Skip to content
Snippets Groups Projects

Resolve "SMIME Support"

Merged Resolve "SMIME Support"
232-smime-support into dev
6 unresolved threads
Merged lazarog98 requested to merge 232-smime-support into dev
6 unresolved threads
Compare
and
Show latest version
3 files
+ 168
166
Compare changes
  • Side-by-side
  • Inline
Files
3
enzevalos_iphone/c/openssl-helpers.c
+ 51
68
@@ -12,8 +12,7 @@ STACK_OF(X509)* create_stack_x509(X509 *arr, int len)
{
STACK_OF(X509) *stack = sk_X509_new_null();
int i = len;
while (i>0)
{
while (i>0) {
i--;
sk_X509_push(stack,&(arr[i]));
}
@@ -25,14 +24,13 @@ char ** stack_to_array(STACK_OF(X509) *stack) {
int i = 0;
while (sk_X509_num(stack) > 0) {
BIO *out = BIO_new(BIO_s_mem());
char *tmp = NULL;
PEM_write_bio_X509(out, sk_X509_pop(stack));
long size = BIO_get_mem_data(out, &tmp);
char *str_perm = (char *) malloc(size+1);
memcpy(str_perm, tmp, size);
str_perm[size]=0;//To Nullterminate the string
str_perm[size]=0; // To Nullterminate the string
str_arr[i] = str_perm;
i++;
@@ -48,7 +46,6 @@ void OpenSSL_print_ver(void) {
}
void OpenSSL_initialize(void) {
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
}
@@ -63,24 +60,21 @@ int print_test(int a) {
return 0;
}
char_array_with_length *create_list_of_errors() {
array_with_length *create_list_of_errors() {
unsigned long err = 0;
linked_list *head = NULL;
linked_list *cur = NULL;
int first = 1;
char_array_with_length *res = malloc(sizeof(char_array_with_length));
array_with_length *res = malloc(sizeof(array_with_length));
int length = 0;
char ** arr = NULL;
unsigned long * arr = NULL;
while ((err = ERR_get_error()) != 0) {
printf("%s", "Added ERROR\n");
const char *error = ERR_func_error_string(err);
//printf("\nError: %s", error);
char * error_permanent = (char *) malloc(strlen(error)+1);
error_permanent[strlen(error)]=0;//To Nullterminate the string
memcpy(error_permanent,error,strlen(error));
linked_list * newerr = malloc(sizeof(linked_list));
newerr->str = error_permanent;
newerr->content = malloc(sizeof(unsigned long));
memcpy(newerr->content, &err, sizeof(unsigned long));
newerr->content = (void*) err;
newerr->next = NULL;
if (first)
{
@@ -96,12 +90,11 @@ char_array_with_length *create_list_of_errors() {
}
if (length) {
arr = malloc(sizeof(char*)*length);
arr = malloc(sizeof(unsigned long*) * length);
linked_list *cur = head;
// TODO: make sure this doesn't cause errors
int i = 0;
while (cur != NULL) {
arr[i] = cur->str;
arr[i] = (unsigned long) cur->content;
linked_list *old = cur;
cur = cur->next;
free(old);
@@ -115,23 +108,35 @@ char_array_with_length *create_list_of_errors() {
return res;
}
char *get_err_string(unsigned long err) {
ERR_load_crypto_strings();
const char *error = ERR_func_error_string(err);
//printf("\nError: %s", error);
char * error_permanent = (char *) malloc(strlen(error)+1);
error_permanent[strlen(error)]=0; // To Nullterminate the string
memcpy(error_permanent,error,strlen(error));
ERR_free_strings();
return error_permanent;
}
result * OpenSSL_encrypt(const char *text, const char *pem) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_enc.c
OpenSSL_initialize();
char *encrypted = NULL, *tmp=NULL;;
// in = string to encrypt, out = encrypted string, rec_cert_bio =
OpenSSL_add_all_algorithms();
char *encrypted = NULL, *tmp=NULL;
BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL;
// recipient certificate
X509 *rec_cert = NULL;
STACK_OF(X509) *cert_stack = NULL;
CMS_ContentInfo *cms = NULL;
char_array_with_length *temp = NULL;
array_with_length *temp = NULL;
result *res = malloc(sizeof(result));
// this trick allows to hardcode a certificate as a string
rec_cert_bio = BIO_new_mem_buf(pem, (int) strlen(pem));
// rec_cert_bio = BIO_new_file("keys/mykey.pem", "r");
in = BIO_new_mem_buf(text, (int) strlen(text)); // simpletest
if (!rec_cert_bio) {
@@ -150,21 +155,19 @@ result * OpenSSL_encrypt(const char *text, const char *pem) {
// note that if the stack is initialized correctly, the recipient certificate is pushed as a test
if (!cert_stack || !sk_X509_push(cert_stack, rec_cert)) {
printf("Failed at push_stack");
printf("Failed at push_stack");
goto deinit;
}
cms = CMS_encrypt(cert_stack, in, EVP_aes_256_cbc(), CMS_STREAM);
if (!cms)
{
printf("Failed at P7enc");
if (!cms) {
printf("Failed at P7enc");
goto deinit;
}
out = BIO_new(BIO_s_mem());
if (!SMIME_write_CMS(out,cms,in,CMS_STREAM))
{
if (!SMIME_write_CMS(out,cms,in,CMS_STREAM)) {
printf("Failed at SMIME_WRITE");
goto deinit;
}
@@ -173,7 +176,7 @@ result * OpenSSL_encrypt(const char *text, const char *pem) {
long size = BIO_get_mem_data(out, &tmp);
encrypted= (char *) malloc(size+1);
encrypted[size]=0;//To Nullterminate the string
encrypted[size]=0; // To Nullterminate the string
memcpy(encrypted,tmp,size);
res->res = encrypted;
@@ -186,32 +189,29 @@ deinit:
free(temp);
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free(out); //also frees tmp
BIO_free(out); // also frees tmp
BIO_free(rec_cert_bio);
X509_free(rec_cert);
OpenSSL_deinitialize();
// OpenSSL ver 1.0.2.f has a bug (seemingly) that causes a crash when freeing cms content info pointers
return res;
}
result * OpenSSL_decrypt(const char *str, const char *pem) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
OpenSSL_initialize();
char *decrypted = NULL, *tmp=NULL;
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
// in = string to encrypt, out = encrypted string, rec_cert_bio =
BIO *in = NULL, *out = NULL, *rec_cert_bio = NULL;
// recipient certificate
X509 *rec_cert = NULL;
CMS_ContentInfo *cms = NULL;
EVP_PKEY *rkey = NULL;
result *res = malloc(sizeof(result));
char_array_with_length *temp = NULL;
array_with_length *temp = NULL;
// this trick allows to hardcode a certificate as a string
rec_cert_bio = BIO_new_mem_buf(pem, (int) strlen(pem));
// rec_cert_bio = BIO_new_file("keys/mykey.pem", "r");
in = BIO_new_mem_buf(str,(int) strlen(str)); // simpletest
if (!rec_cert_bio) {
@@ -235,23 +235,21 @@ result * OpenSSL_decrypt(const char *str, const char *pem) {
cms = SMIME_read_CMS(in, NULL);
if (!cms)
{
if (!cms) {
printf("DEC Failed at SMIME_READ");
goto deinit;
}
out = BIO_new(BIO_s_mem());
if (!CMS_decrypt(cms, rkey, rec_cert, NULL, out, CMS_STREAM))
{
if (!CMS_decrypt(cms, rkey, rec_cert, NULL, out, CMS_STREAM)) {
printf("Failed at Decrypt");
goto deinit;
}
long size = BIO_get_mem_data(out, &tmp);
decrypted= (char *) malloc(size+1);
decrypted[size]=0;//To Nullterminate the string
decrypted[size]=0; // To Nullterminate the string
memcpy(decrypted, tmp, size);
res->res = decrypted;
@@ -262,7 +260,7 @@ deinit:
free(temp);
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free(out); //also frees tmp
BIO_free(out); // also frees tmp
BIO_free(rec_cert_bio);
X509_free(rec_cert);
OpenSSL_deinitialize();
@@ -283,11 +281,10 @@ result * OpenSSL_sign(const char *text, const char *pem, const int detached)
int flags = CMS_STREAM | CMS_PARTIAL;
result *res = malloc(sizeof(result));
char_array_with_length *temp = NULL;
array_with_length *temp = NULL;
if (detached) flags |= CMS_DETACHED;
// rec_cert_bio = BIO_new_file("keys/mykey.pem", "r");
in = BIO_new_mem_buf(text,(int) strlen(text)); // simpletest
sig_cert_bio = BIO_new_mem_buf(pem, (int) strlen(pem));
@@ -319,20 +316,17 @@ result * OpenSSL_sign(const char *text, const char *pem, const int detached)
}
cms = CMS_sign(NULL, NULL, NULL, in, flags);
if (!cms)
{
if (!cms) {
goto deinit;
}
if (!CMS_add1_signer(cms, sig_cert, skey, EVP_sha256(), flags))
{
if (!CMS_add1_signer(cms, sig_cert, skey, EVP_sha256(), flags)) {
goto deinit;
}
out = BIO_new(BIO_s_mem());
if (!SMIME_write_CMS(out,cms,in,flags))
{
if (!SMIME_write_CMS(out,cms,in,flags)) {
printf("Failed at SMIME_WRITE");
goto deinit;
}
@@ -341,7 +335,7 @@ result * OpenSSL_sign(const char *text, const char *pem, const int detached)
long size = BIO_get_mem_data(out, &tmp);
mail= (char *) malloc(size+1);
mail[size]=0;//To Nullterminate the string
mail[size]=0; // to Nullterminate the string
memcpy(mail,tmp,size);
@@ -353,7 +347,7 @@ deinit:
free(temp);
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free(out); //also frees tmp
BIO_free(out); // also frees tmp
BIO_free(sig_cert_bio);
X509_free(sig_cert);
@@ -362,6 +356,7 @@ deinit:
}
result * OpenSSL_verify(const char *text, const char *pem_cert) {
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
result *ver = malloc(sizeof(result));
ver->certs = NULL;
ver->errors = NULL;
@@ -369,9 +364,7 @@ result * OpenSSL_verify(const char *text, const char *pem_cert) {
OpenSSL_initialize();
char *realtext = NULL, *tmp=NULL;
// https://github.com/openssl/openssl/blob/master/demos/cms/cms_dec.c
// in = string to encrypt, out = encrypted string, rec_cert_bio =
BIO *in = NULL, *out = NULL, *sig_cert_bio = NULL;
// recipient certificate
X509 *sig_cert = NULL;
@@ -380,14 +373,13 @@ result * OpenSSL_verify(const char *text, const char *pem_cert) {
CMS_ContentInfo *cms = NULL;
BIO *detached = NULL;
char_array_with_length *temp = NULL;
array_with_length *temp = NULL;
cert_store = X509_STORE_new();
// this trick allows to hardcode a certificate as a string
sig_cert_bio = BIO_new_mem_buf(pem_cert, (int) strlen(pem_cert));
// rec_cert_bio = BIO_new_file("keys/mykey.pem", "r");
in = BIO_new_mem_buf(text,(int) strlen(text)); // simpletest
if (!sig_cert_bio) {
@@ -407,32 +399,23 @@ result * OpenSSL_verify(const char *text, const char *pem_cert) {
}
cms = SMIME_read_CMS(in, &detached);
if (!cms)
{
if (!cms) {
printf("\nVER Failed at SMIME_READ");
goto deinit;
}
out = BIO_new(BIO_s_mem());
ERR_clear_error();
if (!CMS_verify(cms, NULL, cert_store, detached, out, 0))
{
if (!CMS_verify(cms, NULL, cert_store, detached, out, 0)) {
printf("Verification failed");
// MAKE A LINKED LIST AND PACK ALL THE ERROS THERE
// MAKE A LINKED LIST FOR THE SIGNERS IN THE STRUCT
goto deinit;
}
BIO_get_mem_data(out, &tmp);
long size = BIO_get_mem_data(out, &tmp);
realtext= (char *) malloc(size+1);
realtext[size]=0;//To Nullterminate the string
realtext[size]=0; // To Nullterminate the string
memcpy(realtext, tmp, size);
ver->res = realtext;
@@ -447,7 +430,7 @@ deinit:
free(temp);
CMS_ContentInfo_free(cms);
BIO_free(in);
BIO_free(out); //also frees tmp
BIO_free(out); // also frees tmp
BIO_free(sig_cert_bio);
X509_free(sig_cert);
OpenSSL_deinitialize();