2 # SPDX-License-Identifier: GPL-2.0
4 # extract-mod-sig <part> <module-file>
6 # Reads the module file and writes out some or all of the signature
7 # section to stdout. Part is the bit to be written and is one of:
9 # -0: The unsigned module, no signature data at all
10 # -a: All of the signature data, including magic number
11 # -d: Just the descriptor values as a sequence of numbers
12 # -n: Just the signer's name
14 # -s: Just the crypto signature or PKCS#7 message
19 die "Format: $0 -[0adnks] module-file >out\n"
23 my $modfile = $ARGV[1];
25 my $magic_number = "~Module signature appended~\n";
28 # Read the module contents
30 open FD
, "<$modfile" || die $modfile;
33 die "$modfile" unless (@st);
35 my $len = sysread(FD
, $buf, $st[7]);
36 die "$modfile" unless (defined($len));
37 die "Short read on $modfile\n" unless ($len == $st[7]);
38 close(FD
) || die $modfile;
40 print STDERR
"Read ", $len, " bytes from module file\n";
42 die "The file is too short to have a sig magic number and descriptor\n"
43 if ($len < 12 + length($magic_number));
46 # Check for the magic number and extract the information block
48 my $p = $len - length($magic_number);
49 my $raw_magic = substr($buf, $p);
51 die "Magic number not found at $len\n"
52 if ($raw_magic ne $magic_number);
53 print STDERR
"Found magic number at $len\n";
56 my $raw_info = substr($buf, $p, 12);
58 my @info = unpack("CCCCCxxxN", $raw_info);
59 my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info;
62 print STDERR
"Found PGP key identifier\n";
63 } elsif ($id_type == 1) {
64 print STDERR
"Found X.509 cert identifier\n";
65 } elsif ($id_type == 2) {
66 print STDERR
"Found PKCS#7/CMS encapsulation\n";
68 print STDERR
"Found unsupported identifier type $id_type\n";
72 # Extract the three pieces of info data
74 die "Insufficient name+kid+sig data in file\n"
75 unless ($p >= $name_len + $kid_len + $sig_len);
78 my $raw_sig = substr($buf, $p, $sig_len);
80 my $raw_kid = substr($buf, $p, $kid_len);
82 my $raw_name = substr($buf, $p, $name_len);
87 print STDERR
"Found $sig_len bytes of signature [";
88 my $n = $sig_len > 16 ?
16 : $sig_len;
89 foreach my $i (unpack("C" x
$n, substr($raw_sig, 0, $n))) {
90 printf STDERR
"%02x", $i;
96 print STDERR
"Found $kid_len bytes of key identifier [";
97 my $n = $kid_len > 16 ?
16 : $kid_len;
98 foreach my $i (unpack("C" x
$n, substr($raw_kid, 0, $n))) {
99 printf STDERR
"%02x", $i;
105 print STDERR
"Found $name_len bytes of signer's name [$raw_name]\n";
109 # Produce the requested output
112 # The unsigned module, no signature data at all
114 print substr($buf, 0, $module_len);
115 } elsif ($part eq "-a") {
116 # All of the signature data, including magic number
118 print substr($buf, $module_len);
119 } elsif ($part eq "-d") {
120 # Just the descriptor values as a sequence of numbers
121 print join(" ", @info), "\n";
122 } elsif ($part eq "-n") {
123 # Just the signer's name
124 print STDERR
"No signer's name for PKCS#7 message type sig\n"
128 } elsif ($part eq "-k") {
129 # Just the key identifier
130 print STDERR
"No key ID for PKCS#7 message type sig\n"
134 } elsif ($part eq "-s") {
135 # Just the crypto signature or PKCS#7 message