CryptoAPI使用CryptSignMessage标志,但是openssl无法验证,该怎么办?

时间:2019-02-28 01:50:40

标签: openssl exchange-server sign cryptoapi smime

cryptoapi签名代码:

void __stdcall pkcs7_crypto_smime_signed(char * strcontext,int contentsize,char * cerbuffer,char * cerpassword,int cersize,char ** outdata,int * outdatasize,int * externalrult / PCRYPT_DATA_BLOB pEncodedBlob,LPWSTR pws ---------------------------------------------------- -----------------         声明并初始化变量。这包括获得         指向消息内容的指针。该示例创建         消息内容并获得指向它的指针。多数情况         情况下,内容将存在于某处,并且         指向它的指针将传递给应用程序。     -------------------------------------------------- ------------- /     CRYPT_DATA_BLOB pEncodedBlob; // =新的CRYPT_DATA_BLOB;     // pEncodedBlob-> cbData = contentsize;     // pEncodedBlob-> pbData =(BYTE *)strcontext;

HCERTSTORE hSystemStoreHandle;
CRYPT_SIGN_MESSAGE_PARA SignMessagePara;

//---------------------------------------------------------------
//   The message to be signed and encoded.

//BYTE* pbContent = (BYTE*) "The quick brown fox jumped over " \
//    "the lazy dog.";

/*---------------------------------------------------------------
    The length of the message. This must be one more than the 
    value returned by strlen() to include the terminal NULL 
    character.
---------------------------------------------------------------*/
//DWORD cbContent = lstrlenA((char *) pbContent) + 1;

//---------------------------------------------------------------
//    Arrays to hold the message to be signed and its length.

//const BYTE *rgpbToBeSigned[1] ;
//DWORD rgcbToBeSigned[1];

//---------------------------------------------------------------
//    The signer's certificate.

PCCERT_CONTEXT pSignerCert = NULL ;//(PCCERT_CONTEXT *)malloc(sizeof(CERT_CONTEXT)) ; 
//memset((char *)pSignerCert, 0, sizeof(CERT_CONTEXT));
char * strmsg = (char *)malloc(contentsize + 1);
memset(strmsg, 0, contentsize + 1);
//---------------------------------------------------------------
//    Buffer to hold the name of the subject of a certificate.

char pszNameString[MAX_NAME];

//---------------------------------------------------------------
//  The following variables are used only in the decoding phase.

DWORD cbData = sizeof(DWORD);

//---------------------------------------------------------------
//  Begin processing. Display the original message.

//rgpbToBeSigned[0] = pbContent;
//rgcbToBeSigned[0] = cbContent;

//printf("The original message = \n%s\n\n",
//    rgpbToBeSigned[0]);

//---------------------------------------------------------------
// Open a certificate store.

if(hSystemStoreHandle = CertOpenStore(
    CERT_STORE_PROV_SYSTEM,
    0,
    NULL,
    CERT_SYSTEM_STORE_CURRENT_USER,
    CERTIFICATE_STORE_NAME))
{
    printf("The certificate store is open. \n");
}
else
{
    MyHandleError( "Error Getting Store Handle");
}

//_DecodePfxbCert( (LPBYTE)cerbuffer , cersize , cerpassword , pSignerCert);
{
    HCERTSTORE hCertStore = NULL;
    PCCERT_CONTEXT  pCertContext = NULL;  


    CRYPT_DATA_BLOB dataBlob = {cersize, (BYTE *)cerbuffer};
    WCHAR * PWDS = (WCHAR *)malloc(strlen(cerpassword) + 1);
    memset(PWDS , 0 , sizeof(WCHAR) * (strlen(cerpassword) + 1) );
    swprintf(PWDS , L"%hs" , cerpassword);
    hCertStore = PFXImportCertStore(&dataBlob, PWDS /*? TEXT(pwd) : NULL*/, CRYPT_EXPORTABLE);
    if (NULL == hCertStore)
    {
        hCertStore = PFXImportCertStore(&dataBlob, L"", CRYPT_EXPORTABLE);
    }
    if (NULL == hCertStore)
    {
        return;
    }


    while(pCertContext = CertEnumCertificatesInStore(hCertStore, pCertContext))
    {       
        if (pCertContext->pbCertEncoded && pCertContext->cbCertEncoded > 0)
        {
            pSignerCert = CertDuplicateCertificateContext(pCertContext);
            break;
        }
    }


    CertCloseStore(hCertStore, 0);
    hCertStore = NULL;

}



if(pSignerCert == NULL)
{
    MyHandleError("Signer certificate not found.");
}

/*---------------------------------------------------------------
Initialize the CRYPT_SIGN_MESSAGE_PARA structure. First, use 
memset to set all members to zero or NULL. Then set the values of
all members that must be nonzero.
---------------------------------------------------------------*/

memset(&SignMessagePara, 0, sizeof(CRYPT_SIGN_MESSAGE_PARA));
SignMessagePara.cbSize = sizeof(CRYPT_SIGN_MESSAGE_PARA);
SignMessagePara.HashAlgorithm.pszObjId = szOID_RSA_MD2;
SignMessagePara.pSigningCert = pSignerCert;
SignMessagePara.dwMsgEncodingType = MY_ENCODING_TYPE;
SignMessagePara.cMsgCert = 1;
SignMessagePara.rgpMsgCert = &pSignerCert;

/*---------------------------------------------------------------
    In two steps, sign and encode the message. First, get the 
    number of bytes required for the buffer to hold the signed 
    and encoded message.
---------------------------------------------------------------*/
const BYTE *rgpbToBeSigned[1] ;
DWORD rgcbToBeSigned[1];

memcpy_s(strmsg , contentsize + 1 , strcontext , contentsize);
rgpbToBeSigned[0] = (const BYTE *)strmsg;
rgcbToBeSigned[0] = strlen(strmsg) + 1;

DWORD dwSize = 0;
if( CryptSignMessage(
        &SignMessagePara,
        FALSE,
        1,
        rgpbToBeSigned,
        rgcbToBeSigned,
        NULL,
        &dwSize))
{
    printf("The needed length is %d \n", dwSize);
}
else
{
    MyHandleError("Getting the length failed.\n");
}

//---------------------------------------------------------------
//   Allocate memory for the required buffer.
memset(&pEncodedBlob , 0 , sizeof(pEncodedBlob));
BYTE * p = (BYTE *)malloc(dwSize);
memset(p , 0 , dwSize);
pEncodedBlob.pbData = p;
pEncodedBlob.cbData = dwSize;
if(!pEncodedBlob.pbData)
{
    MyHandleError("Memory allocation failed.");
}

//---------------------------------------------------------------
//   Call CryptSignMessage a second time to
//   copy the signed and encoded message to the buffer.
if( CryptSignMessage(
    &SignMessagePara,
    FALSE,
    1,
    rgpbToBeSigned,
    rgcbToBeSigned,
    pEncodedBlob.pbData,
    &pEncodedBlob.cbData))
{
    *outdata = (char *)malloc(pEncodedBlob.cbData);
    if(!outdata)
    {
        return;
    }

    memcpy_s(*outdata ,pEncodedBlob.cbData , pEncodedBlob.pbData , pEncodedBlob.cbData);
    *outdatasize = pEncodedBlob.cbData;
    printf("Signing worked \n");
}
else
{
    MyHandleError("Signing failed.\n");
}

//---------------------------------------------------------------
//  Clean up after signing and encoding.

if(pSignerCert)
{
    CertFreeCertificateContext(pSignerCert);
}

if(hSystemStoreHandle)
{
    CertCloseStore(hSystemStoreHandle,
        CERT_CLOSE_STORE_FORCE_FLAG);
}

return ;

}

我正在使用openssl cms或smime验证失败。怎么做 ? 谢谢!

0 个答案:

没有答案