diff --git a/enzevalos_iphone/SMIME.swift b/enzevalos_iphone/SMIME.swift index b352e0a26f1161eb14d44056341294d2a90ce6d6..cde785df372c3e6f3398483cec5ea2cd78ee076b 100644 --- a/enzevalos_iphone/SMIME.swift +++ b/enzevalos_iphone/SMIME.swift @@ -340,14 +340,14 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg== { print("\nCA FP ",ca, " \nPEM \n", CAKeychain[ca]!) } - for c in certs - { + for c in certs + { print("\nCERT FP ",c, " \nPEM \n", certsKeychain[c]!) - } - for k in keys - { + } + for k in keys + { print("\nPRIV FP ",k, " \nPEM \n", privateKeyKeychain[k]!) - } + } } func testSMIMEencrypt(){ @@ -423,8 +423,6 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg== }*/ } - - func encryptWithPem(message: String,certAsPem: String) -> (String?, [UInt]?) { let enc = OpenSSL_encrypt(message, certAsPem) let result = enc?.pointee; diff --git a/enzevalos_iphone/SearchHelper.swift b/enzevalos_iphone/SearchHelper.swift index 0134be8b6ac56806b175aa25b26b9e4c6fbd9c55..09fc94c1be4d6377a1f7b6bdb2b72db9e03126f4 100644 --- a/enzevalos_iphone/SearchHelper.swift +++ b/enzevalos_iphone/SearchHelper.swift @@ -29,7 +29,7 @@ func containsSearchTerms ( content : String?, searchText: String) -> Bool return false } - //OpenSSL_print_ver(); + // OpenSSL_print_ver(); var smime: SMIME = SMIME() smime.testSMIMEencrypt() // smime.testKeychain() diff --git a/enzevalos_iphone/c/openssl-helpers.c b/enzevalos_iphone/c/openssl-helpers.c index 825c0bab7742d53c6958cf5374038d00ff65f8a4..481ec53946af51f731db967588d661a9f5595be7 100644 --- a/enzevalos_iphone/c/openssl-helpers.c +++ b/enzevalos_iphone/c/openssl-helpers.c @@ -11,6 +11,14 @@ // This is a wrapper around the OpenSSL functions, where everz function is primarily inspired by the SMIME demos in the OpenSSL github // https://github.com/openssl/openssl/tree/master/demos/smime +void bio_to_str(BIO *bio_in, char **out) { + char * tmp = NULL, *tmp2 = NULL; + long size = BIO_get_mem_data(bio_in, &tmp); + tmp2 = malloc(size+1); + tmp2[size]=0; // To Nullterminate the string + memcpy(tmp2, tmp, size); + *out = tmp2; +} char ** stack_to_array(STACK_OF(X509) *stack) { char **str_arr = malloc(sizeof(char*)*sk_X509_num(stack)); @@ -34,28 +42,10 @@ char ** stack_to_array(STACK_OF(X509) *stack) { return str_arr; } - -// TODO: doesn't work as intended, fix -char * bio_to_string(char *out, BIO *src) { - char * tmp = NULL; - long size = BIO_get_mem_data(src, &tmp); - out = (char *) malloc(size+1); - out[size]=0; // To Nullterminate the string - memcpy(out, tmp, size); - - return out; -} - void OpenSSL_print_ver(void) { printf("%s", OPENSSL_VERSION_TEXT); } -int print_test(int a) { - printf("%d\n", a); - - return 0; -} - array_with_length *create_list_of_errors() { unsigned long err = 0; linked_list *head = NULL; @@ -115,7 +105,6 @@ char *get_err_string(unsigned long err) { result * OpenSSL_encrypt(const char *text, const char *pem) { // https://github.com/openssl/openssl/blob/master/demos/cms/cms_enc.c - char *encrypted = NULL, *tmp=NULL; BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL; // recipient certificate X509 *rec_cert = NULL; @@ -149,6 +138,9 @@ result * OpenSSL_encrypt(const char *text, const char *pem) { goto deinit; } + // TODO: change AES CBC to AES GCM for compliance with SMIME 4.0 + // as of OpenSSL version 1.1.1d GCM isn't supported for CMS + // https://github.com/openssl/openssl/pull/8024 cms = CMS_encrypt(cert_stack, in, EVP_aes_256_cbc(), CMS_STREAM); if (!cms) { printf("Failed at P7enc"); @@ -164,13 +156,9 @@ result * OpenSSL_encrypt(const char *text, const char *pem) { // For testing - long size = BIO_get_mem_data(out, &tmp); - encrypted= (char *) malloc(size+1); - encrypted[size]=0; // To Nullterminate the stringbio_to_string - - memcpy(encrypted,tmp,size); - res->res = encrypted; + printf("\nSTART DATE %s\n", get_start_date(rec_cert)); + bio_to_str(out, &(res->res)); deinit: // TODO: Collect all errors in a list and return them with the result temp = create_list_of_errors(); @@ -187,7 +175,6 @@ deinit: result * OpenSSL_decrypt(const char *str, const char *pem_cert, const char *pem_key) { // https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c - char *decrypted = NULL, *tmp=NULL; BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL, *rec_key_bio = NULL; // recipient certificate @@ -237,13 +224,8 @@ result * OpenSSL_decrypt(const char *str, const char *pem_cert, const char *pem_ printf("Failed at Decrypt"); goto deinit; } - - long size = BIO_get_mem_data(out, &tmp); - decrypted= (char *) malloc(size+1); - decrypted[size]=0; // To Nullterminate the string - memcpy(decrypted, tmp, size); - res->res = decrypted; + bio_to_str(out, &(res->res)); deinit: temp = create_list_of_errors(); res->errors = temp->arr; @@ -260,9 +242,7 @@ deinit: return res; } -result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_key, const int detached) -{ - char *mail = NULL, *tmp=NULL; +result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_key, const int detached) { BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL, *sig_key_bio = NULL; // recipient certificate X509 *sig_cert = NULL; @@ -327,15 +307,7 @@ result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_ke goto deinit; } - // For testing - - long size = BIO_get_mem_data(out, &tmp); - mail= (char *) malloc(size+1); - mail[size]=0; // to Nullterminate the string - - memcpy(mail,tmp,size); - - res->res = mail; + bio_to_str(out, &(res->res)); deinit: temp = create_list_of_errors(); res->errors = temp->arr; @@ -352,7 +324,6 @@ deinit: return res; } - result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs) { // https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c result *ver = malloc(sizeof(result)); @@ -360,8 +331,6 @@ result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs) ver->errors = NULL; ver->res = NULL; - char *realtext = NULL, *tmp=NULL; - BIO *in = NULL, *out = NULL; // recipient certificate X509 **sig_certs = malloc(num_certs*sizeof(void*)); @@ -416,14 +385,7 @@ result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs) goto deinit; } - BIO_get_mem_data(out, &tmp); - - long size = BIO_get_mem_data(out, &tmp); - realtext= (char *) malloc(size+1); - realtext[size]=0; // To Nullterminate the string - memcpy(realtext, tmp, size); - - ver->res = realtext; + bio_to_str(out, &(ver->res)); cert_stack = CMS_get0_signers(cms); ver->num_certs = sk_X509_num(cert_stack); @@ -498,33 +460,27 @@ deinit: // startdate ASN1_TIME_print(out, X509_get0_notBefore(x)); -/*char * get_start_date(X509 *cert) { - char* tmp = NULL, *res = NULL; +char * get_start_date(X509 *cert) { + char *res = NULL; BIO *out = NULL; out = BIO_new(BIO_s_mem()); ASN1_TIME_print(out, X509_get0_notBefore(cert)); - long size = BIO_get_mem_data(out, &tmp); - res= (char *) malloc(size+1); - res[size]=0; // To Nullterminate the string - memcpy(res, tmp, size); + bio_to_str(out, &res); deinit: BIO_free(out); return res; -}*/ +} -/*char * get_end_date(X509 *cert) { - char* tmp = NULL, *res = NULL; +char * get_end_date(X509 *cert) { + char *res = NULL; BIO *out = NULL; out = BIO_new(BIO_s_mem()); ASN1_TIME_print(out, X509_get0_notAfter(cert)); - long size = BIO_get_mem_data(out, &tmp); - res= (char *) malloc(size+1); - res[size]=0; // To Nullterminate the string - memcpy(res, tmp, size); + bio_to_str(out, &res); deinit: BIO_free(out); return res; -}*/ +} // emndate ASN1_TIME_print(out, X509_get0_notAfter(x)); diff --git a/enzevalos_iphone/c/openssl-helpers.h b/enzevalos_iphone/c/openssl-helpers.h index d90114355c0ff9001b5a09557150bc400472f9fd..b97a265696623661a954b3e7ee15922f826e9521 100644 --- a/enzevalos_iphone/c/openssl-helpers.h +++ b/enzevalos_iphone/c/openssl-helpers.h @@ -50,6 +50,8 @@ void OpenSSL_print_ver(void); // (de)init function makes initialization less cryptic char *get_err_string(unsigned long err); +char * get_start_date(X509 *cert); +char * get_end_date(X509 *cert); result * OpenSSL_encrypt(const char *text, const char *pem); result * OpenSSL_decrypt(const char *str, const char *pem_cert, const char *pem_key); result * OpenSSL_sign(const char *text, const char *pem_cert, const char *pem_key, const int detached); @@ -61,7 +63,4 @@ char ** add_str_to_arr(const char *str, char **arr, int i); void deallocate_str_arr(char **arr, int len); char *bin_to_hex ( unsigned char *bin, int len); - -int print_test(int); - #endif /* openssl_helpers_h */