From 21cc2df19eb6ae80ecb83b725d229a76c3566736 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 11 May 2023 21:45:25 -0700 Subject: [PATCH] add example verify of smime --- pkcs7/Makefile | 3 +- pkcs7/smime-verify.c | 195 +++++++++++++++++++++++++++++++++++++++++++ pkcs7/smime.c | 7 ++ 3 files changed, 204 insertions(+), 1 deletion(-) create mode 100644 pkcs7/smime-verify.c diff --git a/pkcs7/Makefile b/pkcs7/Makefile index f4ad6942..9a8cd03e 100644 --- a/pkcs7/Makefile +++ b/pkcs7/Makefile @@ -49,4 +49,5 @@ clean: envelopedDataPWRI.der envelopedDataORI.der envelopedDataKEKRI.der \ authEnvelopedDataKARI.der authEnvelopedDataKTRI.der \ authEnvelopedDataORI.der authEnvelopedDataPWRI.der encryptedData.der \ - authEnvelopedDataKEKRI.der compressedData.der + authEnvelopedDataKEKRI.der compressedData.der \ + smime-created.p7s diff --git a/pkcs7/smime-verify.c b/pkcs7/smime-verify.c new file mode 100644 index 00000000..658c1e21 --- /dev/null +++ b/pkcs7/smime-verify.c @@ -0,0 +1,195 @@ +/* smime-verify.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include +#include +#include +#include +#include +#include + + +#ifdef HAVE_SMIME + +static int Verify(byte* smime, int smimeSz, byte* ca, int caSz, int detached) +{ + WOLFSSL_PKCS7* pkcs7Compat = NULL; + WOLFSSL_BIO *in, *content = NULL; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_STORE* store = NULL; + int ret = 0; + + in = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + if (in == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) { + WOLFSSL_BIO *multi = NULL; + + wolfSSL_BIO_write(in, smime, smimeSz); + pkcs7Compat = (WOLFSSL_PKCS7*)wolfSSL_SMIME_read_PKCS7(in, &multi); + if (pkcs7Compat == NULL) { + printf("Error parsing SMIME\n"); + ret = -1; + } + + if (multi != NULL) { + byte* pt; + int ptSz, i; + + printf("Multi part message, signed data is : "); + ptSz = wolfSSL_BIO_get_mem_data(multi, &pt); + for (i = 0; i < ptSz; i ++) + printf("%02X", pt[i]); + printf("\n"); + wolfSSL_BIO_free(multi); + } + } + + if (ret == 0) { + const unsigned char* pt; + + /* set devID */ + pkcs7Compat->pkcs7.devId = INVALID_DEVID; + + pt = ca; + x509 = wolfSSL_d2i_X509(NULL, &pt, caSz); + if (x509 == NULL) { + printf("Error decoding signer\n"); + ret = -1; + } + } + + if (ret == 0) { + store = wolfSSL_X509_STORE_new(); + if (store == NULL) { + printf("Error creating cert store\n"); + ret = MEMORY_E; + } + else { + wolfSSL_X509_STORE_add_cert(store, x509); + } + } + + if (ret == 0) { + content = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + ret = wolfSSL_PKCS7_verify((PKCS7*)pkcs7Compat, NULL, store, NULL, + content, detached); + if (ret == WOLFSSL_SUCCESS) { + ret = 0; + } + } + + + if (ret == 0 && content != NULL) { + byte* pt; + int ptSz, i; + + printf("Content found on verify : "); + ptSz = wolfSSL_BIO_get_mem_data(content, &pt); + for (i = 0; i < ptSz; i ++) + printf("%c", pt[i]); + printf("\n"); + } + + wolfSSL_BIO_free(in); + wolfSSL_BIO_free(content); + wolfSSL_PKCS7_free((PKCS7*)pkcs7Compat); + wolfSSL_X509_free(x509); + wolfSSL_X509_STORE_free(store); + return ret; +} + + +/* read private smime and signer certificate in DER format */ +static int ReadSmimeAndCert(char* smimeFile, char* certFile, byte* smime, + int* smimeSz, byte* cert, int* certSz) +{ + int ret; + XFILE f; + + f = XFOPEN(smimeFile, "rb"); + if (f == NULL) { + printf("Error opening file %s\n", smimeFile); + return -1; + } + else { + ret = XFREAD(smime, 1, *smimeSz, f); + if (ret >= 0) { + *smimeSz = ret; + ret = 0; + XFCLOSE(f); + } + } + + f = XFOPEN(certFile, "rb"); + if (f == NULL) { + printf("Error opening file %s\n", certFile); + return -1; + } + else { + ret = XFREAD(cert, 1, *certSz, f); + if (ret >= 0) { + *certSz = ret; + ret = 0; + XFCLOSE(f); + } + } + + return ret; +} + +int main(int argc, char** argv) +{ + byte cert[2048]; + int certSz = 2048; + + byte smime[3072]; + int smimeSz = 3072; + + int ret; + + if (argc != 3) { + printf("Use ./smime-verify \n"); + return -1; + } + + ret = ReadSmimeAndCert(argv[1], argv[2], smime, &smimeSz, cert, &certSz); + if (ret == 0) { + ret = Verify(smime, smimeSz, cert, certSz, 0); + if (ret == 0) { + printf("Verify Success\n"); + } + else { + printf("Verify Failed\n"); + } + } + + return ret; +} +#else +int main() +{ + printf("wolfSSL was compiled with out HAVE_SMIME support\n"); + return 0; +} +#endif diff --git a/pkcs7/smime.c b/pkcs7/smime.c index ddc54fb0..b4950441 100644 --- a/pkcs7/smime.c +++ b/pkcs7/smime.c @@ -178,10 +178,17 @@ int main(int argc, char** argv) ret = Create(smime, &smimeSz, key, keySz, cert, certSz, content, contentSz, 0); if (ret == 0) { + FILE* f; printf("Generated SMIME : "); for (i = 0; i < smimeSz; i++) printf("%02X", smime[i]); printf("\n"); + printf("output to file ./smime-created.p7s\n"); + f = fopen("./smime-created.p7s", "wb"); + if (f != NULL) { + fwrite(smime, 1, smimeSz, f); + fclose(f); + } } return ret;