diff --git a/enzevalos_iphone/SMIME.swift b/enzevalos_iphone/SMIME.swift
index b352e0a26f1161eb14d44056341294d2a90ce6d6..cde785df372c3e6f3398483cec5ea2cd78ee076b 100644
--- a/enzevalos_iphone/SMIME.swift
+++ b/enzevalos_iphone/SMIME.swift
@@ -340,14 +340,14 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg==
{
print("\nCA FP ",ca, " \nPEM \n", CAKeychain[ca]!)
}
- for c in certs
- {
+ for c in certs
+ {
print("\nCERT FP ",c, " \nPEM \n", certsKeychain[c]!)
- }
- for k in keys
- {
+ }
+ for k in keys
+ {
print("\nPRIV FP ",k, " \nPEM \n", privateKeyKeychain[k]!)
- }
+ }
}
func testSMIMEencrypt(){
@@ -423,8 +423,6 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg==
}*/
}
-
-
func encryptWithPem(message: String,certAsPem: String) -> (String?, [UInt]?) {
let enc = OpenSSL_encrypt(message, certAsPem)
let result = enc?.pointee;
diff --git a/enzevalos_iphone/SearchHelper.swift b/enzevalos_iphone/SearchHelper.swift
index 0134be8b6ac56806b175aa25b26b9e4c6fbd9c55..09fc94c1be4d6377a1f7b6bdb2b72db9e03126f4 100644
--- a/enzevalos_iphone/SearchHelper.swift
+++ b/enzevalos_iphone/SearchHelper.swift
@@ -29,7 +29,7 @@ func containsSearchTerms ( content : String?, searchText: String) -> Bool
return false
}
- //OpenSSL_print_ver();
+ // OpenSSL_print_ver();
var smime: SMIME = SMIME()
smime.testSMIMEencrypt()
// smime.testKeychain()
diff --git a/enzevalos_iphone/c/openssl-helpers.c b/enzevalos_iphone/c/openssl-helpers.c
index 825c0bab7742d53c6958cf5374038d00ff65f8a4..481ec53946af51f731db967588d661a9f5595be7 100644
--- a/enzevalos_iphone/c/openssl-helpers.c
+++ b/enzevalos_iphone/c/openssl-helpers.c
@@ -11,6 +11,14 @@
// This is a wrapper around the OpenSSL functions, where everz function is primarily inspired by the SMIME demos in the OpenSSL github
// https://github.com/openssl/openssl/tree/master/demos/smime
+void bio_to_str(BIO *bio_in, char **out) {
+ char * tmp = NULL, *tmp2 = NULL;
+ long size = BIO_get_mem_data(bio_in, &tmp);
+ tmp2 = malloc(size+1);
+ tmp2[size]=0; // To Nullterminate the string
+ memcpy(tmp2, tmp, size);
+ *out = tmp2;
+}
char ** stack_to_array(STACK_OF(X509) *stack) {
char **str_arr = malloc(sizeof(char*)*sk_X509_num(stack));
@@ -34,28 +42,10 @@ char ** stack_to_array(STACK_OF(X509) *stack) {
return str_arr;
}
-
-// TODO: doesn't work as intended, fix
-char * bio_to_string(char *out, BIO *src) {
- char * tmp = NULL;
- long size = BIO_get_mem_data(src, &tmp);
- out = (char *) malloc(size+1);
- out[size]=0; // To Nullterminate the string
- memcpy(out, tmp, size);
-
- return out;
-}
-
void OpenSSL_print_ver(void) {
printf("%s", OPENSSL_VERSION_TEXT);
}
-int print_test(int a) {
- printf("%d\n", a);
-
- return 0;
-}
-
array_with_length *create_list_of_errors() {
unsigned long err = 0;
linked_list *head = NULL;
@@ -115,7 +105,6 @@ char *get_err_string(unsigned long err) {
result * OpenSSL_encrypt(const char *text, const char *pem) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_enc.c
- char *encrypted = NULL, *tmp=NULL;
BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL;
// recipient certificate
X509 *rec_cert = NULL;
@@ -149,6 +138,9 @@ result * OpenSSL_encrypt(const char *text, const char *pem) {
goto deinit;
}
+ // TODO: change AES CBC to AES GCM for compliance with SMIME 4.0
+ // as of OpenSSL version 1.1.1d GCM isn't supported for CMS
+ // https://github.com/openssl/openssl/pull/8024
cms = CMS_encrypt(cert_stack, in, EVP_aes_256_cbc(), CMS_STREAM);
if (!cms) {
printf("Failed at P7enc");
@@ -164,13 +156,9 @@ result * OpenSSL_encrypt(const char *text, const char *pem) {
// For testing
- long size = BIO_get_mem_data(out, &tmp);
- encrypted= (char *) malloc(size+1);
- encrypted[size]=0; // To Nullterminate the stringbio_to_string
-
- memcpy(encrypted,tmp,size);
- res->res = encrypted;
+ printf("\nSTART DATE %s\n", get_start_date(rec_cert));
+ bio_to_str(out, &(res->res));
deinit:
// TODO: Collect all errors in a list and return them with the result
temp = create_list_of_errors();
@@ -187,7 +175,6 @@ deinit:
result * OpenSSL_decrypt(const char *str, const char *pem_cert, const char *pem_key) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
- char *decrypted = NULL, *tmp=NULL;
BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL, *rec_key_bio = NULL;
// recipient certificate
@@ -237,13 +224,8 @@ result * OpenSSL_decrypt(const char *str, const char *pem_cert, const char *pem_
printf("Failed at Decrypt");
goto deinit;
}
-
- long size = BIO_get_mem_data(out, &tmp);
- decrypted= (char *) malloc(size+1);
- decrypted[size]=0; // To Nullterminate the string
- memcpy(decrypted, tmp, size);
- res->res = decrypted;
+ bio_to_str(out, &(res->res));
deinit:
temp = create_list_of_errors();
res->errors = temp->arr;
@@ -260,9 +242,7 @@ deinit:
return res;
}
-result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_key, const int detached)
-{
- char *mail = NULL, *tmp=NULL;
+result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_key, const int detached) {
BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL, *sig_key_bio = NULL;
// recipient certificate
X509 *sig_cert = NULL;
@@ -327,15 +307,7 @@ result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_ke
goto deinit;
}
- // For testing
-
- long size = BIO_get_mem_data(out, &tmp);
- mail= (char *) malloc(size+1);
- mail[size]=0; // to Nullterminate the string
-
- memcpy(mail,tmp,size);
-
- res->res = mail;
+ bio_to_str(out, &(res->res));
deinit:
temp = create_list_of_errors();
res->errors = temp->arr;
@@ -352,7 +324,6 @@ deinit:
return res;
}
-
result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
result *ver = malloc(sizeof(result));
@@ -360,8 +331,6 @@ result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs)
ver->errors = NULL;
ver->res = NULL;
- char *realtext = NULL, *tmp=NULL;
-
BIO *in = NULL, *out = NULL;
// recipient certificate
X509 **sig_certs = malloc(num_certs*sizeof(void*));
@@ -416,14 +385,7 @@ result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs)
goto deinit;
}
- BIO_get_mem_data(out, &tmp);
-
- long size = BIO_get_mem_data(out, &tmp);
- realtext= (char *) malloc(size+1);
- realtext[size]=0; // To Nullterminate the string
- memcpy(realtext, tmp, size);
-
- ver->res = realtext;
+ bio_to_str(out, &(ver->res));
cert_stack = CMS_get0_signers(cms);
ver->num_certs = sk_X509_num(cert_stack);
@@ -498,33 +460,27 @@ deinit:
// startdate ASN1_TIME_print(out, X509_get0_notBefore(x));
-/*char * get_start_date(X509 *cert) {
- char* tmp = NULL, *res = NULL;
+char * get_start_date(X509 *cert) {
+ char *res = NULL;
BIO *out = NULL;
out = BIO_new(BIO_s_mem());
ASN1_TIME_print(out, X509_get0_notBefore(cert));
- long size = BIO_get_mem_data(out, &tmp);
- res= (char *) malloc(size+1);
- res[size]=0; // To Nullterminate the string
- memcpy(res, tmp, size);
+ bio_to_str(out, &res);
deinit:
BIO_free(out);
return res;
-}*/
+}
-/*char * get_end_date(X509 *cert) {
- char* tmp = NULL, *res = NULL;
+char * get_end_date(X509 *cert) {
+ char *res = NULL;
BIO *out = NULL;
out = BIO_new(BIO_s_mem());
ASN1_TIME_print(out, X509_get0_notAfter(cert));
- long size = BIO_get_mem_data(out, &tmp);
- res= (char *) malloc(size+1);
- res[size]=0; // To Nullterminate the string
- memcpy(res, tmp, size);
+ bio_to_str(out, &res);
deinit:
BIO_free(out);
return res;
-}*/
+}
// emndate ASN1_TIME_print(out, X509_get0_notAfter(x));
diff --git a/enzevalos_iphone/c/openssl-helpers.h b/enzevalos_iphone/c/openssl-helpers.h
index d90114355c0ff9001b5a09557150bc400472f9fd..b97a265696623661a954b3e7ee15922f826e9521 100644
--- a/enzevalos_iphone/c/openssl-helpers.h
+++ b/enzevalos_iphone/c/openssl-helpers.h
@@ -50,6 +50,8 @@ void OpenSSL_print_ver(void);
// (de)init function makes initialization less cryptic
char *get_err_string(unsigned long err);
+char * get_start_date(X509 *cert);
+char * get_end_date(X509 *cert);
result * OpenSSL_encrypt(const char *text, const char *pem);
result * OpenSSL_decrypt(const char *str, const char *pem_cert, const char *pem_key);
result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_key, const int detached);
@@ -61,7 +63,4 @@ char ** add_str_to_arr(const char *str, char **arr, int i);
void deallocate_str_arr(char **arr, int len);
char *bin_to_hex ( unsigned char *bin, int len);
-
-int print_test(int);
-
#endif /* openssl_helpers_h */