blob: faac6f2e377fac754d32f017444cd2c96dd45b07
1 | #!/usr/bin/perl -w |
2 | # |
3 | # extract-mod-sig <part> <module-file> |
4 | # |
5 | # Reads the module file and writes out some or all of the signature |
6 | # section to stdout. Part is the bit to be written and is one of: |
7 | # |
8 | # -0: The unsigned module, no signature data at all |
9 | # -a: All of the signature data, including magic number |
10 | # -d: Just the descriptor values as a sequence of numbers |
11 | # -n: Just the signer's name |
12 | # -k: Just the key ID |
13 | # -s: Just the crypto signature or PKCS#7 message |
14 | # |
15 | use strict; |
16 | |
17 | die "Format: $0 -[0adnks] module-file >out\n" |
18 | if ($#ARGV != 1); |
19 | |
20 | my $part = $ARGV[0]; |
21 | my $modfile = $ARGV[1]; |
22 | |
23 | my $magic_number = "~Module signature appended~\n"; |
24 | |
25 | # |
26 | # Read the module contents |
27 | # |
28 | open FD, "<$modfile" || die $modfile; |
29 | binmode(FD); |
30 | my @st = stat(FD); |
31 | die "$modfile" unless (@st); |
32 | my $buf = ""; |
33 | my $len = sysread(FD, $buf, $st[7]); |
34 | die "$modfile" unless (defined($len)); |
35 | die "Short read on $modfile\n" unless ($len == $st[7]); |
36 | close(FD) || die $modfile; |
37 | |
38 | print STDERR "Read ", $len, " bytes from module file\n"; |
39 | |
40 | die "The file is too short to have a sig magic number and descriptor\n" |
41 | if ($len < 12 + length($magic_number)); |
42 | |
43 | # |
44 | # Check for the magic number and extract the information block |
45 | # |
46 | my $p = $len - length($magic_number); |
47 | my $raw_magic = substr($buf, $p); |
48 | |
49 | die "Magic number not found at $len\n" |
50 | if ($raw_magic ne $magic_number); |
51 | print STDERR "Found magic number at $len\n"; |
52 | |
53 | $p -= 12; |
54 | my $raw_info = substr($buf, $p, 12); |
55 | |
56 | my @info = unpack("CCCCCxxxN", $raw_info); |
57 | my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info; |
58 | |
59 | if ($id_type == 0) { |
60 | print STDERR "Found PGP key identifier\n"; |
61 | } elsif ($id_type == 1) { |
62 | print STDERR "Found X.509 cert identifier\n"; |
63 | } elsif ($id_type == 2) { |
64 | print STDERR "Found PKCS#7/CMS encapsulation\n"; |
65 | } else { |
66 | print STDERR "Found unsupported identifier type $id_type\n"; |
67 | } |
68 | |
69 | # |
70 | # Extract the three pieces of info data |
71 | # |
72 | die "Insufficient name+kid+sig data in file\n" |
73 | unless ($p >= $name_len + $kid_len + $sig_len); |
74 | |
75 | $p -= $sig_len; |
76 | my $raw_sig = substr($buf, $p, $sig_len); |
77 | $p -= $kid_len; |
78 | my $raw_kid = substr($buf, $p, $kid_len); |
79 | $p -= $name_len; |
80 | my $raw_name = substr($buf, $p, $name_len); |
81 | |
82 | my $module_len = $p; |
83 | |
84 | if ($sig_len > 0) { |
85 | print STDERR "Found $sig_len bytes of signature ["; |
86 | my $n = $sig_len > 16 ? 16 : $sig_len; |
87 | foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) { |
88 | printf STDERR "%02x", $i; |
89 | } |
90 | print STDERR "]\n"; |
91 | } |
92 | |
93 | if ($kid_len > 0) { |
94 | print STDERR "Found $kid_len bytes of key identifier ["; |
95 | my $n = $kid_len > 16 ? 16 : $kid_len; |
96 | foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) { |
97 | printf STDERR "%02x", $i; |
98 | } |
99 | print STDERR "]\n"; |
100 | } |
101 | |
102 | if ($name_len > 0) { |
103 | print STDERR "Found $name_len bytes of signer's name [$raw_name]\n"; |
104 | } |
105 | |
106 | # |
107 | # Produce the requested output |
108 | # |
109 | if ($part eq "-0") { |
110 | # The unsigned module, no signature data at all |
111 | binmode(STDOUT); |
112 | print substr($buf, 0, $module_len); |
113 | } elsif ($part eq "-a") { |
114 | # All of the signature data, including magic number |
115 | binmode(STDOUT); |
116 | print substr($buf, $module_len); |
117 | } elsif ($part eq "-d") { |
118 | # Just the descriptor values as a sequence of numbers |
119 | print join(" ", @info), "\n"; |
120 | } elsif ($part eq "-n") { |
121 | # Just the signer's name |
122 | print STDERR "No signer's name for PKCS#7 message type sig\n" |
123 | if ($id_type == 2); |
124 | binmode(STDOUT); |
125 | print $raw_name; |
126 | } elsif ($part eq "-k") { |
127 | # Just the key identifier |
128 | print STDERR "No key ID for PKCS#7 message type sig\n" |
129 | if ($id_type == 2); |
130 | binmode(STDOUT); |
131 | print $raw_kid; |
132 | } elsif ($part eq "-s") { |
133 | # Just the crypto signature or PKCS#7 message |
134 | binmode(STDOUT); |
135 | print $raw_sig; |
136 | } |
137 |