MODSIGN: Specify the hash algorithm on sign-file command line

MODSECKEY = ./signing_key.priv

MODPUBKEY = ./signing_key.x509

export MODPUBKEY

mod_sign_cmd = perl $(srctree)/scripts/sign-file $(MODSECKEY) $(MODPUBKEY)

mod_sign_cmd = perl $(srctree)/scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY)

else

mod_sign_cmd = true

endif

#

# Format:

#

#	./scripts/sign-file [-v] <key> <x509> <module> [<dest>]

#	./scripts/sign-file [-v] <hash algo> <key> <x509> <module> [<dest>]

#

#

use strict;

    shift;

}

die "Format: ./scripts/sign-file [-v] <key> <x509> <module> [<dest>]\n"

    if ($#ARGV != 2 && $#ARGV != 3);

die "Format: ./scripts/sign-file [-v] <hash algo> <key> <x509> <module> [<dest>]\n"

    if ($#ARGV != 3 && $#ARGV != 4);

my $private_key = $ARGV[0];

my $x509 = $ARGV[1];

my $module = $ARGV[2];

my $dest = ($#ARGV == 3) ? $ARGV[3] : $ARGV[2] . "~";

my $dgst = $ARGV[0];

my $private_key = $ARGV[1];

my $x509 = $ARGV[2];

my $module = $ARGV[3];

my $dest = ($#ARGV == 4) ? $ARGV[4] : $ARGV[3] . "~";

die "Can't read private key\n" unless (-r $private_key);

die "Can't read X.509 certificate\n" unless (-r $x509);

die "Can't read module\n" unless (-r $module);

#

# Read the kernel configuration

#

my %config = (

    CONFIG_MODULE_SIG_SHA512 => 1

    );

if (-r ".config") {

    open(FD, "<.config") || die ".config";

    while (<FD>) {

	if ($_ =~ /^(CONFIG_.*)=[ym]/) {

	    $config{$1} = 1;

	}

    }

    close(FD);

}

#

# Function to read the contents of a file into a variable.

#

#

# Digest the data

#

my ($dgst, $prologue) = ();

if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {

my $prologue;

if ($dgst eq "sha1") {

    $prologue = pack("C*",

		     0x30, 0x21, 0x30, 0x09, 0x06, 0x05,

		     0x2B, 0x0E, 0x03, 0x02, 0x1A,

		     0x05, 0x00, 0x04, 0x14);

    $dgst = "-sha1";

    $hash = 2;

} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {

} elsif ($dgst eq "sha224") {

    $prologue = pack("C*",

		     0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,

		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,

		     0x05, 0x00, 0x04, 0x1C);

    $dgst = "-sha224";

    $hash = 7;

} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {

} elsif ($dgst eq "sha256") {

    $prologue = pack("C*",

		     0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,

		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,

		     0x05, 0x00, 0x04, 0x20);

    $dgst = "-sha256";

    $hash = 4;

} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {

} elsif ($dgst eq "sha384") {

    $prologue = pack("C*",

		     0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,

		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,

		     0x05, 0x00, 0x04, 0x30);

    $dgst = "-sha384";

    $hash = 5;

} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {

} elsif ($dgst eq "sha512") {

    $prologue = pack("C*",

		     0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,

		     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,

		     0x05, 0x00, 0x04, 0x40);

    $dgst = "-sha512";

    $hash = 6;

} else {

    die "Can't determine hash algorithm";

    die "Unknown hash algorithm: $dgst\n";

}

#

# Generate the digest and read from openssl's stdout

#

my $digest;

$digest = readpipe("openssl dgst $dgst -binary $module") || die "openssl dgst";

$digest = readpipe("openssl dgst -$dgst -binary $module") || die "openssl dgst";

#

# Generate the binary signature, which will be just the integer that comprises