哪些数据用于计算此asn.1消息的sha256消息摘要？

Question

给出以下asn.1消息，如何计算sha256消息摘要“ 8798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A”？我意识到这是一些数据的32字节哈希。哪些特定数据用于计算哈希？这是tr34文件。使用openssl，只要我使用消息中相同的数据块，我就应该能够得出相同的哈希值。

-----BEGIN TR34_Sample_UBT_KDH PEM File-----
MIIEPAYJKoZIhvcNAQcCoIIELTCCBCkCAQExDTALBglghkgBZQMEAgEwWwYJKoZI
hvcNAQcBoE4ETDBKMEExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxUUjM0IFNhbXBs
ZXMxGzAZBgNVBAMTElRSMzQgU2FtcGxlIENBIEtSRAIFNAAAAAehggHYMIIB1DCB
vQIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVFIz
NCBTYW1wbGVzMRswGQYDVQQDExJUUjM0IFNhbXBsZSBDQSBLREgXDTEwMTEwMjE3
MzMzMFoXDTEwMTIwMjE3MzMzMFowSDAWAgU0AAAACBcNMTAxMTAyMTcyODEzWjAW
AgU0AAAAChcNMTAxMTAyMTczMTQ2WjAWAgU0AAAACxcNMTAxMTAyMTczMzI1WjAN
BgkqhkiG9w0BAQsFAAOCAQEANvBqPIisvPqfjjsIUO7gmpz3tbKRiG5RDTSf5fBc
G9t9nznk6mUIgo8u0+55Y8hYdFJ5XDlGKwYNW5csmnte+JChk8VyJdHIjVbu0dA/
fpp1hw1gTRXgEv/XuFBupLoU57UQGMFtjZ77asXFFWhrE04WsdZ/Hov0PI/JpguW
FK3M6a9pwnqUU9QmNE9rFEUO5YOCFHQeq/f4fxUqkxn62e07SBoRPAM2PSmt0C4w
MTopOvwYe3JSmPsUxdmXlnhaJswZzwfCvJojuPb27hmgB5BPS/Yy3P3n8oJfMS/m
KOPQxxzVC7CO5ATipfARoLWrTyphJ14lAJ2uAGYO/zLWwzGCAdowggHWAgEBMEow
QTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEbMBkGA1UEAxMS
VFIzNCBTYW1wbGUgQ0EgS0RIAgU0AAAABjALBglghkgBZQMEAgGgZTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBgGCiqGSIb3DQEJGQMxCgQIfeocAIlOJGowLwYJ
KoZIhvcNAQkEMSIEIIeYFo5vfzEY7ehSK2M237Vs/fldtwY8tyMO8AtNZm0aMA0G
CSqGSIb3DQEBAQUABIIBAE80v8n2d8D3kBFwR7HqYM/TMltuf10kfDrB8LYMqLLp
JXOhQctjYBetCTDQ0kK75szZyaapV1cjmowsmfwejK6IrS1qtueiVsjFLmqROECz
QiqSdSZ/iPZ82Brdkwd//jD20n2XYIpdmBUhSL7XD65DPz963KcSYARf9bPkK1wK
FB9ozwsW4YeuT2Rv0QpwCBJEKspvIpKM8D8pJQHT+3cEMGurGVQtvXaG396YuOJs
qg4mLN+92YRSBY61rRrlFxX4ARwtn6a9RuHW8P+dOTYkT9t0msZByYdJrk8V2oyQ
VtM8wqN6incGM24kRrcZvoU5lsEz9brY6Uz/wvC+JB0=
-----END TR34_Sample_UBT_KDH PEM File-----

这是消息的另一种形式：

3082043C06092A864886F70D010702A082042D30820429020101310D300B0609608648016503040201305B06092A864886F70D010701A04E044C304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B524402053400000007A18201D8308201D43081BD020101300D06092A864886F70D01010B05003041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B4448170D3130313130323137333333305A170D3130313230323137333333305A3048301602053400000008170D3130313130323137323831335A30160205340000000A170D3130313130323137333134365A30160205340000000B170D3130313130323137333332355A300D06092A864886F70D01010B0500038201010036F06A3C88ACBCFA9F8E3B0850EEE09A9CF7B5B291886E510D349FE5F05C1BDB7D9F39E4EA6508828F2ED3EE7963C8587452795C39462B060D5B972C9A7B5EF890A193C57225D1C88D56EED1D03F7E9A75870D604D15E012FFD7B8506EA4BA14E7B51018C16D8D9EFB6AC5C515686B134E16B1D67F1E8BF43C8FC9A60B9614ADCCE9AF69C27A9453D426344F6B14450EE5838214741EABF7F87F152A9319FAD9ED3B481A113C03363D29ADD02E30313A293AFC187B725298FB14C5D99796785A26CC19CF07C2BC9A23B8F6F6EE19A007904F4BF632DCFDE7F2825F312FE628E3D0C71CD50BB08EE404E2A5F011A0B5AB4F2A61275E25009DAE00660EFF32D6C3318201DA308201D6020101304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B444802053400000006300B0609608648016503040201A065301806092A864886F70D010903310B06092A864886F70D0107013018060A2A864886F70D01091903310A04087DEA1C00894E246A302F06092A864886F70D010904312204208798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A300D06092A864886F70D0101010500048201004F34BFC9F677C0F790117047B1EA60CFD3325B6E7F5D247C3AC1F0B60CA8B2E92573A141CB636017AD0930D0D242BBE6CCD9C9A6A95757239A8C2C99FC1E8CAE88AD2D6AB6E7A256C8C52E6A913840B3422A9275267F88F67CD81ADD93077FFE30F6D27D97608A5D98152148BED70FAE433F3F7ADCA71260045FF5B3E42B5C0A141F68CF0B16E187AE4F646FD10A700812442ACA6F22928CF03F292501D3FB7704306BAB19542DBD7686DFDE98B8E26CAA0E262CDFBDD98452058EB5AD1AE51715F8011C2D9FA6BD46E1D6F0FF9D3936244FDB749AC641C98749AE4F15DA8C9056D33CC2A37A8A7706336E2446B719BE853996C133F5BAD8E94CFFC2F0BE241D

Answer 1

这是带有签名属性的CMS-formerly-PKCS7 SignedData消息defined in rfc5652 et pred。您引用的摘要（即signedattrs中的messagedigest元素）如5.4中所述，encapContentInfo中的OCTET STRING eContent值部分的摘要，如5.2中所述。

由于您没有显示任何代码开始，因此以下是绝对的最小值：

#include <stdio.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>

int main (void){
  unsigned char hash[32]; 

  // TEST CODE doesn't check or handle errors; DON'T USE FOR REAL
  BIO *in = BIO_push (BIO_new(BIO_f_base64()), BIO_new_file ("54262612.pem","r"));
  // file's PEM type not understood by PEM_read_PKCS7; rather than fixing
  PKCS7 *outer = d2i_PKCS7_bio (in, NULL); // just bypass it
  // assume signeddata with (nonomitted) content octetstring; should check
  ASN1_OCTET_STRING *cont = outer->d.sign->contents->d.data;

  // assume hash is sha256; should check digestalgs and signerinfo(s)
  EVP_Digest (cont->data, cont->length, hash, NULL, EVP_sha256(), NULL);
  for( int i = 0; i < 32; i++ ) printf ("%02x", hash[i]); putchar ('\n');
  return 0;
}