[PATCH RFC 1/4] scripts/sign-file: Allow specifying hash algorithm via -a option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
---
 scripts/sign-file | 57 ++++++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 40 insertions(+), 17 deletions(-)

diff --git a/scripts/sign-file b/scripts/sign-file
index 87ca59d..45c771d 100755
--- a/scripts/sign-file
+++ b/scripts/sign-file
@@ -4,21 +4,31 @@
 #
 # Format:
 #
-#	./scripts/sign-file [-v] <key> <x509> <module> [<dest>]
+#	./scripts/sign-file [-v] [-a algo] <key> <x509> <module> [<dest>]
 #
 #
 use strict;
 use FileHandle;
 use IPC::Open2;
+use Getopt::Long;
 
-my $verbose = 0;
-if ($#ARGV >= 0 && $ARGV[0] eq "-v") {
-    $verbose = 1;
-    shift;
+sub usage()
+{
+    print "Format: ./scripts/sign-file [options] <key> <x509> <module> [<dest>]
+    -v       verbose output
+    -a algo  specify hash algorithm
+";
+    exit;
 }
 
-die "Format: ./scripts/sign-file [-v] <key> <x509> <module> [<dest>]\n"
-    if ($#ARGV != 2 && $#ARGV != 3);
+my $verbose = 0;
+my $hashalgo = "";
+
+GetOptions(
+    'v|verbose' => \$verbose,
+    'a|algo=s' => \$hashalgo) || usage();
+
+usage() if ($#ARGV != 2 && $#ARGV != 3);
 
 my $private_key = $ARGV[0];
 my $x509 = $ARGV[1];
@@ -32,10 +42,7 @@ die "Can't read module\n" unless (-r $module);
 #
 # Read the kernel configuration
 #
-my %config = (
-    CONFIG_MODULE_SIG_SHA512 => 1
-    );
-
+my %config;
 if (-r ".config") {
     open(FD, "<.config") || die ".config";
     while (<FD>) {
@@ -46,6 +53,22 @@ if (-r ".config") {
     close(FD);
 }
 
+if ($hashalgo eq "") {
+    if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
+	$hashalgo="sha1";
+    } elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {
+	$hashalgo="sha224";
+    } elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {
+	$hashalgo="sha256";
+    } elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {
+	$hashalgo="sha384";
+    } elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {
+	$hashalgo="sha512";
+    } else {
+	die "Can't determine hash algorithm";
+    }
+}
+
 #
 # Function to read the contents of a file into a variable.
 #
@@ -322,35 +345,35 @@ my $id_type = 1;	# Identifier type: X.509
 # Digest the data
 #
 my ($dgst, $prologue) = ();
-if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
+if ($hashalgo eq "sha1") {
     $prologue = pack("C*",
 		     0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
 		     0x2B, 0x0E, 0x03, 0x02, 0x1A,
 		     0x05, 0x00, 0x04, 0x14);
     $dgst = "-sha1";
     $hash = 2;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {
+} elsif ($hashalgo eq "sha224") {
     $prologue = pack("C*",
 		     0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
 		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
 		     0x05, 0x00, 0x04, 0x1C);
     $dgst = "-sha224";
     $hash = 7;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {
+} elsif ($hashalgo eq "sha256") {
     $prologue = pack("C*",
 		     0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
 		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
 		     0x05, 0x00, 0x04, 0x20);
     $dgst = "-sha256";
     $hash = 4;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {
+} elsif ($hashalgo eq "sha384") {
     $prologue = pack("C*",
 		     0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
 		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
 		     0x05, 0x00, 0x04, 0x30);
     $dgst = "-sha384";
     $hash = 5;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {
+} elsif ($hashalgo eq "sha512") {
     $prologue = pack("C*",
 		     0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
 		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
@@ -358,7 +381,7 @@ if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
     $dgst = "-sha512";
     $hash = 6;
 } else {
-    die "Can't determine hash algorithm";
+    die "Invalid hash algorithm $hashalgo";
 }
 
 #
-- 
1.8.0

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux