diff --git a/enzevalos_iphone/SMIME.swift b/enzevalos_iphone/SMIME.swift
index 8fb6d56643d110110921ff9c9955b62121264a85..d4b3bde1b1e13308e3d780da5f2afade15531418 100644
--- a/enzevalos_iphone/SMIME.swift
+++ b/enzevalos_iphone/SMIME.swift
@@ -86,13 +86,13 @@ P/2pLfs+mwbdVooDtfcfDSHuAP1d50EUHabXG97eRh+brncBjVo1gbGmzdI72XHL
let cryptoScheme = CryptoScheme.SMIME
func testSMIMEencrypt(){
- let enc = OpenSSL_test_encrypt(test_string, test_key)
+ let enc = OpenSSL_encrypt(test_string, test_key)
if enc != nil{
let encStr = String(cString: enc!)
// the pointers point to memory allocatedi in c that needs to be manually dealocated
enc?.deallocate()
- print("SIFT ENC DONE: ",encStr)
- let dec = OpenSSL_test_decrypt(encStr,test_key)
+ print("SWIFT ENC DONE: ",encStr)
+ let dec = OpenSSL_decrypt(encStr,test_key)
if dec != nil{
let decStr = String(cString: dec!)
// same here
@@ -108,9 +108,70 @@ P/2pLfs+mwbdVooDtfcfDSHuAP1d50EUHabXG97eRh+brncBjVo1gbGmzdI72XHL
{
print("Enc failed!")
}
+
+ let sig = OpenSSL_sign(test_string, test_key, 0)
+ if sig != nil{
+ let sigStr = String(cString: sig!)
+ // the pointers point to memory allocatedi in c that needs to be manually dealocated
+ sig?.deallocate()
+ print("\nSWIFT SIGN (attached): \n", sigStr)
+ }
+ else{
+ print("\n SWIFT SIGN1 failed")
+ }
+ let sig2 = OpenSSL_sign(test_string, test_key, 1)
+ if sig2 != nil{
+ let sigStr2 = String(cString: sig2!)
+ // the pointers point to memory allocatedi in c that needs to be manually dealocated
+ sig2?.deallocate()
+ print("SWIFT SIGN (dettached): \n", sigStr2)
+ }
+ else{
+ print("\n SWIFT SIGN2 failed")
+ }
}
-
+ func encrypt_with_pem(message: String,keyasPem: String) -> String?
+ {
+ let enc = OpenSSL_encrypt(message,keyasPem)
+ if enc != nil{
+ let encStr = String(cString: enc!)
+ // the pointers point to memory allocatedi in c that needs to be manually dealocated
+ enc?.deallocate()
+ return encStr
+ }
+ return nil
+
+ }
+
+ func decrypt_with_pem(message:String, keyasPem:String) -> String?
+ {
+ let dec = OpenSSL_decrypt(message,keyasPem)
+ if dec != nil{
+ let decStr = String(cString: dec!)
+ // same here
+ dec?.deallocate()
+ return decStr
+ }
+ return nil
+ }
+
+ func sign_with_pem(message:String, keyasPem:String, detached:Bool) -> String?
+ {
+ var detFlag : Int32 = 0
+ if detached
+ {
+ detFlag = 1
+ }
+ let sig = OpenSSL_sign(message,keyasPem, detFlag)
+ if sig != nil{
+ let sigStr = String(cString: sig!)
+ // same here
+ sig?.deallocate()
+ return sigStr
+ }
+ return nil
+ }
}
diff --git a/enzevalos_iphone/c/openssl-helpers.c b/enzevalos_iphone/c/openssl-helpers.c
index b908ae11d567e72cdd13fe0717a93545aa2867a6..be131c1ff9f2ed654ea014460fd020a57d55a41f 100644
--- a/enzevalos_iphone/c/openssl-helpers.c
+++ b/enzevalos_iphone/c/openssl-helpers.c
@@ -52,7 +52,7 @@ int print_test(int a) {
return 0;
}
-void * OpenSSL_test_encrypt(const char *text, const char *pem) {
+char * OpenSSL_encrypt(const char *text, const char *pem) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_enc.c
OpenSSL_initialize();
char *encrypted = NULL, *tmp=NULL;;
@@ -123,7 +123,7 @@ deinit:
return (void*) encrypted;
}
-char* OpenSSL_test_decrypt(const char *str, const char *pem) {
+char* OpenSSL_decrypt(const char *str, const char *pem) {
OpenSSL_initialize();
char *decrypted = NULL, *tmp=NULL;
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
@@ -132,7 +132,6 @@ char* OpenSSL_test_decrypt(const char *str, const char *pem) {
BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL;
// recipient certificate
X509 *rec_cert = NULL;
- STACK_OF(X509) *cert_stack = NULL;
CMS_ContentInfo *cms = NULL;
EVP_PKEY *rkey = NULL;
@@ -160,9 +159,7 @@ char* OpenSSL_test_decrypt(const char *str, const char *pem) {
goto deinit;
}
- cert_stack = sk_X509_new_null();
- // note that if the stack is initialized correctly, the recipient certificate is pushed as a test
cms = SMIME_read_CMS(in, NULL);
if (!cms)
{
@@ -195,3 +192,93 @@ deinit:
// CMS_ContentInfo_free(cms);
return decrypted;
}
+
+char * OpenSSL_sign(const char *text, const char *pem, const int detached)
+{
+ OpenSSL_initialize();
+ char *mail = NULL, *tmp=NULL;
+ BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL;
+ // recipient certificate
+ X509 *sig_cert = NULL;
+ STACK_OF(X509) *cert_stack = NULL;
+ CMS_ContentInfo *cms = NULL;
+ EVP_PKEY *skey = NULL;
+ int flags = CMS_STREAM | CMS_PARTIAL;
+
+ if (detached) flags |= CMS_DETACHED;
+
+
+
+ // rec_cert_bio = BIO_new_file("keys/mykey.pem", "r");
+ in = BIO_new_mem_buf(text,(int) strlen(text)); // simpletest
+
+ sig_cert_bio = BIO_new_mem_buf(pem, (int) strlen(pem));
+ if (!sig_cert_bio) {
+ printf("Failed reading mykey.pem!\n");
+ goto deinit;
+ }
+
+ sig_cert = PEM_read_bio_X509(sig_cert_bio, NULL, 0, NULL);
+ if (!sig_cert ) {
+ printf("Failed reading pem cert\n");
+ goto deinit;
+ }
+
+ cert_stack = sk_X509_new_null();
+
+ // note that if the stack is initialized correctly, the recipient certificate is pushed as a test
+ if (!cert_stack || !sk_X509_push(cert_stack, sig_cert)) {
+ printf("Failed at push_stack");
+ goto deinit;
+ }
+
+ BIO_reset(sig_cert_bio);
+ skey = PEM_read_bio_PrivateKey(sig_cert_bio, NULL, 0, NULL);
+
+ if (!skey) {
+ printf("Failed reading pem key\n");
+ goto deinit;
+ }
+
+
+ cms = CMS_sign(NULL, NULL, NULL, in, flags);
+ if (!cms)
+ {
+ printf("Failed at signstart: %s", ERR_func_error_string(ERR_get_error()));
+ goto deinit;
+ }
+
+ if (!CMS_add1_signer(cms, sig_cert, skey, EVP_sha256(), flags))
+ {
+ printf("Failed at signaddsigner: %s", ERR_func_error_string(ERR_get_error()));
+ goto deinit;
+ }
+
+ out = BIO_new(BIO_s_mem());
+
+ if (!SMIME_write_CMS(out,cms,in,flags))
+ {
+ printf("Failed at SMIME_WRITE");
+ goto deinit;
+ }
+
+ // For testing
+
+ long size = BIO_get_mem_data(out, &tmp);
+ mail= (char *) malloc(size+1);
+ mail[size]=0;//To Nullterminate the string
+
+ memcpy(mail,tmp,size);
+
+
+
+ deinit:
+ BIO_free(in);
+ BIO_free(out); //also frees tmp
+ BIO_free(sig_cert_bio);
+
+ sk_X509_pop_free(cert_stack, X509_free);
+
+ OpenSSL_deinitialize();
+ return mail;
+}
diff --git a/enzevalos_iphone/c/openssl-helpers.h b/enzevalos_iphone/c/openssl-helpers.h
index 7c2e57d2fbbf14cd202d1fe4e95cbf6276b6c0cc..308234ba2003ff92146d3afacc8ad0e93ab97dc3 100644
--- a/enzevalos_iphone/c/openssl-helpers.h
+++ b/enzevalos_iphone/c/openssl-helpers.h
@@ -26,8 +26,9 @@ STACK_OF(X509)* create_stack_x509(X509 *arr, int len);
X509* stack_to_array(STACK_OF(X509) *stack);
void OpenSSL_print_ver(void);
// (de)init function makes initialization less cryptic
-void * OpenSSL_test_encrypt(const char *text, const char *pem);
-char* OpenSSL_test_decrypt(const char *str, const char *pem);
+char * OpenSSL_encrypt(const char *text, const char *pem);
+char * OpenSSL_decrypt(const char *str, const char *pem);
+char * OpenSSL_sign(const char *text, const char *pem, const int detached);
int print_test(int);
diff --git a/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h b/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h
index 770c5d140793bcc1a20bc78ec8361454db08ff01..fc62b8f0fdef71a599697e59d9e7dbeeef08908a 100644
--- a/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h
+++ b/enzevalos_iphone/enzevalos_iphone-Bridging-Header.h
@@ -26,7 +26,7 @@
#import <GTMAppAuth/GTMAppAuth.h>
#import <GTMSessionFetcher/GTMSessionFetcher.h>
#import "OAuth/EmailHelper.h"
-#import "openssl-helpers.h"
+#import "c/openssl-helpers.h"
#import <openssl/pem.h>
#import <openssl/cms.h>
#import <openssl/err.h>