diff --git a/enzevalos_iphone.xcodeproj/project.pbxproj b/enzevalos_iphone.xcodeproj/project.pbxproj index 808e40a448d9c0ac79eb2d36d82bbd4683031526..6081eeabe9ecab38435285e7b11fa0a1cef0df81 100644 --- a/enzevalos_iphone.xcodeproj/project.pbxproj +++ b/enzevalos_iphone.xcodeproj/project.pbxproj @@ -27,6 +27,7 @@ 0ECEA0FE240E7DB1007DC71E /* mykey.p12 in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEA0F4240E7DB0007DC71E /* mykey.p12 */; }; 0ECEA0FF240E7DB1007DC71E /* evilCA.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEA0F5240E7DB0007DC71E /* evilCA.pem */; }; 0ECEA100240E7DB1007DC71E /* evilkey1.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEA0F6240E7DB1007DC71E /* evilkey1.pem */; }; + 0EFEF0952417C0B400BB2FF7 /* CHelpers.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEF0942417C0B400BB2FF7 /* CHelpers.swift */; }; 3E6B07DE2011246500E49609 /* invitationText.html in Resources */ = {isa = PBXBuildFile; fileRef = 3E6B07DD2011246500E49609 /* invitationText.html */; }; 3EB4FA9F2012007C001D0625 /* DialogViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3EB4FA9D2012007C001D0625 /* DialogViewController.swift */; }; 3EB4FAA12012007C001D0625 /* Dialog.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 3EB4FA9E2012007C001D0625 /* Dialog.storyboard */; }; @@ -302,6 +303,7 @@ 0ECEA0F4240E7DB0007DC71E /* mykey.p12 */ = {isa = PBXFileReference; lastKnownFileType = file; path = mykey.p12; sourceTree = "<group>"; }; 0ECEA0F5240E7DB0007DC71E /* evilCA.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = evilCA.pem; sourceTree = "<group>"; }; 0ECEA0F6240E7DB1007DC71E /* evilkey1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = evilkey1.pem; sourceTree = "<group>"; }; + 0EFEF0942417C0B400BB2FF7 /* CHelpers.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CHelpers.swift; sourceTree = "<group>"; }; 1D4A9E60565DECF52C011BC0 /* Pods-enzevalos_iphone-AdHoc.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-enzevalos_iphone-AdHoc.release.xcconfig"; path = "../enzevalos_iphone_workspace/Pods/Target Support Files/Pods-enzevalos_iphone-AdHoc/Pods-enzevalos_iphone-AdHoc.release.xcconfig"; sourceTree = "<group>"; }; 3E6B07DD2011246500E49609 /* invitationText.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; name = invitationText.html; path = Invitation/invitationText.html; sourceTree = "<group>"; }; 3E9708AD1FAC925D005825C9 /* enzevalos_iphone.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = enzevalos_iphone.entitlements; sourceTree = "<group>"; }; @@ -615,6 +617,14 @@ name = SMIME; sourceTree = "<group>"; }; + 0EFEF0932417C08B00BB2FF7 /* C Helpers */ = { + isa = PBXGroup; + children = ( + 0EFEF0942417C0B400BB2FF7 /* CHelpers.swift */, + ); + name = "C Helpers"; + sourceTree = "<group>"; + }; 24472862977D71D3F0AD0D58 /* Pods */ = { isa = PBXGroup; children = ( @@ -977,6 +987,7 @@ A13526771D955BDF00D3BFE1 /* enzevalos_iphone */ = { isa = PBXGroup; children = ( + 0EFEF0932417C08B00BB2FF7 /* C Helpers */, 476403FA2413F95300C7D426 /* OpenSSL */, A1B9999D21DE7CD2002563F6 /* Travel */, 477548DC21F5DA46000B22A8 /* mail */, @@ -1732,6 +1743,7 @@ 475B00341F7B9565006CDD41 /* Cryptography.swift in Sources */, A1EB057C1D956838008659C1 /* MailHandler.swift in Sources */, A182182E21E50D8D00918A29 /* IntroButtonViewController.swift in Sources */, + 0EFEF0952417C0B400BB2FF7 /* CHelpers.swift in Sources */, 478AF715222FD5C600AEF69E /* IncomingMail.swift in Sources */, 47C036FF2347C0F5006295E8 /* ImportKeyOverviewController.swift in Sources */, A1EB05881D956879008659C1 /* AddressHandler.swift in Sources */, diff --git a/enzevalos_iphone/CHelpers.swift b/enzevalos_iphone/CHelpers.swift new file mode 100644 index 0000000000000000000000000000000000000000..d79686e1421dcaa6a722afdf935ed3e26f2935dd --- /dev/null +++ b/enzevalos_iphone/CHelpers.swift @@ -0,0 +1,31 @@ +// +// CHelpers.swift +// enzevalos_iphone +// +// Created by lazarog98 on 10.03.20. +// Copyright © 2020 fu-berlin. All rights reserved. +// + +import Foundation + +/** + Creates an arraz of C Strings from an array of swift strings + Always call deallocateCStrArr after using this! + */ +func createCStrArr(sarr: [String]) -> UnsafeMutablePointer<UnsafeMutablePointer<Int8>?>?{ + let len = sarr.count + var carr = init_str_arr(Int32(len)) + for i in 0..<len + { + let str = sarr[i] + add_str_to_arr(str,carr,Int32(i)) + } + return carr +} + +/** + Deallocates an array of c strings + */ +func deallocateCStrArr(arr: UnsafeMutablePointer<UnsafeMutablePointer<Int8>?>?, len: Int){ + return deallocate_str_arr(arr, Int32(len)) +} diff --git a/enzevalos_iphone/SMIME.swift b/enzevalos_iphone/SMIME.swift index d223ce1a3617309aa9f4f5e376f7a95ca68e8cbf..ece422e0a131c11a6665334f8835de618272cf55 100644 --- a/enzevalos_iphone/SMIME.swift +++ b/enzevalos_iphone/SMIME.swift @@ -118,6 +118,27 @@ jRqChUmvLzwDtP8bFJ5COad91Cfx9DmHSnoPkhdg0f+2x+0eajjEx8fRCppHOSPK 5O2AvjjS4akSRqVwlqFUqgDvO1PRhLw31i14EbkO3q1OC/4t00HJnszqzbwGWTrf n1O3czuVl7rPXrJn0A/MVI2ReKOQeIAYMg== -----END CERTIFICATE----- +""" + + var testEvilCA = """ +-----BEGIN CERTIFICATE----- +MIIC4TCCAckCCDWaS3dso6D3MA0GCSqGSIb3DQEBCwUAMDMxCzAJBgNVBAYTAkRF +MRMwEQYDVQQKDApBIE1BSUxURVNUMQ8wDQYDVQQDDAZldmlsQ0EwHhcNMTkwNzI5 +MTUzODA1WhcNMTkwODA1MTUzODA1WjAzMQswCQYDVQQGEwJERTETMBEGA1UECgwK +QSBNQUlMVEVTVDEPMA0GA1UEAwwGZXZpbENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAv0W8s3Dav5brYO+MZQ+DiNPSf0Mgd6g6zR1vdk+sPTuJbAZ2 +owxR376WKEayBp3jF3omitej4ltuAoepQ7xgsFLVJDijAxeLeoAzPc+J8qDcY1NF +4up9+DpN7L0L3rgfU0/I8Az4jpR8pHJTHmu0L074Er5+Vk2cBvxSY3srp2NnEga1 +Fudun9YUYfOp432Ac7xv/6KYz99ocbI+F/egnHQm49GnyFs1zxCuh9qfTeCFO644 +dUlkMXfQF7sdZmxdxwKIF4D8AroAecFXWei4PtNIJpPvr/UdCBIyEmZroL2fMnPg +zMtChlEG5Ryw7UuwKrQGs903n3nxvopr4mOumwIDAQABMA0GCSqGSIb3DQEBCwUA +A4IBAQCFnuNL7hhJjhvPpeMPFahMdadA1OWRLIe0XdAJI8Pvlx3f8XR5udcGS2Mi +r5znDhWHT5fFyYTj0JZQUf5GaYrucZDh2M2lXzuazhh5J+PSgvMez1fqfC0pp3Iy +IIqIxZCzGaZp9A7CkAO1qyDqM3fAtkJ0f6JoIrUN9Q4PphDpi6vlRDIoHROmK/Xr +QVzf2Y0lnKGQisw048XPLWqGagu8ZO0n6GMmyldnwVDEsQomndWDrW0EHEV2s/fq +bgvyhVRenp1O5IH3nOyXm8vR2FWOEHwR686l8Mxy24APzzn5K7nPeyBx0+ZpyqYh +aqQKdT1pty4gKWz3zSNTupVsyA/t +-----END CERTIFICATE----- """ var test_key_other = """ @@ -189,14 +210,14 @@ iwxRK85BnWBVkQIMvxrbb2Ro04buiizELRoKsDdkSdYXFSmSOvw1pvT8IpNJjNRU AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg== -----END RSA PRIVATE KEY----- """ - + var test_string = "Hello world whatever the fuck"; let cryptoScheme = CryptoScheme.SMIME func testSMIMEencrypt(){ // OpenSSL_print_ver() - let (enc, enc_errs) = encrypt_with_pem(message: test_string, keyAsPem: "") + let (enc, enc_errs) = encrypt_with_pem(message: test_string, keyAsPem: test_key) if enc != nil { // the pointers point to memory allocatedi in c that needs to be manually dealocated print("SWIFT ENC DONE: ", enc ?? "") @@ -234,11 +255,17 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg== print("\n SWIFT SIGN2 failed") } - let (vertest, certs,verErrs) = verify_with_CApem(message: sig!, pemCA: testCA) + let (vertest, certs,verErrs) = verify_with_CApem(message: sig!, pemCAArr: [testCA, testEvilCA]) if vertest != nil { print("In Verification", vertest!) print(certs ?? "No certs") + for x in verErrs ?? [] { + print("errorstring: ",getErrorString(errCode: x)) + } + } + else{ + print("Vertest was nil") } } @@ -280,8 +307,11 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg== return (sigStr, errArr) } - func verify_with_CApem (message:String,pemCA: String) -> (String?, [String]?, [UInt]?) { - let ver = OpenSSL_verify(message, pemCA) + func verify_with_CApem (message:String, pemCAArr: [String]) -> (String?, [String]?, [UInt]?) { + let pemCAArrC = createCStrArr(sarr: pemCAArr) + let ver = OpenSSL_verify(message, pemCAArrC, Int32(pemCAArr.count)) + deallocateCStrArr(arr: pemCAArrC, len:pemCAArr.count) + let result = ver?.pointee; let verStr = result?._extractOutput() @@ -292,9 +322,6 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg== return (verStr, certArr, errArr) } - /** - Returns an error message from an OpenSSL error code - */ func getErrorString(errCode: UInt) -> String { let cStr = get_err_string(errCode); if (cStr != nil) { @@ -384,4 +411,8 @@ extension result { return swiftStr } + + + } + diff --git a/enzevalos_iphone/c/openssl-helpers.c b/enzevalos_iphone/c/openssl-helpers.c index f51de1d67246e3c21fcaea18539ee5f0d0a80047..e71e96edd6c26ff488471f1c66bc0581b6ffd03f 100644 --- a/enzevalos_iphone/c/openssl-helpers.c +++ b/enzevalos_iphone/c/openssl-helpers.c @@ -70,7 +70,6 @@ array_with_length *create_list_of_errors() { unsigned long * arr = NULL; while ((err = ERR_get_error()) != 0) { - printf("%s", "Added ERROR\n"); linked_list * newerr = malloc(sizeof(linked_list)); newerr->content = malloc(sizeof(unsigned long)); memcpy(newerr->content, &err, sizeof(unsigned long)); @@ -355,7 +354,8 @@ deinit: return res; } -result * OpenSSL_verify(const char *text, const char *pem_cert) { + +result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs) { // https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c result *ver = malloc(sizeof(result)); ver->certs = NULL; @@ -365,9 +365,10 @@ result * OpenSSL_verify(const char *text, const char *pem_cert) { OpenSSL_initialize(); char *realtext = NULL, *tmp=NULL; - BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL; + BIO *in = NULL, *out = NULL; // recipient certificate - X509 *sig_cert = NULL; + X509 **sig_certs = malloc(num_certs*sizeof(X509)); + STACK_OF(X509) *cert_stack= NULL; X509_STORE *cert_store = NULL; CMS_ContentInfo *cms = NULL; @@ -378,36 +379,43 @@ result * OpenSSL_verify(const char *text, const char *pem_cert) { cert_store = X509_STORE_new(); // this trick allows to hardcode a certificate as a string - sig_cert_bio = BIO_new_mem_buf(pem_cert, (int) strlen(pem_cert)); + for (int i = 0; i<num_certs; i++) { + BIO *sig_cert_bio = BIO_new_mem_buf(pem_cert[i], (int) strlen(pem_cert[i])); + + if (!sig_cert_bio) { + printf("VERT Failed reading mykey.pem!\n"); + goto loopend; + } + + sig_certs[i] = PEM_read_bio_X509(sig_cert_bio, NULL, 0, NULL); + if (!sig_certs[i] ) { + printf("VERT Failed reading pem cert %d\n |", i); + + goto loopend; + } + + if (!X509_STORE_add_cert(cert_store, sig_certs[i])) { + printf("VERT Failed at adding cert to store\n"); + goto loopend; + } + + loopend: + BIO_free(sig_cert_bio); + } in = BIO_new_mem_buf(text,(int) strlen(text)); // simpletest - if (!sig_cert_bio) { - printf("Failed reading mykey.pem!\n"); - goto deinit; - } - sig_cert = PEM_read_bio_X509(sig_cert_bio, NULL, 0, NULL); - if (!sig_cert ) { - printf("Failed reading pem cert\n"); - goto deinit; - } - - if (!X509_STORE_add_cert(cert_store, sig_cert)) { - printf("Failed at adding cert to store\n"); - goto deinit; - } - cms = SMIME_read_CMS(in, &detached); if (!cms) { - printf("\nVER Failed at SMIME_READ"); + printf("\nVERT VER Failed at SMIME_READ"); goto deinit; } out = BIO_new(BIO_s_mem()); ERR_clear_error(); if (!CMS_verify(cms, NULL, cert_store, detached, out, 0)) { - printf("Verification failed"); + printf("VERT Verification failed"); goto deinit; } @@ -431,10 +439,33 @@ deinit: CMS_ContentInfo_free(cms); BIO_free(in); BIO_free(out); // also frees tmp - BIO_free(sig_cert_bio); - X509_free(sig_cert); + X509_STORE_free(cert_store); + for (int i =0;i>num_certs;i++) X509_free(sig_certs[i]); //We need to free all certs OpenSSL_deinitialize(); // OpenSSL ver 1.0.2.f has a bug (seemingly) that causes a crash when freeing cms content info pointers return ver; } +char ** init_str_arr(int num) +{ + char ** arr = malloc(num*sizeof(char*)); + return arr; +} +char ** add_str_to_arr(const char *str, char **arr, int i) +{ + int len = strlen(str); + char *newstr = malloc(len+1); + memcpy(newstr, str, len); + newstr[len]=0; + arr[i]=newstr; + return arr; +} + +void deallocate_str_arr(char **arr, int len) +{ + for (int i=0; i < len; i++){ + free(arr[i]); + } + free(arr); +} + diff --git a/enzevalos_iphone/c/openssl-helpers.h b/enzevalos_iphone/c/openssl-helpers.h index 8f30d73cde0517a7c71332330977fd3801fe5772..92bb5f65ef434f1104465471d7afcf066e55b1bd 100644 --- a/enzevalos_iphone/c/openssl-helpers.h +++ b/enzevalos_iphone/c/openssl-helpers.h @@ -49,7 +49,11 @@ char *get_err_string(unsigned long err); result * OpenSSL_encrypt(const char *text, const char *pem); result * OpenSSL_decrypt(const char *str, const char *pem); result * OpenSSL_sign(const char *text, const char *pem, const int detached); -result * OpenSSL_verify(const char *text, const char *pem_cert); +result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs); +char ** init_str_arr(int num); +char ** add_str_to_arr(const char *str, char **arr, int i); +void deallocate_str_arr(char **arr, int len); + int print_test(int);