From 7dc833c2f659dfcd7ea4af951f045f93a0dbe30c Mon Sep 17 00:00:00 2001
From: James Muir <james@openssl.org>
Date: Fri, 3 Nov 2023 13:15:04 -0400
Subject: cms demos: print signingTime attributes

Add a makefile for the cms demos, and add a routine to cms_ver.c to
print any signingTime attributes from the CMS_ContentInfo object.
This provides an example that could be extended if an application
wants to examine the purported signing times.

Part of #8026

Testing:

  $ cd demos/cms
  $ make test

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22618)

(cherry picked from commit 9257a89b6f25dfa5aeee7114baec8ea992fcf5e5)
---
 demos/cms/Makefile    | 35 +++++++++++++++++++++++++++++++++++
 demos/cms/cms_dec.c   |  2 ++
 demos/cms/cms_enc.c   |  2 ++
 demos/cms/cms_sign2.c |  2 ++
 demos/cms/cms_ver.c   | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
 5 files changed, 88 insertions(+), 1 deletion(-)
 create mode 100644 demos/cms/Makefile

(limited to 'demos')

diff --git a/demos/cms/Makefile b/demos/cms/Makefile
new file mode 100644
index 0000000000..7c8f30d632
--- /dev/null
+++ b/demos/cms/Makefile
@@ -0,0 +1,35 @@
+#
+# To run the demos when linked with a shared library (default) ensure that
+# libcrypto is on the library path. For example, to run the
+# cms_enc demo:
+#
+#    LD_LIBRARY_PATH=../.. ./cms_enc
+
+TESTS = cms_comp \
+        cms_ddec \
+        cms_dec \
+        cms_denc \
+        cms_enc \
+        cms_sign \
+        cms_sign2 \
+        cms_uncomp \
+        cms_ver
+
+CFLAGS  = -I../../include -g
+LDFLAGS = -L../..
+LDLIBS  = -lcrypto
+
+all: $(TESTS)
+
+clean:
+	$(RM) $(TESTS) *.o
+
+cms_%: cms_%.c
+	$(CC) $(CFLAGS) $(LDFLAGS) -o "$@" "$<" $(LDLIBS)
+
+test: all
+	@echo "\nCMS tests:"
+	LD_LIBRARY_PATH=../.. ./cms_enc
+	LD_LIBRARY_PATH=../.. ./cms_dec
+	LD_LIBRARY_PATH=../.. ./cms_sign2
+	LD_LIBRARY_PATH=../.. ./cms_ver
diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c
index ebc34a5f94..f64a68ab42 100644
--- a/demos/cms/cms_dec.c
+++ b/demos/cms/cms_dec.c
@@ -59,6 +59,8 @@ int main(int argc, char **argv)
     if (!CMS_decrypt(cms, rkey, rcert, NULL, out, 0))
         goto err;
 
+    printf("Decryption Successful\n");
+
     ret = EXIT_SUCCESS;
 
  err:
diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c
index a0af2c4774..1f69571a17 100644
--- a/demos/cms/cms_enc.c
+++ b/demos/cms/cms_enc.c
@@ -73,6 +73,8 @@ int main(int argc, char **argv)
     if (!SMIME_write_CMS(out, cms, in, flags))
         goto err;
 
+    printf("Encryption Successful\n");
+
     ret = EXIT_SUCCESS;
  err:
     if (ret != EXIT_SUCCESS) {
diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c
index b10043f921..61d9f8bbe8 100644
--- a/demos/cms/cms_sign2.c
+++ b/demos/cms/cms_sign2.c
@@ -77,6 +77,8 @@ int main(int argc, char **argv)
     if (!SMIME_write_CMS(out, cms, in, CMS_STREAM))
         goto err;
 
+    printf("Signing Successful\n");
+
     ret = EXIT_SUCCESS;
  err:
     if (ret != EXIT_SUCCESS) {
diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c
index f7d3a9bc85..43e9d09854 100644
--- a/demos/cms/cms_ver.c
+++ b/demos/cms/cms_ver.c
@@ -12,6 +12,49 @@
 #include <openssl/cms.h>
 #include <openssl/err.h>
 
+/*
+ * print any signingTime attributes.
+ * signingTime is when each party purportedly signed the message.
+ */
+static void print_signingTime(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_SignerInfo) *sis;
+    CMS_SignerInfo *si;
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *t;
+    ASN1_UTCTIME *utctime;
+    ASN1_GENERALIZEDTIME *gtime;
+    BIO *b;
+    int i, loc;
+
+    b = BIO_new_fp(stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+    sis = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
+        si = sk_CMS_SignerInfo_value(sis, i);
+        loc = CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1);
+        attr = CMS_signed_get_attr(si, loc);
+        t = X509_ATTRIBUTE_get0_type(attr, 0);
+        if (t == NULL)
+            continue;
+        switch (t->type) {
+        case V_ASN1_UTCTIME:
+            utctime = t->value.utctime;
+            ASN1_UTCTIME_print(b, utctime);
+            break;
+        case V_ASN1_GENERALIZEDTIME:
+            gtime = t->value.generalizedtime;
+            ASN1_GENERALIZEDTIME_print(b, gtime);
+            break;
+        default:
+            fprintf(stderr, "unrecognized signingTime type\n");
+            break;
+        }
+        BIO_printf(b, ": signingTime from SignerInfo %i\n", i);
+    }
+    BIO_free(b);
+    return;
+}
+
 int main(int argc, char **argv)
 {
     BIO *in = NULL, *out = NULL, *tbio = NULL, *cont = NULL;
@@ -56,6 +99,8 @@ int main(int argc, char **argv)
     if (cms == NULL)
         goto err;
 
+    print_signingTime(cms);
+
     /* File to output verified content to */
     out = BIO_new_file("smver.txt", "w");
     if (out == NULL)
@@ -66,9 +111,10 @@ int main(int argc, char **argv)
         goto err;
     }
 
-    fprintf(stderr, "Verification Successful\n");
+    printf("Verification Successful\n");
 
     ret = EXIT_SUCCESS;
+
  err:
     if (ret != EXIT_SUCCESS) {
         fprintf(stderr, "Error Verifying Data\n");
-- 
cgit v1.2.3