1#!/usr/bin/perl -w
2#
3# extract-mod-sig <part> <module-file>
4#
5# Reads the module file and writes out some or all of the signature
6# section to stdout.  Part is the bit to be written and is one of:
7#
8#  -0: The unsigned module, no signature data at all
9#  -a: All of the signature data, including magic number
10#  -d: Just the descriptor values as a sequence of numbers
11#  -n: Just the signer's name
12#  -k: Just the key ID
13#  -s: Just the crypto signature or PKCS#7 message
14#
15use strict;
16
17die "Format: $0 -[0adnks] module-file >out\n"
18    if ($#ARGV != 1);
19
20my $part = $ARGV[0];
21my $modfile = $ARGV[1];
22
23my $magic_number = "~Module signature appended~\n";
24
25#
26# Read the module contents
27#
28open FD, "<$modfile" || die $modfile;
29binmode(FD);
30my @st = stat(FD);
31die "$modfile" unless (@st);
32my $buf = "";
33my $len = sysread(FD, $buf, $st[7]);
34die "$modfile" unless (defined($len));
35die "Short read on $modfile\n" unless ($len == $st[7]);
36close(FD) || die $modfile;
37
38print STDERR "Read ", $len, " bytes from module file\n";
39
40die "The file is too short to have a sig magic number and descriptor\n"
41    if ($len < 12 + length($magic_number));
42
43#
44# Check for the magic number and extract the information block
45#
46my $p = $len - length($magic_number);
47my $raw_magic = substr($buf, $p);
48
49die "Magic number not found at $len\n"
50    if ($raw_magic ne $magic_number);
51print STDERR "Found magic number at $len\n";
52
53$p -= 12;
54my $raw_info = substr($buf, $p, 12);
55
56my @info = unpack("CCCCCxxxN", $raw_info);
57my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info;
58
59if ($id_type == 0) {
60    print STDERR "Found PGP key identifier\n";
61} elsif ($id_type == 1) {
62    print STDERR "Found X.509 cert identifier\n";
63} elsif ($id_type == 2) {
64    print STDERR "Found PKCS#7/CMS encapsulation\n";
65} else {
66    print STDERR "Found unsupported identifier type $id_type\n";
67}
68
69#
70# Extract the three pieces of info data
71#
72die "Insufficient name+kid+sig data in file\n"
73    unless ($p >= $name_len + $kid_len + $sig_len);
74
75$p -= $sig_len;
76my $raw_sig = substr($buf, $p, $sig_len);
77$p -= $kid_len;
78my $raw_kid = substr($buf, $p, $kid_len);
79$p -= $name_len;
80my $raw_name = substr($buf, $p, $name_len);
81
82my $module_len = $p;
83
84if ($sig_len > 0) {
85    print STDERR "Found $sig_len bytes of signature [";
86    my $n = $sig_len > 16 ? 16 : $sig_len;
87    foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) {
88	printf STDERR "%02x", $i;
89    }
90    print STDERR "]\n";
91}
92
93if ($kid_len > 0) {
94    print STDERR "Found $kid_len bytes of key identifier [";
95    my $n = $kid_len > 16 ? 16 : $kid_len;
96    foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) {
97	printf STDERR "%02x", $i;
98    }
99    print STDERR "]\n";
100}
101
102if ($name_len > 0) {
103    print STDERR "Found $name_len bytes of signer's name [$raw_name]\n";
104}
105
106#
107# Produce the requested output
108#
109if ($part eq "-0") {
110    # The unsigned module, no signature data at all
111    binmode(STDOUT);
112    print substr($buf, 0, $module_len);
113} elsif ($part eq "-a") {
114    # All of the signature data, including magic number
115    binmode(STDOUT);
116    print substr($buf, $module_len);
117} elsif ($part eq "-d") {
118    # Just the descriptor values as a sequence of numbers
119    print join(" ", @info), "\n";
120} elsif ($part eq "-n") {
121    # Just the signer's name
122    print STDERR "No signer's name for PKCS#7 message type sig\n"
123	if ($id_type == 2);
124    binmode(STDOUT);
125    print $raw_name;
126} elsif ($part eq "-k") {
127    # Just the key identifier
128    print STDERR "No key ID for PKCS#7 message type sig\n"
129	if ($id_type == 2);
130    binmode(STDOUT);
131    print $raw_kid;
132} elsif ($part eq "-s") {
133    # Just the crypto signature or PKCS#7 message
134    binmode(STDOUT);
135    print $raw_sig;
136}
137