int main(int argc, char **argv) { char *NSSConfigDir = NULL; const char *certNames[MAX_SIGNATURES]; char *MARChannelID = MAR_CHANNEL_ID; char *productVersion = MOZ_APP_VERSION; uint32_t k; int rv = -1; uint32_t certCount = 0; int32_t sigIndex = -1; #if !defined(NO_SIGN_VERIFY) uint32_t fileSizes[MAX_SIGNATURES]; const uint8_t* certBuffers[MAX_SIGNATURES]; char* DERFilePaths[MAX_SIGNATURES]; #if (!defined(XP_WIN) && !defined(XP_MACOSX)) || defined(MAR_NSS) CERTCertificate* certs[MAX_SIGNATURES]; #endif #endif memset((void*)certNames, 0, sizeof(certNames)); #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY) memset((void*)certBuffers, 0, sizeof(certBuffers)); #endif #if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \ defined(XP_MACOSX)) memset(DERFilePaths, 0, sizeof(DERFilePaths)); memset(fileSizes, 0, sizeof(fileSizes)); #endif if (argc > 1 && 0 == strcmp(argv[1], "--version")) { print_version(); return 0; } if (argc < 3) { print_usage(); return -1; } while (argc > 0) { if (argv[1][0] == '-' && (argv[1][1] == 'c' || argv[1][1] == 't' || argv[1][1] == 'x' || argv[1][1] == 'v' || argv[1][1] == 's' || argv[1][1] == 'i' || argv[1][1] == 'T' || argv[1][1] == 'r' || argv[1][1] == 'X' || argv[1][1] == 'I')) { break; /* -C workingdirectory */ } else if (argv[1][0] == '-' && argv[1][1] == 'C') { if (chdir(argv[2]) != 0) { return -1; } argv += 2; argc -= 2; } #if !defined(NO_SIGN_VERIFY) && ((!defined(MAR_NSS) && defined(XP_WIN)) || \ defined(XP_MACOSX)) /* -D DERFilePath, also matches -D[index] DERFilePath We allow an index for verifying to be symmetric with the import and export command line arguments. */ else if (argv[1][0] == '-' && argv[1][1] == 'D' && (argv[1][2] == (char)('0' + certCount) || argv[1][2] == '\0')) { if (certCount >= MAX_SIGNATURES) { print_usage(); return -1; } DERFilePaths[certCount++] = argv[2]; argv += 2; argc -= 2; } #endif /* -d NSSConfigdir */ else if (argv[1][0] == '-' && argv[1][1] == 'd') { NSSConfigDir = argv[2]; argv += 2; argc -= 2; /* -n certName, also matches -n[index] certName We allow an index for verifying to be symmetric with the import and export command line arguments. */ } else if (argv[1][0] == '-' && argv[1][1] == 'n' && (argv[1][2] == (char)('0' + certCount) || argv[1][2] == '\0' || !strcmp(argv[2], "-X") || !strcmp(argv[2], "-I"))) { if (certCount >= MAX_SIGNATURES) { print_usage(); return -1; } certNames[certCount++] = argv[2]; if (strlen(argv[1]) > 2 && (!strcmp(argv[2], "-X") || !strcmp(argv[2], "-I")) && argv[1][2] >= '0' && argv[1][2] <= '9') { sigIndex = argv[1][2] - '0'; argv++; argc--; } else { argv += 2; argc -= 2; } /* MAR channel ID */ } else if (argv[1][0] == '-' && argv[1][1] == 'H') { MARChannelID = argv[2]; argv += 2; argc -= 2; /* Product Version */ } else if (argv[1][0] == '-' && argv[1][1] == 'V') { productVersion = argv[2]; argv += 2; argc -= 2; } else { print_usage(); return -1; } } if (argv[1][0] != '-') { print_usage(); return -1; } switch (argv[1][1]) { case 'c': { struct ProductInformationBlock infoBlock; infoBlock.MARChannelID = MARChannelID; infoBlock.productVersion = productVersion; return mar_create(argv[2], argc - 3, argv + 3, &infoBlock); } case 'i': { struct ProductInformationBlock infoBlock; infoBlock.MARChannelID = MARChannelID; infoBlock.productVersion = productVersion; return refresh_product_info_block(argv[2], &infoBlock); } case 'T': { struct ProductInformationBlock infoBlock; uint32_t numSignatures, numAdditionalBlocks; int hasSignatureBlock, hasAdditionalBlock; if (!get_mar_file_info(argv[2], &hasSignatureBlock, &numSignatures, &hasAdditionalBlock, NULL, &numAdditionalBlocks)) { if (hasSignatureBlock) { printf("Signature block found with %d signature%s\n", numSignatures, numSignatures != 1 ? "s" : ""); } if (hasAdditionalBlock) { printf("%d additional block%s found:\n", numAdditionalBlocks, numAdditionalBlocks != 1 ? "s" : ""); } rv = read_product_info_block(argv[2], &infoBlock); if (!rv) { printf(" - Product Information Block:\n"); printf(" - MAR channel name: %s\n" " - Product version: %s\n", infoBlock.MARChannelID, infoBlock.productVersion); free((void *)infoBlock.MARChannelID); free((void *)infoBlock.productVersion); } } printf("\n"); /* The fall through from 'T' to 't' is intentional */ } case 't': return mar_test(argv[2]); /* Extract a MAR file */ case 'x': return mar_extract(argv[2]); #ifndef NO_SIGN_VERIFY /* Extract a MAR signature */ case 'X': if (sigIndex == -1) { fprintf(stderr, "ERROR: Signature index was not passed.\n"); return -1; } if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) { fprintf(stderr, "ERROR: Signature index is out of range: %d.\n", sigIndex); return -1; } return extract_signature(argv[2], sigIndex, argv[3]); /* Import a MAR signature */ case 'I': if (sigIndex == -1) { fprintf(stderr, "ERROR: signature index was not passed.\n"); return -1; } if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) { fprintf(stderr, "ERROR: Signature index is out of range: %d.\n", sigIndex); return -1; } if (argc < 5) { print_usage(); return -1; } return import_signature(argv[2], sigIndex, argv[3], argv[4]); case 'v': if (certCount == 0) { print_usage(); return -1; } #if (!defined(XP_WIN) && !defined(XP_MACOSX)) || defined(MAR_NSS) if (!NSSConfigDir || certCount == 0) { print_usage(); return -1; } if (NSSInitCryptoContext(NSSConfigDir)) { fprintf(stderr, "ERROR: Could not initialize crypto library.\n"); return -1; } #endif rv = 0; for (k = 0; k < certCount; ++k) { #if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS) rv = mar_read_entire_file(DERFilePaths[k], MAR_MAX_CERT_SIZE, &certBuffers[k], &fileSizes[k]); #else /* It is somewhat circuitous to look up a CERTCertificate and then pass * in its DER encoding just so we can later re-create that * CERTCertificate to extract the public key out of it. However, by doing * things this way, we maximize the reuse of the mar_verify_signatures * function and also we keep the control flow as similar as possible * between programs and operating systems, at least for the functions * that are critically important to security. */ certs[k] = PK11_FindCertFromNickname(certNames[k], NULL); if (certs[k]) { certBuffers[k] = certs[k]->derCert.data; fileSizes[k] = certs[k]->derCert.len; } else { rv = -1; } #endif if (rv) { fprintf(stderr, "ERROR: could not read file %s", DERFilePaths[k]); break; } } if (!rv) { MarFile *mar = mar_open(argv[2]); if (mar) { rv = mar_verify_signatures(mar, certBuffers, fileSizes, certCount); mar_close(mar); } else { fprintf(stderr, "ERROR: Could not open MAR file.\n"); rv = -1; } } for (k = 0; k < certCount; ++k) { #if (defined(XP_WIN) || defined(XP_MACOSX)) && !defined(MAR_NSS) free((void*)certBuffers[k]); #else /* certBuffers[k] is owned by certs[k] so don't free it */ CERT_DestroyCertificate(certs[k]); #endif } if (rv) { /* Determine if the source MAR file has the new fields for signing */ int hasSignatureBlock; if (get_mar_file_info(argv[2], &hasSignatureBlock, NULL, NULL, NULL, NULL)) { fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n"); } else if (!hasSignatureBlock) { fprintf(stderr, "ERROR: The MAR file is in the old format so has" " no signature to verify.\n"); } return -1; } return 0; case 's': if (!NSSConfigDir || certCount == 0 || argc < 4) { print_usage(); return -1; } return mar_repackage_and_sign(NSSConfigDir, certNames, certCount, argv[2], argv[3]); case 'r': return strip_signature_block(argv[2], argv[3]); #endif /* endif NO_SIGN_VERIFY disabled */ default: print_usage(); return -1; } }
int main(int argc, char **argv) { char *NSSConfigDir = NULL; char *certName = NULL; char *MARChannelID = MAR_CHANNEL_ID; char *productVersion = MOZ_APP_VERSION; #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY) HANDLE certFile; DWORD fileSize; DWORD read; char *certBuffer; char *DERFilePath = NULL; #endif if (argc < 3) { print_usage(); return -1; } while (argc > 0) { if (argv[1][0] == '-' && (argv[1][1] == 'c' || argv[1][1] == 't' || argv[1][1] == 'x' || argv[1][1] == 'v' || argv[1][1] == 's' || argv[1][1] == 'i' || argv[1][1] == 'T' || argv[1][1] == 'r')) { break; /* -C workingdirectory */ } else if (argv[1][0] == '-' && argv[1][1] == 'C') { chdir(argv[2]); argv += 2; argc -= 2; } #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY) /* -D DERFilePath */ else if (argv[1][0] == '-' && argv[1][1] == 'D') { DERFilePath = argv[2]; argv += 2; argc -= 2; } #endif /* -d NSSConfigdir */ else if (argv[1][0] == '-' && argv[1][1] == 'd') { NSSConfigDir = argv[2]; argv += 2; argc -= 2; /* -n certName */ } else if (argv[1][0] == '-' && argv[1][1] == 'n') { certName = argv[2]; argv += 2; argc -= 2; /* MAR channel ID */ } else if (argv[1][0] == '-' && argv[1][1] == 'H') { MARChannelID = argv[2]; argv += 2; argc -= 2; /* Product Version */ } else if (argv[1][0] == '-' && argv[1][1] == 'V') { productVersion = argv[2]; argv += 2; argc -= 2; } else { print_usage(); return -1; } } if (argv[1][0] != '-') { print_usage(); return -1; } switch (argv[1][1]) { case 'c': { struct ProductInformationBlock infoBlock; infoBlock.MARChannelID = MARChannelID; /* Temporarily hardcoded - see Bug 735784 */ infoBlock.productVersion = "13.0a1";/*productVersion;*/ return mar_create(argv[2], argc - 3, argv + 3, &infoBlock); } case 'i': { struct ProductInformationBlock infoBlock; infoBlock.MARChannelID = MARChannelID; infoBlock.productVersion = productVersion; return refresh_product_info_block(argv[2], &infoBlock); } case 'T': { int rv; struct ProductInformationBlock infoBlock; PRUint32 numSignatures, numAdditionalBlocks; int hasSignatureBlock, hasAdditionalBlock; if (!get_mar_file_info(argv[2], &hasSignatureBlock, &numSignatures, &hasAdditionalBlock, NULL, &numAdditionalBlocks)) { if (hasSignatureBlock) { printf("Signature block found with %d signature%s\n", numSignatures, numSignatures != 1 ? "s" : ""); } if (hasAdditionalBlock) { printf("%d additional block%s found:\n", numAdditionalBlocks, numAdditionalBlocks != 1 ? "s" : ""); } rv = read_product_info_block(argv[2], &infoBlock); if (!rv) { printf(" - Product Information Block:\n"); printf(" - MAR channel name: %s\n" " - Product version: %s\n", infoBlock.MARChannelID, infoBlock.productVersion); free((void *)infoBlock.MARChannelID); free((void *)infoBlock.productVersion); } } printf("\n"); /* The fall through from 'T' to 't' is intentional */ } case 't': return mar_test(argv[2]); case 'x': return mar_extract(argv[2]); #ifndef NO_SIGN_VERIFY case 'v': #if defined(XP_WIN) && !defined(MAR_NSS) if (!DERFilePath) { print_usage(); return -1; } /* If the mar program was built using CryptoAPI, then read in the buffer containing the cert from disk. */ certFile = CreateFileA(DERFilePath, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, 0, NULL); if (INVALID_HANDLE_VALUE == certFile) { return -1; } fileSize = GetFileSize(certFile, NULL); certBuffer = malloc(fileSize); if (!ReadFile(certFile, certBuffer, fileSize, &read, NULL) || fileSize != read) { CloseHandle(certFile); free(certBuffer); return -1; } CloseHandle(certFile); if (mar_verify_signature(argv[2], certBuffer, fileSize, NULL)) { /* Determine if the source MAR file has the new fields for signing */ int hasSignatureBlock; free(certBuffer); if (get_mar_file_info(argv[2], &hasSignatureBlock, NULL, NULL, NULL, NULL)) { fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n"); } else if (!hasSignatureBlock) { fprintf(stderr, "ERROR: The MAR file is in the old format so has" " no signature to verify.\n"); } return -1; } free(certBuffer); return 0; #else if (!NSSConfigDir || !certName) { print_usage(); return -1; } if (NSSInitCryptoContext(NSSConfigDir)) { fprintf(stderr, "ERROR: Could not initialize crypto library.\n"); return -1; } return mar_verify_signature(argv[2], NULL, 0, certName); #endif /* defined(XP_WIN) && !defined(MAR_NSS) */ case 's': if (!NSSConfigDir || !certName || argc < 4) { print_usage(); return -1; } return mar_repackage_and_sign(NSSConfigDir, certName, argv[2], argv[3]); case 'r': return strip_signature_block(argv[2], argv[3]); #endif /* endif NO_SIGN_VERIFY disabled */ default: print_usage(); return -1; } return 0; }
/** * Writes out a copy of the MAR at src but with embedded signatures. * The passed in MAR file must not already be signed or an error will * be returned. * * @param NSSConfigDir The NSS directory containing the private key for signing * @param certNames The nicknames of the certificate to use for signing * @param certCount The number of certificate names contained in certNames. * One signature will be produced for each certificate. * @param src The path of the source MAR file to sign * @param dest The path of the MAR file to write out that is signed * @return 0 on success * -1 on error */ int mar_repackage_and_sign(const char *NSSConfigDir, const char * const *certNames, uint32_t certCount, const char *src, const char *dest) { uint32_t offsetToIndex, dstOffsetToIndex, indexLength, numSignatures = 0, leftOver, signatureAlgorithmID, signatureSectionLength = 0; uint32_t signatureLengths[MAX_SIGNATURES]; int64_t oldPos, sizeOfEntireMAR = 0, realSizeOfSrcMAR, signaturePlaceholderOffset, numBytesToCopy, numChunks, i; FILE *fpSrc = NULL, *fpDest = NULL; int rv = -1, hasSignatureBlock; SGNContext *ctxs[MAX_SIGNATURES]; SECItem secItems[MAX_SIGNATURES]; char buf[BLOCKSIZE]; SECKEYPrivateKey *privKeys[MAX_SIGNATURES]; CERTCertificate *certs[MAX_SIGNATURES]; char *indexBuf = NULL; uint32_t k; memset(signatureLengths, 0, sizeof(signatureLengths)); memset(ctxs, 0, sizeof(ctxs)); memset(secItems, 0, sizeof(secItems)); memset(privKeys, 0, sizeof(privKeys)); memset(certs, 0, sizeof(certs)); if (!NSSConfigDir || !certNames || certCount == 0 || !src || !dest) { fprintf(stderr, "ERROR: Invalid parameter passed in.\n"); return -1; } if (NSSInitCryptoContext(NSSConfigDir)) { fprintf(stderr, "ERROR: Could not init config dir: %s\n", NSSConfigDir); goto failure; } PK11_SetPasswordFunc(SECU_GetModulePassword); fpSrc = fopen(src, "rb"); if (!fpSrc) { fprintf(stderr, "ERROR: could not open source file: %s\n", src); goto failure; } fpDest = fopen(dest, "wb"); if (!fpDest) { fprintf(stderr, "ERROR: could not create target file: %s\n", dest); goto failure; } /* Determine if the source MAR file has the new fields for signing or not */ if (get_mar_file_info(src, &hasSignatureBlock, NULL, NULL, NULL, NULL)) { fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n"); goto failure; } for (k = 0; k < certCount; k++) { if (NSSSignBegin(certNames[k], &ctxs[k], &privKeys[k], &certs[k], &signatureLengths[k])) { fprintf(stderr, "ERROR: NSSSignBegin failed\n"); goto failure; } } /* MAR ID */ if (ReadWriteAndUpdateSignatures(fpSrc, fpDest, buf, MAR_ID_SIZE, ctxs, certCount, "MAR ID")) { goto failure; } /* Offset to index */ if (fread(&offsetToIndex, sizeof(offsetToIndex), 1, fpSrc) != 1) { fprintf(stderr, "ERROR: Could not read offset\n"); goto failure; } offsetToIndex = ntohl(offsetToIndex); /* Get the real size of the MAR */ oldPos = ftello(fpSrc); if (fseeko(fpSrc, 0, SEEK_END)) { fprintf(stderr, "ERROR: Could not seek to end of file.\n"); goto failure; } realSizeOfSrcMAR = ftello(fpSrc); if (fseeko(fpSrc, oldPos, SEEK_SET)) { fprintf(stderr, "ERROR: Could not seek back to current location.\n"); goto failure; } if (hasSignatureBlock) { /* Get the MAR length and adjust its size */ if (fread(&sizeOfEntireMAR, sizeof(sizeOfEntireMAR), 1, fpSrc) != 1) { fprintf(stderr, "ERROR: Could read mar size\n"); goto failure; } sizeOfEntireMAR = NETWORK_TO_HOST64(sizeOfEntireMAR); if (sizeOfEntireMAR != realSizeOfSrcMAR) { fprintf(stderr, "ERROR: Source MAR is not of the right size\n"); goto failure; } /* Get the num signatures in the source file */ if (fread(&numSignatures, sizeof(numSignatures), 1, fpSrc) != 1) { fprintf(stderr, "ERROR: Could read num signatures\n"); goto failure; } numSignatures = ntohl(numSignatures); /* We do not support resigning, if you have multiple signatures, you must add them all at the same time. */ if (numSignatures) { fprintf(stderr, "ERROR: MAR is already signed\n"); goto failure; } } else { sizeOfEntireMAR = realSizeOfSrcMAR; } if (((int64_t)offsetToIndex) > sizeOfEntireMAR) { fprintf(stderr, "ERROR: Offset to index is larger than the file size.\n"); goto failure; } /* Calculate the total signature block length */ for (k = 0; k < certCount; k++) { signatureSectionLength += sizeof(signatureAlgorithmID) + sizeof(signatureLengths[k]) + signatureLengths[k]; } dstOffsetToIndex = offsetToIndex; if (!hasSignatureBlock) { dstOffsetToIndex += sizeof(sizeOfEntireMAR) + sizeof(numSignatures); } dstOffsetToIndex += signatureSectionLength; /* Write out the index offset */ dstOffsetToIndex = htonl(dstOffsetToIndex); if (WriteAndUpdateSignatures(fpDest, &dstOffsetToIndex, sizeof(dstOffsetToIndex), ctxs, certCount, "index offset")) { goto failure; } dstOffsetToIndex = ntohl(dstOffsetToIndex); /* Write out the new MAR file size */ sizeOfEntireMAR += signatureSectionLength; if (!hasSignatureBlock) { sizeOfEntireMAR += sizeof(sizeOfEntireMAR) + sizeof(numSignatures); } /* Write out the MAR size */ sizeOfEntireMAR = HOST_TO_NETWORK64(sizeOfEntireMAR); if (WriteAndUpdateSignatures(fpDest, &sizeOfEntireMAR, sizeof(sizeOfEntireMAR), ctxs, certCount, "size of MAR")) { goto failure; } sizeOfEntireMAR = NETWORK_TO_HOST64(sizeOfEntireMAR); /* Write out the number of signatures */ numSignatures = certCount; numSignatures = htonl(numSignatures); if (WriteAndUpdateSignatures(fpDest, &numSignatures, sizeof(numSignatures), ctxs, certCount, "num signatures")) { goto failure; } numSignatures = ntohl(numSignatures); signaturePlaceholderOffset = ftello(fpDest); for (k = 0; k < certCount; k++) { /* Write out the signature algorithm ID, Only an ID of 1 is supported */ signatureAlgorithmID = htonl(1); if (WriteAndUpdateSignatures(fpDest, &signatureAlgorithmID, sizeof(signatureAlgorithmID), ctxs, certCount, "num signatures")) { goto failure; } signatureAlgorithmID = ntohl(signatureAlgorithmID); /* Write out the signature length */ signatureLengths[k] = htonl(signatureLengths[k]); if (WriteAndUpdateSignatures(fpDest, &signatureLengths[k], sizeof(signatureLengths[k]), ctxs, certCount, "signature length")) { goto failure; } signatureLengths[k] = ntohl(signatureLengths[k]); /* Write out a placeholder for the signature, we'll come back to this later *** THIS IS NOT SIGNED because it is a placeholder that will be replaced below, plus it is going to be the signature itself. *** */ memset(buf, 0, sizeof(buf)); if (fwrite(buf, signatureLengths[k], 1, fpDest) != 1) { fprintf(stderr, "ERROR: Could not write signature length\n"); goto failure; } } /* Write out the rest of the MAR excluding the index header and index offsetToIndex unfortunately has to remain 32-bit because for backwards compatibility with the old MAR file format. */ if (ftello(fpSrc) > ((int64_t)offsetToIndex)) { fprintf(stderr, "ERROR: Index offset is too small.\n"); goto failure; } numBytesToCopy = ((int64_t)offsetToIndex) - ftello(fpSrc); numChunks = numBytesToCopy / BLOCKSIZE; leftOver = numBytesToCopy % BLOCKSIZE; /* Read each file and write it to the MAR file */ for (i = 0; i < numChunks; ++i) { if (ReadWriteAndUpdateSignatures(fpSrc, fpDest, buf, BLOCKSIZE, ctxs, certCount, "content block")) { goto failure; } } /* Write out the left over */ if (ReadWriteAndUpdateSignatures(fpSrc, fpDest, buf, leftOver, ctxs, certCount, "left over content block")) { goto failure; } /* Length of the index */ if (ReadWriteAndUpdateSignatures(fpSrc, fpDest, &indexLength, sizeof(indexLength), ctxs, certCount, "index length")) { goto failure; } indexLength = ntohl(indexLength); /* Consume the index and adjust each index by signatureSectionLength */ indexBuf = malloc(indexLength); if (fread(indexBuf, indexLength, 1, fpSrc) != 1) { fprintf(stderr, "ERROR: Could not read index\n"); goto failure; } /* Adjust each entry in the index */ if (hasSignatureBlock) { AdjustIndexContentOffsets(indexBuf, indexLength, signatureSectionLength); } else { AdjustIndexContentOffsets(indexBuf, indexLength, sizeof(sizeOfEntireMAR) + sizeof(numSignatures) + signatureSectionLength); } if (WriteAndUpdateSignatures(fpDest, indexBuf, indexLength, ctxs, certCount, "index")) { goto failure; } /* Ensure that we don't sign a file that is too large to be accepted by the verification function. */ if (ftello(fpDest) > MAX_SIZE_OF_MAR_FILE) { goto failure; } for (k = 0; k < certCount; k++) { /* Get the signature */ if (SGN_End(ctxs[k], &secItems[k]) != SECSuccess) { fprintf(stderr, "ERROR: Could not end signature context\n"); goto failure; } if (signatureLengths[k] != secItems[k].len) { fprintf(stderr, "ERROR: Signature is not the expected length\n"); goto failure; } } /* Get back to the location of the signature placeholder */ if (fseeko(fpDest, signaturePlaceholderOffset, SEEK_SET)) { fprintf(stderr, "ERROR: Could not seek to signature offset\n"); goto failure; } for (k = 0; k < certCount; k++) { /* Skip to the position of the next signature */ if (fseeko(fpDest, sizeof(signatureAlgorithmID) + sizeof(signatureLengths[k]), SEEK_CUR)) { fprintf(stderr, "ERROR: Could not seek to signature offset\n"); goto failure; } /* Write out the calculated signature. *** THIS IS NOT SIGNED because it is the signature itself. *** */ if (fwrite(secItems[k].data, secItems[k].len, 1, fpDest) != 1) { fprintf(stderr, "ERROR: Could not write signature\n"); goto failure; } } rv = 0; failure: if (fpSrc) { fclose(fpSrc); } if (fpDest) { fclose(fpDest); } if (rv) { remove(dest); } if (indexBuf) { free(indexBuf); } /* Cleanup */ for (k = 0; k < certCount; k++) { if (ctxs[k]) { SGN_DestroyContext(ctxs[k], PR_TRUE); } if (certs[k]) { CERT_DestroyCertificate(certs[k]); } if (privKeys[k]) { SECKEY_DestroyPrivateKey(privKeys[k]); } SECITEM_FreeItem(&secItems[k], PR_FALSE); } if (rv) { remove(dest); } return rv; }
int main(int argc, char **argv) { char *NSSConfigDir = NULL; const char *certNames[MAX_SIGNATURES]; char *MARChannelID = MAR_CHANNEL_ID; char *productVersion = MOZ_APP_VERSION; uint32_t i, k; int rv = -1; uint32_t certCount = 0; int32_t sigIndex = -1; #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY) HANDLE certFile; /* We use DWORD here instead of uint64_t because it simplifies code with the Win32 API ReadFile which takes a DWORD. DER files will not be too large anyway. */ DWORD fileSizes[MAX_SIGNATURES]; DWORD read; uint8_t *certBuffers[MAX_SIGNATURES]; char *DERFilePaths[MAX_SIGNATURES]; #endif memset(certNames, 0, sizeof(certNames)); #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY) memset(fileSizes, 0, sizeof(fileSizes)); memset(certBuffers, 0, sizeof(certBuffers)); memset(DERFilePaths, 0, sizeof(DERFilePaths)); #endif if (argc > 1 && 0 == strcmp(argv[1], "--version")) { print_version(); return 0; } if (argc < 3) { print_usage(); return -1; } while (argc > 0) { if (argv[1][0] == '-' && (argv[1][1] == 'c' || argv[1][1] == 't' || argv[1][1] == 'x' || argv[1][1] == 'v' || argv[1][1] == 's' || argv[1][1] == 'i' || argv[1][1] == 'T' || argv[1][1] == 'r' || argv[1][1] == 'X' || argv[1][1] == 'I')) { break; /* -C workingdirectory */ } else if (argv[1][0] == '-' && argv[1][1] == 'C') { chdir(argv[2]); argv += 2; argc -= 2; } #if defined(XP_WIN) && !defined(MAR_NSS) && !defined(NO_SIGN_VERIFY) /* -D DERFilePath, also matches -D[index] DERFilePath We allow an index for verifying to be symmetric with the import and export command line arguments. */ else if (argv[1][0] == '-' && argv[1][1] == 'D' && (argv[1][2] == '0' + certCount || argv[1][2] == '\0')) { if (certCount >= MAX_SIGNATURES) { print_usage(); return -1; } DERFilePaths[certCount++] = argv[2]; argv += 2; argc -= 2; } #endif /* -d NSSConfigdir */ else if (argv[1][0] == '-' && argv[1][1] == 'd') { NSSConfigDir = argv[2]; argv += 2; argc -= 2; /* -n certName, also matches -n[index] certName We allow an index for verifying to be symmetric with the import and export command line arguments. */ } else if (argv[1][0] == '-' && argv[1][1] == 'n' && (argv[1][2] == '0' + certCount || argv[1][2] == '\0' || !strcmp(argv[2], "-X") || !strcmp(argv[2], "-I"))) { if (certCount >= MAX_SIGNATURES) { print_usage(); return -1; } certNames[certCount++] = argv[2]; if (strlen(argv[1]) > 2 && (!strcmp(argv[2], "-X") || !strcmp(argv[2], "-I")) && argv[1][2] >= '0' && argv[1][2] <= '9') { sigIndex = argv[1][2] - '0'; argv++; argc--; } else { argv += 2; argc -= 2; } /* MAR channel ID */ } else if (argv[1][0] == '-' && argv[1][1] == 'H') { MARChannelID = argv[2]; argv += 2; argc -= 2; /* Product Version */ } else if (argv[1][0] == '-' && argv[1][1] == 'V') { productVersion = argv[2]; argv += 2; argc -= 2; } else { print_usage(); return -1; } } if (argv[1][0] != '-') { print_usage(); return -1; } switch (argv[1][1]) { case 'c': { struct ProductInformationBlock infoBlock; infoBlock.MARChannelID = MARChannelID; infoBlock.productVersion = productVersion; return mar_create(argv[2], argc - 3, argv + 3, &infoBlock); } case 'i': { struct ProductInformationBlock infoBlock; infoBlock.MARChannelID = MARChannelID; infoBlock.productVersion = productVersion; return refresh_product_info_block(argv[2], &infoBlock); } case 'T': { struct ProductInformationBlock infoBlock; uint32_t numSignatures, numAdditionalBlocks; int hasSignatureBlock, hasAdditionalBlock; if (!get_mar_file_info(argv[2], &hasSignatureBlock, &numSignatures, &hasAdditionalBlock, NULL, &numAdditionalBlocks)) { if (hasSignatureBlock) { printf("Signature block found with %d signature%s\n", numSignatures, numSignatures != 1 ? "s" : ""); } if (hasAdditionalBlock) { printf("%d additional block%s found:\n", numAdditionalBlocks, numAdditionalBlocks != 1 ? "s" : ""); } rv = read_product_info_block(argv[2], &infoBlock); if (!rv) { printf(" - Product Information Block:\n"); printf(" - MAR channel name: %s\n" " - Product version: %s\n", infoBlock.MARChannelID, infoBlock.productVersion); free((void *)infoBlock.MARChannelID); free((void *)infoBlock.productVersion); } } printf("\n"); /* The fall through from 'T' to 't' is intentional */ } case 't': return mar_test(argv[2]); /* Extract a MAR file */ case 'x': return mar_extract(argv[2]); #ifndef NO_SIGN_VERIFY /* Extract a MAR signature */ case 'X': if (sigIndex == -1) { fprintf(stderr, "ERROR: Signature index was not passed.\n"); return -1; } if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) { fprintf(stderr, "ERROR: Signature index is out of range: %d.\n", sigIndex); return -1; } return extract_signature(argv[2], sigIndex, argv[3]); /* Import a MAR signature */ case 'I': if (sigIndex == -1) { fprintf(stderr, "ERROR: signature index was not passed.\n"); return -1; } if (sigIndex >= MAX_SIGNATURES || sigIndex < -1) { fprintf(stderr, "ERROR: Signature index is out of range: %d.\n", sigIndex); return -1; } if (argc < 5) { print_usage(); return -1; } return import_signature(argv[2], sigIndex, argv[3], argv[4]); case 'v': #if defined(XP_WIN) && !defined(MAR_NSS) if (certCount == 0) { print_usage(); return -1; } for (k = 0; k < certCount; ++k) { /* If the mar program was built using CryptoAPI, then read in the buffer containing the cert from disk. */ certFile = CreateFileA(DERFilePaths[k], GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, NULL, OPEN_EXISTING, 0, NULL); if (INVALID_HANDLE_VALUE == certFile) { return -1; } fileSizes[k] = GetFileSize(certFile, NULL); certBuffers[k] = malloc(fileSizes[k]); if (!ReadFile(certFile, certBuffers[k], fileSizes[k], &read, NULL) || fileSizes[k] != read) { CloseHandle(certFile); for (i = 0; i <= k; i++) { free(certBuffers[i]); } return -1; } CloseHandle(certFile); } rv = mar_verify_signatures(argv[2], certBuffers, fileSizes, NULL, certCount); for (k = 0; k < certCount; ++k) { free(certBuffers[k]); } if (rv) { /* Determine if the source MAR file has the new fields for signing */ int hasSignatureBlock; if (get_mar_file_info(argv[2], &hasSignatureBlock, NULL, NULL, NULL, NULL)) { fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n"); } else if (!hasSignatureBlock) { fprintf(stderr, "ERROR: The MAR file is in the old format so has" " no signature to verify.\n"); } return -1; } return 0; #else if (!NSSConfigDir || certCount == 0) { print_usage(); return -1; } if (NSSInitCryptoContext(NSSConfigDir)) { fprintf(stderr, "ERROR: Could not initialize crypto library.\n"); return -1; } return mar_verify_signatures(argv[2], NULL, 0, certNames, certCount); #endif /* defined(XP_WIN) && !defined(MAR_NSS) */ case 's': if (!NSSConfigDir || certCount == 0 || argc < 4) { print_usage(); return -1; } return mar_repackage_and_sign(NSSConfigDir, certNames, certCount, argv[2], argv[3]); case 'r': return strip_signature_block(argv[2], argv[3]); #endif /* endif NO_SIGN_VERIFY disabled */ default: print_usage(); return -1; } return 0; }