int main(int argc, char **argv)
{
int rc = 0;
prng_state prng;
int prng_index, hash_index;
rsa_key key;
int i;
ltc_mp = tfm_desc;
prng_index = register_prng(&sprng_desc); /* (fortuna_desc is a good choice if your platform's PRNG sucks.) */
if (prng_index == -1) {
fail("Failed to register a RNG");
}
hash_index = register_hash(&sha256_desc);
if (hash_index == -1) {
fail("Failed to register sha256 hasher");
}
if ((rc = rng_make_prng(128, prng_index, &prng, NULL)) != CRYPT_OK) {
fail("rng_make_prng failed: %s", error_to_string(rc));
}
read_rsakey(&key, "privatekey.bin");
for (i = 1; i < argc; i++) {
sign_file(argv[i], &key, &prng, prng_index, hash_index);
}
rsa_free(&key);
return 0;
}
/**
* Scan through the specified (directory) path and call sign_file on
* each file that is not hidden nor a signature (.p7s).
* The specified pin and label will be used for signing, if necessary.
*/
void sign_files(const char* path, const char* pin, const char* label)
{
int err;
DIR* dir;
struct dirent* entry;
const char* ext;
/* Open directory stream */
dir = opendir(path);
if (dir == NULL) {
int e = errno;
log_err("error opening path '%s': %s", path, strerror(e));
return;
}
/* Loop through each entry in the specified path */
while ((entry = readdir(dir)) != NULL) {
int n;
char entry_path[MAX_PATH];
/* Skip "./" "../" and hidden files that begin with '.' */
if (entry->d_name[0] == '.')
continue;
/* Skip ".p7s" & ":p7s" files */
ext = strrchr(entry->d_name, '.');
if (ext && (strcmp(ext, ".p7s") == 0))
continue;
ext = strrchr(entry->d_name, ':');
if (ext && (strcmp(ext, ":p7s") == 0))
continue;
/* Create the full path to the entry */
n = snprintf(entry_path, sizeof(entry_path),
"%s/%s", path, entry->d_name);
if (n < 0 || n >= sizeof(entry_path)) {
log_err("error building entry path '%s/%s'", path, entry->d_name);
continue;
}
/* Sign the file */
sign_file(entry_path, pin, label);
}
/* Close the directory stream */
err = closedir(dir);
if (err) {
int e = errno;
log_err("error closing path '%s': %s", path, strerror(e));
}
}
int main(int argc, char *argv[]) {
if (argc == 4 && strcmp(argv[1], "generate") == 0) {
return generate_key(argv[2], argv[3]);
} else if (argc == 5 && strcmp(argv[1], "sign") == 0) {
return sign_file(argv[2], argv[3], argv[4]);
} else if (argc == 4 && strcmp(argv[1], "verify") == 0) {
return verify_file(argv[2], argv[3]);
} else if (argc == 4 && strcmp(argv[1], "header") == 0) {
return convert_public_key_to_header_file(argv[2], argv[3]);
} else {
return usage(argv[0]);
}
}
int
main(int argc, char **argv) {
assert(argv);
if(argc != 3) {
printf_a_ignorar3(stderr, "Error: wrong number of arguments.\n");
printf_a_ignorar3(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]);
return(1);
}
/* Init libxml and libxslt libraries */
xmlInitParser();
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif /* XMLSEC_NO_XSLT */
/* Init xmlsec library */
if(xmlSecInit() < 0) {
printf_a_ignorar3(stderr, "Error: xmlsec initialization failed.\n");
return(-1);
}
/* Check loaded library version */
if(xmlSecCheckVersion() != 1) {
printf_a_ignorar3(stderr, "Error: loaded xmlsec library version is not compatible.\n");
return(-1);
}
/* Load default crypto engine if we are supporting dynamic
* loading for xmlsec-crypto libraries. Use the crypto library
* name ("openssl", "nss", etc.) to load corresponding
* xmlsec-crypto library.
*/
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
printf_a_ignorar3(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
"that you have it installed and check shared libraries path\n"
"(LD_LIBRARY_PATH) envornment variable.\n");
return(-1);
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
/* Init crypto library */
if(xmlSecCryptoAppInit(NULL) < 0) {
printf_a_ignorar3(stderr, "Error: crypto initialization failed.\n");
return(-1);
}
/* Init xmlsec-crypto library */
if(xmlSecCryptoInit() < 0) {
printf_a_ignorar3(stderr, "Error: xmlsec-crypto initialization failed.\n");
return(-1);
}
if(sign_file(argv[1], argv[2]) < 0) {
return(-1);
}
/* Shutdown xmlsec-crypto library */
xmlSecCryptoShutdown();
/* Shutdown crypto library */
xmlSecCryptoAppShutdown();
/* Shutdown xmlsec library */
xmlSecShutdown();
/* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
xsltCleanupGlobals();
#endif /* XMLSEC_NO_XSLT */
xmlCleanupParser();
return(0);
}
int main(int argc, char** argv) {
R_RSA_PUBLIC_KEY public_key;
R_RSA_PRIVATE_KEY private_key;
int i, n, retval;
bool is_valid;
DATA_BLOCK signature, in, out;
unsigned char signature_buf[256], buf[256], buf2[256];
FILE *f, *fpriv, *fpub;
char cbuf[256];
RSA rsa_key;
RSA *rsa_key_;
BIO *bio_out=NULL;
BIO *bio_err=NULL;
char *certpath;
bool b2o=false; // boinc key to openssl key ?
bool kpriv=false; // private key ?
if (argc == 1) {
usage();
exit(1);
}
if (!strcmp(argv[1], "-genkey")) {
if (argc < 5) {
usage();
exit(1);
}
printf("creating keys in %s and %s\n", argv[3], argv[4]);
n = atoi(argv[2]);
srand(random_int());
RSA* rp = RSA_generate_key(n, 65537, 0, 0);
openssl_to_keys(rp, n, private_key, public_key);
fpriv = fopen(argv[3], "w");
if (!fpriv) die("fopen");
fpub = fopen(argv[4], "w");
if (!fpub) die("fopen");
print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
} else if (!strcmp(argv[1], "-sign")) {
if (argc < 4) {
usage();
exit(1);
}
fpriv = fopen(argv[3], "r");
if (!fpriv) die("fopen");
retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
if (retval) die("scan_key_hex\n");
signature.data = signature_buf;
signature.len = 256;
retval = sign_file(argv[2], private_key, signature);
print_hex_data(stdout, signature);
} else if (!strcmp(argv[1], "-sign_string")) {
if (argc < 4) {
usage();
exit(1);
}
fpriv = fopen(argv[3], "r");
if (!fpriv) die("fopen");
retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
if (retval) die("scan_key_hex\n");
generate_signature(argv[2], cbuf, private_key);
puts(cbuf);
} else if (!strcmp(argv[1], "-verify")) {
if (argc < 5) {
usage();
exit(1);
}
fpub = fopen(argv[4], "r");
if (!fpub) die("fopen");
retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
if (retval) die("read_public_key");
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_hex_data(f, signature);
if (retval) die("scan_hex_data");
retval = verify_file(argv[2], public_key, signature, is_valid);
if (retval) die("verify_file");
if (is_valid) {
printf("file is valid\n");
} else {
printf("file is invalid\n");
return 1;
}
} else if (!strcmp(argv[1], "-test_crypt")) {
if (argc < 4) {
usage();
exit(1);
}
fpriv = fopen(argv[2], "r");
if (!fpriv) die("fopen");
retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
if (retval) die("scan_key_hex\n");
fpub = fopen(argv[3], "r");
if (!fpub) die("fopen");
retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
if (retval) die("read_public_key");
strcpy((char*)buf2, "encryption test successful");
in.data = buf2;
in.len = strlen((char*)in.data);
out.data = buf;
encrypt_private(private_key, in, out);
in = out;
out.data = buf2;
decrypt_public(public_key, in, out);
printf("out: %s\n", out.data);
} else if (!strcmp(argv[1], "-cert_verify")) {
if (argc < 6)
die("usage: crypt_prog -cert_verify file signature_file certificate_dir ca_dir \n");
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_hex_data(f, signature);
if (retval) die("cannot scan_hex_data");
certpath = check_validity(argv[4], argv[2], signature.data, argv[5]);
if (certpath == NULL) {
die("signature cannot be verfied.\n\n");
} else {
printf("siganture verified using certificate '%s'.\n\n", certpath);
free(certpath);
}
// this converts, but an executable signed with sign_executable,
// and signature converted to OpenSSL format cannot be verified with
// OpenSSL
} else if (!strcmp(argv[1], "-convsig")) {
if (argc < 5) {
usage();
exit(1);
}
if (strcmp(argv[2], "b2o") == 0) {
b2o = true;
} else if (strcmp(argv[2], "o2b") == 0) {
b2o = false;
} else {
die("either 'o2b' or 'b2o' must be defined for -convsig\n");
}
if (b2o) {
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_hex_data(f, signature);
fclose(f);
f = fopen(argv[4], "w+");
print_raw_data(f, signature);
fclose(f);
} else {
f = fopen(argv[3], "r");
signature.data = signature_buf;
signature.len = 256;
retval = scan_raw_data(f, signature);
fclose(f);
f = fopen(argv[4], "w+");
print_hex_data(f, signature);
fclose(f);
}
} else if (!strcmp(argv[1], "-convkey")) {
if (argc < 6) {
usage();
exit(1);
}
if (strcmp(argv[2], "b2o") == 0) {
b2o = true;
} else if (strcmp(argv[2], "o2b") == 0) {
b2o = false;
} else {
die("either 'o2b' or 'b2o' must be defined for -convkey\n");
}
if (strcmp(argv[3], "pub") == 0) {
kpriv = false;
} else if (strcmp(argv[3], "priv") == 0) {
kpriv = true;
} else {
die("either 'pub' or 'priv' must be defined for -convkey\n");
}
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
ENGINE_load_builtin_engines();
if (bio_err == NULL) {
bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
}
//enc=EVP_get_cipherbyname("des");
//if (enc == NULL)
// die("could not get cypher.\n");
// no encription yet.
bio_out=BIO_new(BIO_s_file());
if (BIO_write_filename(bio_out,argv[5]) <= 0) {
perror(argv[5]);
die("could not create output file.\n");
}
if (b2o) {
rsa_key_ = RSA_new();
if (kpriv) {
fpriv = fopen(argv[4], "r");
if (!fpriv) {
die("fopen");
}
scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
fclose(fpriv);
private_to_openssl(private_key, &rsa_key);
//i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
// enc, NULL, 0, pass_cb, NULL);
// no encryption yet.
//i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
// NULL, NULL, 0, pass_cb, NULL);
fpriv = fopen(argv[5], "w+");
PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
fclose(fpriv);
//if (i == 0) {
// ERR_print_errors(bio_err);
// die("could not write key file.\n");
//}
} else {
fpub = fopen(argv[4], "r");
if (!fpub) {
die("fopen");
}
scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
fclose(fpub);
fpub = fopen(argv[5], "w+");
if (!fpub) {
die("fopen");
}
public_to_openssl(public_key, rsa_key_);
i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
if (i == 0) {
ERR_print_errors(bio_err);
die("could not write key file.\n");
}
fclose(fpub);
}
} else {
// o2b
rsa_key_ = (RSA *)calloc(1, sizeof(RSA));
memset(rsa_key_, 0, sizeof(RSA));
if (rsa_key_ == NULL) {
die("could not allocate memory for RSA structure.\n");
}
if (kpriv) {
fpriv = fopen (argv[4], "r");
rsa_key_ = PEM_read_RSAPrivateKey(fpriv, NULL, NULL, NULL);
fclose(fpriv);
if (rsa_key_ == NULL) {
ERR_print_errors(bio_err);
die("could not load private key.\n");
}
openssl_to_private(rsa_key_, &private_key);
fpriv = fopen(argv[5], "w");
if (!fpriv) {
die("fopen");
}
print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
} else {
fpub = fopen (argv[4], "r");
rsa_key_ = PEM_read_RSA_PUBKEY(fpub, NULL, NULL, NULL);
fclose(fpub);
if (rsa_key_ == NULL) {
ERR_print_errors(bio_err);
die("could not load public key.\n");
}
openssl_to_keys(rsa_key_, 1024, private_key, public_key);
//openssl_to_public(rsa_key_, &public_key);
public_to_openssl(public_key, rsa_key_); //
fpub = fopen(argv[5], "w");
if (!fpub) {
die("fopen");
}
print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key));
}
}
} else {
usage();
exit(1);
}
return 0;
}
int main(int argc, char** argv)
{
int i, usealt;
const char * pin, * label;
#ifdef CTAPI
void* mutex;
#endif
/* Check args */
if (argc < 4) {
fprintf(stderr, "Usage: [-a] pin label path...\n");
fprintf(stderr, "Signs the specified file(s) and/or files within the specified directory(ies).\n");
fprintf(stderr, " -a use :p7s instead of .p7s extension (alternate data stream on Windows)\n");
return 1;
}
usealt = strcmp(argv[1], "-a") == 0;
pin = !usealt ? argv[1] : argv[2];
label = !usealt ? argv[2] : argv[3];
sig_ext = !usealt ? ".p7s" : ":p7s";
/* Disable buffering on stdout/stderr to prevent mixing the order of
messages to stdout/stderr when redirected to the same log file */
setvbuf(stdout, NULL, _IONBF, 0);
setvbuf(stderr, NULL, _IONBF, 0);
/* Log the args */
log_inf("pin=****; label='%s'", label);
#ifdef CTAPI
/* Create a mutex/sem/lock for controlling access to token.
CTAPI implementations must NOT allow simultaneous access to token. */
mutex = create_lock(MUTEX_KEY);
if ((int)mutex < 0) {
log_wrn(
"couldn't create mutex; another inst. of '%s' is likely running", argv[0]);
return -1;
}
#endif
/* For each path arg, sign either the specified file
or all the files in the specified directory */
for (i = !usealt ? 3 : 4; i < argc; i++) {
int err;
struct stat info;
char* path = argv[i];
/* Trim trailing slashes from path (required for Windows stat) */
int j = strlen(path);
while (--j >= 0 && (path[j] == '/' || path[j] == '\\'))
path[j] = 0;
/* Log the path */
log_inf("path='%s'", path);
/* Verify the specified path exists */
err = stat(path, &info);
if (err) {
int e = errno;
log_err("error accessing path '%s': %s", path, strerror(e));
continue;
}
if (S_ISDIR(info.st_mode)) /* DIRECTORY */
sign_files(path, pin, label); /* Sign all files in the specified directory */
else /* FILE */
sign_file(path, pin, label); /* Sign the specified file */
}
/* Clean up */
release_template();
#ifdef CTAPI
/* Release mutex/sem/lock here. */
release_lock(mutex);
#endif
#if defined(_WIN32) && defined(DEBUG)
_CrtDumpMemoryLeaks();
#endif
return 0;
}
int
main(int argc, char **argv) {
#ifndef XMLSEC_NO_XSLT
xsltSecurityPrefsPtr xsltSecPrefs = NULL;
#endif /* XMLSEC_NO_XSLT */
assert(argv);
if(argc != 4) {
fprintf(stderr, "Error: wrong number of arguments.\n");
fprintf(stderr, "Usage: %s <xml-file> <key-file> <cert-file>\n", argv[0]);
return(1);
}
/* Init libxml and libxslt libraries */
xmlInitParser();
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif /* XMLSEC_NO_XSLT */
/* Init libxslt */
#ifndef XMLSEC_NO_XSLT
/* disable everything */
xsltSecPrefs = xsltNewSecurityPrefs();
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
xsltSetDefaultSecurityPrefs(xsltSecPrefs);
#endif /* XMLSEC_NO_XSLT */
/* Init xmlsec library */
if(xmlSecInit() < 0) {
fprintf(stderr, "Error: xmlsec initialization failed.\n");
return(-1);
}
/* Check loaded library version */
if(xmlSecCheckVersion() != 1) {
fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
return(-1);
}
/* Load default crypto engine if we are supporting dynamic
* loading for xmlsec-crypto libraries. Use the crypto library
* name ("openssl", "nss", etc.) to load corresponding
* xmlsec-crypto library.
*/
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(NULL) < 0) {
fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
"that you have it installed and check shared libraries path\n"
"(LD_LIBRARY_PATH and/or LTDL_LIBRARY_PATH) envornment variables.\n");
return(-1);
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
/* Init crypto library */
if(xmlSecCryptoAppInit(NULL) < 0) {
fprintf(stderr, "Error: crypto initialization failed.\n");
return(-1);
}
/* Init xmlsec-crypto library */
if(xmlSecCryptoInit() < 0) {
fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
return(-1);
}
if(sign_file(argv[1], argv[2], argv[3]) < 0) {
return(-1);
}
/* Shutdown xmlsec-crypto library */
xmlSecCryptoShutdown();
/* Shutdown crypto library */
xmlSecCryptoAppShutdown();
/* Shutdown xmlsec library */
xmlSecShutdown();
/* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
xsltFreeSecurityPrefs(xsltSecPrefs);
xsltCleanupGlobals();
#endif /* XMLSEC_NO_XSLT */
xmlCleanupParser();
return(0);
}
int main(int argc, char *argv[])
{
int op;
char *input_file = NULL;
char *output_file = NULL;
struct rsa_public_key pub_key;
char *key_path = NULL;
char *cert_path = NULL;
int add_flag = 0;
while ((op = getopt(argc, argv, "i:o:k:c:a")) != -1) {
switch (op) {
case 'i':
if (optarg[0] == '0' && optarg[1] == 0) {
fprintf(stderr, "input file format error.\n");
usage();
}
input_file = optarg;
break;
case 'o':
if (optarg[0] == '0' && optarg[1] == 0) {
fprintf(stderr, "input file format error.\n");
usage();
}
output_file = optarg;
break;
case 'k':
if (optarg[0] == '0' && optarg[1] == 0) {
fprintf(stderr, "input file format error.\n");
usage();
}
key_path = optarg;
break;
case 'c':
if (optarg[0] == '0' && optarg[1] == 0) {
fprintf(stderr, "input file format error.\n");
usage();
}
cert_path = optarg;
break;
case 'a':
add_flag = 1;
break;
default:
usage();
}
}
if (!input_file || !output_file)
usage();
if (get_rsa_pub_key(cert_path, &pub_key) != 0) {
fprintf(stderr, "get public key from %s file failed.\n", cert_path);
usage();
}
if (sign_file(key_path, input_file, output_file, &pub_key, add_flag) != 0) {
fprintf(stderr, "signature file failed\n");
usage();
}
return 0;
}