int check_fmhdr(char *b, ssize_t len) {
if (gV > 1) puts("check_fmhdr");
MD5_CTX context;
frm_t *buf = (frm_t *) b;
unsigned char cmp_digest[0x10] = {0}, hdr_digest[0x10];
unsigned char cmp_signature[0x20] = {0}, hdr_signature[0x20];
unsigned char cmp_randseq[0x10] = {0}, hdr_randseq[0x10];
memcpy(hdr_signature, buf->h.fm_signature, sizeof(hdr_signature));
memset(buf->h.fm_signature, 0, 0x20);
memcpy(hdr_digest, buf->h.fm_digest, sizeof(hdr_digest));
memset(buf->h.fm_digest, 0, 0x10);
MD5_Init(&context); // Compute hash
MD5_Update(&context, buf, len);
MD5_Final(cmp_digest, &context);
memcpy(hdr_randseq, buf->h.fm_randseq, sizeof(hdr_randseq));
memset(buf->h.fm_randseq, 0, sizeof(buf->h.fm_randseq));
nsdigest(cmp_randseq, (char *)buf, len); // Compute digest
memcpy(buf->h.fm_randseq, cmp_randseq, sizeof(buf->h.fm_randseq));
memcpy(buf->h.fm_digest, cmp_digest, sizeof(buf->h.fm_digest));
memcpy(buf->h.fm_signature, cmp_signature, sizeof(buf->h.fm_signature));
if (memcmp(cmp_digest, hdr_digest, sizeof(hdr_digest))) {
puts("Header digest error");
print_digest(cmp_digest); print_digest(hdr_digest);
return -1;
}
if (memcmp(cmp_randseq, hdr_randseq, sizeof(hdr_randseq))) {
puts("Header randseq error");
print_digest_x(cmp_randseq, 0x20); print_digest_x(hdr_randseq, 0x20);
return -1;
}
puts ("Header OK!");
return 0;
}
static void verify(const char *input, const unsigned char *expected)
{
MD5_CTX context;
unsigned char digest[16];
unsigned int len = strlen(input);
MD5Init(&context);
MD5Update(&context,(unsigned char *) input, len);
MD5Final(digest, &context);
printf("MD5(\"%s\") = ", input);
print_digest(digest);
if(memcmp(digest, expected, sizeof(digest)) != 0)
printf(" FAIL!");
printf("\n");
}
int
sha_256_bc_json(char* file_name, FILE* file, off_t size)
{
int result =-1;
uint32 digest[16];
unsigned char* json =NULL;
uint8* block =NULL;
uint32 block_digest[8];
json = calloc(size+1, sizeof(unsigned char));
if (json == NULL)
{
fprintf(stderr, "Unable to allocate memory for json file %s.\n", file_name);
goto exit;
}
block = calloc(128, sizeof(uint8));
if (block == NULL)
{
fprintf(stderr, "Unable to allocate memory for block header.\n");
goto exit;
}
size_t len = read_file(file, json, size);
if (len != size)
{
fprintf(stderr, "Failure reading file %s.\n", file_name);
goto exit;
}
result = parse_bitcoin_block(json, len, (block_header*) block);
if (args.m) {
mine_bit_coin_block((block_header*) block, args.s, args.e);
}
else {
process_bit_coin_block_inline((block_header*) block, block_digest);
print_digest(block_digest, args.x);
}
result = 0;
exit:
if (json) free(json);
if (block) free(block);
return result;
}
static rc_t perform_qtest( const KFile *f, const char * filename,
const uint64_t pos, const uint64_t count,
const size_t queue_size, const size_t block_size,
const size_t chunk_size )
{
const KFile * qf;
rc_t rc = KQueueFileMakeRead ( &qf, pos, f, queue_size, block_size, 0 );
if ( rc != 0 )
{
OUTMSG(( "KQueueFileMakeRead( '%s' ) failed: %R\n", filename, rc ));
}
else
{
uint8_t digest [ 16 ];
rc = read_loop( qf, pos, count, chunk_size, digest );
KFileRelease( qf );
print_digest( digest );
}
return rc;
}
void
mine_bit_coin_block(block_header* block, unsigned int start, unsigned int end)
{
uint32 mined_block[32];
uint32 mined_block_digest[8];
block_header* mined_header = (block_header*) mined_block;
uint8 digest[64];
end &= 0x00000000FFFFFFFFUL;
for(long i=start; i < end; i++)
{
block->nonce = i;
memcpy(mined_block, block, sizeof(block_header));
process_bit_coin_block_inline((block_header*) mined_block, mined_block_digest);
if (less_then_bits((uint8*) mined_block_digest, 32))
{
printf("nonce=%lu\t", i);
print_digest(mined_block_digest, true);
}
}
}
// this doesn't work yet
void
mine_bit_coin_block(block_header* block, unsigned int start, unsigned int end)
{
uint32 mined_block[16];
uint32 mined_block_digest[8];
block_header* mined_header = (block_header*) mined_block;
uint8 digest[64];
memcpy(block, mined_block, sizeof(block_header));
prime_final_block((uint8*) mined_block, 2, 0, sizeof(block_header));
prime_final_block(digest, 1, 0, 32);
end &= 0x00000000FFFFFFFFUL;
for(long i=start; i < end; i++)
{
mined_header->nonce = (unsigned int) i;
sha_256_hash(mined_block, 2, (uint32*) digest); // LAMb: This can be optimized to make one call to hash loop
sha_256_hash((uint32*) digest, 1, mined_block_digest);
reverse_bytes((unsigned char*) mined_block_digest, 32);
printf("nonce=%lu\t", i);
print_digest(mined_block_digest, true);
}
}
int main(int argc, char **argv)
{
int i;
MD5_CTX c;
unsigned char md[MD5_DIGEST_LENGTH];
if (argc == 1)
{
printf("no arguement");
}
else
{
for (i = 1; i < argc;i++)
{
int len = strlen(argv[i]);
MD5_Init(&c);
MD5_Update(&c, argv[i],(unsigned long)len);
MD5_Final(&(md[0]),&c);
print_digest(md);
}
}
return 0;
}
/* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte
blocks.
*/
static void time_trial(void)
{
MD5_CTX context;
uint32 endTime, startTime;
unsigned char block[TEST_BLOCK_LEN], digest[16];
unsigned int i;
printf
("MD5 time trial. Digesting %d %d-byte blocks ...",
TEST_BLOCK_LEN, TEST_BLOCK_COUNT);
/* Initialize block */
for(i = 0; i < TEST_BLOCK_LEN; i++)
block[i] =(unsigned char)(i & 0xff);
/* Start timer */
startTime = VmGetClock();
/* Digest blocks */
MD5Init(&context);
for(i = 0; i < TEST_BLOCK_COUNT; i++)
MD5Update(&context, block, TEST_BLOCK_LEN);
MD5Final(digest, &context);
/* Stop timer */
endTime = VmGetClock();
printf(" done\n");
printf("Digest = ");
print_digest(digest);
printf("\nTime = %ld ms\n",(long)(endTime-startTime));
printf
("Speed = %ld bytes/second\n",
(long)TEST_BLOCK_LEN *(long)TEST_BLOCK_COUNT *(long) 1000/(endTime-startTime));
}
int
sha_256_file(char* file_name, FILE* file, off_t size)
{
int result =-1;
uint32 digest[8];
// Initialize 512 bit blocks for processing
uint32 num_blocks = (size / BLOCK_SIZE_BYTES) + (size % BLOCK_SIZE_BYTES == 0 ? 0 : 1);
uint32 num_pad_blocks = BLOCK_SIZE_BITS - ((size << 3) % BLOCK_SIZE_BITS) < PAD_SIZE_BITS ? 1 : 0; // loosing some precision here
uint32* blocks = (uint32*) calloc(num_blocks + num_pad_blocks, BLOCK_SIZE_BYTES);
if (blocks == NULL)
{
fprintf(stderr, "Unable to allocate memory for blocks from file %s.\n", file_name);
goto exit;
}
// Load up block data
size_t total_bytes = read_file(file, (unsigned char*)blocks, size);
if (total_bytes != size)
{
fprintf(stderr, "Unable to read entire file %s.\n", file_name);
goto exit;
}
// Set up final block
prime_final_block((uint8*) blocks, num_blocks, num_pad_blocks, size);
// Calculate and print the sha-256 digest of the incoming data
sha_256_hash(blocks, num_blocks + num_pad_blocks, digest);
print_digest(digest, args.x);
result = 0;
exit:
if (blocks) free(blocks);
return result;
}
int
main(int argc, char *argv[])
{
int rc;
pesign_context ctx, *ctxp = &ctx;
int list = 0;
int remove = 0;
char *digest_name = "sha256";
poptContext optCon;
struct poptOption options[] = {
{NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" },
{"in", 'i', POPT_ARG_STRING, &ctx.infile, 0,
"specify input file", "<infile>"},
{"out", 'o', POPT_ARG_STRING, &ctx.outfile, 0,
"specify output file", "<outfile>" },
{"certficate", 'c', POPT_ARG_STRING, &ctx.cms_ctx.certname, 0,
"specify certificate nickname",
"<certificate nickname>" },
{"privkey", 'p', POPT_ARG_STRING, &ctx.privkeyfile, 0,
"specify private key file", "<privkey>" },
{"force", 'f', POPT_ARG_VAL, &ctx.force, 1,
"force overwriting of output file", NULL },
{"nogaps", 'n',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.hashgaps, 0,
"skip gaps between sections when signing", NULL },
{"sign", 's', POPT_ARG_VAL, &ctx.sign, 1,
"create a new signature", NULL },
{"hash", 'h', POPT_ARG_VAL, &ctx.hash, 1, "hash binary", NULL },
{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&digest_name, 0, "digest type to use for pe hash" },
{"import-signature", 'm',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.insig, 0,"import signature from file", "<insig>" },
{"signature-number", 'u', POPT_ARG_INT, &ctx.signum, -1,
"specify which signature to operate on","<sig-number>"},
{"list-signatures", 'l',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
&list, 1, "list signatures", NULL },
{"show-signature", 'S', POPT_ARG_VAL, &list, 1,
"show signature", NULL },
{"remove-signature", 'r', POPT_ARG_VAL, &remove, 1,
"remove signature" },
{"export-signature", 'e',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctx.outsig, 0,"export signature to file", "<outsig>" },
{"export-pubkey", 'K', POPT_ARG_STRING,
&ctx.outkey, 0, "export pubkey to file", "<outkey>" },
{"export-cert", 'C', POPT_ARG_STRING,
&ctx.outcert, 0, "export signing cert to file",
"<outcert>" },
{"ascii-armor", 'a', POPT_ARG_VAL, &ctx.ascii, 1,
"use ascii armoring", NULL },
POPT_AUTOALIAS
POPT_AUTOHELP
POPT_TABLEEND
};
rc = pesign_context_init(ctxp);
if (rc < 0) {
fprintf(stderr, "Could not initialize context: %m\n");
exit(1);
}
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
while ((rc = poptGetNextOpt(optCon)) > 0)
;
if (rc < -1) {
fprintf(stderr, "pesign: Invalid argument: %s: %s\n",
poptBadOption(optCon, 0), poptStrerror(rc));
exit(1);
}
if (poptPeekArg(optCon)) {
fprintf(stderr, "pesign: Invalid Argument: \"%s\"\n",
poptPeekArg(optCon));
exit(1);
}
poptFreeContext(optCon);
rc = set_digest_parameters(&ctx.cms_ctx, digest_name);
int is_help = strcmp(digest_name, "help") ? 0 : 1;
if (rc < 0) {
if (!is_help) {
fprintf(stderr, "Digest \"%s\" not found.\n",
digest_name);
}
exit(!is_help);
}
int action = 0;
if (ctx.insig)
action |= IMPORT_SIGNATURE;
if (ctx.outkey)
action |= EXPORT_PUBKEY;
if (ctx.outcert)
action |= EXPORT_CERT;
if (ctx.outsig)
action |= EXPORT_SIGNATURE;
if (remove != 0)
action |= REMOVE_SIGNATURE;
if (list != 0)
action |= LIST_SIGNATURES;
if (ctx.sign) {
action |= GENERATE_SIGNATURE;
if (!(action & EXPORT_SIGNATURE))
action |= IMPORT_SIGNATURE;
}
if (ctx.hash)
action |= GENERATE_DIGEST|PRINT_DIGEST;
SECItem newsig;
switch (action) {
case NO_FLAGS:
fprintf(stderr, "pesign: Nothing to do.\n");
exit(0);
break;
/* add a signature from a file */
case IMPORT_SIGNATURE:
check_inputs(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
open_sig_input(ctxp);
import_signature(ctxp);
close_sig_input(ctxp);
close_output(ctxp);
break;
case EXPORT_PUBKEY:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_pubkey_output(ctxp);
export_pubkey(ctxp);
break;
case EXPORT_CERT:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_cert_output(ctxp);
export_cert(ctxp);
break;
/* find a signature in the binary and save it to a file */
case EXPORT_SIGNATURE:
open_input(ctxp);
open_sig_output(ctxp);
if (ctx.signum > ctx.cms_ctx.num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
SECItem *sig = ctx.cms_ctx.signatures[ctx.signum];
export_signature(ctxp, sig);
close_input(ctxp);
close_sig_output(ctxp);
break;
/* remove a signature from the binary */
case REMOVE_SIGNATURE:
check_inputs(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
if (ctx.signum > ctx.cms_ctx.num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
remove_signature(&ctx);
close_output(ctxp);
break;
/* list signatures in the binary */
case LIST_SIGNATURES:
open_input(ctxp);
list_signatures(ctxp);
break;
case GENERATE_DIGEST|PRINT_DIGEST:
open_input(ctxp);
generate_digest(ctxp, ctx.inpe);
print_digest(ctxp);
break;
/* generate a signature and save it in a separate file */
case EXPORT_SIGNATURE|GENERATE_SIGNATURE:
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_input(ctxp);
open_sig_output(ctxp);
generate_digest(ctxp, ctx.inpe);
generate_signature(ctxp, &newsig);
export_signature(ctxp, &newsig);
break;
/* generate a signature and embed it in the binary */
case IMPORT_SIGNATURE|GENERATE_SIGNATURE:
check_inputs(ctxp);
rc = find_certificate(&ctx.cms_ctx);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctx.cms_ctx.certname);
exit(1);
}
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
generate_digest(ctxp, ctx.outpe);
generate_signature(ctxp, &newsig);
insert_signature(ctxp, &newsig);
close_output(ctxp);
break;
default:
fprintf(stderr, "Incompatible flags (0x%08x): ", action);
for (int i = 1; i < FLAG_LIST_END; i <<= 1) {
if (action & i)
print_flag_name(stderr, i);
}
fprintf(stderr, "\n");
exit(1);
}
pesign_context_fini(&ctx);
return (rc < 0);
}
int
main(int argc, char *argv[])
{
int rc;
pesign_context *ctxp;
int list = 0;
int remove = 0;
int daemon = 0;
int fork = 1;
int padding = 0;
int need_db = 0;
char *digest_name = "sha256";
char *tokenname = "NSS Certificate DB";
char *origtoken = tokenname;
char *certname = NULL;
char *certdir = "/etc/pki/pesign";
char *signum = NULL;
rc = pesign_context_new(&ctxp);
if (rc < 0) {
fprintf(stderr, "Could not initialize context: %m\n");
exit(1);
}
poptContext optCon;
struct poptOption options[] = {
{NULL, '\0', POPT_ARG_INTL_DOMAIN, "pesign" },
{"in", 'i', POPT_ARG_STRING, &ctxp->infile, 0,
"specify input file", "<infile>"},
{"out", 'o', POPT_ARG_STRING, &ctxp->outfile, 0,
"specify output file", "<outfile>" },
{"certficate", 'c', POPT_ARG_STRING, &certname, 0,
"specify certificate nickname",
"<certificate nickname>" },
{"certdir", 'n', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&certdir, 0,
"specify nss certificate database directory",
"<certificate directory path>" },
{"force", 'f', POPT_ARG_VAL, &ctxp->force, 1,
"force overwriting of output file", NULL },
{"sign", 's', POPT_ARG_VAL, &ctxp->sign, 1,
"create a new signature", NULL },
{"hash", 'h', POPT_ARG_VAL, &ctxp->hash, 1,
"hash binary", NULL },
{"digest_type", 'd', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&digest_name, 0, "digest type to use for pe hash" },
{"import-signed-certificate", 'm',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctxp->insig, 0,"import signature from file", "<insig>" },
{"export-signed-attributes", 'E',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctxp->outsattrs, 0, "export signed attributes to file",
"<signed_attributes_file>" },
{"import-signed-attributes", 'I',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctxp->insattrs, 0,
"import signed attributes from file",
"<signed_attributes_file>" },
{"import-raw-signature", 'R',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN, &ctxp->rawsig,
0, "import raw signature from file", "<inraw>" },
{"signature-number", 'u', POPT_ARG_STRING, &signum, 0,
"specify which signature to operate on","<sig-number>"},
{"list-signatures", 'l',
POPT_ARG_VAL|POPT_ARGFLAG_DOC_HIDDEN,
&list, 1, "list signatures", NULL },
{"nss-token", 't', POPT_ARG_STRING|POPT_ARGFLAG_SHOW_DEFAULT,
&tokenname, 0, "NSS token holding signing key" },
{"show-signature", 'S', POPT_ARG_VAL, &list, 1,
"show signature", NULL },
{"remove-signature", 'r', POPT_ARG_VAL, &remove, 1,
"remove signature" },
{"export-signature", 'e',
POPT_ARG_STRING|POPT_ARGFLAG_DOC_HIDDEN,
&ctxp->outsig, 0,
"export signature to file", "<outsig>" },
{"export-pubkey", 'K', POPT_ARG_STRING,
&ctxp->outkey, 0, "export pubkey to file", "<outkey>" },
{"export-cert", 'C', POPT_ARG_STRING,
&ctxp->outcert, 0, "export signing cert to file",
"<outcert>" },
{"ascii-armor", 'a', POPT_ARG_VAL, &ctxp->ascii, 1,
"use ascii armoring", NULL },
{"daemonize", 'D', POPT_ARG_VAL, &daemon, 1,
"run as a daemon process", NULL },
{"nofork", 'N', POPT_ARG_VAL, &fork, 0,
"don't fork when daemonizing", NULL },
{"verbose", 'v', POPT_ARG_VAL, &ctxp->verbose, 1,
"be very verbose", NULL },
{"padding", 'P', POPT_ARG_VAL,
&padding, 1, "pad data section", NULL },
POPT_AUTOALIAS
POPT_AUTOHELP
POPT_TABLEEND
};
optCon = poptGetContext("pesign", argc, (const char **)argv, options,0);
rc = poptReadDefaultConfig(optCon, 0);
if (rc < 0 && !(rc == POPT_ERROR_ERRNO && errno == ENOENT)) {
fprintf(stderr, "pesign: poptReadDefaultConfig failed: %s\n",
poptStrerror(rc));
exit(1);
}
while ((rc = poptGetNextOpt(optCon)) > 0)
;
if (rc < -1) {
fprintf(stderr, "pesign: Invalid argument: %s: %s\n",
poptBadOption(optCon, 0), poptStrerror(rc));
exit(1);
}
if (poptPeekArg(optCon)) {
fprintf(stderr, "pesign: Invalid Argument: \"%s\"\n",
poptPeekArg(optCon));
exit(1);
}
poptFreeContext(optCon);
if (signum) {
errno = 0;
ctxp->signum = strtol(signum, NULL, 0);
if (errno != 0) {
fprintf(stderr, "invalid signature number: %m\n");
exit(1);
}
}
int action = 0;
if (daemon)
action |= DAEMONIZE;
if (ctxp->rawsig) {
action |= IMPORT_RAW_SIGNATURE;
need_db = 1;
}
if (ctxp->insattrs)
action |= IMPORT_SATTRS;
if (ctxp->outsattrs)
action |= EXPORT_SATTRS;
if (ctxp->insig)
action |= IMPORT_SIGNATURE;
if (ctxp->outkey) {
action |= EXPORT_PUBKEY;
need_db = 1;
}
if (ctxp->outcert) {
action |= EXPORT_CERT;
need_db = 1;
}
if (ctxp->outsig)
action |= EXPORT_SIGNATURE;
if (remove != 0)
action |= REMOVE_SIGNATURE;
if (list != 0)
action |= LIST_SIGNATURES;
if (ctxp->sign) {
action |= GENERATE_SIGNATURE;
if (!(action & EXPORT_SIGNATURE))
action |= IMPORT_SIGNATURE;
need_db = 1;
}
if (ctxp->hash)
action |= GENERATE_DIGEST|PRINT_DIGEST;
if (!daemon) {
SECStatus status;
if (need_db)
status = NSS_Init(certdir);
else
status = NSS_NoDB_Init(NULL);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
exit(1);
}
status = register_oids(ctxp->cms_ctx);
if (status != SECSuccess) {
fprintf(stderr, "Could not register OIDs\n");
exit(1);
}
}
rc = set_digest_parameters(ctxp->cms_ctx, digest_name);
int is_help = strcmp(digest_name, "help") ? 0 : 1;
if (rc < 0) {
if (!is_help) {
fprintf(stderr, "Digest \"%s\" not found.\n",
digest_name);
}
exit(!is_help);
}
ctxp->cms_ctx->tokenname = tokenname ?
PORT_ArenaStrdup(ctxp->cms_ctx->arena, tokenname) : NULL;
if (tokenname && !ctxp->cms_ctx->tokenname) {
fprintf(stderr, "could not allocate token name: %s\n",
PORT_ErrorToString(PORT_GetError()));
exit(1);
}
if (tokenname != origtoken)
free(tokenname);
ctxp->cms_ctx->certname = certname ?
PORT_ArenaStrdup(ctxp->cms_ctx->arena, certname) : NULL;
if (certname && !ctxp->cms_ctx->certname) {
fprintf(stderr, "could not allocate certificate name: %s\n",
PORT_ErrorToString(PORT_GetError()));
exit(1);
}
if (certname)
free(certname);
if (ctxp->sign) {
if (!ctxp->cms_ctx->certname) {
fprintf(stderr, "pesign: signing requested but no "
"certificate nickname provided\n");
exit(1);
}
}
ssize_t sigspace = 0;
switch (action) {
case NO_FLAGS:
fprintf(stderr, "pesign: Nothing to do.\n");
exit(0);
break;
/* in this case we have the actual binary signature and the
* signing cert, but not the pkcs7ish certificate that goes
* with it.
*/
case IMPORT_RAW_SIGNATURE|IMPORT_SATTRS:
check_inputs(ctxp);
rc = find_certificate(ctxp->cms_ctx, 0);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctxp->cms_ctx->certname);
exit(1);
}
open_rawsig_input(ctxp);
open_sattr_input(ctxp);
import_raw_signature(ctxp);
close_sattr_input(ctxp);
close_rawsig_input(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
generate_digest(ctxp->cms_ctx, ctxp->outpe, 1);
sigspace = calculate_signature_space(ctxp->cms_ctx,
ctxp->outpe);
allocate_signature_space(ctxp->outpe, sigspace);
generate_signature(ctxp->cms_ctx);
insert_signature(ctxp->cms_ctx, ctxp->signum);
close_output(ctxp);
break;
case EXPORT_SATTRS:
open_input(ctxp);
open_sattr_output(ctxp);
generate_digest(ctxp->cms_ctx, ctxp->inpe, 1);
generate_sattr_blob(ctxp);
close_sattr_output(ctxp);
close_input(ctxp);
break;
/* add a signature from a file */
case IMPORT_SIGNATURE:
check_inputs(ctxp);
if (ctxp->signum > ctxp->cms_ctx->num_signatures + 1) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
open_sig_input(ctxp);
parse_signature(ctxp);
sigspace = get_sigspace_extend_amount(ctxp->cms_ctx,
ctxp->outpe, &ctxp->cms_ctx->newsig);
allocate_signature_space(ctxp->outpe, sigspace);
check_signature_space(ctxp);
insert_signature(ctxp->cms_ctx, ctxp->signum);
close_sig_input(ctxp);
close_output(ctxp);
break;
case EXPORT_PUBKEY:
rc = find_certificate(ctxp->cms_ctx, 1);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctxp->cms_ctx->certname);
exit(1);
}
open_pubkey_output(ctxp);
export_pubkey(ctxp);
break;
case EXPORT_CERT:
rc = find_certificate(ctxp->cms_ctx, 0);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctxp->cms_ctx->certname);
exit(1);
}
open_cert_output(ctxp);
export_cert(ctxp);
break;
/* find a signature in the binary and save it to a file */
case EXPORT_SIGNATURE:
open_input(ctxp);
open_sig_output(ctxp);
if (ctxp->signum > ctxp->cms_ctx->num_signatures) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
if (ctxp->signum < 0)
ctxp->signum = 0;
if (ctxp->signum >= ctxp->cms_ctx->num_signatures) {
fprintf(stderr, "No valid signature #%d.\n",
ctxp->signum);
exit(1);
}
memcpy(&ctxp->cms_ctx->newsig,
ctxp->cms_ctx->signatures[ctxp->signum],
sizeof (ctxp->cms_ctx->newsig));
export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
close_input(ctxp);
close_sig_output(ctxp);
memset(&ctxp->cms_ctx->newsig, '\0',
sizeof (ctxp->cms_ctx->newsig));
break;
/* remove a signature from the binary */
case REMOVE_SIGNATURE:
check_inputs(ctxp);
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
if (ctxp->signum < 0 ||
ctxp->signum >=
ctxp->cms_ctx->num_signatures) {
fprintf(stderr, "Invalid signature number %d. "
"Must be between 0 and %d.\n",
ctxp->signum,
ctxp->cms_ctx->num_signatures - 1);
exit(1);
}
remove_signature(ctxp);
close_output(ctxp);
break;
/* list signatures in the binary */
case LIST_SIGNATURES:
open_input(ctxp);
list_signatures(ctxp);
break;
case GENERATE_DIGEST|PRINT_DIGEST:
open_input(ctxp);
generate_digest(ctxp->cms_ctx, ctxp->inpe, padding);
print_digest(ctxp);
break;
/* generate a signature and save it in a separate file */
case EXPORT_SIGNATURE|GENERATE_SIGNATURE:
rc = find_certificate(ctxp->cms_ctx, 1);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctxp->cms_ctx->certname);
exit(1);
}
open_input(ctxp);
open_sig_output(ctxp);
generate_digest(ctxp->cms_ctx, ctxp->inpe, 1);
generate_signature(ctxp->cms_ctx);
export_signature(ctxp->cms_ctx, ctxp->outsigfd, ctxp->ascii);
break;
/* generate a signature and embed it in the binary */
case IMPORT_SIGNATURE|GENERATE_SIGNATURE:
check_inputs(ctxp);
rc = find_certificate(ctxp->cms_ctx, 1);
if (rc < 0) {
fprintf(stderr, "pesign: Could not find "
"certificate %s\n",
ctxp->cms_ctx->certname);
exit(1);
}
if (ctxp->signum > ctxp->cms_ctx->num_signatures + 1) {
fprintf(stderr, "Invalid signature number.\n");
exit(1);
}
open_input(ctxp);
open_output(ctxp);
close_input(ctxp);
generate_digest(ctxp->cms_ctx, ctxp->outpe, 1);
sigspace = calculate_signature_space(ctxp->cms_ctx,
ctxp->outpe);
allocate_signature_space(ctxp->outpe, sigspace);
generate_digest(ctxp->cms_ctx, ctxp->outpe, 1);
generate_signature(ctxp->cms_ctx);
insert_signature(ctxp->cms_ctx, ctxp->signum);
close_output(ctxp);
break;
case DAEMONIZE:
rc = daemonize(ctxp->cms_ctx, certdir, fork);
break;
default:
fprintf(stderr, "Incompatible flags (0x%08x): ", action);
for (int i = 1; i < FLAG_LIST_END; i <<= 1) {
if (action & i)
print_flag_name(stderr, i);
}
fprintf(stderr, "\n");
exit(1);
}
pesign_context_free(ctxp);
if (!daemon) {
SECStatus status = NSS_Shutdown();
if (status != SECSuccess) {
fprintf(stderr, "could not shut down NSS: %s",
PORT_ErrorToString(PORT_GetError()));
exit(1);
}
}
return (rc < 0);
}
void
main(int argc, char **argv)
{
int opt, rc = 0;
int check = 0;
FILE *fp;
unsigned char digest[16];
progname = *argv;
while ((opt = getopt(argc, argv, "cbvp:h")) != EOF) {
switch (opt) {
case 'c': check = 1; break;
case 'v': verbose = 1; break;
case 'b': bin_mode = 1; break;
default: usage();
}
}
argc -= optind;
argv += optind;
if (check) {
switch (argc) {
case 0: fp = stdin; break;
case 1: if ((fp = fopen(*argv, FOPRTXT)) == NULL) {
perror(*argv);
exit(2);
}
break;
default: usage();
}
exit(do_check(fp));
}
if (argc == 0) {
if (mdfile(stdin, digest)) {
fprintf(stderr, "%s: read error on stdin\n", progname);
exit(2);
}
print_digest(digest);
printf("\n");
exit(0);
}
for ( ; argc > 0; --argc, ++argv) {
if (bin_mode)
fp = fopen(*argv, FOPRBIN);
else
fp = fopen(*argv, FOPRTXT);
if (fp == NULL) {
perror(*argv);
rc = 2;
continue;
}
if (mdfile(fp, digest)) {
fprintf(stderr, "%s: error reading %s\n", progname, *argv);
rc = 2;
} else {
print_digest(digest);
printf(" %c%s\n", bin_mode ? '*' : ' ', *argv);
}
fclose(fp);
}
exit(rc);
}
int
main(int argc, char **argv) {
isc_sha1_t sha1;
isc_sha224_t sha224;
isc_md5_t md5;
isc_hmacmd5_t hmacmd5;
isc_hmacsha1_t hmacsha1;
isc_hmacsha224_t hmacsha224;
isc_hmacsha256_t hmacsha256;
isc_hmacsha384_t hmacsha384;
isc_hmacsha512_t hmacsha512;
unsigned char digest[ISC_SHA512_DIGESTLENGTH];
unsigned char buffer[1024];
const char *s;
unsigned char key[20];
UNUSED(argc);
UNUSED(argv);
s = "abc";
isc_sha1_init(&sha1);
memcpy(buffer, s, strlen(s));
isc_sha1_update(&sha1, buffer, strlen(s));
isc_sha1_final(&sha1, digest);
print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
isc_sha1_init(&sha1);
memcpy(buffer, s, strlen(s));
isc_sha1_update(&sha1, buffer, strlen(s));
isc_sha1_final(&sha1, digest);
print_digest(s, "sha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "abc";
isc_sha224_init(&sha224);
memcpy(buffer, s, strlen(s));
isc_sha224_update(&sha224, buffer, strlen(s));
isc_sha224_final(digest, &sha224);
print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
isc_sha224_init(&sha224);
memcpy(buffer, s, strlen(s));
isc_sha224_update(&sha224, buffer, strlen(s));
isc_sha224_final(digest, &sha224);
print_digest(s, "sha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "abc";
isc_md5_init(&md5);
memcpy(buffer, s, strlen(s));
isc_md5_update(&md5, buffer, strlen(s));
isc_md5_final(&md5, digest);
print_digest(s, "md5", digest, 4);
/*
* The 3 HMAC-MD5 examples from RFC2104
*/
s = "Hi There";
memset(key, 0x0b, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memcpy(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacmd5_init(&hmacmd5, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 16);
isc_hmacmd5_init(&hmacmd5, key, 16);
memcpy(buffer, s, strlen(s));
isc_hmacmd5_update(&hmacmd5, buffer, strlen(s));
isc_hmacmd5_sign(&hmacmd5, digest);
print_digest(s, "hmacmd5", digest, 4);
/*
* The 3 HMAC-SHA1 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha1_init(&hmacsha1, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha1_init(&hmacsha1, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha1_update(&hmacsha1, buffer, strlen(s));
isc_hmacsha1_sign(&hmacsha1, digest, ISC_SHA1_DIGESTLENGTH);
print_digest(s, "hmacsha1", digest, ISC_SHA1_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA224 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha224_init(&hmacsha224, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha224_init(&hmacsha224, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha224_update(&hmacsha224, buffer, strlen(s));
isc_hmacsha224_sign(&hmacsha224, digest, ISC_SHA224_DIGESTLENGTH);
print_digest(s, "hmacsha224", digest, ISC_SHA224_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA256 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha256_init(&hmacsha256, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha256_init(&hmacsha256, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha256_update(&hmacsha256, buffer, strlen(s));
isc_hmacsha256_sign(&hmacsha256, digest, ISC_SHA256_DIGESTLENGTH);
print_digest(s, "hmacsha256", digest, ISC_SHA256_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA384 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha384_init(&hmacsha384, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha384_init(&hmacsha384, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha384_update(&hmacsha384, buffer, strlen(s));
isc_hmacsha384_sign(&hmacsha384, digest, ISC_SHA384_DIGESTLENGTH);
print_digest(s, "hmacsha384", digest, ISC_SHA384_DIGESTLENGTH/4);
/*
* The 3 HMAC-SHA512 examples from RFC4634.
*/
s = "Hi There";
memset(key, 0x0b, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "what do ya want for nothing?";
strcpy((char *)key, "Jefe");
isc_hmacsha512_init(&hmacsha512, key, 4);
memcpy(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
s = "\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335"
"\335\335\335\335\335\335\335\335\335\335";
memset(key, 0xaa, 20);
isc_hmacsha512_init(&hmacsha512, key, 20);
memcpy(buffer, s, strlen(s));
isc_hmacsha512_update(&hmacsha512, buffer, strlen(s));
isc_hmacsha512_sign(&hmacsha512, digest, ISC_SHA512_DIGESTLENGTH);
print_digest(s, "hmacsha512", digest, ISC_SHA512_DIGESTLENGTH/4);
return (0);
}
