Add options to generate detached signatures.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20169 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -71,6 +71,11 @@ command = {
|
|||||||
type = "flag"
|
type = "flag"
|
||||||
help = "wrapped out-data in a ContentInfo"
|
help = "wrapped out-data in a ContentInfo"
|
||||||
}
|
}
|
||||||
|
option = {
|
||||||
|
long = "detached-signature"
|
||||||
|
type = "flag"
|
||||||
|
help = "create a detached signature"
|
||||||
|
}
|
||||||
min_args="2"
|
min_args="2"
|
||||||
max_args="2"
|
max_args="2"
|
||||||
argument="in-file out-file"
|
argument="in-file out-file"
|
||||||
@@ -107,6 +112,11 @@ command = {
|
|||||||
type = "flag"
|
type = "flag"
|
||||||
help = "unwrap in-data that's in a ContentInfo"
|
help = "unwrap in-data that's in a ContentInfo"
|
||||||
}
|
}
|
||||||
|
option = {
|
||||||
|
long = "signed-content"
|
||||||
|
type = "string"
|
||||||
|
help = "file containing content"
|
||||||
|
}
|
||||||
min_args="2"
|
min_args="2"
|
||||||
max_args="2"
|
max_args="2"
|
||||||
argument="in-file out-file"
|
argument="in-file out-file"
|
||||||
|
|||||||
@@ -88,7 +88,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
|
|||||||
{
|
{
|
||||||
hx509_verify_ctx ctx = NULL;
|
hx509_verify_ctx ctx = NULL;
|
||||||
heim_oid type;
|
heim_oid type;
|
||||||
heim_octet_string c, co;
|
heim_octet_string c, co, signeddata, *sd = NULL;
|
||||||
hx509_certs store = NULL;
|
hx509_certs store = NULL;
|
||||||
hx509_certs signers = NULL;
|
hx509_certs signers = NULL;
|
||||||
hx509_certs anchors = NULL;
|
hx509_certs anchors = NULL;
|
||||||
@@ -108,6 +108,13 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
|
|||||||
if (ret)
|
if (ret)
|
||||||
err(1, "map_file: %s: %d", argv[0], ret);
|
err(1, "map_file: %s: %d", argv[0], ret);
|
||||||
|
|
||||||
|
if (opt->signed_content_string) {
|
||||||
|
ret = _hx509_map_file_os(opt->signed_content_string, &signeddata, NULL);
|
||||||
|
if (ret)
|
||||||
|
err(1, "map_file: %s: %d", opt->signed_content_string, ret);
|
||||||
|
sd = &signeddata;
|
||||||
|
}
|
||||||
|
|
||||||
ret = hx509_verify_init_ctx(context, &ctx);
|
ret = hx509_verify_init_ctx(context, &ctx);
|
||||||
|
|
||||||
ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
|
ret = hx509_certs_init(context, "MEMORY:cms-anchors", 0, NULL, &anchors);
|
||||||
@@ -136,7 +143,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
|
|||||||
|
|
||||||
hx509_verify_attach_anchors(ctx, anchors);
|
hx509_verify_attach_anchors(ctx, anchors);
|
||||||
|
|
||||||
ret = hx509_cms_verify_signed(context, ctx, co.data, co.length,
|
ret = hx509_cms_verify_signed(context, ctx, co.data, co.length, sd,
|
||||||
store, &type, &c, &signers);
|
store, &type, &c, &signers);
|
||||||
if (co.data != p)
|
if (co.data != p)
|
||||||
der_free_octet_string(&co);
|
der_free_octet_string(&co);
|
||||||
@@ -167,6 +174,8 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
|
|||||||
|
|
||||||
der_free_octet_string(&c);
|
der_free_octet_string(&c);
|
||||||
_hx509_unmap_file(p, sz);
|
_hx509_unmap_file(p, sz);
|
||||||
|
if (sd)
|
||||||
|
_hx509_unmap_file_os(sd);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -182,7 +191,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
|
|||||||
hx509_cert cert;
|
hx509_cert cert;
|
||||||
size_t sz;
|
size_t sz;
|
||||||
void *p;
|
void *p;
|
||||||
int ret;
|
int ret, flags = 0;
|
||||||
|
|
||||||
contentType = oid_id_pkcs7_data();
|
contentType = oid_id_pkcs7_data();
|
||||||
|
|
||||||
@@ -205,6 +214,9 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
|
|||||||
} else
|
} else
|
||||||
anchors = NULL;
|
anchors = NULL;
|
||||||
|
|
||||||
|
if (opt->detached_signature_flag)
|
||||||
|
flags |= HX509_CMS_SIGATURE_DETACHED;
|
||||||
|
|
||||||
ret = hx509_query_alloc(context, &q);
|
ret = hx509_query_alloc(context, &q);
|
||||||
if (ret)
|
if (ret)
|
||||||
errx(1, "hx509_query_alloc: %d", ret);
|
errx(1, "hx509_query_alloc: %d", ret);
|
||||||
@@ -225,6 +237,7 @@ cms_create_sd(struct cms_create_sd_options *opt, int argc, char **argv)
|
|||||||
err(1, "map_file: %s: %d", argv[0], ret);
|
err(1, "map_file: %s: %d", argv[0], ret);
|
||||||
|
|
||||||
ret = hx509_cms_create_signed_1(context,
|
ret = hx509_cms_create_signed_1(context,
|
||||||
|
flags,
|
||||||
contentType,
|
contentType,
|
||||||
p,
|
p,
|
||||||
sz,
|
sz,
|
||||||
@@ -369,7 +382,7 @@ cms_create_enveloped(struct cms_envelope_options *opt, int argc, char **argv)
|
|||||||
if (ret)
|
if (ret)
|
||||||
errx(1, "hx509_certs_find: %d", ret);
|
errx(1, "hx509_certs_find: %d", ret);
|
||||||
|
|
||||||
ret = hx509_cms_envelope_1(context, cert, p, sz, enctype,
|
ret = hx509_cms_envelope_1(context, 0, cert, p, sz, enctype,
|
||||||
oid_id_pkcs7_data(), &o);
|
oid_id_pkcs7_data(), &o);
|
||||||
if (ret)
|
if (ret)
|
||||||
errx(1, "hx509_cms_envelope_1: %d", ret);
|
errx(1, "hx509_cms_envelope_1: %d", ret);
|
||||||
|
|||||||
Reference in New Issue
Block a user