void
pesign_context_free_private(pesign_context **ctx_ptr)
{
pesign_context *ctx;
if (!ctx_ptr || !*ctx_ptr)
return;
ctx = *ctx_ptr;
pesign_context_fini(ctx);
if (ctx->flags & PESIGN_C_ALLOCATED)
xfree(*ctx_ptr);
}
int
main(int argc, char *argv[])
{
int rc;
pesign_context ctx, *ctxp = &ctx;
int list = 0;
int remove = 0;
char *digest_name = "sha256";
poptContext optCon;
struct poptOption options[] = {
{NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" },
{"in", 'i', POPT_ARG_STRING, &ctx.infile, 0,
"specify input file", "<infile>"},
{"out", 'o', POPT_ARG_STRING, &ctx.outfile, 0,
"specify output file", "<outfile>" },
{"certficate", 'c', POPT_ARG_STRING, &ctx.cms_ctx.certname, 0,
"specify certificate nickname",
"<certificate nickname>" },
{"privkey", 'p', POPT_ARG_STRING, &ctx.privkeyfile, 0,
"specify private key file", "<privkey>" },
{"force", 'f', POPT_ARG_VAL, &ctx.force, 1,
"force overwriting of output file", NULL },
{"nogaps", 'n',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.hashgaps, 0,
"skip gaps between sections when signing", NULL },
{"sign", 's', POPT_ARG_VAL, &ctx.sign, 1,
"create a new signature", NULL },
{"hash", 'h', POPT_ARG_VAL, &ctx.hash, 1, "hash binary", NULL },
{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&digest_name, 0, "digest type to use for pe hash" },
{"import-signature", 'm',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.insig, 0,"import signature from file", "<insig>" },
{"signature-number", 'u', POPT_ARG_INT, &ctx.signum, -1,
"specify which signature to operate on","<sig-number>"},
{"list-signatures", 'l',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
&list, 1, "list signatures", NULL },
{"show-signature", 'S', POPT_ARG_VAL, &list, 1,
"show signature", NULL },
{"remove-signature", 'r', POPT_ARG_VAL, &remove, 1,
"remove signature" },
{"export-signature", 'e',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.outsig, 0,"export signature to file", "<outsig>" },
{"export-pubkey", 'K', POPT_ARG_STRING,
&ctx.outkey, 0, "export pubkey to file", "<outkey>" },
{"export-cert", 'C', POPT_ARG_STRING,
&ctx.outcert, 0, "export signing cert to file",
"<outcert>" },
{"ascii-armor", 'a', POPT_ARG_VAL, &ctx.ascii, 1,
"use ascii armoring", NULL },
POPT_AUTOALIAS
POPT_AUTOHELP
POPT_TABLEEND
};
rc = pesign_context_init(ctxp);
if (rc < 0) {
fprintf(stderr, "Could not initialize context: %m\n");
exit(1);
}
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
while ((rc = poptGetNextOpt(optCon)) > 0)
;
if (rc < -1) {
fprintf(stderr, "pesign: Invalid argument: %s: %s\n",
poptBadOption(optCon, 0), poptStrerror(rc));
exit(1);
}
if (poptPeekArg(optCon)) {
fprintf(stderr, "pesign: Invalid Argument: \"%s\"\n",
poptPeekArg(optCon));
exit(1);
}
poptFreeContext(optCon);
rc = set_digest_parameters(&ctx.cms_ctx, digest_name);
int is_help = strcmp(digest_name, "help") ? 0 : 1;
if (rc < 0) {
if (!is_help) {
fprintf(stderr, "Digest \"%s\" not found.\n",
digest_name);
}
exit(!is_help);
}
int action = 0;
if (ctx.insig)
action |= IMPORT_SIGNATURE;
if (ctx.outkey)
action |= EXPORT_PUBKEY;
if (ctx.outcert)
action |= EXPORT_CERT;
if (ctx.outsig)
action |= EXPORT_SIGNATURE;
if (remove != 0)
action |= REMOVE_SIGNATURE;
if (list != 0)
action |= LIST_SIGNATURES;
if (ctx.sign) {
action |= GENERATE_SIGNATURE;
if (!(action & EXPORT_SIGNATURE))
action |= IMPORT_SIGNATURE;
}
if (ctx.hash)
action |= GENERATE_DIGEST|PRINT_DIGEST;
SECItem newsig;
switch (action) {
case NO_FLAGS:
fprintf(stderr, "pesign: Nothing to do.\n");
exit(0);
break;
/* add a signature from a file */
case IMPORT_SIGNATURE:
check_inputs(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
open_sig_input(ctxp);
import_signature(ctxp);
close_sig_input(ctxp);
close_output(ctxp);
break;
case EXPORT_PUBKEY:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_pubkey_output(ctxp);
export_pubkey(ctxp);
break;
case EXPORT_CERT:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_cert_output(ctxp);
export_cert(ctxp);
break;
/* find a signature in the binary and save it to a file */
case EXPORT_SIGNATURE:
open_input(ctxp);
open_sig_output(ctxp);
if (ctx.signum > ctx.cms_ctx.num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
SECItem *sig = ctx.cms_ctx.signatures[ctx.signum];
export_signature(ctxp, sig);
close_input(ctxp);
close_sig_output(ctxp);
break;
/* remove a signature from the binary */
case REMOVE_SIGNATURE:
check_inputs(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
if (ctx.signum > ctx.cms_ctx.num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
remove_signature(&ctx);
close_output(ctxp);
break;
/* list signatures in the binary */
case LIST_SIGNATURES:
open_input(ctxp);
list_signatures(ctxp);
break;
case GENERATE_DIGEST|PRINT_DIGEST:
open_input(ctxp);
generate_digest(ctxp, ctx.inpe);
print_digest(ctxp);
break;
/* generate a signature and save it in a separate file */
case EXPORT_SIGNATURE|GENERATE_SIGNATURE:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_input(ctxp);
open_sig_output(ctxp);
generate_digest(ctxp, ctx.inpe);
generate_signature(ctxp, &newsig);
export_signature(ctxp, &newsig);
break;
/* generate a signature and embed it in the binary */
case IMPORT_SIGNATURE|GENERATE_SIGNATURE:
check_inputs(ctxp);
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
generate_digest(ctxp, ctx.outpe);
generate_signature(ctxp, &newsig);
insert_signature(ctxp, &newsig);
close_output(ctxp);
break;
default:
fprintf(stderr, "Incompatible flags (0x%08x): ", action);
for (int i = 1; i < FLAG_LIST_END; i <<= 1) {
if (action & i)
print_flag_name(stderr, i);
}
fprintf(stderr, "\n");
exit(1);
}
pesign_context_fini(&ctx);
return (rc < 0);
}
