diff options
Diffstat (limited to 'openssl/demos')
36 files changed, 1498 insertions, 493 deletions
diff --git a/openssl/demos/cms/cacert.pem b/openssl/demos/cms/cacert.pem new file mode 100644 index 000000000..75cbb347a --- /dev/null +++ b/openssl/demos/cms/cacert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 +WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD +aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN +RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz +i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR +ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT +jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx +CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B +SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD +VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB +ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc +G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo +u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF +1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +-----END CERTIFICATE----- diff --git a/openssl/demos/cms/cakey.pem b/openssl/demos/cms/cakey.pem new file mode 100644 index 000000000..3b53c5e81 --- /dev/null +++ b/openssl/demos/cms/cakey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd +c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 +dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB +AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 +HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs +tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS +rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 +9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u +jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is +uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU ++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP +wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW +8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +-----END RSA PRIVATE KEY----- diff --git a/openssl/demos/cms/cms_comp.c b/openssl/demos/cms/cms_comp.c new file mode 100644 index 000000000..b7943e813 --- /dev/null +++ b/openssl/demos/cms/cms_comp.c @@ -0,0 +1,61 @@ +/* Simple S/MIME compress example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* + * On OpenSSL 0.9.9 only: + * for streaming set CMS_STREAM + */ + int flags = CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Open content being compressed */ + + in = BIO_new_file("comp.txt", "r"); + + if (!in) + goto err; + + /* compress content */ + cms = CMS_compress(in, NID_zlib_compression, flags); + + if (!cms) + goto err; + + out = BIO_new_file("smcomp.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Compressing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (in) + BIO_free(in); + if (out) + BIO_free(out); + + return ret; + + } diff --git a/openssl/demos/cms/cms_ddec.c b/openssl/demos/cms/cms_ddec.c new file mode 100644 index 000000000..ba68cfdf7 --- /dev/null +++ b/openssl/demos/cms/cms_ddec.c @@ -0,0 +1,89 @@ +/* S/MIME detached data decrypt example: rarely done but + * should the need arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *dcont = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open PEM file containing enveloped data */ + + in = BIO_new_file("smencr.pem", "r"); + + if (!in) + goto err; + + /* Parse PEM content */ + cms = PEM_read_bio_CMS(in, NULL, 0, NULL); + + if (!cms) + goto err; + + /* Open file containing detached content */ + dcont = BIO_new_file("smencr.out", "rb"); + + if (!in) + goto err; + + out = BIO_new_file("encrout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!CMS_decrypt(cms, rkey, rcert, dcont, out, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Decrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (rkey) + EVP_PKEY_free(rkey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + if (dcont) + BIO_free(dcont); + + return ret; + + } diff --git a/openssl/demos/cms/cms_dec.c b/openssl/demos/cms/cms_dec.c new file mode 100644 index 000000000..7ddf65326 --- /dev/null +++ b/openssl/demos/cms/cms_dec.c @@ -0,0 +1,79 @@ +/* Simple S/MIME decryption example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open S/MIME message to decrypt */ + + in = BIO_new_file("smencr.txt", "r"); + + if (!in) + goto err; + + /* Parse message */ + cms = SMIME_read_CMS(in, NULL); + + if (!cms) + goto err; + + out = BIO_new_file("decout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!CMS_decrypt(cms, rkey, rcert, out, NULL, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Decrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (rkey) + EVP_PKEY_free(rkey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/cms/cms_denc.c b/openssl/demos/cms/cms_denc.c new file mode 100644 index 000000000..9265e47bf --- /dev/null +++ b/openssl/demos/cms/cms_denc.c @@ -0,0 +1,97 @@ +/* S/MIME detached data encrypt example: rarely done but + * should the need arise this is an example.... + */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *dout = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + int flags = CMS_STREAM|CMS_DETACHED; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* sk_X509_pop_free will free up recipient STACK and its contents + * so set rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + dout = BIO_new_file("smencr.out", "wb"); + + if (!in) + goto err; + + /* encrypt content */ + cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!cms) + goto err; + + out = BIO_new_file("smencr.pem", "w"); + if (!out) + goto err; + + if (!CMS_final(cms, in, dout, flags)) + goto err; + + /* Write out CMS structure without content */ + if (!PEM_write_bio_CMS(out, cms)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (recips) + sk_X509_pop_free(recips, X509_free); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (dout) + BIO_free(dout); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/cms/cms_enc.c b/openssl/demos/cms/cms_enc.c new file mode 100644 index 000000000..916b479d3 --- /dev/null +++ b/openssl/demos/cms/cms_enc.c @@ -0,0 +1,92 @@ +/* Simple S/MIME encrypt example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* + * On OpenSSL 1.0.0 and later only: + * for streaming set CMS_STREAM + */ + int flags = CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* sk_X509_pop_free will free up recipient STACK and its contents + * so set rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + if (!in) + goto err; + + /* encrypt content */ + cms = CMS_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!cms) + goto err; + + out = BIO_new_file("smencr.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (rcert) + X509_free(rcert); + if (recips) + sk_X509_pop_free(recips, X509_free); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/cms/cms_sign.c b/openssl/demos/cms/cms_sign.c new file mode 100644 index 000000000..42f762034 --- /dev/null +++ b/openssl/demos/cms/cms_sign.c @@ -0,0 +1,89 @@ +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL; + EVP_PKEY *skey = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + /* For simple S/MIME signing use CMS_DETACHED. + * On OpenSSL 0.9.9 only: + * for streaming detached set CMS_DETACHED|CMS_STREAM + * for streaming non-detached set CMS_STREAM + */ + int flags = CMS_DETACHED|CMS_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert || !skey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + cms = CMS_sign(scert, skey, NULL, in, flags); + + if (!cms) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + if (!(flags & CMS_STREAM)) + BIO_reset(in); + + /* Write out S/MIME message */ + if (!SMIME_write_CMS(out, cms, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/cms/cms_sign2.c b/openssl/demos/cms/cms_sign2.c new file mode 100644 index 000000000..36adee730 --- /dev/null +++ b/openssl/demos/cms/cms_sign2.c @@ -0,0 +1,103 @@ +/* S/MIME signing example: 2 signers */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL, *scert2 = NULL; + EVP_PKEY *skey = NULL, *skey2 = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + BIO_free(tbio); + + tbio = BIO_new_file("signer2.pem", "r"); + + if (!tbio) + goto err; + + scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert2 || !skey2) + goto err; + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + cms = CMS_sign(NULL, NULL, NULL, in, CMS_STREAM|CMS_PARTIAL); + + if (!cms) + goto err; + + /* Add each signer in turn */ + + if (!CMS_add1_signer(cms, scert, skey, NULL, 0)) + goto err; + + if (!CMS_add1_signer(cms, scert2, skey2, NULL, 0)) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + /* NB: content included and finalized by SMIME_write_CMS */ + + if (!SMIME_write_CMS(out, cms, in, CMS_STREAM)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (scert2) + X509_free(scert2); + if (skey) + EVP_PKEY_free(skey2); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/cms/cms_uncomp.c b/openssl/demos/cms/cms_uncomp.c new file mode 100644 index 000000000..f15ae2f13 --- /dev/null +++ b/openssl/demos/cms/cms_uncomp.c @@ -0,0 +1,56 @@ +/* Simple S/MIME uncompression example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL; + CMS_ContentInfo *cms = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Open compressed content */ + + in = BIO_new_file("smcomp.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + cms = SMIME_read_CMS(in, NULL); + + if (!cms) + goto err; + + out = BIO_new_file("smuncomp.txt", "w"); + if (!out) + goto err; + + /* Uncompress S/MIME message */ + if (!CMS_uncompress(cms, out, NULL, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Uncompressing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + + return ret; + + } diff --git a/openssl/demos/cms/cms_ver.c b/openssl/demos/cms/cms_ver.c new file mode 100644 index 000000000..bf1145ed8 --- /dev/null +++ b/openssl/demos/cms/cms_ver.c @@ -0,0 +1,87 @@ +/* Simple S/MIME verification example */ +#include <openssl/pem.h> +#include <openssl/cms.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; + X509_STORE *st = NULL; + X509 *cacert = NULL; + CMS_ContentInfo *cms = NULL; + + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Set up trusted CA certificate store */ + + st = X509_STORE_new(); + + /* Read in CA certificate */ + tbio = BIO_new_file("cacert.pem", "r"); + + if (!tbio) + goto err; + + cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!cacert) + goto err; + + if (!X509_STORE_add_cert(st, cacert)) + goto err; + + /* Open message being verified */ + + in = BIO_new_file("smout.txt", "r"); + + if (!in) + goto err; + + /* parse message */ + cms = SMIME_read_CMS(in, &cont); + + if (!cms) + goto err; + + /* File to output verified content to */ + out = BIO_new_file("smver.txt", "w"); + if (!out) + goto err; + + if (!CMS_verify(cms, NULL, st, cont, out, 0)) + { + fprintf(stderr, "Verification Failure\n"); + goto err; + } + + fprintf(stderr, "Verification Successful\n"); + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Verifying Data\n"); + ERR_print_errors_fp(stderr); + } + + if (cms) + CMS_ContentInfo_free(cms); + + if (cacert) + X509_free(cacert); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/cms/comp.txt b/openssl/demos/cms/comp.txt new file mode 100644 index 000000000..1672328e7 --- /dev/null +++ b/openssl/demos/cms/comp.txt @@ -0,0 +1,22 @@ +Content-type: text/plain + +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed +Some Text To be Compressed diff --git a/openssl/demos/cms/encr.txt b/openssl/demos/cms/encr.txt new file mode 100644 index 000000000..0eceb407b --- /dev/null +++ b/openssl/demos/cms/encr.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Sample OpenSSL Data for CMS encryption diff --git a/openssl/demos/cms/sign.txt b/openssl/demos/cms/sign.txt new file mode 100644 index 000000000..c3f9d73d6 --- /dev/null +++ b/openssl/demos/cms/sign.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Test OpenSSL CMS Signed Content diff --git a/openssl/demos/cms/signer.pem b/openssl/demos/cms/signer.pem new file mode 100644 index 000000000..bac16ba96 --- /dev/null +++ b/openssl/demos/cms/signer.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 +WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz +jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L +ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y +gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX +MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn ++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv +lDiQlgX0JtmLgA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm +1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH +Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB +AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG +mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o +wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx +04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 +qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc +YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY +sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 +4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid +7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 +xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +-----END RSA PRIVATE KEY----- diff --git a/openssl/demos/cms/signer2.pem b/openssl/demos/cms/signer2.pem new file mode 100644 index 000000000..25e23d131 --- /dev/null +++ b/openssl/demos/cms/signer2.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 +WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ +jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW +ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW +GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X +h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 +aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR +2aX6rl2JEuJ5Yg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM +nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f +nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB +AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF +6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 +CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf +m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX +2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr +upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 +ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL +SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk +gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX +pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +-----END RSA PRIVATE KEY----- diff --git a/openssl/demos/engines/rsaref/build.com b/openssl/demos/engines/rsaref/build.com index b95691291..72b013d45 100644 --- a/openssl/demos/engines/rsaref/build.com +++ b/openssl/demos/engines/rsaref/build.com @@ -7,6 +7,14 @@ $ write sys$error "RSAref 2.0 hasn't been properly extracted." $ exit $ endif $ +$ if (f$getsyi("cpu").lt.128) +$ then +$ arch := vax +$ else +$ arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if (arch .eqs. "") then arch = "UNK" +$ endif +$ $ _save_default = f$environment("default") $ set default [.install] $ files := desc,digit,md2c,md5c,nn,prime,- @@ -29,14 +37,8 @@ $ set default [-] $ define/user openssl [---.include.openssl] $ cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c $ -$ if f$getsyi("CPU") .ge. 128 +$ if arch .eqs. "VAX" $ then -$ link/share=librsaref.exe sys$input:/option -[]rsaref.obj -[.install]rsaref.olb/lib -[---.axp.exe.crypto]libcrypto.olb/lib -symbol_vector=(bind_engine=procedure,v_check=procedure) -$ else $ macro/object=rsaref_vec.obj sys$input: ; ; Transfer vector for VAX shareable image @@ -80,6 +82,24 @@ PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT []rsaref.obj [.install]rsaref.olb/lib [---.vax.exe.crypto]libcrypto.olb/lib +$ else +$ if arch_name .eqs. "ALPHA" +$ then +$ link/share=librsaref.exe sys$input:/option +[]rsaref.obj +[.install]rsaref.olb/lib +[---.alpha.exe.crypto]libcrypto.olb/lib +symbol_vector=(bind_engine=procedure,v_check=procedure) +$ else +$ if arch_name .eqs. "IA64" +$ then +$ link /shareable=librsaref.exe sys$input: /options +[]rsaref.obj +[.install]rsaref.olb/lib +[---.ia64.exe.crypto]libcrypto.olb/lib +symbol_vector=(bind_engine=procedure,v_check=procedure) +$ endif +$ endif $ endif $ $ set default '_save_default' diff --git a/openssl/demos/jpake/Makefile b/openssl/demos/jpake/Makefile deleted file mode 100644 index 09b8f03d0..000000000 --- a/openssl/demos/jpake/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -LDFLAGS=-L../.. -lcrypto -CFLAGS=-I../../include -Wall -Werror -g - -all: jpakedemo - -jpakedemo: jpakedemo.o - $(CC) -g -o jpakedemo jpakedemo.o $(LDFLAGS) diff --git a/openssl/demos/jpake/jpakedemo.c b/openssl/demos/jpake/jpakedemo.c deleted file mode 100644 index 338a8810d..000000000 --- a/openssl/demos/jpake/jpakedemo.c +++ /dev/null @@ -1,469 +0,0 @@ -#include "openssl/bn.h" -#include "openssl/sha.h" -#include <assert.h> -#include <string.h> -#include <stdlib.h> - -/* Copyright (C) 2008 Ben Laurie (ben@links.org) */ - -/* - * Implement J-PAKE, as described in - * http://grouper.ieee.org/groups/1363/Research/contributions/hao-ryan-2008.pdf - * - * With hints from http://www.cl.cam.ac.uk/~fh240/software/JPAKE2.java. - */ - -static void showbn(const char *name, const BIGNUM *bn) - { - fputs(name, stdout); - fputs(" = ", stdout); - BN_print_fp(stdout, bn); - putc('\n', stdout); - } - -typedef struct - { - BN_CTX *ctx; // Perhaps not the best place for this? - BIGNUM *p; - BIGNUM *q; - BIGNUM *g; - } JPakeParameters; - -static void JPakeParametersInit(JPakeParameters *params) - { - params->ctx = BN_CTX_new(); - - // For now use p, q, g from Java sample code. Later, generate them. - params->p = NULL; - BN_hex2bn(¶ms->p, "fd7f53811d75122952df4a9c2eece4e7f611b7523cef4400c31e3f80b6512669455d402251fb593d8d58fabfc5f5ba30f6cb9b556cd7813b801d346ff26660b76b9950a5a49f9fe8047b1022c24fbba9d7feb7c61bf83b57e7c6a8a6150f04fb83f6d3c51ec3023554135a169132f675f3ae2b61d72aeff22203199dd14801c7"); - params->q = NULL; - BN_hex2bn(¶ms->q, "9760508f15230bccb292b982a2eb840bf0581cf5"); - params->g = NULL; - BN_hex2bn(¶ms->g, "f7e1a085d69b3ddecbbcab5c36b857b97994afbbfa3aea82f9574c0b3d0782675159578ebad4594fe67107108180b449167123e84c281613b7cf09328cc8a6e13c167a8b547c8d28e0a3ae1e2bb3a675916ea37f0bfa213562f1fb627a01243bcca4f1bea8519089a883dfe15ae59f06928b665e807b552564014c3bfecf492a"); - - showbn("p", params->p); - showbn("q", params->q); - showbn("g", params->g); - } - -typedef struct - { - BIGNUM *gr; // g^r (r random) - BIGNUM *b; // b = r - x*h, h=hash(g, g^r, g^x, name) - } JPakeZKP; - -typedef struct - { - BIGNUM *gx; // g^x - JPakeZKP zkpx; // ZKP(x) - } JPakeStep1; - -typedef struct - { - BIGNUM *X; // g^(xa + xc + xd) * xb * s - JPakeZKP zkpxbs; // ZKP(xb * s) - } JPakeStep2; - -typedef struct - { - const char *name; // Must be unique - int base; // 1 for Alice, 3 for Bob. Only used for printing stuff. - JPakeStep1 s1c; // Alice's g^x3, ZKP(x3) or Bob's g^x1, ZKP(x1) - JPakeStep1 s1d; // Alice's g^x4, ZKP(x4) or Bob's g^x2, ZKP(x2) - JPakeStep2 s2; // Alice's A, ZKP(x2 * s) or Bob's B, ZKP(x4 * s) - } JPakeUserPublic; - -/* - * The user structure. In the definition, (xa, xb, xc, xd) are Alice's - * (x1, x2, x3, x4) or Bob's (x3, x4, x1, x2). If you see what I mean. - */ -typedef struct - { - JPakeUserPublic p; - BIGNUM *secret; // The shared secret - BIGNUM *key; // The calculated (shared) key - BIGNUM *xa; // Alice's x1 or Bob's x3 - BIGNUM *xb; // Alice's x2 or Bob's x4 - } JPakeUser; - -// Generate each party's random numbers. xa is in [0, q), xb is in [1, q). -static void genrand(JPakeUser *user, const JPakeParameters *params) - { - BIGNUM *qm1; - - // xa in [0, q) - user->xa = BN_new(); - BN_rand_range(user->xa, params->q); - - // q-1 - qm1 = BN_new(); - BN_copy(qm1, params->q); - BN_sub_word(qm1, 1); - - // ... and xb in [0, q-1) - user->xb = BN_new(); - BN_rand_range(user->xb, qm1); - // [1, q) - BN_add_word(user->xb, 1); - - // cleanup - BN_free(qm1); - - // Show - printf("x%d", user->p.base); - showbn("", user->xa); - printf("x%d", user->p.base+1); - showbn("", user->xb); - } - -static void hashlength(SHA_CTX *sha, size_t l) - { - unsigned char b[2]; - - assert(l <= 0xffff); - b[0] = l >> 8; - b[1] = l&0xff; - SHA1_Update(sha, b, 2); - } - -static void hashstring(SHA_CTX *sha, const char *string) - { - size_t l = strlen(string); - - hashlength(sha, l); - SHA1_Update(sha, string, l); - } - -static void hashbn(SHA_CTX *sha, const BIGNUM *bn) - { - size_t l = BN_num_bytes(bn); - unsigned char *bin = alloca(l); - - hashlength(sha, l); - BN_bn2bin(bn, bin); - SHA1_Update(sha, bin, l); - } - -// h=hash(g, g^r, g^x, name) -static void zkpHash(BIGNUM *h, const JPakeZKP *zkp, const BIGNUM *gx, - const JPakeUserPublic *from, const JPakeParameters *params) - { - unsigned char md[SHA_DIGEST_LENGTH]; - SHA_CTX sha; - - // XXX: hash should not allow moving of the boundaries - Java code - // is flawed in this respect. Length encoding seems simplest. - SHA1_Init(&sha); - hashbn(&sha, params->g); - hashbn(&sha, zkp->gr); - hashbn(&sha, gx); - hashstring(&sha, from->name); - SHA1_Final(md, &sha); - BN_bin2bn(md, SHA_DIGEST_LENGTH, h); - } - -// Prove knowledge of x -// Note that we don't send g^x because, as it happens, we've always -// sent it elsewhere. Also note that because of that, we could avoid -// calculating it here, but we don't, for clarity... -static void CreateZKP(JPakeZKP *zkp, const BIGNUM *x, const JPakeUser *us, - const BIGNUM *zkpg, const JPakeParameters *params, - int n, const char *suffix) - { - BIGNUM *r = BN_new(); - BIGNUM *gx = BN_new(); - BIGNUM *h = BN_new(); - BIGNUM *t = BN_new(); - - // r in [0,q) - // XXX: Java chooses r in [0, 2^160) - i.e. distribution not uniform - BN_rand_range(r, params->q); - // g^r - zkp->gr = BN_new(); - BN_mod_exp(zkp->gr, zkpg, r, params->p, params->ctx); - // g^x - BN_mod_exp(gx, zkpg, x, params->p, params->ctx); - - // h=hash... - zkpHash(h, zkp, gx, &us->p, params); - - // b = r - x*h - BN_mod_mul(t, x, h, params->q, params->ctx); - zkp->b = BN_new(); - BN_mod_sub(zkp->b, r, t, params->q, params->ctx); - - // show - printf(" ZKP(x%d%s)\n", n, suffix); - showbn(" zkpg", zkpg); - showbn(" g^x", gx); - showbn(" g^r", zkp->gr); - showbn(" b", zkp->b); - - // cleanup - BN_free(t); - BN_free(h); - BN_free(gx); - BN_free(r); - } - -static int VerifyZKP(const JPakeZKP *zkp, BIGNUM *gx, - const JPakeUserPublic *them, const BIGNUM *zkpg, - const JPakeParameters *params, int n, const char *suffix) - { - BIGNUM *h = BN_new(); - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - BIGNUM *t3 = BN_new(); - int ret = 0; - - zkpHash(h, zkp, gx, them, params); - - // t1 = g^b - BN_mod_exp(t1, zkpg, zkp->b, params->p, params->ctx); - // t2 = (g^x)^h = g^{hx} - BN_mod_exp(t2, gx, h, params->p, params->ctx); - // t3 = t1 * t2 = g^{hx} * g^b = g^{hx+b} = g^r (allegedly) - BN_mod_mul(t3, t1, t2, params->p, params->ctx); - - printf(" ZKP(x%d%s)\n", n, suffix); - showbn(" zkpg", zkpg); - showbn(" g^r'", t3); - - // verify t3 == g^r - if(BN_cmp(t3, zkp->gr) == 0) - ret = 1; - - // cleanup - BN_free(t3); - BN_free(t2); - BN_free(t1); - BN_free(h); - - if(ret) - puts(" OK"); - else - puts(" FAIL"); - - return ret; - } - -static void sendstep1_substep(JPakeStep1 *s1, const BIGNUM *x, - const JPakeUser *us, - const JPakeParameters *params, int n) - { - s1->gx = BN_new(); - BN_mod_exp(s1->gx, params->g, x, params->p, params->ctx); - printf(" g^{x%d}", n); - showbn("", s1->gx); - - CreateZKP(&s1->zkpx, x, us, params->g, params, n, ""); - } - -static void sendstep1(const JPakeUser *us, JPakeUserPublic *them, - const JPakeParameters *params) - { - printf("\n%s sends %s:\n\n", us->p.name, them->name); - - // from's g^xa (which becomes to's g^xc) and ZKP(xa) - sendstep1_substep(&them->s1c, us->xa, us, params, us->p.base); - // from's g^xb (which becomes to's g^xd) and ZKP(xb) - sendstep1_substep(&them->s1d, us->xb, us, params, us->p.base+1); - } - -static int verifystep1(const JPakeUser *us, const JPakeUserPublic *them, - const JPakeParameters *params) - { - printf("\n%s verifies %s:\n\n", us->p.name, them->name); - - // verify their ZKP(xc) - if(!VerifyZKP(&us->p.s1c.zkpx, us->p.s1c.gx, them, params->g, params, - them->base, "")) - return 0; - - // verify their ZKP(xd) - if(!VerifyZKP(&us->p.s1d.zkpx, us->p.s1d.gx, them, params->g, params, - them->base+1, "")) - return 0; - - // g^xd != 1 - printf(" g^{x%d} != 1: ", them->base+1); - if(BN_is_one(us->p.s1d.gx)) - { - puts("FAIL"); - return 0; - } - puts("OK"); - - return 1; - } - -static void sendstep2(const JPakeUser *us, JPakeUserPublic *them, - const JPakeParameters *params) - { - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - - printf("\n%s sends %s:\n\n", us->p.name, them->name); - - // X = g^{(xa + xc + xd) * xb * s} - // t1 = g^xa - BN_mod_exp(t1, params->g, us->xa, params->p, params->ctx); - // t2 = t1 * g^{xc} = g^{xa} * g^{xc} = g^{xa + xc} - BN_mod_mul(t2, t1, us->p.s1c.gx, params->p, params->ctx); - // t1 = t2 * g^{xd} = g^{xa + xc + xd} - BN_mod_mul(t1, t2, us->p.s1d.gx, params->p, params->ctx); - // t2 = xb * s - BN_mod_mul(t2, us->xb, us->secret, params->q, params->ctx); - // X = t1^{t2} = t1^{xb * s} = g^{(xa + xc + xd) * xb * s} - them->s2.X = BN_new(); - BN_mod_exp(them->s2.X, t1, t2, params->p, params->ctx); - - // Show - printf(" g^{(x%d + x%d + x%d) * x%d * s)", us->p.base, them->base, - them->base+1, us->p.base+1); - showbn("", them->s2.X); - - // ZKP(xb * s) - // XXX: this is kinda funky, because we're using - // - // g' = g^{xa + xc + xd} - // - // as the generator, which means X is g'^{xb * s} - CreateZKP(&them->s2.zkpxbs, t2, us, t1, params, us->p.base+1, " * s"); - - // cleanup - BN_free(t1); - BN_free(t2); - } - -static int verifystep2(const JPakeUser *us, const JPakeUserPublic *them, - const JPakeParameters *params) - { - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - int ret = 0; - - printf("\n%s verifies %s:\n\n", us->p.name, them->name); - - // g' = g^{xc + xa + xb} [from our POV] - // t1 = xa + xb - BN_mod_add(t1, us->xa, us->xb, params->q, params->ctx); - // t2 = g^{t1} = g^{xa+xb} - BN_mod_exp(t2, params->g, t1, params->p, params->ctx); - // t1 = g^{xc} * t2 = g^{xc + xa + xb} - BN_mod_mul(t1, us->p.s1c.gx, t2, params->p, params->ctx); - - if(VerifyZKP(&us->p.s2.zkpxbs, us->p.s2.X, them, t1, params, them->base+1, - " * s")) - ret = 1; - - // cleanup - BN_free(t2); - BN_free(t1); - - return ret; - } - -static void computekey(JPakeUser *us, const JPakeParameters *params) - { - BIGNUM *t1 = BN_new(); - BIGNUM *t2 = BN_new(); - BIGNUM *t3 = BN_new(); - - printf("\n%s calculates the shared key:\n\n", us->p.name); - - // K = (X/g^{xb * xd * s})^{xb} - // = (g^{(xc + xa + xb) * xd * s - xb * xd *s})^{xb} - // = (g^{(xa + xc) * xd * s})^{xb} - // = g^{(xa + xc) * xb * xd * s} - // [which is the same regardless of who calculates it] - - // t1 = (g^{xd})^{xb} = g^{xb * xd} - BN_mod_exp(t1, us->p.s1d.gx, us->xb, params->p, params->ctx); - // t2 = -s = q-s - BN_sub(t2, params->q, us->secret); - // t3 = t1^t2 = g^{-xb * xd * s} - BN_mod_exp(t3, t1, t2, params->p, params->ctx); - // t1 = X * t3 = X/g^{xb * xd * s} - BN_mod_mul(t1, us->p.s2.X, t3, params->p, params->ctx); - // K = t1^{xb} - us->key = BN_new(); - BN_mod_exp(us->key, t1, us->xb, params->p, params->ctx); - - // show - showbn(" K", us->key); - - // cleanup - BN_free(t3); - BN_free(t2); - BN_free(t1); - } - -int main(int argc, char **argv) - { - JPakeParameters params; - JPakeUser alice, bob; - - alice.p.name = "Alice"; - alice.p.base = 1; - bob.p.name = "Bob"; - bob.p.base = 3; - - JPakeParametersInit(¶ms); - - // Shared secret - alice.secret = BN_new(); - BN_rand(alice.secret, 32, -1, 0); - bob.secret = alice.secret; - showbn("secret", alice.secret); - - assert(BN_cmp(alice.secret, params.q) < 0); - - // Alice's x1, x2 - genrand(&alice, ¶ms); - - // Bob's x3, x4 - genrand(&bob, ¶ms); - - // Now send stuff to each other... - sendstep1(&alice, &bob.p, ¶ms); - sendstep1(&bob, &alice.p, ¶ms); - - // And verify what each other sent - if(!verifystep1(&alice, &bob.p, ¶ms)) - return 1; - if(!verifystep1(&bob, &alice.p, ¶ms)) - return 2; - - // Second send - sendstep2(&alice, &bob.p, ¶ms); - sendstep2(&bob, &alice.p, ¶ms); - - // And second verify - if(!verifystep2(&alice, &bob.p, ¶ms)) - return 3; - if(!verifystep2(&bob, &alice.p, ¶ms)) - return 4; - - // Compute common key - computekey(&alice, ¶ms); - computekey(&bob, ¶ms); - - // Confirm the common key is identical - // XXX: if the two secrets are not the same, everything works up - // to this point, so the only way to detect a failure is by the - // difference in the calculated keys. - // Since we're all the same code, just compare them directly. In a - // real system, Alice sends Bob H(H(K)), Bob checks it, then sends - // back H(K), which Alice checks, or something equivalent. - puts("\nAlice and Bob check keys are the same:"); - if(BN_cmp(alice.key, bob.key) == 0) - puts(" OK"); - else - { - puts(" FAIL"); - return 5; - } - - return 0; - } diff --git a/openssl/demos/pkcs12/pkread.c b/openssl/demos/pkcs12/pkread.c index 8e1b68631..fa8f50923 100644 --- a/openssl/demos/pkcs12/pkread.c +++ b/openssl/demos/pkcs12/pkread.c @@ -20,7 +20,7 @@ int main(int argc, char **argv) fprintf(stderr, "Usage: pkread p12file password opfile\n"); exit (1); } - SSLeay_add_all_algorithms(); + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); if (!(fp = fopen(argv[1], "rb"))) { fprintf(stderr, "Error opening file %s\n", argv[1]); @@ -51,7 +51,7 @@ int main(int argc, char **argv) fprintf(fp, "***User Certificate***\n"); PEM_write_X509_AUX(fp, cert); } - if (ca && sk_num(ca)) { + if (ca && sk_X509_num(ca)) { fprintf(fp, "***Other Certificates***\n"); for (i = 0; i < sk_X509_num(ca); i++) PEM_write_X509_AUX(fp, sk_X509_value(ca, i)); diff --git a/openssl/demos/smime/cacert.pem b/openssl/demos/smime/cacert.pem new file mode 100644 index 000000000..75cbb347a --- /dev/null +++ b/openssl/demos/smime/cacert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC6DCCAlGgAwIBAgIJAMfGO3rdo2uUMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTc0MzE3 +WhcNMTcwNDEwMTc0MzE3WjBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBD +aXR5MRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlN +RSBSb290IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqJMal1uC1/1wz +i5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtdc3rMcRgJaMbP+qaEcDXoIsZfYXGR +ielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3dbBECq0hZKcbz7wfr+2OeNWm46iT +jcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQABo4G7MIG4MB0GA1UdDgQWBBRHUypx +CXFQYqewhGo72lWPQUsjoDCBiAYDVR0jBIGAMH6AFEdTKnEJcVBip7CEajvaVY9B +SyOgoVukWTBXMQswCQYDVQQGEwJVSzESMBAGA1UEBxMJVGVzdCBDaXR5MRYwFAYD +VQQKEw1PcGVuU1NMIEdyb3VwMRwwGgYDVQQDExNUZXN0IFMvTUlNRSBSb290IENB +ggkAx8Y7et2ja5QwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQANI+Yc +G/YDM1WMUGEzEkU9UhsIUqdyBebnK3+OyxZSouDcE/M10jFJzBf/F5b0uUGAKWwo +u0dzmILfKjdfWe8EyCRafZcm00rVcO09i/63FBYzlHbmfUATIqZdhKzxxQMPs5mF +1je+pHUpzIY8TSXyh/uD9IkAy04IHwGZQf9akw== +-----END CERTIFICATE----- diff --git a/openssl/demos/smime/cakey.pem b/openssl/demos/smime/cakey.pem new file mode 100644 index 000000000..3b53c5e81 --- /dev/null +++ b/openssl/demos/smime/cakey.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCqJMal1uC1/1wzi5+dE4EZF2im3BgROm5PVMbwPY9V1t+KYvtd +c3rMcRgJaMbP+qaEcDXoIsZfYXGRielgfDNZmZcj1y/FOum+Jc2OZMs3ggPmjIQ3 +dbBECq0hZKcbz7wfr+2OeNWm46iTjcSIXpGIRhUYEzOgv7zb8oOU70IbbwIDAQAB +AoGBAKWOZ2UTc1BkjDjz0XoscmAR8Rj77MdGzfOPkIxPultSW+3yZpkGNyUbnsH5 +HAtf4Avai/m3bMN+s91kDpx9/g/I9ZEHPQLcDICETvwt/EHT7+hwvaQgsM+TgpMs +tjlGZOWent6wVIuvwwzqOMXZLgK9FvY7upwgtrys4G3Kab5hAkEA2QzFflWyEvKS +rMSaVtn/IjFilwa7H0IdakkjM34z4peerFTPBr4J47YD4RCR/dAvxyNy3zUxtH18 +9R6dUixI6QJBAMitJD0xOkbGWBX8KVJvRiKOIdf/95ZUAgN/h3bWKy57EB9NYj3u +jbxXcvdjfSqiITykkjAg7SG7nrlzJsu6CpcCQG6gVsy0auXDY0TRlASuaZ6I40Is +uRUOgqWYj2uAaHuWYdZeB4LdO3cnX0TISFDAWom6JKNlnmbrCtR4fSDT13kCQQCU ++VQJyV3F5MDHsWbLt6eNR46AV5lpk/vatPXPlrZ/zwPs+PmRmGLICvNiDA2DdNDP +wCx2Zjsj67CtY3rNitMJAkEAm09BQnjnbBXUb1rd2SjNDWTsu80Z+zLu8pAwXNhW +8nsvMYqlYMIxuMPwu/QuTnMRhMZ08uhqoD3ukZnBeoMEVg== +-----END RSA PRIVATE KEY----- diff --git a/openssl/demos/smime/encr.txt b/openssl/demos/smime/encr.txt new file mode 100644 index 000000000..f163a326e --- /dev/null +++ b/openssl/demos/smime/encr.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Sample OpenSSL Data for PKCS#7 encryption diff --git a/openssl/demos/smime/sign.txt b/openssl/demos/smime/sign.txt new file mode 100644 index 000000000..af1341d0a --- /dev/null +++ b/openssl/demos/smime/sign.txt @@ -0,0 +1,3 @@ +Content-type: text/plain + +Test OpenSSL Signed Content diff --git a/openssl/demos/smime/signer.pem b/openssl/demos/smime/signer.pem new file mode 100644 index 000000000..bac16ba96 --- /dev/null +++ b/openssl/demos/smime/signer.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRhMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTI3 +WhcNMTcwNDA5MTgyOTI3WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMTEgMB4GCSqGSIb3DQEJARYRdGVzdDFAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL1ocAQ7ON2pIUXz +jwKPzpPB9ozB6PFG6F6kARO+i0DiT6Qn8abUjwpHPU+lGys83QlpbkQVUD6Fv/4L +ytihk6N9Pr/feECVcSZ20dI43WXjfYak14dSVrZkGNMMXqKmnnqtkAdD0oJN7A7y +gcf8RuViV0kvk9/36eCMwMHrImfhAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBSyKqjvctIsFNBHULBTqr8SHtSxpDAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBvdYVoBfd4RV/xWSMXIcgw/i5OiwyX +MsenQePll51MpglfArd7pUipUalCqlJt/Gs8kD16Ih1z1yuWYVTMlnDZ0PwbIOYn ++Jr8XLF9b1SMJt6PwckZZ0LZdIi2KwGAxVsIW1kjJAqu9o4YH37XW37yYdQRxfvv +lDiQlgX0JtmLgA== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQC9aHAEOzjdqSFF848Cj86TwfaMwejxRuhepAETvotA4k+kJ/Gm +1I8KRz1PpRsrPN0JaW5EFVA+hb/+C8rYoZOjfT6/33hAlXEmdtHSON1l432GpNeH +Ula2ZBjTDF6ipp56rZAHQ9KCTewO8oHH/EblYldJL5Pf9+ngjMDB6yJn4QIDAQAB +AoGACCuYIWaYll80UzslYRvo8lC8nOfEb5v6bBKxBTQD98GLY+5hKywiG3RlPalG +mb/fXQeSPReaRYgpdwD1OBEIOEMW9kLyqpzokC0xjpZ+MwsuJTlxCesk5GEsMa3o +wC3QMmiRA7qrZ/SzTtwrs++9mZ/pxp8JZ6pKYUj8SE7/vV0CQQDz8Ix2t40E16hx +04+XhClnGqydZJyLLSxcTU3ZVhYxL+efo/5hZ8tKpkcDi8wq6T03BOKrKxrlIW55 +qDRNM24rAkEAxsWzu/rJhIouQyNoYygEIEYzFRlTQyZSg59u6dNiewMn27dOAbyc +YT7B6da7e74QttTXo0lIllsX2S38+XsIIwJBANSRuIU3G66tkr5l4gnhhAaxqtuY +sgVhvvdL8dvC9aG1Ifzt9hzBSthpHxbK+oYmK07HdhI8hLpIMLHYzoK7n3MCQEy4 +4rccBcxyyYiAkjozp+QNNIpgTBMPJ6pGT7lRLiHtBeV4y1NASdv/LTnk+Fi69Bid +7t3H24ytfHcHmS1yn6ECQF6Jmh4C7dlvp59zXp+t+VsXxa/8sq41vKNIj0Rx9vh5 +xp9XL0C5ZpgmBnsTydP9pmkiL4ltLbMX0wJU6N2cmFw= +-----END RSA PRIVATE KEY----- diff --git a/openssl/demos/smime/signer2.pem b/openssl/demos/smime/signer2.pem new file mode 100644 index 000000000..25e23d131 --- /dev/null +++ b/openssl/demos/smime/signer2.pem @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAg+gAwIBAgIJAJ+rfmEoLQRiMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNV +BAYTAlVLMRIwEAYDVQQHEwlUZXN0IENpdHkxFjAUBgNVBAoTDU9wZW5TU0wgR3Jv +dXAxHDAaBgNVBAMTE1Rlc3QgUy9NSU1FIFJvb3QgQ0EwHhcNMDcwNDEzMTgyOTQ0 +WhcNMTcwNDA5MTgyOTQ0WjBWMQswCQYDVQQGEwJVSzElMCMGA1UEAxMcT3BlblNT +TCB0ZXN0IFMvTUlNRSBzaWduZXIgMjEgMB4GCSqGSIb3DQEJARYRdGVzdDJAb3Bl +bnNzbC5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANco7VPgX9vcGwmZ +jYqjq1JiR7M38dsMNhuJyLRVjJ5/cpFluQydQuG1PhzOJ8zfYVFicOXKvbYuKuXW +ozZIwzqEqWsNf36KHTLS6yOMG8I13cRInh+fAIKq9Z8Eh65I7FJzVsNsfEQrGfEW +GMA8us24IaSvP3QkbfHJn/4RaKznAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZI +AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW +BBRlrLQJUB8uAa4q8B2OqvvTXonF5zAfBgNVHSMEGDAWgBRHUypxCXFQYqewhGo7 +2lWPQUsjoDANBgkqhkiG9w0BAQQFAAOBgQBQbi2juGALg2k9m1hKpzR2lCGmGO3X +h3Jh/l0vIxDr0RTgP2vBrtITlx655P/o1snoeTIpYG8uUnFnTE/6YakdayAIlxV4 +aZl63AivZMpQB5SPaPH/jEsGJ8UQMfdiy4ORWIULupuPKlKwODNw7tVhQIACS/DR +2aX6rl2JEuJ5Yg== +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDXKO1T4F/b3BsJmY2Ko6tSYkezN/HbDDYbici0VYyef3KRZbkM +nULhtT4czifM32FRYnDlyr22Lirl1qM2SMM6hKlrDX9+ih0y0usjjBvCNd3ESJ4f +nwCCqvWfBIeuSOxSc1bDbHxEKxnxFhjAPLrNuCGkrz90JG3xyZ/+EWis5wIDAQAB +AoGAUTB2bcIrKfGimjrBOGGOUmYXnD8uGnQ/LqENhU8K4vxApTD3ZRUqmbUknQYF +6r8YH/e/llasw8QkF9qod+F5GTgsnyh/aMidFHKrXXbf1662scz9+S6crSXq9Eb2 +CL57f6Kw61k6edrz8zHdA+rnTK00hzgzKCP4ZL5k8/55ueECQQD+BK+nsKi6CcKf +m3Mh61Sf2Icm5JlMCKaihlbnh78lBN1imYUAfHJEnQ1ujxXB94R+6o9S+XrWTnTX +2m/JNIfpAkEA2NaidX7Sv5jnRPkwJ02Srl0urxINLmg4bU0zmM3VoMklYBHWnMyr +upPZGPh5TzCa+g6FTBmU8XK61wvnEKNcTwJBAM24VdnlBIDGbsx8RJ3vzLU30xz4 +ff5J80okqjUQhwkgC3tTAZgHMTPITZyAXQqdvrxakoCMc6MkHxTBX08AMCECQHHL +SdyxXrYv7waSY0PtANJCkpJLveEhzqMFxdMmCjtj9BpTojYNbv3uQxtIopj9YAdk +gW2ray++zvC2DV/86x8CQH4UJwgO6JqU4bSgi6HiRNjDg26tJ0Beu8jjl1vrkIVX +pHFwSUeLZUsT2/iTUSgYH4uYiZPgYNcKTCT9W6se30A= +-----END RSA PRIVATE KEY----- diff --git a/openssl/demos/smime/smdec.c b/openssl/demos/smime/smdec.c new file mode 100644 index 000000000..8b1a8545a --- /dev/null +++ b/openssl/demos/smime/smdec.c @@ -0,0 +1,83 @@ +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + EVP_PKEY *rkey = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + rkey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!rcert || !rkey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("smencr.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = SMIME_read_PKCS7(in, NULL); + + if (!p7) + goto err; + + out = BIO_new_file("encrout.txt", "w"); + if (!out) + goto err; + + /* Decrypt S/MIME message */ + if (!PKCS7_decrypt(p7, rkey, rcert, out, 0)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + if (rcert) + X509_free(rcert); + if (rkey) + EVP_PKEY_free(rkey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } + + + + diff --git a/openssl/demos/smime/smenc.c b/openssl/demos/smime/smenc.c new file mode 100644 index 000000000..77dd732fc --- /dev/null +++ b/openssl/demos/smime/smenc.c @@ -0,0 +1,92 @@ +/* Simple S/MIME encrypt example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *rcert = NULL; + STACK_OF(X509) *recips = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + /* + * On OpenSSL 0.9.9 only: + * for streaming set PKCS7_STREAM + */ + int flags = PKCS7_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in recipient certificate */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + rcert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!rcert) + goto err; + + /* Create recipient STACK and add recipient cert to it */ + recips = sk_X509_new_null(); + + if (!recips || !sk_X509_push(recips, rcert)) + goto err; + + /* sk_X509_pop_free will free up recipient STACK and its contents + * so set rcert to NULL so it isn't freed up twice. + */ + rcert = NULL; + + /* Open content being encrypted */ + + in = BIO_new_file("encr.txt", "r"); + + if (!in) + goto err; + + /* encrypt content */ + p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); + + if (!p7) + goto err; + + out = BIO_new_file("smencr.txt", "w"); + if (!out) + goto err; + + /* Write out S/MIME message */ + if (!SMIME_write_PKCS7(out, p7, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Encrypting Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + if (rcert) + X509_free(rcert); + if (recips) + sk_X509_pop_free(recips, X509_free); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/smime/smsign.c b/openssl/demos/smime/smsign.c new file mode 100644 index 000000000..ba78830cf --- /dev/null +++ b/openssl/demos/smime/smsign.c @@ -0,0 +1,89 @@ +/* Simple S/MIME signing example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL; + EVP_PKEY *skey = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + /* For simple S/MIME signing use PKCS7_DETACHED. + * On OpenSSL 0.9.9 only: + * for streaming detached set PKCS7_DETACHED|PKCS7_STREAM + * for streaming non-detached set PKCS7_STREAM + */ + int flags = PKCS7_DETACHED|PKCS7_STREAM; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert || !skey) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = PKCS7_sign(scert, skey, NULL, in, flags); + + if (!p7) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + if (!(flags & PKCS7_STREAM)) + BIO_reset(in); + + /* Write out S/MIME message */ + if (!SMIME_write_PKCS7(out, p7, in, flags)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/smime/smsign2.c b/openssl/demos/smime/smsign2.c new file mode 100644 index 000000000..ff835c568 --- /dev/null +++ b/openssl/demos/smime/smsign2.c @@ -0,0 +1,107 @@ +/* S/MIME signing example: 2 signers. OpenSSL 0.9.9 only */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL; + X509 *scert = NULL, *scert2 = NULL; + EVP_PKEY *skey = NULL, *skey2 = NULL; + PKCS7 *p7 = NULL; + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + tbio = BIO_new_file("signer.pem", "r"); + + if (!tbio) + goto err; + + scert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + BIO_free(tbio); + + tbio = BIO_new_file("signer2.pem", "r"); + + if (!tbio) + goto err; + + scert2 = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + BIO_reset(tbio); + + skey2 = PEM_read_bio_PrivateKey(tbio, NULL, 0, NULL); + + if (!scert2 || !skey2) + goto err; + + in = BIO_new_file("sign.txt", "r"); + + if (!in) + goto err; + + p7 = PKCS7_sign(NULL, NULL, NULL, in, PKCS7_STREAM|PKCS7_PARTIAL); + + if (!p7) + goto err; + + /* Add each signer in turn */ + + if (!PKCS7_sign_add_signer(p7, scert, skey, NULL, 0)) + goto err; + + if (!PKCS7_sign_add_signer(p7, scert2, skey2, NULL, 0)) + goto err; + + out = BIO_new_file("smout.txt", "w"); + if (!out) + goto err; + + /* NB: content included and finalized by SMIME_write_PKCS7 */ + + if (!SMIME_write_PKCS7(out, p7, in, PKCS7_STREAM)) + goto err; + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Signing Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + + if (scert) + X509_free(scert); + if (skey) + EVP_PKEY_free(skey); + + if (scert2) + X509_free(scert2); + if (skey) + EVP_PKEY_free(skey2); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } + + + + diff --git a/openssl/demos/smime/smver.c b/openssl/demos/smime/smver.c new file mode 100644 index 000000000..9d360c273 --- /dev/null +++ b/openssl/demos/smime/smver.c @@ -0,0 +1,87 @@ +/* Simple S/MIME verification example */ +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int main(int argc, char **argv) + { + BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL; + X509_STORE *st = NULL; + X509 *cacert = NULL; + PKCS7 *p7 = NULL; + + int ret = 1; + + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + + /* Set up trusted CA certificate store */ + + st = X509_STORE_new(); + + /* Read in signer certificate and private key */ + tbio = BIO_new_file("cacert.pem", "r"); + + if (!tbio) + goto err; + + cacert = PEM_read_bio_X509(tbio, NULL, 0, NULL); + + if (!cacert) + goto err; + + if (!X509_STORE_add_cert(st, cacert)) + goto err; + + /* Open content being signed */ + + in = BIO_new_file("smout.txt", "r"); + + if (!in) + goto err; + + /* Sign content */ + p7 = SMIME_read_PKCS7(in, &cont); + + if (!p7) + goto err; + + /* File to output verified content to */ + out = BIO_new_file("smver.txt", "w"); + if (!out) + goto err; + + if (!PKCS7_verify(p7, NULL, st, cont, out, 0)) + { + fprintf(stderr, "Verification Failure\n"); + goto err; + } + + fprintf(stderr, "Verification Successful\n"); + + ret = 0; + + err: + + if (ret) + { + fprintf(stderr, "Error Verifying Data\n"); + ERR_print_errors_fp(stderr); + } + + if (p7) + PKCS7_free(p7); + + if (cacert) + X509_free(cacert); + + if (in) + BIO_free(in); + if (out) + BIO_free(out); + if (tbio) + BIO_free(tbio); + + return ret; + + } diff --git a/openssl/demos/tunala/autoungunk.sh b/openssl/demos/tunala/autoungunk.sh index 0c9123b6c..21790880d 100644 --- a/openssl/demos/tunala/autoungunk.sh +++ b/openssl/demos/tunala/autoungunk.sh @@ -15,4 +15,5 @@ fi rm -f aclocal.m4 config.* configure install-sh \ missing mkinstalldirs stamp-h.* Makefile.in \ - ltconfig ltmain.sh + ltconfig ltmain.sh depcomp +rm -rf autom4te.cache diff --git a/openssl/demos/tunala/cb.c b/openssl/demos/tunala/cb.c index e64983896..f6e452ae9 100644 --- a/openssl/demos/tunala/cb.c +++ b/openssl/demos/tunala/cb.c @@ -134,8 +134,27 @@ RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength) /* TODO: Perhaps make it so our global key can be generated on-the-fly * after certain intervals? */ static RSA *rsa_tmp = NULL; - if(!rsa_tmp) - rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); + BIGNUM *bn = NULL; + int ok = 1; + if(!rsa_tmp) { + ok = 0; + if(!(bn = BN_new())) + goto end; + if(!BN_set_word(bn, RSA_F4)) + goto end; + if(!(rsa_tmp = RSA_new())) + goto end; + if(!RSA_generate_key_ex(rsa_tmp, keylength, bn, NULL)) + goto end; + ok = 1; + } +end: + if(bn) + BN_free(bn); + if(!ok) { + RSA_free(rsa_tmp); + rsa_tmp = NULL; + } return rsa_tmp; } diff --git a/openssl/demos/tunala/tunala.c b/openssl/demos/tunala/tunala.c index e918cba2c..ec49d3e94 100644 --- a/openssl/demos/tunala/tunala.c +++ b/openssl/demos/tunala/tunala.c @@ -697,9 +697,11 @@ static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special) abort(); fprintf(stderr, "Info, generating DH parameters ... "); fflush(stderr); - if((dh = DH_generate_parameters(512, DH_GENERATOR_5, - NULL, NULL)) == NULL) { + if(!(dh = DH_new()) || !DH_generate_parameters_ex(dh, 512, + DH_GENERATOR_5, NULL)) { fprintf(stderr, "error!\n"); + if(dh) + DH_free(dh); return 0; } fprintf(stderr, "complete\n"); @@ -733,7 +735,7 @@ static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id, unsigned int verify_depth) { SSL_CTX *ctx = NULL, *ret = NULL; - SSL_METHOD *meth; + const SSL_METHOD *meth; ENGINE *e = NULL; OpenSSL_add_ssl_algorithms(); diff --git a/openssl/demos/x509/mkcert.c b/openssl/demos/x509/mkcert.c index c5e67b8e2..6a52e5d0f 100644 --- a/openssl/demos/x509/mkcert.c +++ b/openssl/demos/x509/mkcert.c @@ -136,7 +136,7 @@ int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days) } #endif - if (!X509_sign(x,pk,EVP_md5())) + if (!X509_sign(x,pk,EVP_sha1())) goto err; *x509p=x; diff --git a/openssl/demos/x509/mkreq.c b/openssl/demos/x509/mkreq.c index 3dfc65f16..d17e4ade9 100644 --- a/openssl/demos/x509/mkreq.c +++ b/openssl/demos/x509/mkreq.c @@ -134,7 +134,7 @@ int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days) #endif - if (!X509_REQ_sign(x,pk,EVP_md5())) + if (!X509_REQ_sign(x,pk,EVP_sha1())) goto err; *req=x; |