diff --git a/enzevalos_iphone/SMIME.swift b/enzevalos_iphone/SMIME.swift index 8fb6d56643d110110921ff9c9955b62121264a85..d4b3bde1b1e13308e3d780da5f2afade15531418 100644 --- a/enzevalos_iphone/SMIME.swift +++ b/enzevalos_iphone/SMIME.swift @@ -86,13 +86,13 @@ P/2pLfs+mwbdVooDtfcfDSHuAP1d50EUHabXG97eRh+brncBjVo1gbGmzdI72XHL let cryptoScheme = CryptoScheme.SMIME func testSMIMEencrypt(){ - let enc = OpenSSL_test_encrypt(test_string, test_key) + let enc = OpenSSL_encrypt(test_string, test_key) if enc != nil{ let encStr = String(cString: enc!) // the pointers point to memory allocatedi in c that needs to be manually dealocated enc?.deallocate() - print("SIFT ENC DONE: ",encStr) - let dec = OpenSSL_test_decrypt(encStr,test_key) + print("SWIFT ENC DONE: ",encStr) + let dec = OpenSSL_decrypt(encStr,test_key) if dec != nil{ let decStr = String(cString: dec!) // same here @@ -108,9 +108,70 @@ P/2pLfs+mwbdVooDtfcfDSHuAP1d50EUHabXG97eRh+brncBjVo1gbGmzdI72XHL { print("Enc failed!") } + + let sig = OpenSSL_sign(test_string, test_key, 0) + if sig != nil{ + let sigStr = String(cString: sig!) + // the pointers point to memory allocatedi in c that needs to be manually dealocated + sig?.deallocate() + print("\nSWIFT SIGN (attached): \n", sigStr) + } + else{ + print("\n SWIFT SIGN1 failed") + } + let sig2 = OpenSSL_sign(test_string, test_key, 1) + if sig2 != nil{ + let sigStr2 = String(cString: sig2!) + // the pointers point to memory allocatedi in c that needs to be manually dealocated + sig2?.deallocate() + print("SWIFT SIGN (dettached): \n", sigStr2) + } + else{ + print("\n SWIFT SIGN2 failed") + } } - + func encrypt_with_pem(message: String,keyasPem: String) -> String? + { + let enc = OpenSSL_encrypt(message,keyasPem) + if enc != nil{ + let encStr = String(cString: enc!) + // the pointers point to memory allocatedi in c that needs to be manually dealocated + enc?.deallocate() + return encStr + } + return nil + + } + + func decrypt_with_pem(message:String, keyasPem:String) -> String? + { + let dec = OpenSSL_decrypt(message,keyasPem) + if dec != nil{ + let decStr = String(cString: dec!) + // same here + dec?.deallocate() + return decStr + } + return nil + } + + func sign_with_pem(message:String, keyasPem:String, detached:Bool) -> String? + { + var detFlag : Int32 = 0 + if detached + { + detFlag = 1 + } + let sig = OpenSSL_sign(message,keyasPem, detFlag) + if sig != nil{ + let sigStr = String(cString: sig!) + // same here + sig?.deallocate() + return sigStr + } + return nil + } } diff --git a/enzevalos_iphone/c/openssl-helpers.c b/enzevalos_iphone/c/openssl-helpers.c index b908ae11d567e72cdd13fe0717a93545aa2867a6..be131c1ff9f2ed654ea014460fd020a57d55a41f 100644 --- a/enzevalos_iphone/c/openssl-helpers.c +++ b/enzevalos_iphone/c/openssl-helpers.c @@ -52,7 +52,7 @@ int print_test(int a) { return 0; } -void * OpenSSL_test_encrypt(const char *text, const char *pem) { +char * OpenSSL_encrypt(const char *text, const char *pem) { // https://github.com/openssl/openssl/blob/master/demos/cms/cms_enc.c OpenSSL_initialize(); char *encrypted = NULL, *tmp=NULL;; @@ -123,7 +123,7 @@ deinit: return (void*) encrypted; } -char* OpenSSL_test_decrypt(const char *str, const char *pem) { +char* OpenSSL_decrypt(const char *str, const char *pem) { OpenSSL_initialize(); char *decrypted = NULL, *tmp=NULL; // https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c @@ -132,7 +132,6 @@ char* OpenSSL_test_decrypt(const char *str, const char *pem) { BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL; // recipient certificate X509 *rec_cert = NULL; - STACK_OF(X509) *cert_stack = NULL; CMS_ContentInfo *cms = NULL; EVP_PKEY *rkey = NULL; @@ -160,9 +159,7 @@ char* OpenSSL_test_decrypt(const char *str, const char *pem) { goto deinit; } - cert_stack = sk_X509_new_null(); - // note that if the stack is initialized correctly, the recipient certificate is pushed as a test cms = SMIME_read_CMS(in, NULL); if (!cms) { @@ -195,3 +192,93 @@ deinit: // CMS_ContentInfo_free(cms); return decrypted; } + +char * OpenSSL_sign(const char *text, const char *pem, const int detached) +{ + OpenSSL_initialize(); + char *mail = NULL, *tmp=NULL; + BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL; + // recipient certificate + X509 *sig_cert = NULL; + STACK_OF(X509) *cert_stack = NULL; + CMS_ContentInfo *cms = NULL; + EVP_PKEY *skey = NULL; + int flags = CMS_STREAM | CMS_PARTIAL; + + if (detached) flags |= CMS_DETACHED; + + + + // rec_cert_bio = BIO_new_file("keys/mykey.pem", "r"); + in = BIO_new_mem_buf(text,(int) strlen(text)); // simpletest + + sig_cert_bio = BIO_new_mem_buf(pem, (int) strlen(pem)); + if (!sig_cert_bio) { + printf("Failed reading mykey.pem!\n"); + goto deinit; + } + + sig_cert = PEM_read_bio_X509(sig_cert_bio, NULL, 0, NULL); + if (!sig_cert ) { + printf("Failed reading pem cert\n"); + goto deinit; + } + + cert_stack = sk_X509_new_null(); + + // note that if the stack is initialized correctly, the recipient certificate is pushed as a test + if (!cert_stack || !sk_X509_push(cert_stack, sig_cert)) { + printf("Failed at push_stack"); + goto deinit; + } + + BIO_reset(sig_cert_bio); + skey = PEM_read_bio_PrivateKey(sig_cert_bio, NULL, 0, NULL); + + if (!skey) { + printf("Failed reading pem key\n"); + goto deinit; + } + + + cms = CMS_sign(NULL, NULL, NULL, in, flags); + if (!cms) + { + printf("Failed at signstart: %s", ERR_func_error_string(ERR_get_error())); + goto deinit; + } + + if (!CMS_add1_signer(cms, sig_cert, skey, EVP_sha256(), flags)) + { + printf("Failed at signaddsigner: %s", ERR_func_error_string(ERR_get_error())); + goto deinit; + } + + out = BIO_new(BIO_s_mem()); + + if (!SMIME_write_CMS(out,cms,in,flags)) + { + printf("Failed at SMIME_WRITE"); + goto deinit; + } + + // For testing + + long size = BIO_get_mem_data(out, &tmp); + mail= (char *) malloc(size+1); + mail[size]=0;//To Nullterminate the string + + memcpy(mail,tmp,size); + + + + deinit: + BIO_free(in); + BIO_free(out); //also frees tmp + BIO_free(sig_cert_bio); + + sk_X509_pop_free(cert_stack, X509_free); + + OpenSSL_deinitialize(); + return mail; +} diff --git a/enzevalos_iphone/c/openssl-helpers.h b/enzevalos_iphone/c/openssl-helpers.h index 7c2e57d2fbbf14cd202d1fe4e95cbf6276b6c0cc..308234ba2003ff92146d3afacc8ad0e93ab97dc3 100644 --- a/enzevalos_iphone/c/openssl-helpers.h +++ b/enzevalos_iphone/c/openssl-helpers.h @@ -26,8 +26,9 @@ STACK_OF(X509)* create_stack_x509(X509 *arr, int len); X509* stack_to_array(STACK_OF(X509) *stack); void OpenSSL_print_ver(void); // (de)init function makes initialization less cryptic -void * OpenSSL_test_encrypt(const char *text, const char *pem); -char* OpenSSL_test_decrypt(const char *str, const char *pem); +char * OpenSSL_encrypt(const char *text, const char *pem); +char * OpenSSL_decrypt(const char *str, const char *pem); +char * OpenSSL_sign(const char *text, const char *pem, const int detached); int print_test(int); diff --git a/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h b/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h index 770c5d140793bcc1a20bc78ec8361454db08ff01..fc62b8f0fdef71a599697e59d9e7dbeeef08908a 100644 --- a/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h +++ b/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h @@ -26,7 +26,7 @@ #import <GTMAppAuth/GTMAppAuth.h> #import <GTMSessionFetcher/GTMSessionFetcher.h> #import "OAuth/EmailHelper.h" -#import "openssl-helpers.h" +#import "c/openssl-helpers.h" #import <openssl/pem.h> #import <openssl/cms.h> #import <openssl/err.h>