Merge branch '232-smime-support' of...

Merge branch '232-smime-support' of git.imp.fu-berlin.de:enzevalos/enzevalos_iphone into 232-smime-support

enzevalos_iphone/SMIME.swift

@@ -86,13 +86,13 @@ P/2pLfs+mwbdVooDtfcfDSHuAP1d50EUHabXG97eRh+brncBjVo1gbGmzdI72XHL
     let cryptoScheme = CryptoScheme.SMIME
     
     func testSMIMEencrypt(){
-        let enc = OpenSSL_test_encrypt(test_string, test_key)
+        let enc = OpenSSL_encrypt(test_string, test_key)
         if enc != nil{
             let encStr = String(cString: enc!)
             // the pointers point to memory allocatedi in c that needs to be manually dealocated
             enc?.deallocate()
-            print("SIFT ENC DONE: ",encStr)
-            let dec = OpenSSL_test_decrypt(encStr,test_key)
+            print("SWIFT ENC DONE: ",encStr)
+            let dec = OpenSSL_decrypt(encStr,test_key)
             if dec != nil{
                 let decStr = String(cString: dec!)
                 // same here
@@ -108,9 +108,70 @@ P/2pLfs+mwbdVooDtfcfDSHuAP1d50EUHabXG97eRh+brncBjVo1gbGmzdI72XHL
         {
             print("Enc failed!")
         }
+        
+        let sig = OpenSSL_sign(test_string, test_key, 0)
+        if sig != nil{
+        let sigStr = String(cString: sig!)
+        // the pointers point to memory allocatedi in c that needs to be manually dealocated
+            sig?.deallocate()
+            print("\nSWIFT SIGN (attached): \n", sigStr)
+        }
+        else{
+            print("\n SWIFT SIGN1 failed")
+        }
+        let sig2 = OpenSSL_sign(test_string, test_key, 1)
+        if sig2 != nil{
+            let sigStr2 = String(cString: sig2!)
+            // the pointers point to memory allocatedi in c that needs to be manually dealocated
+            sig2?.deallocate()
+            print("SWIFT SIGN (dettached): \n", sigStr2)
+        }
+        else{
+            print("\n SWIFT SIGN2 failed")
+        }
 
 
     }
     
-        
+    func encrypt_with_pem(message: String,keyasPem: String) -> String?
+    {
+        let enc = OpenSSL_encrypt(message,keyasPem)
+        if enc != nil{
+            let encStr = String(cString: enc!)
+            // the pointers point to memory allocatedi in c that needs to be manually dealocated
+            enc?.deallocate()
+            return encStr
+        }
+        return nil
+            
+    }
+    
+    func decrypt_with_pem(message:String, keyasPem:String) -> String?
+    {
+        let dec = OpenSSL_decrypt(message,keyasPem)
+        if dec != nil{
+            let decStr = String(cString: dec!)
+            // same here
+            dec?.deallocate()
+            return decStr
+        }
+        return nil
+    }
+    
+    func sign_with_pem(message:String, keyasPem:String, detached:Bool) -> String?
+    {
+        var detFlag : Int32 = 0
+        if detached
+        {
+            detFlag = 1
+        }
+        let sig = OpenSSL_sign(message,keyasPem, detFlag)
+        if sig != nil{
+            let sigStr = String(cString: sig!)
+            // same here
+            sig?.deallocate()
+            return sigStr
+        }
+        return nil
+    }
 }

enzevalos_iphone/c/openssl-helpers.c

@@ -52,7 +52,7 @@ int print_test(int a) {
     return 0;
 }
 
-void * OpenSSL_test_encrypt(const char *text, const char *pem) {
+char * OpenSSL_encrypt(const char *text, const char *pem) {
     // https://github.com/openssl/openssl/blob/master/demos/cms/cms_enc.c
     OpenSSL_initialize();
     char *encrypted = NULL, *tmp=NULL;;
@@ -123,7 +123,7 @@ deinit:
     return (void*) encrypted;
 }
 
-char* OpenSSL_test_decrypt(const char *str, const char *pem) {
+char* OpenSSL_decrypt(const char *str, const char *pem) {
     OpenSSL_initialize();
     char *decrypted = NULL, *tmp=NULL;
     // https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
@@ -132,7 +132,6 @@ char* OpenSSL_test_decrypt(const char *str, const char *pem) {
     BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL;
     // recipient certificate
     X509 *rec_cert = NULL;
-    STACK_OF(X509) *cert_stack = NULL;
     CMS_ContentInfo *cms = NULL;
     EVP_PKEY *rkey = NULL;
     
@@ -160,9 +159,7 @@ char* OpenSSL_test_decrypt(const char *str, const char *pem) {
         goto deinit;
     }
     
-    cert_stack = sk_X509_new_null();
     
-    // note that if the stack is initialized correctly, the recipient certificate is pushed as a test
     cms = SMIME_read_CMS(in, NULL);
     if (!cms)
     {
@@ -195,3 +192,93 @@ deinit:
     // CMS_ContentInfo_free(cms);
     return decrypted;
 }
+
+char * OpenSSL_sign(const char *text, const char *pem, const int detached)
+{
+    OpenSSL_initialize();
+    char *mail = NULL, *tmp=NULL;
+    BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL;
+    // recipient certificate
+    X509 *sig_cert = NULL;
+    STACK_OF(X509) *cert_stack = NULL;
+    CMS_ContentInfo *cms = NULL;
+    EVP_PKEY *skey = NULL;
+    int flags = CMS_STREAM | CMS_PARTIAL;
+    
+    if (detached) flags |= CMS_DETACHED;
+    
+    
+    
+    // rec_cert_bio = BIO_new_file("keys/mykey.pem", "r");
+    in = BIO_new_mem_buf(text,(int) strlen(text)); // simpletest
+    
+    sig_cert_bio = BIO_new_mem_buf(pem, (int) strlen(pem));
+    if (!sig_cert_bio) {
+        printf("Failed reading mykey.pem!\n");
+        goto deinit;
+    }
+    
+    sig_cert = PEM_read_bio_X509(sig_cert_bio, NULL, 0, NULL);
+    if (!sig_cert ) {
+        printf("Failed reading pem cert\n");
+        goto deinit;
+    }
+        
+    cert_stack = sk_X509_new_null();
+    
+    // note that if the stack is initialized correctly, the recipient certificate is pushed as a test
+    if (!cert_stack || !sk_X509_push(cert_stack, sig_cert)) {
+         printf("Failed at push_stack");
+        goto deinit;
+    }
+    
+    BIO_reset(sig_cert_bio);
+    skey = PEM_read_bio_PrivateKey(sig_cert_bio, NULL, 0, NULL);
+    
+    if (!skey) {
+        printf("Failed reading pem key\n");
+        goto deinit;
+    }
+    
+    
+    cms = CMS_sign(NULL, NULL, NULL, in, flags);
+    if (!cms)
+    {
+        printf("Failed at signstart: %s", ERR_func_error_string(ERR_get_error()));
+        goto deinit;
+    }
+    
+    if (!CMS_add1_signer(cms, sig_cert, skey, EVP_sha256(), flags))
+    {
+        printf("Failed at signaddsigner: %s", ERR_func_error_string(ERR_get_error()));
+        goto deinit;
+    }
+    
+    out = BIO_new(BIO_s_mem());
+    
+    if (!SMIME_write_CMS(out,cms,in,flags))
+    {
+        printf("Failed at SMIME_WRITE");
+        goto deinit;
+    }
+    
+    // For testing
+
+    long size = BIO_get_mem_data(out, &tmp);
+    mail= (char *) malloc(size+1);
+    mail[size]=0;//To Nullterminate the string
+
+    memcpy(mail,tmp,size);
+    
+    
+    
+    deinit:
+    BIO_free(in);
+    BIO_free(out); //also frees tmp
+    BIO_free(sig_cert_bio);
+
+    sk_X509_pop_free(cert_stack, X509_free);
+    
+    OpenSSL_deinitialize();
+    return mail;
+}

enzevalos_iphone/c/openssl-helpers.h

@@ -26,8 +26,9 @@ STACK_OF(X509)* create_stack_x509(X509 *arr, int len);
 X509* stack_to_array(STACK_OF(X509) *stack);
 void OpenSSL_print_ver(void);
 // (de)init function makes initialization less cryptic
-void * OpenSSL_test_encrypt(const char *text, const char *pem);
-char* OpenSSL_test_decrypt(const char *str, const char *pem);
+char * OpenSSL_encrypt(const char *text, const char *pem);
+char * OpenSSL_decrypt(const char *str, const char *pem);
+char * OpenSSL_sign(const char *text, const char *pem, const int detached);
 
 int print_test(int);
 

enzevalos_iphone/enzevalos_iphone-Bridging-Header.h

@@ -26,7 +26,7 @@
 #import <GTMAppAuth/GTMAppAuth.h>
 #import <GTMSessionFetcher/GTMSessionFetcher.h>
 #import "OAuth/EmailHelper.h"
-#import "openssl-helpers.h"
+#import "c/openssl-helpers.h"
 #import <openssl/pem.h>
 #import <openssl/cms.h>
 #import <openssl/err.h>