extract-module-sig.pl (3746B)
1#!/usr/bin/env perl 2# SPDX-License-Identifier: GPL-2.0 3# 4# extract-mod-sig <part> <module-file> 5# 6# Reads the module file and writes out some or all of the signature 7# section to stdout. Part is the bit to be written and is one of: 8# 9# -0: The unsigned module, no signature data at all 10# -a: All of the signature data, including magic number 11# -d: Just the descriptor values as a sequence of numbers 12# -n: Just the signer's name 13# -k: Just the key ID 14# -s: Just the crypto signature or PKCS#7 message 15# 16use warnings; 17use strict; 18 19die "Format: $0 -[0adnks] module-file >out\n" 20 if ($#ARGV != 1); 21 22my $part = $ARGV[0]; 23my $modfile = $ARGV[1]; 24 25my $magic_number = "~Module signature appended~\n"; 26 27# 28# Read the module contents 29# 30open FD, "<$modfile" || die $modfile; 31binmode(FD); 32my @st = stat(FD); 33die "$modfile" unless (@st); 34my $buf = ""; 35my $len = sysread(FD, $buf, $st[7]); 36die "$modfile" unless (defined($len)); 37die "Short read on $modfile\n" unless ($len == $st[7]); 38close(FD) || die $modfile; 39 40print STDERR "Read ", $len, " bytes from module file\n"; 41 42die "The file is too short to have a sig magic number and descriptor\n" 43 if ($len < 12 + length($magic_number)); 44 45# 46# Check for the magic number and extract the information block 47# 48my $p = $len - length($magic_number); 49my $raw_magic = substr($buf, $p); 50 51die "Magic number not found at $len\n" 52 if ($raw_magic ne $magic_number); 53print STDERR "Found magic number at $len\n"; 54 55$p -= 12; 56my $raw_info = substr($buf, $p, 12); 57 58my @info = unpack("CCCCCxxxN", $raw_info); 59my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info; 60 61if ($id_type == 0) { 62 print STDERR "Found PGP key identifier\n"; 63} elsif ($id_type == 1) { 64 print STDERR "Found X.509 cert identifier\n"; 65} elsif ($id_type == 2) { 66 print STDERR "Found PKCS#7/CMS encapsulation\n"; 67} else { 68 print STDERR "Found unsupported identifier type $id_type\n"; 69} 70 71# 72# Extract the three pieces of info data 73# 74die "Insufficient name+kid+sig data in file\n" 75 unless ($p >= $name_len + $kid_len + $sig_len); 76 77$p -= $sig_len; 78my $raw_sig = substr($buf, $p, $sig_len); 79$p -= $kid_len; 80my $raw_kid = substr($buf, $p, $kid_len); 81$p -= $name_len; 82my $raw_name = substr($buf, $p, $name_len); 83 84my $module_len = $p; 85 86if ($sig_len > 0) { 87 print STDERR "Found $sig_len bytes of signature ["; 88 my $n = $sig_len > 16 ? 16 : $sig_len; 89 foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) { 90 printf STDERR "%02x", $i; 91 } 92 print STDERR "]\n"; 93} 94 95if ($kid_len > 0) { 96 print STDERR "Found $kid_len bytes of key identifier ["; 97 my $n = $kid_len > 16 ? 16 : $kid_len; 98 foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) { 99 printf STDERR "%02x", $i; 100 } 101 print STDERR "]\n"; 102} 103 104if ($name_len > 0) { 105 print STDERR "Found $name_len bytes of signer's name [$raw_name]\n"; 106} 107 108# 109# Produce the requested output 110# 111if ($part eq "-0") { 112 # The unsigned module, no signature data at all 113 binmode(STDOUT); 114 print substr($buf, 0, $module_len); 115} elsif ($part eq "-a") { 116 # All of the signature data, including magic number 117 binmode(STDOUT); 118 print substr($buf, $module_len); 119} elsif ($part eq "-d") { 120 # Just the descriptor values as a sequence of numbers 121 print join(" ", @info), "\n"; 122} elsif ($part eq "-n") { 123 # Just the signer's name 124 print STDERR "No signer's name for PKCS#7 message type sig\n" 125 if ($id_type == 2); 126 binmode(STDOUT); 127 print $raw_name; 128} elsif ($part eq "-k") { 129 # Just the key identifier 130 print STDERR "No key ID for PKCS#7 message type sig\n" 131 if ($id_type == 2); 132 binmode(STDOUT); 133 print $raw_kid; 134} elsif ($part eq "-s") { 135 # Just the crypto signature or PKCS#7 message 136 binmode(STDOUT); 137 print $raw_sig; 138}