Hi,
I modified the code as you mentioned, I am just trying to verify if signing the
certificate using private key works.
I signed the certificate using private key.
But I still get the same error from CMS_verify. It complains about "signer
certificate not found".
Is this the right way to create the self-signed dummy certificate? It seems to
behave exactly the same way as before.
Please find the modified code below (just added a block of code for signing the
cert). Also I printed the certificate for reference.
-Ujwal
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: dsaWithSHA1
Issuer:
Validity
Not Before: Feb 3 20:02:06 2010 GMT
Not After : Feb 3 20:02:06 2011 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: dsaEncryption
DSA Public Key:
pub:
63:c5:5b:b8:c2:e0:75:94:c1:5e:8c:bb:49:a5:67:
ef:38:c7:2c:0b:02:3f:2c:6c:ec:ae:9d:c3:10:51:
f7:6e:33:eb:8e:1b:9c:6c:2f:ae:48:f5:bb:4d:26:
ae:5a:16:dd:c8:26:78:96:28:e8:37:21:86:dc:a4:
a9:2c:96:46:57:a9:05:ef:61:c6:42:04:8c:1b:a9:
fe:7e:f1:70:e2:74:c7:dd:c9:0f:80:0f:30:83:12:
93:47:5a:4e:b9:9e:8f:4c:da:2c:ee:3a:a7:3a:9e:
95:38:11:77:f7:44:64:c5:5c:09:26:03:26:2f:fd:
43:5d:0d:5e:e4:60:31:08
P:
00:f5:fc:96:4d:f4:79:a2:f5:47:92:32:15:7f:23:
a2:63:a1:c5:c8:42:8b:93:a0:70:e0:5b:5a:3a:79:
43:3f:f5:b5:03:85:25:96:a2:77:e6:88:a0:ab:8a:
64:23:44:8b:40:a5:64:57:22:87:dd:e0:0b:f8:24:
0c:3a:43:24:15:57:69:72:39:3a:f6:ce:3f:15:39:
41:1d:d3:18:ea:78:43:64:c5:7d:a0:27:25:33:8e:
80:17:40:73:43:ef:03:2b:da:18:75:ee:8b:09:cb:
10:2d:21:da:d9:51:54:1d:4f:00:10:29:b6:e2:ff:
38:ad:03:50:bc:46:da:c4:c5
Q:
00:ef:66:e9:29:73:09:fd:16:17:5c:50:06:91:20:
25:f9:cb:58:9f:97
G:
4f:e9:fb:0a:80:c7:95:db:79:90:fe:be:f0:24:99:
b5:e8:62:b0:ba:95:47:a2:22:36:84:17:df:5f:8c:
2d:61:c9:dc:45:db:01:63:40:ec:cf:05:55:c4:44:
67:5a:98:d4:98:ee:3c:0b:f3:63:ad:76:bc:b1:6a:
b1:cf:41:b9:ec:3a:10:c3:52:20:7f:46:5b:92:59:
8a:0e:8b:53:65:77:7a:91:f2:96:01:21:bd:bb:89:
ec:47:71:8f:9d:29:05:3f:9b:c2:11:51:d8:3c:62:
af:dd:27:80:ab:e1:1c:9f:0b:58:09:98:89:2e:99:
8f:6a:25:17:75:67:12:18
Signature Algorithm: dsaWithSHA1
30:2d:02:15:00:9a:3f:3d:53:7d:3f:d7:88:54:ed:fd:a0:af:
66:b7:af:ae:f4:91:36:02:14:47:83:20:7b:25:21:ef:66:73:
30:8d:b8:c8:04:48:49:40:ef:b2:c5
//COPY the DSA params and public keys from const char arrays into DSA structure
DSA *dsaParams= DSA_new();
dsaParams->g = BN_new();
dsaParams->p = BN_new();
dsaParams->q = BN_new();
dsaParams->pub_key = BN_new();
BN_bin2bn((const unsigned char *)uLicenseCheckG, sizeof(uLicenseCheckG),
dsaParams->g);
BN_bin2bn((const unsigned char *)uLicenseCheckP, sizeof(uLicenseCheckP),
dsaParams->p);
BN_bin2bn((const unsigned char *)uLicenseCheckQ, sizeof(uLicenseCheckQ),
dsaParams->q);
BN_bin2bn((const unsigned char *)uLicenseCheckY, sizeof(uLicenseCheckY),
dsaParams->pub_key);
//Create a EVP_PKEY to use in creating a certificate
EVP_PKEY *evpTemp = EVP_PKEY_new();
EVP_PKEY_assign_DSA(evpTemp, dsaParams);
//Create a CMS content info structure out of the license key
CMS_ContentInfo *cms = NULL;
BIO *bioBuff = BIO_new_mem_buf((char *)nBytes, nCountOfBytes);
BIO_set_mem_eof_return(bioBuff,0);
cms = d2i_CMS_bio(bioBuff, NULL);// i believe this finds the end of ASN1
data
STACK_OF(CMS_SignerInfo) *sinfos;
CMS_SignerInfo *si;
sinfos = CMS_get0_SignerInfos(cms);
si = sk_CMS_SignerInfo_value(sinfos, 0);
ASN1_OCTET_STRING* keyid;
X509_NAME* issuer;
ASN1_INTEGER* sno;
int rc = CMS_SignerInfo_get0_signer_id(si, &keyid, &issuer, &sno);
//USE THIS KEYID TO SET THE x509Cert->skid VALUE
printf ("si: %d %p %p %p\n", rc, keyid, issuer, sno);
//create a x509 cert with above DSA params and public key and skid
X509 *x509Cert = X509_new();
X509_set_version(x509Cert, 2);
ASN1_INTEGER_set(X509_get_serialNumber(x509Cert), 0);
x509Cert->skid = ASN1_OCTET_STRING_dup(keyid);
X509_gmtime_adj(X509_get_notBefore(x509Cert),0);
X509_gmtime_adj(X509_get_notAfter(x509Cert), (long) 60*60*24*365);
int error = X509_set_pubkey(x509Cert, evpTemp);
if (error) {
printf("set public key error: %s",
ERR_error_string(ERR_get_error(), NULL));
}
// BEGIN - SIGNING THE CERTIFICATE WITH THE PRIVATE KEY, uLicenseCheckX is a
const char array which holds private key
DSA *privKey = DSA_new();
privKey->g = BN_new();
privKey->p = BN_new();
privKey->q = BN_new();
//privKey->pub_key = BN_new();
privKey->priv_key = BN_new();
/* tried both*/
BN_bin2bn((const unsigned char *)uLicenseCheckG, sizeof(uLicenseCheckG),
privKey->g);
BN_bin2bn((const unsigned char *)uLicenseCheckP, sizeof(uLicenseCheckP),
privKey->p);
BN_bin2bn((const unsigned char *)uLicenseCheckQ, sizeof(uLicenseCheckQ),
privKey->q);
//BN_bin2bn((const unsigned char *)uLicenseCheckY,
sizeof(uLicenseCheckY), privKey->pub_key);
BN_bin2bn((const unsigned char *)uLicenseCheckX, sizeof(uLicenseCheckX),
privKey->priv_key);
EVP_PKEY *evpPriKEY = EVP_PKEY_new();
EVP_PKEY_assign_DSA(evpPriKEY, privKey);
X509_sign(x509Cert, evpPriKEY, EVP_dss1());
// END - SIGNING THE CERTIFICATE WITH THE PRIVATE KEY
X509_print_fp(stdout, x509Cert);
//create a stack of x509 cert to use it in CMS_verify
STACK_OF(X509) *st=sk_X509_new_null();
sk_X509_push(st, x509Cert);
//x509Cert->skid IS VALID HERE
printf ("skid: %p\n", x509Cert->skid);
//It fails here with "signer certificate not found" error
//Also tried using the CMS_NO_CONTENT_VERIFY
int cmsVerify = CMS_verify(cms, st, NULL, NULL, NULL,
CMS_NOINTERN|CMS_NO_SIGNER_CERT_VERIFY);
errortemp = ERR_get_error();
ERR_error_string(errortemp, errorbuff);
printf("countofbytes = %d, error num = %d, and error =
%s\n",nCountOfBytes,errortemp, errorbuff);
//x509Cert->skid IS NOT VALID HERE
printf ("skid: %p\n", x509Cert->skid);
