1#!/usr/bin/env perl
2# SPDX-License-Identifier: GPL-2.0
3#
4# extract-mod-sig <part> <module-file>
5#
6# Reads the module file and writes out some or all of the signature
7# section to stdout.  Part is the bit to be written and is one of:
8#
9#  -0: The unsigned module, no signature data at all
10#  -a: All of the signature data, including magic number
11#  -d: Just the descriptor values as a sequence of numbers
12#  -n: Just the signer's name
13#  -k: Just the key ID
14#  -s: Just the crypto signature or PKCS#7 message
15#
16use warnings;
17use strict;
18
19die "Format: $0 -[0adnks] module-file >out\n"
20    if ($#ARGV != 1);
21
22my $part = $ARGV[0];
23my $modfile = $ARGV[1];
24
25my $magic_number = "~Module signature appended~\n";
26
27#
28# Read the module contents
29#
30open FD, "<$modfile" || die $modfile;
31binmode(FD);
32my @st = stat(FD);
33die "$modfile" unless (@st);
34my $buf = "";
35my $len = sysread(FD, $buf, $st[7]);
36die "$modfile" unless (defined($len));
37die "Short read on $modfile\n" unless ($len == $st[7]);
38close(FD) || die $modfile;
39
40print STDERR "Read ", $len, " bytes from module file\n";
41
42die "The file is too short to have a sig magic number and descriptor\n"
43    if ($len < 12 + length($magic_number));
44
45#
46# Check for the magic number and extract the information block
47#
48my $p = $len - length($magic_number);
49my $raw_magic = substr($buf, $p);
50
51die "Magic number not found at $len\n"
52    if ($raw_magic ne $magic_number);
53print STDERR "Found magic number at $len\n";
54
55$p -= 12;
56my $raw_info = substr($buf, $p, 12);
57
58my @info = unpack("CCCCCxxxN", $raw_info);
59my ($algo, $hash, $id_type, $name_len, $kid_len, $sig_len) = @info;
60
61if ($id_type == 0) {
62    print STDERR "Found PGP key identifier\n";
63} elsif ($id_type == 1) {
64    print STDERR "Found X.509 cert identifier\n";
65} elsif ($id_type == 2) {
66    print STDERR "Found PKCS#7/CMS encapsulation\n";
67} else {
68    print STDERR "Found unsupported identifier type $id_type\n";
69}
70
71#
72# Extract the three pieces of info data
73#
74die "Insufficient name+kid+sig data in file\n"
75    unless ($p >= $name_len + $kid_len + $sig_len);
76
77$p -= $sig_len;
78my $raw_sig = substr($buf, $p, $sig_len);
79$p -= $kid_len;
80my $raw_kid = substr($buf, $p, $kid_len);
81$p -= $name_len;
82my $raw_name = substr($buf, $p, $name_len);
83
84my $module_len = $p;
85
86if ($sig_len > 0) {
87    print STDERR "Found $sig_len bytes of signature [";
88    my $n = $sig_len > 16 ? 16 : $sig_len;
89    foreach my $i (unpack("C" x $n, substr($raw_sig, 0, $n))) {
90	printf STDERR "%02x", $i;
91    }
92    print STDERR "]\n";
93}
94
95if ($kid_len > 0) {
96    print STDERR "Found $kid_len bytes of key identifier [";
97    my $n = $kid_len > 16 ? 16 : $kid_len;
98    foreach my $i (unpack("C" x $n, substr($raw_kid, 0, $n))) {
99	printf STDERR "%02x", $i;
100    }
101    print STDERR "]\n";
102}
103
104if ($name_len > 0) {
105    print STDERR "Found $name_len bytes of signer's name [$raw_name]\n";
106}
107
108#
109# Produce the requested output
110#
111if ($part eq "-0") {
112    # The unsigned module, no signature data at all
113    binmode(STDOUT);
114    print substr($buf, 0, $module_len);
115} elsif ($part eq "-a") {
116    # All of the signature data, including magic number
117    binmode(STDOUT);
118    print substr($buf, $module_len);
119} elsif ($part eq "-d") {
120    # Just the descriptor values as a sequence of numbers
121    print join(" ", @info), "\n";
122} elsif ($part eq "-n") {
123    # Just the signer's name
124    print STDERR "No signer's name for PKCS#7 message type sig\n"
125	if ($id_type == 2);
126    binmode(STDOUT);
127    print $raw_name;
128} elsif ($part eq "-k") {
129    # Just the key identifier
130    print STDERR "No key ID for PKCS#7 message type sig\n"
131	if ($id_type == 2);
132    binmode(STDOUT);
133    print $raw_kid;
134} elsif ($part eq "-s") {
135    # Just the crypto signature or PKCS#7 message
136    binmode(STDOUT);
137    print $raw_sig;
138}
139