CODEWITHSUNDEEP
opensslsha256
traviscoder
traviscoder

Reputation: 1

What data is used to calculate the sha256 messagedigest of this asn.1 message?

Given the following asn.1 message, how is the sha256 message digest, "8798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A", calculated? I realize it is a 32 byte hash of some data. What specific data is used to calculate the hash? This is a tr34 document. Using openssl, I should be able to come up with the same hash as long as I'm using the same chunck of data from the message. 

-----BEGIN TR34_Sample_UBT_KDH PEM File-----
MIIEPAYJKoZIhvcNAQcCoIIELTCCBCkCAQExDTALBglghkgBZQMEAgEwWwYJKoZI
hvcNAQcBoE4ETDBKMEExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxUUjM0IFNhbXBs
ZXMxGzAZBgNVBAMTElRSMzQgU2FtcGxlIENBIEtSRAIFNAAAAAehggHYMIIB1DCB
vQIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVFIz
NCBTYW1wbGVzMRswGQYDVQQDExJUUjM0IFNhbXBsZSBDQSBLREgXDTEwMTEwMjE3
MzMzMFoXDTEwMTIwMjE3MzMzMFowSDAWAgU0AAAACBcNMTAxMTAyMTcyODEzWjAW
AgU0AAAAChcNMTAxMTAyMTczMTQ2WjAWAgU0AAAACxcNMTAxMTAyMTczMzI1WjAN
BgkqhkiG9w0BAQsFAAOCAQEANvBqPIisvPqfjjsIUO7gmpz3tbKRiG5RDTSf5fBc
G9t9nznk6mUIgo8u0+55Y8hYdFJ5XDlGKwYNW5csmnte+JChk8VyJdHIjVbu0dA/
fpp1hw1gTRXgEv/XuFBupLoU57UQGMFtjZ77asXFFWhrE04WsdZ/Hov0PI/JpguW
FK3M6a9pwnqUU9QmNE9rFEUO5YOCFHQeq/f4fxUqkxn62e07SBoRPAM2PSmt0C4w
MTopOvwYe3JSmPsUxdmXlnhaJswZzwfCvJojuPb27hmgB5BPS/Yy3P3n8oJfMS/m
KOPQxxzVC7CO5ATipfARoLWrTyphJ14lAJ2uAGYO/zLWwzGCAdowggHWAgEBMEow
QTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEbMBkGA1UEAxMS
VFIzNCBTYW1wbGUgQ0EgS0RIAgU0AAAABjALBglghkgBZQMEAgGgZTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBgGCiqGSIb3DQEJGQMxCgQIfeocAIlOJGowLwYJ
KoZIhvcNAQkEMSIEIIeYFo5vfzEY7ehSK2M237Vs/fldtwY8tyMO8AtNZm0aMA0G
CSqGSIb3DQEBAQUABIIBAE80v8n2d8D3kBFwR7HqYM/TMltuf10kfDrB8LYMqLLp
JXOhQctjYBetCTDQ0kK75szZyaapV1cjmowsmfwejK6IrS1qtueiVsjFLmqROECz
QiqSdSZ/iPZ82Brdkwd//jD20n2XYIpdmBUhSL7XD65DPz963KcSYARf9bPkK1wK
FB9ozwsW4YeuT2Rv0QpwCBJEKspvIpKM8D8pJQHT+3cEMGurGVQtvXaG396YuOJs
qg4mLN+92YRSBY61rRrlFxX4ARwtn6a9RuHW8P+dOTYkT9t0msZByYdJrk8V2oyQ
VtM8wqN6incGM24kRrcZvoU5lsEz9brY6Uz/wvC+JB0=
-----END TR34_Sample_UBT_KDH PEM File-----

Here is another form of the message:

3082043C06092A864886F70D010702A082042D30820429020101310D300B0609608648016503040201305B06092A864886F70D010701A04E044C304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B524402053400000007A18201D8308201D43081BD020101300D06092A864886F70D01010B05003041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B4448170D3130313130323137333333305A170D3130313230323137333333305A3048301602053400000008170D3130313130323137323831335A30160205340000000A170D3130313130323137333134365A30160205340000000B170D3130313130323137333332355A300D06092A864886F70D01010B0500038201010036F06A3C88ACBCFA9F8E3B0850EEE09A9CF7B5B291886E510D349FE5F05C1BDB7D9F39E4EA6508828F2ED3EE7963C8587452795C39462B060D5B972C9A7B5EF890A193C57225D1C88D56EED1D03F7E9A75870D604D15E012FFD7B8506EA4BA14E7B51018C16D8D9EFB6AC5C515686B134E16B1D67F1E8BF43C8FC9A60B9614ADCCE9AF69C27A9453D426344F6B14450EE5838214741EABF7F87F152A9319FAD9ED3B481A113C03363D29ADD02E30313A293AFC187B725298FB14C5D99796785A26CC19CF07C2BC9A23B8F6F6EE19A007904F4BF632DCFDE7F2825F312FE628E3D0C71CD50BB08EE404E2A5F011A0B5AB4F2A61275E25009DAE00660EFF32D6C3318201DA308201D6020101304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B444802053400000006300B0609608648016503040201A065301806092A864886F70D010903310B06092A864886F70D0107013018060A2A864886F70D01091903310A04087DEA1C00894E246A302F06092A864886F70D010904312204208798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A300D06092A864886F70D0101010500048201004F34BFC9F677C0F790117047B1EA60CFD3325B6E7F5D247C3AC1F0B60CA8B2E92573A141CB636017AD0930D0D242BBE6CCD9C9A6A95757239A8C2C99FC1E8CAE88AD2D6AB6E7A256C8C52E6A913840B3422A9275267F88F67CD81ADD93077FFE30F6D27D97608A5D98152148BED70FAE433F3F7ADCA71260045FF5B3E42B5C0A141F68CF0B16E187AE4F646FD10A700812442ACA6F22928CF03F292501D3FB7704306BAB19542DBD7686DFDE98B8E26CAA0E262CDFBDD98452058EB5AD1AE51715F8011C2D9FA6BD46E1D6F0FF9D3936244FDB749AC641C98749AE4F15DA8C9056D33CC2A37A8A7706336E2446B719BE853996C133F5BAD8E94CFFC2F0BE241D

Upvotes: 0

Views: 500

Answers (1)

dave_thompson_085
dave_thompson_085

Reputation: 38771

This is a CMS-formerly-PKCS7 SignedData message defined in rfc5652 et pred with signedattrs. The digest you quote, which is the messagedigest element in signedattrs, is as described in 5.4 the digest of the value part of the OCTET STRING eContent in encapContentInfo, as described in 5.2.

Since you didn't show any code to start from, here's just about the absolute minimum:

#include <stdio.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>

int main (void){
  unsigned char hash[32]; 

  // TEST CODE doesn't check or handle errors; DON'T USE FOR REAL
  BIO *in = BIO_push (BIO_new(BIO_f_base64()), BIO_new_file ("54262612.pem","r"));
  // file's PEM type not understood by PEM_read_PKCS7; rather than fixing
  PKCS7 *outer = d2i_PKCS7_bio (in, NULL); // just bypass it
  // assume signeddata with (nonomitted) content octetstring; should check
  ASN1_OCTET_STRING *cont = outer->d.sign->contents->d.data;

  // assume hash is sha256; should check digestalgs and signerinfo(s)
  EVP_Digest (cont->data, cont->length, hash, NULL, EVP_sha256(), NULL);
  for( int i = 0; i < 32; i++ ) printf ("%02x", hash[i]); putchar ('\n');
  return 0;
}

Upvotes: 1

Related Questions