static VALUE ossl_pkcs7_set_cipher(VALUE self, VALUE cipher) { PKCS7 *pkcs7; GetPKCS7(self, pkcs7); if (!PKCS7_set_cipher(pkcs7, GetCipherPtr(cipher))) { ossl_raise(ePKCS7Error, NULL); } return cipher; }
int PKI_X509_PKCS7_set_cipher ( PKI_X509_PKCS7 *p7, PKI_CIPHER *cipher ) { int type; if( !p7 || !p7->value || !cipher ) return ( PKI_ERR ); type = PKI_X509_PKCS7_get_type ( p7 ); switch ( type ) { case PKI_X509_PKCS7_TYPE_ENCRYPTED: case PKI_X509_PKCS7_TYPE_SIGNEDANDENCRYPTED: break; default: return PKI_ERR; } if(!PKCS7_set_cipher(p7->value, cipher)) { PKI_log_debug("PKI_X509_PKCS7_set_cipher()::Error setting Cipher " "[%s]", ERR_error_string(ERR_get_error(), NULL)); return ( PKI_ERR ); } return PKI_OK; }
char* sign_and_encrypt(const char *data, RSA *rsa, X509 *x509, X509 *PPx509, int verbose) /* sign and encrypt button data for safe delivery to paypal */ { char *ret = NULL; EVP_PKEY *pkey; PKCS7 *p7 = NULL; BIO *p7bio = NULL; BIO *bio = NULL; PKCS7_SIGNER_INFO* si; int len; char *str; pkey = EVP_PKEY_new(); if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) { fprintf(stderr,"Fatal Error: Unable to create EVP_KEY from RSA key\n");fflush(stderr); goto end; } else if (verbose) { printf("Successfully created EVP_KEY from RSA key\n"); } /* Create a signed and enveloped PKCS7 */ p7 = PKCS7_new(); PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped); si = PKCS7_add_signature(p7, x509, pkey, EVP_sha1()); if (si) { if (PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)) <= 0) { fprintf(stderr,"Fatal Error: Unable to add signed attribute to certificate\n"); fprintf(stderr,"OpenSSL Error: %s\n", ERR_error_string(ERR_get_error(), NULL)); fflush(stderr); goto end; } else if (verbose) { printf("Successfully added signed attribute to certificate\n"); } } else { fprintf(stderr,"Fatal Error: Failed to sign PKCS7\n");fflush(stderr); goto end; } /* Encryption */ if (PKCS7_set_cipher(p7, EVP_des_ede3_cbc()) <= 0) { fprintf(stderr,"Fatal Error: Failed to set encryption algorithm\n"); fprintf(stderr,"OpenSSL Error: %s\n", ERR_error_string(ERR_get_error(), NULL)); fflush(stderr); goto end; } else if (verbose) { printf("Successfully added encryption algorithm\n"); } if (PKCS7_add_recipient(p7, PPx509) <= 0) { fprintf(stderr,"Fatal Error: Failed to add PKCS7 recipient\n"); fprintf(stderr,"OpenSSL Error: %s\n", ERR_error_string(ERR_get_error(), NULL)); fflush(stderr); goto end; } else if (verbose) { printf("Successfully added recipient\n"); } if (PKCS7_add_certificate(p7, x509) <= 0) { fprintf(stderr,"Fatal Error: Failed to add PKCS7 certificate\n"); fprintf(stderr,"OpenSSL Error: %s\n", ERR_error_string(ERR_get_error(), NULL)); fflush(stderr); goto end; } else if (verbose) { printf("Successfully added certificate\n"); } p7bio = PKCS7_dataInit(p7, NULL); if (!p7bio) { fprintf(stderr,"OpenSSL Error: %s\n", ERR_error_string(ERR_get_error(), NULL)); fflush(stderr); goto end; } /* Pump data to special PKCS7 BIO. This encrypts and signs it. */ BIO_write(p7bio, data, strlen(data)); BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio); /* Write PEM encoded PKCS7 */ bio = BIO_new(BIO_s_mem()); if (!bio || (PEM_write_bio_PKCS7(bio, p7) == 0)) { fprintf(stderr,"Fatal Error: Failed to create PKCS7 PEM\n");fflush(stderr); } else if (verbose) { printf("Successfully created PKCS7 PEM\n"); } BIO_flush(bio); len = BIO_get_mem_data(bio, &str); ret = malloc(sizeof(char)*(len+1)); memcpy(ret, str, len); ret[len] = 0; end: /* Free everything */ if (bio) BIO_free_all(bio); if (p7bio) BIO_free_all(p7bio); if (p7) PKCS7_free(p7); if (pkey) EVP_PKEY_free(pkey); return ret; }
int main(int argc, char* argv[]) { PKCS7 *p7, *innerp7; FILE *fp = NULL; EVP_PKEY *pkey = NULL; PKCS7_SIGNER_INFO *p7i; PKCS7_RECIP_INFO *pri; BIO *mybio, *inbio; X509 *user; X509_ALGOR *md; int ret, len; unsigned char data[2048], *p, *buf; unsigned char* greet = "hello openssl"; unsigned long errorno; unsigned char* errordesc; OpenSSL_add_all_algorithms(); //必须要显式进行调用 inbio = BIO_new(BIO_s_mem()); ret = BIO_write(inbio, greet, strlen(greet)); p7 = PKCS7_new(); ret = PKCS7_set_type(p7, NID_pkcs7_signedAndEnveloped); //加载用户证书 fp = fopen("mycert4p12.cer", "rb"); if(fp == NULL) return 0; len = fread(data, 1, 1024, fp); fclose(fp); p = data; user = d2i_X509(NULL, (const unsigned char**)&p, len); ret = PKCS7_add_certificate(p7, user); pri = PKCS7_add_recipient(p7, user); //读取私钥 fp = fopen("myprivkey.pem", "rb"); if(fp == NULL) return 0; len = fread(data, 1, 1024, fp); fclose(fp); p = data; pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&p, len); //第一个用户增加SignerInfo到列表中 p7i = PKCS7_add_signature(p7, user, pkey, EVP_md5()); //加载用户证书 fp = fopen("user2.cer", "rb"); if(fp == NULL) return 0; len = fread(data, 1, 1024, fp); fclose(fp); p = data; user = d2i_X509(NULL, (const unsigned char**)&p, len); ret = PKCS7_add_certificate(p7, user); pri = PKCS7_add_recipient(p7, user); //读取私钥 fp = fopen("user2_privatekey.pem", "rb"); if(fp == NULL) return 0; len = fread(data, 1, 1024, fp); fclose(fp); p = data; pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&p, len); //第二个签名者增加到SignerInfo列表中 p7i = PKCS7_add_signature(p7, user, pkey, EVP_md5()); ret = PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); ret = PKCS7_final(p7, inbio, 0); //制作数字信封 len = i2d_PKCS7(p7, NULL); p = buf = malloc(len); len = i2d_PKCS7(p7, &p); printf("in i2d len = %d\n", len); fp = fopen("p7signandenv.cer", "wb"); fwrite(buf, len, 1, fp); fclose(fp); PKCS7_free(p7); }