SignedData is not being produced detached. BIO_new_CMS with CMS_Sign

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SignedData is not being produced detached. BIO_new_CMS with CMS_Sign

OpenSSL - User mailing list
Hello, fellows.

I am implementing a new streamer for CMS SignedData with CMS_sign.
I use BIO_new_CMS.

My program successfuly produces a SignedData structure in the end, but
the actual data is embedded. I have passed (CMS_BINARY | CMS_DETACHED
| CMS_STREAM) as flags to the initial call to CMS_sign but still the
SignedData is not being produced detached.

Am I missing something? Is there another way I can achieve the same thing?

The code that follows is a true fragment from my original program.

Thanks
Have a nice day))

void SignInit(ca::CryptPacket &packet) //use once for initialization
{
        CK_ULONG certCount = NULL;
        std::vector<CK_OBJECT_HANDLE>certHandles;
        std::vector<CK_BYTE> certValue;
        X509* x509Cert = nullptr;
        CK_BYTE* p_CKA_ID;

        try
        {
                Rtk_CertInfo2* p_rtk_certinfo2_object =
m_pCryptoModule->m_CertsCollection.GetCert(packet.request.senderCertId);
                if (!p_rtk_certinfo2_object)
                        ca_throw_cert_need_log(packet.request.senderCertId);

                std::vector <CK_BYTE> ckId = p_rtk_certinfo2_object->m_ckId;
                p_CKA_ID = new CK_BYTE[ckId.size()];
                std::copy(ckId.begin(), ckId.end(), p_CKA_ID);

                CK_ATTRIBUTE certificateTemplate[] = CERTIFICATE_TEMPLATE(ckId, p_CKA_ID);

                m_key = GetKeyPair(ckId, m_session, m_pCryptoModule->m_functionList);
                if (!m_key)
                {
                        ca_throw_log(RTK_E_FIND_KEY_FAILED);
                }

                if (m_pCryptoModule->m_functionList->C_FindObjectsInit(m_session,
certificateTemplate, arraysize(certificateTemplate)) != CKR_OK)
                {
                        ca_throw_log(RTK_E_FIND_OBJECTS_INIT_FAILED);
                }

                certHandles.clear();
                certHandles.resize(10000);

                if (m_pCryptoModule->m_functionList->C_FindObjects(m_session,
certHandles.data(), (CK_ULONG)certHandles.size(), &certCount) != CKR_OK ||
certCount == 0)
                {
                        ca_throw_log(RTK_E_FIND_OBJECTS_FAILED);
                }

                if (m_pCryptoModule->m_functionList->C_FindObjectsFinal(m_session) !=
CKR_OK)
                {
                        ca_throw_log(RTK_E_FIND_OBJECTS_FINAL_FAILED);
                }

                CK_ATTRIBUTE certValueAttr = { CKA_VALUE, NULL_PTR, 0 };

                if (m_pCryptoModule->m_functionList->C_GetAttributeValue(m_session,
certHandles[0], &certValueAttr, 1) != CKR_OK)
                        ca_throw_log(RTK_E_GET_CKA_VALUE_FAILED);

                certValue.resize(certValueAttr.ulValueLen);
                certValueAttr.pValue = certValue.data();

                if (m_pCryptoModule->m_functionList->C_GetAttributeValue(m_session,
certHandles[0], &certValueAttr, 1) != CKR_OK)
                        ca_throw_log(RTK_E_GET_CKA_VALUE_FAILED);

                x509Cert = CertToX509(CertToPem(certValue));

                if (!x509Cert)
                {
                        ca_throw_log(RTK_E_CERT_TO_X509_FAILED);
                }

                m_cms = CMS_sign(x509Cert, m_key, NULL, NULL, CMS_STREAM | CMS_BINARY |
CMS_DETACHED);
                if (!m_cms)
                {
                        ca_throw_log(RTK_E_SIGN_DATA_FAILED);
                }

                m_input = BIO_new_CMS(m_output, m_cms);

                X509_free(x509Cert);
                delete[] p_CKA_ID;
        }
        ca_catch
        {
                if (x509Cert)
                        X509_free(x509Cert);

                delete[] p_CKA_ID;

                packet.response.errorCode = ex;
                packet.response.errorMessage = GetErrorMessage(ex);
        }
}

void CStreamSigner::Stream(ca::CryptPacket & packet) //for multiple calls
{
        ca_lock;
        try
        {
                if (!m_cms)
                        SignInit(packet); //initialization

                BYTE* pbData = packet.request.GetFileData();
                DWORD cbData = packet.request.GetFileDataSize();

                if (BIO_write(m_input, pbData, cbData) <= 0)
                        ca_throw_log(RTK_E_WRITE_TO_OUT_BUF_FAILED);

                if (packet.request.streamFinalChunk)
                        BIO_flush(m_input);

                std::vector<uint8_t> cmsBuf = ReadMemBio(m_output);
                if (!cmsBuf.size())
                        ca_throw_log(RTK_E_READ_FROM_BUF_FAILED);

                packet.response.SetFileData(cmsBuf.data(), cmsBuf.size());
        }
        ca_catch
        {
                packet.response.errorCode = ex;
                packet.response.errorMessage = GetErrorMessage(ex);
        }
}



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html