int main(int argc, char **argv) {
char *NSSConfigDir = NULL;
const char *certNames[MAX_SIGNATURES];
char *MARChannelID = MAR_CHANNEL_ID;
char *productVersion = MOZ_APP_VERSION;
uint32_t i, k;
int rv = -1;
uint32_t certCount = 0;
int32_t sigIndex = -1;
#if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY)
HANDLE certFile;
/* We use DWORD here instead of uint64_t because it simplifies code with
the Win32 API ReadFile which takes a DWORD. DER files will not be too
large anyway. */
DWORD fileSizes[MAX_SIGNATURES];
DWORD read;
uint8_t *certBuffers[MAX_SIGNATURES];
char *DERFilePaths[MAX_SIGNATURES];
#endif
memset(certNames, 0, sizeof(certNames));
#if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY)
memset(fileSizes, 0, sizeof(fileSizes));
memset(certBuffers, 0, sizeof(certBuffers));
memset(DERFilePaths, 0, sizeof(DERFilePaths));
#endif
if (argc > 1 && 0 == strcmp(argv[1], "--version")) {
print_version();
return 0;
}
if (argc < 3) {
print_usage();
return -1;
}
while (argc > 0) {
if (argv[1][0] == '-' && (argv[1][1] == 'c' ||
argv[1][1] == 't' || argv[1][1] == 'x' ||
argv[1][1] == 'v' || argv[1][1] == 's' ||
argv[1][1] == 'i' || argv[1][1] == 'T' ||
argv[1][1] == 'r' || argv[1][1] == 'X' ||
argv[1][1] == 'I')) {
break;
/* -C workingdirectory */
} else if (argv[1][0] == '-' && argv[1][1] == 'C') {
chdir(argv[2]);
argv += 2;
argc -= 2;
}
#if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY)
/* -D DERFilePath, also matches -D[index] DERFilePath
We allow an index for verifying to be symmetric
with the import and export command line arguments. */
else if (argv[1][0] == '-' &&
argv[1][1] == 'D' &&
(argv[1][2] == '0' + certCount || argv[1][2] == '\0')) {
if (certCount >= MAX_SIGNATURES) {
print_usage();
return -1;
}
DERFilePaths[certCount++] = argv[2];
argv += 2;
argc -= 2;
}
#endif
/* -d NSSConfigdir */
else if (argv[1][0] == '-' && argv[1][1] == 'd') {
NSSConfigDir = argv[2];
argv += 2;
argc -= 2;
/* -n certName, also matches -n[index] certName
We allow an index for verifying to be symmetric
with the import and export command line arguments. */
} else if (argv[1][0] == '-' &&
argv[1][1] == 'n' &&
(argv[1][2] == '0' + certCount ||
argv[1][2] == '\0' ||
!strcmp(argv[2], "-X") ||
!strcmp(argv[2], "-I"))) {
if (certCount >= MAX_SIGNATURES) {
print_usage();
return -1;
}
certNames[certCount++] = argv[2];
if (strlen(argv[1]) > 2 &&
(!strcmp(argv[2], "-X") || !strcmp(argv[2], "-I")) &&
argv[1][2] >= '0' && argv[1][2] <= '9') {
sigIndex = argv[1][2] - '0';
argv++;
argc--;
} else {
argv += 2;
argc -= 2;
}
/* MAR channel ID */
} else if (argv[1][0] == '-' && argv[1][1] == 'H') {
MARChannelID = argv[2];
argv += 2;
argc -= 2;
/* Product Version */
} else if (argv[1][0] == '-' && argv[1][1] == 'V') {
productVersion = argv[2];
argv += 2;
argc -= 2;
}
else {
print_usage();
return -1;
}
}
if (argv[1][0] != '-') {
print_usage();
return -1;
}
switch (argv[1][1]) {
case 'c': {
struct ProductInformationBlock infoBlock;
infoBlock.MARChannelID = MARChannelID;
infoBlock.productVersion = productVersion;
return mar_create(argv[2], argc - 3, argv + 3, &infoBlock);
}
case 'i': {
struct ProductInformationBlock infoBlock;
infoBlock.MARChannelID = MARChannelID;
infoBlock.productVersion = productVersion;
return refresh_product_info_block(argv[2], &infoBlock);
}
case 'T': {
struct ProductInformationBlock infoBlock;
uint32_t numSignatures, numAdditionalBlocks;
int hasSignatureBlock, hasAdditionalBlock;
if (!get_mar_file_info(argv[2],
&hasSignatureBlock,
&numSignatures,
&hasAdditionalBlock,
NULL, &numAdditionalBlocks)) {
if (hasSignatureBlock) {
printf("Signature block found with %d signature%s\n",
numSignatures,
numSignatures != 1 ? "s" : "");
}
if (hasAdditionalBlock) {
printf("%d additional block%s found:\n",
numAdditionalBlocks,
numAdditionalBlocks != 1 ? "s" : "");
}
rv = read_product_info_block(argv[2], &infoBlock);
if (!rv) {
printf(" - Product Information Block:\n");
printf(" - MAR channel name: %s\n"
" - Product version: %s\n",
infoBlock.MARChannelID,
infoBlock.productVersion);
free((void *)infoBlock.MARChannelID);
free((void *)infoBlock.productVersion);
}
}
printf("\n");
/* The fall through from 'T' to 't' is intentional */
}
case 't':
return mar_test(argv[2]);
/* Extract a MAR file */
case 'x':
return mar_extract(argv[2]);
#ifndef NO_SIGN_VERIFY
/* Extract a MAR signature */
case 'X':
if (sigIndex == -1) {
fprintf(stderr, "ERROR: Signature index was not passed.\n");
return -1;
}
if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) {
fprintf(stderr, "ERROR: Signature index is out of range: %d.\n",
sigIndex);
return -1;
}
return extract_signature(argv[2], sigIndex, argv[3]);
/* Import a MAR signature */
case 'I':
if (sigIndex == -1) {
fprintf(stderr, "ERROR: signature index was not passed.\n");
return -1;
}
if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) {
fprintf(stderr, "ERROR: Signature index is out of range: %d.\n",
sigIndex);
return -1;
}
if (argc < 5) {
print_usage();
return -1;
}
return import_signature(argv[2], sigIndex, argv[3], argv[4]);
case 'v':
#if defined(XP_WIN) && !defined(MAR_NSS)
if (certCount == 0) {
print_usage();
return -1;
}
for (k = 0; k < certCount; ++k) {
/* If the mar program was built using CryptoAPI, then read in the buffer
containing the cert from disk. */
certFile = CreateFileA(DERFilePaths[k], GENERIC_READ,
FILE_SHARE_READ |
FILE_SHARE_WRITE |
FILE_SHARE_DELETE,
NULL,
OPEN_EXISTING,
0, NULL);
if (INVALID_HANDLE_VALUE == certFile) {
return -1;
}
fileSizes[k] = GetFileSize(certFile, NULL);
certBuffers[k] = malloc(fileSizes[k]);
if (!ReadFile(certFile, certBuffers[k], fileSizes[k], &read, NULL) ||
fileSizes[k] != read) {
CloseHandle(certFile);
for (i = 0; i <= k; i++) {
free(certBuffers[i]);
}
return -1;
}
CloseHandle(certFile);
}
rv = mar_verify_signatures(argv[2], certBuffers, fileSizes,
NULL, certCount);
for (k = 0; k < certCount; ++k) {
free(certBuffers[k]);
}
if (rv) {
/* Determine if the source MAR file has the new fields for signing */
int hasSignatureBlock;
if (get_mar_file_info(argv[2], &hasSignatureBlock,
NULL, NULL, NULL, NULL)) {
fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n");
} else if (!hasSignatureBlock) {
fprintf(stderr, "ERROR: The MAR file is in the old format so has"
" no signature to verify.\n");
}
return -1;
}
return 0;
#else
if (!NSSConfigDir || certCount == 0) {
print_usage();
return -1;
}
if (NSSInitCryptoContext(NSSConfigDir)) {
fprintf(stderr, "ERROR: Could not initialize crypto library.\n");
return -1;
}
return mar_verify_signatures(argv[2], NULL, 0,
certNames, certCount);
#endif /* defined(XP_WIN) && !defined(MAR_NSS) */
case 's':
if (!NSSConfigDir || certCount == 0 || argc < 4) {
print_usage();
return -1;
}
return mar_repackage_and_sign(NSSConfigDir, certNames, certCount,
argv[2], argv[3]);
case 'r':
return strip_signature_block(argv[2], argv[3]);
#endif /* endif NO_SIGN_VERIFY disabled */
default:
print_usage();
return -1;
}
return 0;
}
int main(int argc, char **argv) {
char *NSSConfigDir = NULL;
const char *certNames[MAX_SIGNATURES];
char *MARChannelID = MAR_CHANNEL_ID;
char *productVersion = MOZ_APP_VERSION;
uint32_t k;
int rv = -1;
uint32_t certCount = 0;
int32_t sigIndex = -1;
#if !defined(NO_SIGN_VERIFY)
uint32_t fileSizes[MAX_SIGNATURES];
const uint8_t* certBuffers[MAX_SIGNATURES];
char* DERFilePaths[MAX_SIGNATURES];
#if (!defined(XP_WIN) && !defined(XP_MACOSX)) || defined(MAR_NSS)
CERTCertificate* certs[MAX_SIGNATURES];
#endif
#endif
memset((void*)certNames, 0, sizeof(certNames));
#if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY)
memset((void*)certBuffers, 0, sizeof(certBuffers));
#endif
#if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \
defined(XP_MACOSX))
memset(DERFilePaths, 0, sizeof(DERFilePaths));
memset(fileSizes, 0, sizeof(fileSizes));
#endif
if (argc > 1 && 0 == strcmp(argv[1], "--version")) {
print_version();
return 0;
}
if (argc < 3) {
print_usage();
return -1;
}
while (argc > 0) {
if (argv[1][0] == '-' && (argv[1][1] == 'c' ||
argv[1][1] == 't' || argv[1][1] == 'x' ||
argv[1][1] == 'v' || argv[1][1] == 's' ||
argv[1][1] == 'i' || argv[1][1] == 'T' ||
argv[1][1] == 'r' || argv[1][1] == 'X' ||
argv[1][1] == 'I')) {
break;
/* -C workingdirectory */
} else if (argv[1][0] == '-' && argv[1][1] == 'C') {
if (chdir(argv[2]) != 0) {
return -1;
}
argv += 2;
argc -= 2;
}
#if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \
defined(XP_MACOSX))
/* -D DERFilePath, also matches -D[index] DERFilePath
We allow an index for verifying to be symmetric
with the import and export command line arguments. */
else if (argv[1][0] == '-' &&
argv[1][1] == 'D' &&
(argv[1][2] == (char)('0' + certCount) || argv[1][2] == '\0')) {
if (certCount >= MAX_SIGNATURES) {
print_usage();
return -1;
}
DERFilePaths[certCount++] = argv[2];
argv += 2;
argc -= 2;
}
#endif
/* -d NSSConfigdir */
else if (argv[1][0] == '-' && argv[1][1] == 'd') {
NSSConfigDir = argv[2];
argv += 2;
argc -= 2;
/* -n certName, also matches -n[index] certName
We allow an index for verifying to be symmetric
with the import and export command line arguments. */
} else if (argv[1][0] == '-' &&
argv[1][1] == 'n' &&
(argv[1][2] == (char)('0' + certCount) ||
argv[1][2] == '\0' ||
!strcmp(argv[2], "-X") ||
!strcmp(argv[2], "-I"))) {
if (certCount >= MAX_SIGNATURES) {
print_usage();
return -1;
}
certNames[certCount++] = argv[2];
if (strlen(argv[1]) > 2 &&
(!strcmp(argv[2], "-X") || !strcmp(argv[2], "-I")) &&
argv[1][2] >= '0' && argv[1][2] <= '9') {
sigIndex = argv[1][2] - '0';
argv++;
argc--;
} else {
argv += 2;
argc -= 2;
}
/* MAR channel ID */
} else if (argv[1][0] == '-' && argv[1][1] == 'H') {
MARChannelID = argv[2];
argv += 2;
argc -= 2;
/* Product Version */
} else if (argv[1][0] == '-' && argv[1][1] == 'V') {
productVersion = argv[2];
argv += 2;
argc -= 2;
}
else {
print_usage();
return -1;
}
}
if (argv[1][0] != '-') {
print_usage();
return -1;
}
switch (argv[1][1]) {
case 'c': {
struct ProductInformationBlock infoBlock;
infoBlock.MARChannelID = MARChannelID;
infoBlock.productVersion = productVersion;
return mar_create(argv[2], argc - 3, argv + 3, &infoBlock);
}
case 'i': {
struct ProductInformationBlock infoBlock;
infoBlock.MARChannelID = MARChannelID;
infoBlock.productVersion = productVersion;
return refresh_product_info_block(argv[2], &infoBlock);
}
case 'T': {
struct ProductInformationBlock infoBlock;
uint32_t numSignatures, numAdditionalBlocks;
int hasSignatureBlock, hasAdditionalBlock;
if (!get_mar_file_info(argv[2],
&hasSignatureBlock,
&numSignatures,
&hasAdditionalBlock,
NULL, &numAdditionalBlocks)) {
if (hasSignatureBlock) {
printf("Signature block found with %d signature%s\n",
numSignatures,
numSignatures != 1 ? "s" : "");
}
if (hasAdditionalBlock) {
printf("%d additional block%s found:\n",
numAdditionalBlocks,
numAdditionalBlocks != 1 ? "s" : "");
}
rv = read_product_info_block(argv[2], &infoBlock);
if (!rv) {
printf(" - Product Information Block:\n");
printf(" - MAR channel name: %s\n"
" - Product version: %s\n",
infoBlock.MARChannelID,
infoBlock.productVersion);
free((void *)infoBlock.MARChannelID);
free((void *)infoBlock.productVersion);
}
}
printf("\n");
/* The fall through from 'T' to 't' is intentional */
}
case 't':
return mar_test(argv[2]);
/* Extract a MAR file */
case 'x':
return mar_extract(argv[2]);
#ifndef NO_SIGN_VERIFY
/* Extract a MAR signature */
case 'X':
if (sigIndex == -1) {
fprintf(stderr, "ERROR: Signature index was not passed.\n");
return -1;
}
if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) {
fprintf(stderr, "ERROR: Signature index is out of range: %d.\n",
sigIndex);
return -1;
}
return extract_signature(argv[2], sigIndex, argv[3]);
/* Import a MAR signature */
case 'I':
if (sigIndex == -1) {
fprintf(stderr, "ERROR: signature index was not passed.\n");
return -1;
}
if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) {
fprintf(stderr, "ERROR: Signature index is out of range: %d.\n",
sigIndex);
return -1;
}
if (argc < 5) {
print_usage();
return -1;
}
return import_signature(argv[2], sigIndex, argv[3], argv[4]);
case 'v':
if (certCount == 0) {
print_usage();
return -1;
}
#if (!defined(XP_WIN) && !defined(XP_MACOSX)) || defined(MAR_NSS)
if (!NSSConfigDir || certCount == 0) {
print_usage();
return -1;
}
if (NSSInitCryptoContext(NSSConfigDir)) {
fprintf(stderr, "ERROR: Could not initialize crypto library.\n");
return -1;
}
#endif
rv = 0;
for (k = 0; k < certCount; ++k) {
#if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
rv = mar_read_entire_file(DERFilePaths[k], MAR_MAX_CERT_SIZE,
&certBuffers[k], &fileSizes[k]);
#else
/* It is somewhat circuitous to look up a CERTCertificate and then pass
* in its DER encoding just so we can later re-create that
* CERTCertificate to extract the public key out of it. However, by doing
* things this way, we maximize the reuse of the mar_verify_signatures
* function and also we keep the control flow as similar as possible
* between programs and operating systems, at least for the functions
* that are critically important to security.
*/
certs[k] = PK11_FindCertFromNickname(certNames[k], NULL);
if (certs[k]) {
certBuffers[k] = certs[k]->derCert.data;
fileSizes[k] = certs[k]->derCert.len;
} else {
rv = -1;
}
#endif
if (rv) {
fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]);
break;
}
}
if (!rv) {
MarFile *mar = mar_open(argv[2]);
if (mar) {
rv = mar_verify_signatures(mar, certBuffers, fileSizes, certCount);
mar_close(mar);
} else {
fprintf(stderr, "ERROR: Could not open MAR file.\n");
rv = -1;
}
}
for (k = 0; k < certCount; ++k) {
#if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS)
free((void*)certBuffers[k]);
#else
/* certBuffers[k] is owned by certs[k] so don't free it */
CERT_DestroyCertificate(certs[k]);
#endif
}
if (rv) {
/* Determine if the source MAR file has the new fields for signing */
int hasSignatureBlock;
if (get_mar_file_info(argv[2], &hasSignatureBlock,
NULL, NULL, NULL, NULL)) {
fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n");
} else if (!hasSignatureBlock) {
fprintf(stderr, "ERROR: The MAR file is in the old format so has"
" no signature to verify.\n");
}
return -1;
}
return 0;
case 's':
if (!NSSConfigDir || certCount == 0 || argc < 4) {
print_usage();
return -1;
}
return mar_repackage_and_sign(NSSConfigDir, certNames, certCount,
argv[2], argv[3]);
case 'r':
return strip_signature_block(argv[2], argv[3]);
#endif /* endif NO_SIGN_VERIFY disabled */
default:
print_usage();
return -1;
}
}
int
main(int argc, char *argv[])
{
int rc;
pesign_context ctx, *ctxp = &ctx;
int list = 0;
int remove = 0;
char *digest_name = "sha256";
poptContext optCon;
struct poptOption options[] = {
{NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" },
{"in", 'i', POPT_ARG_STRING, &ctx.infile, 0,
"specify input file", "<infile>"},
{"out", 'o', POPT_ARG_STRING, &ctx.outfile, 0,
"specify output file", "<outfile>" },
{"certficate", 'c', POPT_ARG_STRING, &ctx.cms_ctx.certname, 0,
"specify certificate nickname",
"<certificate nickname>" },
{"privkey", 'p', POPT_ARG_STRING, &ctx.privkeyfile, 0,
"specify private key file", "<privkey>" },
{"force", 'f', POPT_ARG_VAL, &ctx.force, 1,
"force overwriting of output file", NULL },
{"nogaps", 'n',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.hashgaps, 0,
"skip gaps between sections when signing", NULL },
{"sign", 's', POPT_ARG_VAL, &ctx.sign, 1,
"create a new signature", NULL },
{"hash", 'h', POPT_ARG_VAL, &ctx.hash, 1, "hash binary", NULL },
{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&digest_name, 0, "digest type to use for pe hash" },
{"import-signature", 'm',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.insig, 0,"import signature from file", "<insig>" },
{"signature-number", 'u', POPT_ARG_INT, &ctx.signum, -1,
"specify which signature to operate on","<sig-number>"},
{"list-signatures", 'l',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
&list, 1, "list signatures", NULL },
{"show-signature", 'S', POPT_ARG_VAL, &list, 1,
"show signature", NULL },
{"remove-signature", 'r', POPT_ARG_VAL, &remove, 1,
"remove signature" },
{"export-signature", 'e',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.outsig, 0,"export signature to file", "<outsig>" },
{"export-pubkey", 'K', POPT_ARG_STRING,
&ctx.outkey, 0, "export pubkey to file", "<outkey>" },
{"export-cert", 'C', POPT_ARG_STRING,
&ctx.outcert, 0, "export signing cert to file",
"<outcert>" },
{"ascii-armor", 'a', POPT_ARG_VAL, &ctx.ascii, 1,
"use ascii armoring", NULL },
POPT_AUTOALIAS
POPT_AUTOHELP
POPT_TABLEEND
};
rc = pesign_context_init(ctxp);
if (rc < 0) {
fprintf(stderr, "Could not initialize context: %m\n");
exit(1);
}
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
while ((rc = poptGetNextOpt(optCon)) > 0)
;
if (rc < -1) {
fprintf(stderr, "pesign: Invalid argument: %s: %s\n",
poptBadOption(optCon, 0), poptStrerror(rc));
exit(1);
}
if (poptPeekArg(optCon)) {
fprintf(stderr, "pesign: Invalid Argument: \"%s\"\n",
poptPeekArg(optCon));
exit(1);
}
poptFreeContext(optCon);
rc = set_digest_parameters(&ctx.cms_ctx, digest_name);
int is_help = strcmp(digest_name, "help") ? 0 : 1;
if (rc < 0) {
if (!is_help) {
fprintf(stderr, "Digest \"%s\" not found.\n",
digest_name);
}
exit(!is_help);
}
int action = 0;
if (ctx.insig)
action |= IMPORT_SIGNATURE;
if (ctx.outkey)
action |= EXPORT_PUBKEY;
if (ctx.outcert)
action |= EXPORT_CERT;
if (ctx.outsig)
action |= EXPORT_SIGNATURE;
if (remove != 0)
action |= REMOVE_SIGNATURE;
if (list != 0)
action |= LIST_SIGNATURES;
if (ctx.sign) {
action |= GENERATE_SIGNATURE;
if (!(action & EXPORT_SIGNATURE))
action |= IMPORT_SIGNATURE;
}
if (ctx.hash)
action |= GENERATE_DIGEST|PRINT_DIGEST;
SECItem newsig;
switch (action) {
case NO_FLAGS:
fprintf(stderr, "pesign: Nothing to do.\n");
exit(0);
break;
/* add a signature from a file */
case IMPORT_SIGNATURE:
check_inputs(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
open_sig_input(ctxp);
import_signature(ctxp);
close_sig_input(ctxp);
close_output(ctxp);
break;
case EXPORT_PUBKEY:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_pubkey_output(ctxp);
export_pubkey(ctxp);
break;
case EXPORT_CERT:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_cert_output(ctxp);
export_cert(ctxp);
break;
/* find a signature in the binary and save it to a file */
case EXPORT_SIGNATURE:
open_input(ctxp);
open_sig_output(ctxp);
if (ctx.signum > ctx.cms_ctx.num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
SECItem *sig = ctx.cms_ctx.signatures[ctx.signum];
export_signature(ctxp, sig);
close_input(ctxp);
close_sig_output(ctxp);
break;
/* remove a signature from the binary */
case REMOVE_SIGNATURE:
check_inputs(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
if (ctx.signum > ctx.cms_ctx.num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
remove_signature(&ctx);
close_output(ctxp);
break;
/* list signatures in the binary */
case LIST_SIGNATURES:
open_input(ctxp);
list_signatures(ctxp);
break;
case GENERATE_DIGEST|PRINT_DIGEST:
open_input(ctxp);
generate_digest(ctxp, ctx.inpe);
print_digest(ctxp);
break;
/* generate a signature and save it in a separate file */
case EXPORT_SIGNATURE|GENERATE_SIGNATURE:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_input(ctxp);
open_sig_output(ctxp);
generate_digest(ctxp, ctx.inpe);
generate_signature(ctxp, &newsig);
export_signature(ctxp, &newsig);
break;
/* generate a signature and embed it in the binary */
case IMPORT_SIGNATURE|GENERATE_SIGNATURE:
check_inputs(ctxp);
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
generate_digest(ctxp, ctx.outpe);
generate_signature(ctxp, &newsig);
insert_signature(ctxp, &newsig);
close_output(ctxp);
break;
default:
fprintf(stderr, "Incompatible flags (0x%08x): ", action);
for (int i = 1; i < FLAG_LIST_END; i <<= 1) {
if (action & i)
print_flag_name(stderr, i);
}
fprintf(stderr, "\n");
exit(1);
}
pesign_context_fini(&ctx);
return (rc < 0);
}
