ssize_t calculate_signature_space(pesign_context *ctx) { int rc; SECItem sig = { 0, }; rc = generate_spc_signed_data(&sig, &ctx->cms_ctx); if (rc < 0) { err: fprintf(stderr, "Could not generate signature.\n"); exit(1); } data_directory *dd = NULL; rc = pe_getdatadir(ctx->outpe, &dd); if (rc < 0) goto err; ssize_t ret = sig.len + dd->certs.size + sizeof(win_certificate) - available_cert_space(ctx); //free(sig.data); return ret; }
/* before you run this, you'll need to enroll your CA with: * certutil -A -n 'my CA' -d /etc/pki/pesign -t CT,CT,CT -i ca.crt * And you'll need to enroll the private key like this: * pk12util -d /etc/pki/pesign/ -i Peter\ Jones.p12 */ int generate_signature(pesign_context *p_ctx, SECItem *newsig) { int rc = 0; cms_context *ctx = &p_ctx->cms_ctx; assert(ctx->pe_digest != NULL); SECItem sd_der; memset(&sd_der, '\0', sizeof(sd_der)); rc = generate_spc_signed_data(&sd_der, ctx); if (rc < 0) { fprintf(stderr, "Could not create signed data: %s\n", PORT_ErrorToString(PORT_GetError())); return -1; } memcpy(newsig, &sd_der, sizeof (*newsig)); return 0; }