stat(FD);
	32	die "$modfile" unless (@st);
	33	my $buf = "";
	34	my $len = sysread(FD, $buf, $st[7]);
	35	die "$modfile" unless (defined($len));
	36	die "Short read on $modfile\n" unless ($len == $st[7]);
	37	close(FD) \|\| die $modfile;
	38
	39	print STDERR "Read ", $len, " bytes from module file\n";
	40
	41	die "The file is too short to have a sig magic number and descriptor\n"
	42	if ($len < 12 + length($magic_number));
	43
	44	#
	45	# Check for the magic number and extract the information block
	46	#
	47	my $p = $len - length($magic_number);
	48	my $raw_magic = substr($buf, $p);
	49
	50	die "Magic number not found at $len\n"
	51	if ($raw_magic ne $magic_number);
	52	print STDERR "Found magic number at $len\n";
	53
	54	$p -= 12;
	55	my $raw_info = substr($buf, $p, 12);
	56
	57	my @info = unpack("CCCCCxxxN", $raw_info);
	58	my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info;
	59
	60	if ($id_type == 0) {
	61	print STDERR "Found PGP key identifier\n";
	62	} elsif ($id_type == 1) {
	63	print STDERR "Found X.509 cert identifier\n";
	64	} elsif ($id_type == 2) {
	65	print STDERR "Found PKCS#7/CMS encapsulation\n";
	66	} else {
	67	print STDERR "Found unsupported identifier type $id_type\n";
	68	}
	69
	70	#
	71	# Extract the three pieces of info data
	72	#
	73	die "Insufficient name+kid+sig data in file\n"
	74	unless ($p >= $name_len + $kid_len + $sig_len);
	75
	76	$p -= $sig_len;
	77	my $raw_sig = substr($buf, $p, $sig_len);
	78	$p -= $kid_len;
	79	my $raw_kid = substr($buf, $p, $kid_len);
80	$p -= $name_len;
81	my $raw_name = substr($buf, $p, $name_len);
82
83	my $module_len = $p;
84
85	if ($sig_len > 0) {
86	print STDERR "Found $sig_len bytes of signature [";
87	my $n = $sig_len > 16 ? 16 : $sig_len;
88	foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) {
89	printf STDERR "%02x", $i;
90	}
91	print STDERR "]\n";
92	}
93
94	if ($kid_len > 0) {
95	print STDERR "Found $kid_len bytes of key identifier [";
96	my $n = $kid_len > 16 ? 16 : $kid_len;
97	foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) {
98	printf STDERR "%02x", $i;
99	}
100	print STDERR "]\n";
101	}
102
103	if ($name_len > 0) {
104	print STDERR "Found $name_len bytes of signer's name [$raw_name]\n";
105	}
106
107	#
108	# Produce the requested output
109	#
110	if ($part eq "-0") {
111	# The unsigned module, no signature data at all
112	binmode(STDOUT);
113	print substr($buf, 0, $module_len);
114	} elsif ($part eq "-a") {
115	# All of the signature data, including magic number
116	binmode(STDOUT);
117	print substr($buf, $module_len);
118	} elsif ($part eq "-d") {
119	# Just the descriptor values as a sequence of numbers
120	print join(" ", @info), "\n";
121	} elsif ($part eq "-n") {
122	# Just the signer's name
123	print STDERR "No signer's name for PKCS#7 message type sig\n"
124	if ($id_type == 2);
125	binmode(STDOUT);
126	print $raw_name;
127	} elsif ($part eq "-k") {
128	# Just the key identifier
129	print STDERR "No key ID for PKCS#7 message type sig\n"
130	if ($id_type == 2);
131	binmode(STDOUT);
132	print $raw_kid;
133	} elsif ($part eq "-s") {
134	# Just the crypto signature or PKCS#7 message
135	binmode(STDOUT);
136	print $raw_sig;
137	}