Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> --- scripts/sign-file | 57 ++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 17 deletions(-) diff --git a/scripts/sign-file b/scripts/sign-file index 87ca59d..45c771d 100755 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -4,21 +4,31 @@ # # Format: # -# ./scripts/sign-file [-v] <key> <x509> <module> [<dest>] +# ./scripts/sign-file [-v] [-a algo] <key> <x509> <module> [<dest>] # # use strict; use FileHandle; use IPC::Open2; +use Getopt::Long; -my $verbose = 0; -if ($#ARGV >= 0 && $ARGV[0] eq "-v") { - $verbose = 1; - shift; +sub usage() +{ + print "Format: ./scripts/sign-file [options] <key> <x509> <module> [<dest>] + -v verbose output + -a algo specify hash algorithm +"; + exit; } -die "Format: ./scripts/sign-file [-v] <key> <x509> <module> [<dest>]\n" - if ($#ARGV != 2 && $#ARGV != 3); +my $verbose = 0; +my $hashalgo = ""; + +GetOptions( + 'v|verbose' => \$verbose, + 'a|algo=s' => \$hashalgo) || usage(); + +usage() if ($#ARGV != 2 && $#ARGV != 3); my $private_key = $ARGV[0]; my $x509 = $ARGV[1]; @@ -32,10 +42,7 @@ die "Can't read module\n" unless (-r $module); # # Read the kernel configuration # -my %config = ( - CONFIG_MODULE_SIG_SHA512 => 1 - ); - +my %config; if (-r ".config") { open(FD, "<.config") || die ".config"; while (<FD>) { @@ -46,6 +53,22 @@ if (-r ".config") { close(FD); } +if ($hashalgo eq "") { + if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { + $hashalgo="sha1"; + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) { + $hashalgo="sha224"; + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) { + $hashalgo="sha256"; + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) { + $hashalgo="sha384"; + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) { + $hashalgo="sha512"; + } else { + die "Can't determine hash algorithm"; + } +} + # # Function to read the contents of a file into a variable. # @@ -322,35 +345,35 @@ my $id_type = 1; # Identifier type: X.509 # Digest the data # my ($dgst, $prologue) = (); -if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { +if ($hashalgo eq "sha1") { $prologue = pack("C*", 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14); $dgst = "-sha1"; $hash = 2; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) { +} elsif ($hashalgo eq "sha224") { $prologue = pack("C*", 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04, 0x1C); $dgst = "-sha224"; $hash = 7; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) { +} elsif ($hashalgo eq "sha256") { $prologue = pack("C*", 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20); $dgst = "-sha256"; $hash = 4; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) { +} elsif ($hashalgo eq "sha384") { $prologue = pack("C*", 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30); $dgst = "-sha384"; $hash = 5; -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) { +} elsif ($hashalgo eq "sha512") { $prologue = pack("C*", 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, @@ -358,7 +381,7 @@ if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { $dgst = "-sha512"; $hash = 6; } else { - die "Can't determine hash algorithm"; + die "Invalid hash algorithm $hashalgo"; } # -- 1.8.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html