Stream filter for CMS_Sign()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey! I want to use stream filter witn CMS_sign. I have a problem: my program
doesn't produce cms signed data. Attaching my code and output data below. 

The code that follows is a fragment from my original program.


void SignInit(CryptPacket &packet) //use once for initialization
{
	if (m_cms)
		return;

	CK_ULONG certCount = NULL;
	std::vector<CK_OBJECT_HANDLE>certHandles;
	std::vector<CK_BYTE> certValue;
	X509* x509Cert = nullptr;
	CK_SESSION_HANDLE session = NULL;
	CK_BYTE* p_CKA_ID;
	EVP_PKEY* key = NULL;

	try
	{
		m_pCryptoModule->Authentication(session, true);

		Rtk_CertInfo2* p_rtk_certinfo2_object =
m_pCryptoModule->m_CertsCollection.GetCert(packet.request.senderCertId);
		if (!p_rtk_certinfo2_object)
			ca_throw_cert_need_log(packet.request.senderCertId);

		std::vector <CK_BYTE> ckId = p_rtk_certinfo2_object->m_ckId;
		p_CKA_ID = new CK_BYTE[ckId.size()];
		std::copy(ckId.begin(), ckId.end(), p_CKA_ID);

		CK_ATTRIBUTE certificateTemplate[] = CERTIFICATE_TEMPLATE(ckId, p_CKA_ID);

		key = GetKeyPair(ckId, session, m_pCryptoModule->m_functionList);
		if (!key)
		{
			ca_throw_log(RTK_E_FIND_KEY_FAILED);
		}

		if (m_pCryptoModule->m_functionList->C_FindObjectsInit(session,
certificateTemplate, arraysize(certificateTemplate)) != CKR_OK)
		{
			ca_throw_log(RTK_E_FIND_OBJECTS_INIT_FAILED);
		}

		certHandles.clear();
		certHandles.resize(10000);

		if (m_pCryptoModule->m_functionList->C_FindObjects(session,
certHandles.data(), (CK_ULONG)certHandles.size(), &certCount) != CKR_OK ||
certCount == 0)
		{
			ca_throw_log(RTK_E_FIND_OBJECTS_FAILED);
		}

		CK_ATTRIBUTE certValueAttr = { CKA_VALUE, NULL_PTR, 0 };

		if (m_pCryptoModule->m_functionList->C_GetAttributeValue(session,
certHandles[0], &certValueAttr, 1) != CKR_OK)
			ca_throw_log(RTK_E_GET_CKA_VALUE_FAILED);

		certValue.resize(certValueAttr.ulValueLen);
		certValueAttr.pValue = certValue.data();

		if (m_pCryptoModule->m_functionList->C_GetAttributeValue(session,
certHandles[0], &certValueAttr, 1) != CKR_OK)
			ca_throw_log(RTK_E_GET_CKA_VALUE_FAILED);

		x509Cert = CertToX509(CertToPem(certValue));

		if (!x509Cert)
		{
			ca_throw_log(RTK_E_CERT_TO_X509_FAILED);
		}

		if (m_pCryptoModule->m_functionList->C_FindObjectsFinal(session) !=
CKR_OK)
		{
			ca_throw_log(RTK_E_FIND_OBJECTS_FINAL_FAILED);
		}

		m_cms = CMS_sign(x509Cert, key, NULL, NULL, CMS_STREAM | CMS_BINARY);
		if (!m_cms)
		{
			ca_throw_log(RTK_E_ENCRYPT_FAILED);
		}

		m_input = BIO_new_CMS(m_output, m_cms);

		m_pCryptoModule->EndSession(session, true);

		X509_free(x509Cert);

		if (!rt_eng_invalidate_p11_ossl_evp_pkey(key))
		{
			ca_throw_log(RTK_E_RESET_KEY_PAIR_DESCRIPTOR_FAILED);
		}
		EVP_PKEY_free(key);

		delete[] p_CKA_ID;
	}
	ca_catch
	{
		if (x509Cert)
			X509_free(x509Cert);

		if (key)
		{
			if (!rt_eng_invalidate_p11_ossl_evp_pkey(key))
				ca_log_err(RTK_E_RESET_KEY_PAIR_DESCRIPTOR_FAILED);
			EVP_PKEY_free(key);
		}

		delete[] p_CKA_ID;

		m_pCryptoModule->EndSession(session, true);

		packet.response.errorCode = ex;
		packet.response.errorMessage = GetErrorMessage(ex);
	}
}

void Stream(CryptPacket & packet)//for multiple calls
{
	ca_lock;
	try
	{
		SignInit(packet);

		BYTE* pbData = packet.request.GetFileData();
		DWORD cbData = packet.request.GetFileDataSize();

		if (BIO_write(m_input, pbData, cbData) <= 0)
			ca_throw_log(RTK_E_WRITE_TO_OUT_BUF_FAILED);

		if (packet.request.streamFinalChunk)//finalization
			BIO_flush(m_input);

		std::vector<uint8_t> cmsBuf = ReadMemBio(m_output);
		if (!cmsBuf.size())
			ca_throw_log(RTK_E_READ_FROM_BUF_FAILED);

		packet.response.SetFileData(cmsBuf.data(), cmsBuf.size());//write data to
file
	}
	ca_catch
	{
		packet.response.errorCode = ex;
		packet.response.errorMessage = GetErrorMessage(ex);
	}
}




Data written in the file as a result:
<http://openssl.6102.n7.nabble.com/file/t11625/res.jpg> 


Data as input for Signing:
<http://openssl.6102.n7.nabble.com/file/t11625/data.jpg> 


Am I missing something? Is there another way I can achieve the same thing?

Thanks for attention





--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux