Insert CMS

Signed-off-by: Marino Faggiana <marino@marinofaggiana.com>

.swiftlint.yml

@@ -11,7 +11,7 @@ empty_count:
 
 line_length:
   warning: 400
-  error: 400
+  error: 5000
 
 function_body_length:
    warning: 200

iOSClient/Networking/E2EE/NCEndToEndEncryption.h

@@ -56,6 +56,11 @@
 - (BOOL)encryptFile:(NSString *)fileName fileNameIdentifier:(NSString *)fileNameIdentifier directory:(NSString *)directory key:(NSString **)key initializationVector:(NSString **)initializationVector authenticationTag:(NSString **)authenticationTag;
 - (BOOL)decryptFile:(NSString *)fileName fileNameView:(NSString *)fileNameView ocId:(NSString *)ocId key:(NSString *)key initializationVector:(NSString *)initializationVector authenticationTag:(NSString *)authenticationTag;
 
+// Signature CMS
+
+- (NSData *)generateSignatureCMS:(NSData *)data certificate:(NSString *)certificate privateKey:(NSString *)privateKey publicKey:(NSString *)publicKey userId:(NSString *)userId;
+- (BOOL)verifySignatureCMS:(NSData *)cmsContent data:(NSData *)data publicKey:(NSString *)publicKey userId:(NSString *)userId;
+
 // Utility
 
 - (void)Encodedkey:(NSString **)key initializationVector:(NSString **)initializationVector;

iOSClient/Networking/E2EE/NCEndToEndEncryption.m

@@ -1114,6 +1114,117 @@
     return status; // OpenSSL uses 1 for success
 }
 
+#
+#pragma mark - CMS
+#
+
+- (NSData *)generateSignatureCMS:(NSData *)data certificate:(NSString *)certificate privateKey:(NSString *)privateKey publicKey:(NSString *)publicKey userId:(NSString *)userId
+{
+    unsigned char *pKey = (unsigned char *)[privateKey UTF8String];
+    unsigned char *certKey = (unsigned char *)[certificate UTF8String];
+    BIO *printBIO = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+    BIO *certKeyBIO = BIO_new_mem_buf(certKey, -1);
+    if (!certKeyBIO)
+        return nil;
+
+    X509 *x509 = PEM_read_bio_X509(certKeyBIO, NULL, 0, NULL);
+    if (!x509)
+        return nil;
+
+    BIO *pkeyBIO = BIO_new_mem_buf(pKey, -1);
+    EVP_PKEY *key = PEM_read_bio_PrivateKey(pkeyBIO, NULL, NULL, NULL);
+    if (!key)
+        return nil;
+
+    BIO *dataBIO = BIO_new_mem_buf((void*)data.bytes, (int)data.length);
+
+    CMS_ContentInfo *contentInfo = CMS_sign(x509, key, NULL, dataBIO, CMS_DETACHED);
+    if (contentInfo == nil)
+        return nil;
+
+    CMS_ContentInfo_print_ctx(printBIO, contentInfo, 0, NULL);
+    PEM_write_bio_CMS(printBIO, contentInfo);
+
+    BIO *i2dCmsBioOut = BIO_new(BIO_s_mem());
+    if (i2d_CMS_bio(i2dCmsBioOut, contentInfo) != 1)
+        return nil;
+
+    int len = BIO_pending(i2dCmsBioOut);
+    char *keyBytes = malloc(len);
+    BIO_read(i2dCmsBioOut, keyBytes, len);
+
+    NSData *i2dCmsData = [NSData dataWithBytes:keyBytes length:len];
+
+    // TEST
+    [self verifySignatureCMS:i2dCmsData data:data publicKey:publicKey userId:userId];
+
+    BIO_free(printBIO);
+    BIO_free(certKeyBIO);
+    BIO_free(pkeyBIO);
+    BIO_free(dataBIO);
+    BIO_free(i2dCmsBioOut);
+
+    return i2dCmsData;
+}
+
+- (BOOL)verifySignatureCMS:(NSData *)cmsContent data:(NSData *)data publicKey:(NSString *)publicKey userId:(NSString *)userId
+{
+    BIO *dataBIO = BIO_new_mem_buf((void*)data.bytes, (int)data.length);
+    BIO *printBIO = BIO_new_fp(stdout, BIO_NOCLOSE);
+    BIO *cmsBIO = BIO_new_mem_buf(cmsContent.bytes, (int)cmsContent.length);
+
+    CMS_ContentInfo *contentInfo = d2i_CMS_bio(cmsBIO, NULL);
+
+    unsigned char *publicKeyUTF8 = (unsigned char *)[publicKey UTF8String];
+    BIO *publicKeyBIO = BIO_new_mem_buf(publicKeyUTF8, -1);
+    EVP_PKEY *pkey = PEM_read_bio_PUBKEY(publicKeyBIO, NULL, NULL, NULL);
+
+    CMS_ContentInfo_print_ctx(printBIO, contentInfo, 0, NULL);
+
+    BOOL verifyResult = CMS_verify(contentInfo, NULL, NULL, dataBIO, NULL, CMS_DETACHED | CMS_NO_SIGNER_CERT_VERIFY);
+
+    if (verifyResult) {
+
+        STACK_OF(X509) *signers = CMS_get0_signers(contentInfo);
+        int numSigners = sk_X509_num(signers);
+
+        for (int i = 0; i < numSigners; ++i) {
+
+            X509 *signer = sk_X509_value(signers, i);
+            int result = X509_verify(signer, pkey);
+            if (result <= 0) {
+                verifyResult = false;
+                break;
+            }
+
+            int cnDataLength = X509_NAME_get_text_by_NID(X509_get_subject_name(signer), NID_commonName, 0, 0);
+            cnDataLength += 1;
+            NSMutableData* cnData = [NSMutableData dataWithLength:cnDataLength];
+            X509_NAME_get_text_by_NID(X509_get_subject_name(signer), NID_commonName, [cnData mutableBytes], cnDataLength);
+            NSString *cn = [[NSString alloc] initWithCString:[cnData mutableBytes] encoding:NSUTF8StringEncoding];
+            if ([userId isEqualToString:cn]) {
+                verifyResult = true;
+                break;
+            } else {
+                verifyResult = false;
+            }
+        }
+
+        if (signers) {
+            sk_X509_free(signers);
+        }
+        signers = NULL;
+    }
+
+    BIO_free(dataBIO);
+    BIO_free(printBIO);
+    BIO_free(cmsBIO);
+    BIO_free(publicKeyBIO);
+
+    return verifyResult;
+}
+
 #
 #pragma mark - Utility
 #