From: Takashi Iwai
Git-commit: Not yet, reviewing
Patch-mainline: Not yet, reviewing
Target: openSUSE 12.3
Add a new option -a to sign-file for specifying the hash algorithm
to sign a file, to make it working without .config file.
This will be useful signing external module or firmware files.
Signed-off-by: Takashi Iwai
Acked-by: Lee, Chun-Yi
---
scripts/sign-file | 40 ++++++++++++++++++++++++++++------------
1 file changed, 28 insertions(+), 12 deletions(-)
--- a/scripts/sign-file
+++ b/scripts/sign-file
@@ -4,7 +4,7 @@
#
# Format:
#
-# ./scripts/sign-file [-v] [-f] <key> <x509> <module> [<dest>]
+# ./scripts/sign-file [-v] [-f] [-a algo] <key> <x509> <module> [<dest>]
#
#
use strict;
@@ -17,16 +17,19 @@ sub usage()
print "Format: ./scripts/sign-file [options] <key> <x509> <module> [<dest>]
-v verbose output
-f create a firmware signature file
+ -a algo specify hash algorithm
";
exit;
}
my $verbose = 0;
+my $hashalgo = "";
my $sign_fw = 0;
GetOptions(
'v|verbose' => \$verbose,
- 'f|firmware' => \$sign_fw) || usage();
+ 'f|firmware' => \$sign_fw,
+ 'a|algo=s' => \$hashalgo) || usage();
usage() if ($#ARGV != 2 && $#ARGV != 3);
my $private_key = $ARGV[0];
@@ -42,10 +45,7 @@ die "Can't read $mode_name\n" unless (-r
#
# Read the kernel configuration
#
-my %config = (
- CONFIG_MODULE_SIG_SHA512 => 1
- );
-
+my %config;
if (-r ".config") {
open(FD, "<.config") || die ".config";
while (<FD>) {
@@ -56,6 +56,22 @@ if (-r ".config") {
close(FD);
}
+if ($hashalgo eq "") {
+ if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
+ $hashalgo="sha1";
+ } elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {
+ $hashalgo="sha224";
+ } elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {
+ $hashalgo="sha256";
+ } elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {
+ $hashalgo="sha384";
+ } elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {
+ $hashalgo="sha512";
+ } else {
+ die "Can't determine hash algorithm";
+ }
+}
+
#
# Function to read the contents of a file into a variable.
#
@@ -332,35 +348,35 @@ my $id_type = 1; # Identifier type: X.50
# Digest the data
#
my ($dgst, $prologue) = ();
-if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
+if ($hashalgo eq "sha1") {
$prologue = pack("C*",
0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2B, 0x0E, 0x03, 0x02, 0x1A,
0x05, 0x00, 0x04, 0x14);
$dgst = "-sha1";
$hash = 2;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {
+} elsif ($hashalgo eq "sha224") {
$prologue = pack("C*",
0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
0x05, 0x00, 0x04, 0x1C);
$dgst = "-sha224";
$hash = 7;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {
+} elsif ($hashalgo eq "sha256") {
$prologue = pack("C*",
0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
0x05, 0x00, 0x04, 0x20);
$dgst = "-sha256";
$hash = 4;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {
+} elsif ($hashalgo eq "sha384") {
$prologue = pack("C*",
0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
0x05, 0x00, 0x04, 0x30);
$dgst = "-sha384";
$hash = 5;
-} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {
+} elsif ($hashalgo eq "sha512") {
$prologue = pack("C*",
0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
@@ -368,7 +384,7 @@ if (exists $config{"CONFIG_MODULE_SIG_SH
$dgst = "-sha512";
$hash = 6;
} else {
- die "Can't determine hash algorithm";
+ die "Invalid hash algorithm $hashalgo";
}
#
--
To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org