diff --git a/enzevalos_iphone.xcodeproj/project.pbxproj b/enzevalos_iphone.xcodeproj/project.pbxproj
index 808e40a448d9c0ac79eb2d36d82bbd4683031526..6081eeabe9ecab38435285e7b11fa0a1cef0df81 100644
--- a/enzevalos_iphone.xcodeproj/project.pbxproj
+++ b/enzevalos_iphone.xcodeproj/project.pbxproj
@@ -27,6 +27,7 @@
0ECEA0FE240E7DB1007DC71E /* mykey.p12 in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEA0F4240E7DB0007DC71E /* mykey.p12 */; };
0ECEA0FF240E7DB1007DC71E /* evilCA.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEA0F5240E7DB0007DC71E /* evilCA.pem */; };
0ECEA100240E7DB1007DC71E /* evilkey1.pem in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEA0F6240E7DB1007DC71E /* evilkey1.pem */; };
+ 0EFEF0952417C0B400BB2FF7 /* CHelpers.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0EFEF0942417C0B400BB2FF7 /* CHelpers.swift */; };
3E6B07DE2011246500E49609 /* invitationText.html in Resources */ = {isa = PBXBuildFile; fileRef = 3E6B07DD2011246500E49609 /* invitationText.html */; };
3EB4FA9F2012007C001D0625 /* DialogViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 3EB4FA9D2012007C001D0625 /* DialogViewController.swift */; };
3EB4FAA12012007C001D0625 /* Dialog.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 3EB4FA9E2012007C001D0625 /* Dialog.storyboard */; };
@@ -302,6 +303,7 @@
0ECEA0F4240E7DB0007DC71E /* mykey.p12 */ = {isa = PBXFileReference; lastKnownFileType = file; path = mykey.p12; sourceTree = "<group>"; };
0ECEA0F5240E7DB0007DC71E /* evilCA.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = evilCA.pem; sourceTree = "<group>"; };
0ECEA0F6240E7DB1007DC71E /* evilkey1.pem */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = evilkey1.pem; sourceTree = "<group>"; };
+ 0EFEF0942417C0B400BB2FF7 /* CHelpers.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = CHelpers.swift; sourceTree = "<group>"; };
1D4A9E60565DECF52C011BC0 /* Pods-enzevalos_iphone-AdHoc.release.xcconfig */ = {isa = PBXFileReference; includeInIndex = 1; lastKnownFileType = text.xcconfig; name = "Pods-enzevalos_iphone-AdHoc.release.xcconfig"; path = "../enzevalos_iphone_workspace/Pods/Target Support Files/Pods-enzevalos_iphone-AdHoc/Pods-enzevalos_iphone-AdHoc.release.xcconfig"; sourceTree = "<group>"; };
3E6B07DD2011246500E49609 /* invitationText.html */ = {isa = PBXFileReference; lastKnownFileType = text.html; name = invitationText.html; path = Invitation/invitationText.html; sourceTree = "<group>"; };
3E9708AD1FAC925D005825C9 /* enzevalos_iphone.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = enzevalos_iphone.entitlements; sourceTree = "<group>"; };
@@ -615,6 +617,14 @@
name = SMIME;
sourceTree = "<group>";
};
+ 0EFEF0932417C08B00BB2FF7 /* C Helpers */ = {
+ isa = PBXGroup;
+ children = (
+ 0EFEF0942417C0B400BB2FF7 /* CHelpers.swift */,
+ );
+ name = "C Helpers";
+ sourceTree = "<group>";
+ };
24472862977D71D3F0AD0D58 /* Pods */ = {
isa = PBXGroup;
children = (
@@ -977,6 +987,7 @@
A13526771D955BDF00D3BFE1 /* enzevalos_iphone */ = {
isa = PBXGroup;
children = (
+ 0EFEF0932417C08B00BB2FF7 /* C Helpers */,
476403FA2413F95300C7D426 /* OpenSSL */,
A1B9999D21DE7CD2002563F6 /* Travel */,
477548DC21F5DA46000B22A8 /* mail */,
@@ -1732,6 +1743,7 @@
475B00341F7B9565006CDD41 /* Cryptography.swift in Sources */,
A1EB057C1D956838008659C1 /* MailHandler.swift in Sources */,
A182182E21E50D8D00918A29 /* IntroButtonViewController.swift in Sources */,
+ 0EFEF0952417C0B400BB2FF7 /* CHelpers.swift in Sources */,
478AF715222FD5C600AEF69E /* IncomingMail.swift in Sources */,
47C036FF2347C0F5006295E8 /* ImportKeyOverviewController.swift in Sources */,
A1EB05881D956879008659C1 /* AddressHandler.swift in Sources */,
diff --git a/enzevalos_iphone/CHelpers.swift b/enzevalos_iphone/CHelpers.swift
new file mode 100644
index 0000000000000000000000000000000000000000..d79686e1421dcaa6a722afdf935ed3e26f2935dd
--- /dev/null
+++ b/enzevalos_iphone/CHelpers.swift
@@ -0,0 +1,31 @@
+//
+// CHelpers.swift
+// enzevalos_iphone
+//
+// Created by lazarog98 on 10.03.20.
+// Copyright © 2020 fu-berlin. All rights reserved.
+//
+
+import Foundation
+
+/**
+ Creates an arraz of C Strings from an array of swift strings
+ Always call deallocateCStrArr after using this!
+ */
+func createCStrArr(sarr: [String]) -> UnsafeMutablePointer<UnsafeMutablePointer<Int8>?>?{
+ let len = sarr.count
+ var carr = init_str_arr(Int32(len))
+ for i in 0..<len
+ {
+ let str = sarr[i]
+ add_str_to_arr(str,carr,Int32(i))
+ }
+ return carr
+}
+
+/**
+ Deallocates an array of c strings
+ */
+func deallocateCStrArr(arr: UnsafeMutablePointer<UnsafeMutablePointer<Int8>?>?, len: Int){
+ return deallocate_str_arr(arr, Int32(len))
+}
diff --git a/enzevalos_iphone/SMIME.swift b/enzevalos_iphone/SMIME.swift
index d223ce1a3617309aa9f4f5e376f7a95ca68e8cbf..ece422e0a131c11a6665334f8835de618272cf55 100644
--- a/enzevalos_iphone/SMIME.swift
+++ b/enzevalos_iphone/SMIME.swift
@@ -118,6 +118,27 @@ jRqChUmvLzwDtP8bFJ5COad91Cfx9DmHSnoPkhdg0f+2x+0eajjEx8fRCppHOSPK
5O2AvjjS4akSRqVwlqFUqgDvO1PRhLw31i14EbkO3q1OC/4t00HJnszqzbwGWTrf
n1O3czuVl7rPXrJn0A/MVI2ReKOQeIAYMg==
-----END CERTIFICATE-----
+"""
+
+ var testEvilCA = """
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAckCCDWaS3dso6D3MA0GCSqGSIb3DQEBCwUAMDMxCzAJBgNVBAYTAkRF
+MRMwEQYDVQQKDApBIE1BSUxURVNUMQ8wDQYDVQQDDAZldmlsQ0EwHhcNMTkwNzI5
+MTUzODA1WhcNMTkwODA1MTUzODA1WjAzMQswCQYDVQQGEwJERTETMBEGA1UECgwK
+QSBNQUlMVEVTVDEPMA0GA1UEAwwGZXZpbENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAv0W8s3Dav5brYO+MZQ+DiNPSf0Mgd6g6zR1vdk+sPTuJbAZ2
+owxR376WKEayBp3jF3omitej4ltuAoepQ7xgsFLVJDijAxeLeoAzPc+J8qDcY1NF
+4up9+DpN7L0L3rgfU0/I8Az4jpR8pHJTHmu0L074Er5+Vk2cBvxSY3srp2NnEga1
+Fudun9YUYfOp432Ac7xv/6KYz99ocbI+F/egnHQm49GnyFs1zxCuh9qfTeCFO644
+dUlkMXfQF7sdZmxdxwKIF4D8AroAecFXWei4PtNIJpPvr/UdCBIyEmZroL2fMnPg
+zMtChlEG5Ryw7UuwKrQGs903n3nxvopr4mOumwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQCFnuNL7hhJjhvPpeMPFahMdadA1OWRLIe0XdAJI8Pvlx3f8XR5udcGS2Mi
+r5znDhWHT5fFyYTj0JZQUf5GaYrucZDh2M2lXzuazhh5J+PSgvMez1fqfC0pp3Iy
+IIqIxZCzGaZp9A7CkAO1qyDqM3fAtkJ0f6JoIrUN9Q4PphDpi6vlRDIoHROmK/Xr
+QVzf2Y0lnKGQisw048XPLWqGagu8ZO0n6GMmyldnwVDEsQomndWDrW0EHEV2s/fq
+bgvyhVRenp1O5IH3nOyXm8vR2FWOEHwR686l8Mxy24APzzn5K7nPeyBx0+ZpyqYh
+aqQKdT1pty4gKWz3zSNTupVsyA/t
+-----END CERTIFICATE-----
"""
var test_key_other = """
@@ -189,14 +210,14 @@ iwxRK85BnWBVkQIMvxrbb2Ro04buiizELRoKsDdkSdYXFSmSOvw1pvT8IpNJjNRU
AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg==
-----END RSA PRIVATE KEY-----
"""
-
+
var test_string = "Hello world whatever the fuck";
let cryptoScheme = CryptoScheme.SMIME
func testSMIMEencrypt(){
// OpenSSL_print_ver()
- let (enc, enc_errs) = encrypt_with_pem(message: test_string, keyAsPem: "")
+ let (enc, enc_errs) = encrypt_with_pem(message: test_string, keyAsPem: test_key)
if enc != nil {
// the pointers point to memory allocatedi in c that needs to be manually dealocated
print("SWIFT ENC DONE: ", enc ?? "")
@@ -234,11 +255,17 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg==
print("\n SWIFT SIGN2 failed")
}
- let (vertest, certs,verErrs) = verify_with_CApem(message: sig!, pemCA: testCA)
+ let (vertest, certs,verErrs) = verify_with_CApem(message: sig!, pemCAArr: [testCA, testEvilCA])
if vertest != nil
{
print("In Verification", vertest!)
print(certs ?? "No certs")
+ for x in verErrs ?? [] {
+ print("errorstring: ",getErrorString(errCode: x))
+ }
+ }
+ else{
+ print("Vertest was nil")
}
}
@@ -280,8 +307,11 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg==
return (sigStr, errArr)
}
- func verify_with_CApem (message:String,pemCA: String) -> (String?, [String]?, [UInt]?) {
- let ver = OpenSSL_verify(message, pemCA)
+ func verify_with_CApem (message:String, pemCAArr: [String]) -> (String?, [String]?, [UInt]?) {
+ let pemCAArrC = createCStrArr(sarr: pemCAArr)
+ let ver = OpenSSL_verify(message, pemCAArrC, Int32(pemCAArr.count))
+ deallocateCStrArr(arr: pemCAArrC, len:pemCAArr.count)
+
let result = ver?.pointee;
let verStr = result?._extractOutput()
@@ -292,9 +322,6 @@ AYIHvW6qRLTsSR6BZZS3pqGXYue7fE0vj4HJ2IEpj05qQ5RXrD57Wg==
return (verStr, certArr, errArr)
}
- /**
- Returns an error message from an OpenSSL error code
- */
func getErrorString(errCode: UInt) -> String {
let cStr = get_err_string(errCode);
if (cStr != nil) {
@@ -384,4 +411,8 @@ extension result {
return swiftStr
}
+
+
+
}
+
diff --git a/enzevalos_iphone/c/openssl-helpers.c b/enzevalos_iphone/c/openssl-helpers.c
index f51de1d67246e3c21fcaea18539ee5f0d0a80047..e71e96edd6c26ff488471f1c66bc0581b6ffd03f 100644
--- a/enzevalos_iphone/c/openssl-helpers.c
+++ b/enzevalos_iphone/c/openssl-helpers.c
@@ -70,7 +70,6 @@ array_with_length *create_list_of_errors() {
unsigned long * arr = NULL;
while ((err = ERR_get_error()) != 0) {
- printf("%s", "Added ERROR\n");
linked_list * newerr = malloc(sizeof(linked_list));
newerr->content = malloc(sizeof(unsigned long));
memcpy(newerr->content, &err, sizeof(unsigned long));
@@ -355,7 +354,8 @@ deinit:
return res;
}
-result * OpenSSL_verify(const char *text, const char *pem_cert) {
+
+result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
result *ver = malloc(sizeof(result));
ver->certs = NULL;
@@ -365,9 +365,10 @@ result * OpenSSL_verify(const char *text, const char *pem_cert) {
OpenSSL_initialize();
char *realtext = NULL, *tmp=NULL;
- BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL;
+ BIO *in = NULL, *out = NULL;
// recipient certificate
- X509 *sig_cert = NULL;
+ X509 **sig_certs = malloc(num_certs*sizeof(X509));
+
STACK_OF(X509) *cert_stack= NULL;
X509_STORE *cert_store = NULL;
CMS_ContentInfo *cms = NULL;
@@ -378,36 +379,43 @@ result * OpenSSL_verify(const char *text, const char *pem_cert) {
cert_store = X509_STORE_new();
// this trick allows to hardcode a certificate as a string
- sig_cert_bio = BIO_new_mem_buf(pem_cert, (int) strlen(pem_cert));
+ for (int i = 0; i<num_certs; i++) {
+ BIO *sig_cert_bio = BIO_new_mem_buf(pem_cert[i], (int) strlen(pem_cert[i]));
+
+ if (!sig_cert_bio) {
+ printf("VERT Failed reading mykey.pem!\n");
+ goto loopend;
+ }
+
+ sig_certs[i] = PEM_read_bio_X509(sig_cert_bio, NULL, 0, NULL);
+ if (!sig_certs[i] ) {
+ printf("VERT Failed reading pem cert %d\n |", i);
+
+ goto loopend;
+ }
+
+ if (!X509_STORE_add_cert(cert_store, sig_certs[i])) {
+ printf("VERT Failed at adding cert to store\n");
+ goto loopend;
+ }
+
+ loopend:
+ BIO_free(sig_cert_bio);
+ }
in = BIO_new_mem_buf(text,(int) strlen(text)); // simpletest
- if (!sig_cert_bio) {
- printf("Failed reading mykey.pem!\n");
- goto deinit;
- }
- sig_cert = PEM_read_bio_X509(sig_cert_bio, NULL, 0, NULL);
- if (!sig_cert ) {
- printf("Failed reading pem cert\n");
- goto deinit;
- }
-
- if (!X509_STORE_add_cert(cert_store, sig_cert)) {
- printf("Failed at adding cert to store\n");
- goto deinit;
- }
-
cms = SMIME_read_CMS(in, &detached);
if (!cms) {
- printf("\nVER Failed at SMIME_READ");
+ printf("\nVERT VER Failed at SMIME_READ");
goto deinit;
}
out = BIO_new(BIO_s_mem());
ERR_clear_error();
if (!CMS_verify(cms, NULL, cert_store, detached, out, 0)) {
- printf("Verification failed");
+ printf("VERT Verification failed");
goto deinit;
}
@@ -431,10 +439,33 @@ deinit:
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free(out); // also frees tmp
- BIO_free(sig_cert_bio);
- X509_free(sig_cert);
+ X509_STORE_free(cert_store);
+ for (int i =0;i>num_certs;i++) X509_free(sig_certs[i]); //We need to free all certs
OpenSSL_deinitialize();
// OpenSSL ver 1.0.2.f has a bug (seemingly) that causes a crash when freeing cms content info pointers
return ver;
}
+char ** init_str_arr(int num)
+{
+ char ** arr = malloc(num*sizeof(char*));
+ return arr;
+}
+char ** add_str_to_arr(const char *str, char **arr, int i)
+{
+ int len = strlen(str);
+ char *newstr = malloc(len+1);
+ memcpy(newstr, str, len);
+ newstr[len]=0;
+ arr[i]=newstr;
+ return arr;
+}
+
+void deallocate_str_arr(char **arr, int len)
+{
+ for (int i=0; i < len; i++){
+ free(arr[i]);
+ }
+ free(arr);
+}
+
diff --git a/enzevalos_iphone/c/openssl-helpers.h b/enzevalos_iphone/c/openssl-helpers.h
index 8f30d73cde0517a7c71332330977fd3801fe5772..92bb5f65ef434f1104465471d7afcf066e55b1bd 100644
--- a/enzevalos_iphone/c/openssl-helpers.h
+++ b/enzevalos_iphone/c/openssl-helpers.h
@@ -49,7 +49,11 @@ char *get_err_string(unsigned long err);
result * OpenSSL_encrypt(const char *text, const char *pem);
result * OpenSSL_decrypt(const char *str, const char *pem);
result * OpenSSL_sign(const char *text, const char *pem, const int detached);
-result * OpenSSL_verify(const char *text, const char *pem_cert);
+result * OpenSSL_verify(const char *text, char **pem_cert, const int num_certs);
+char ** init_str_arr(int num);
+char ** add_str_to_arr(const char *str, char **arr, int i);
+void deallocate_str_arr(char **arr, int len);
+
int print_test(int);