Openssl 什么数据用于计算此asn.1消息的sha256消息摘要？

给定以下asn.1消息，如何计算sha256消息摘要“8798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A”？我意识到这是一些数据的32字节散列。哪些特定数据用于计算散列？这是一份tr34文件。使用openssl，只要使用来自消息的相同数据块，我就应该能够得到相同的哈希值

-----BEGIN TR34_Sample_UBT_KDH PEM File-----
MIIEPAYJKoZIhvcNAQcCoIIELTCCBCkCAQExDTALBglghkgBZQMEAgEwWwYJKoZI
hvcNAQcBoE4ETDBKMEExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxUUjM0IFNhbXBs
ZXMxGzAZBgNVBAMTElRSMzQgU2FtcGxlIENBIEtSRAIFNAAAAAehggHYMIIB1DCB
vQIBATANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVFIz
NCBTYW1wbGVzMRswGQYDVQQDExJUUjM0IFNhbXBsZSBDQSBLREgXDTEwMTEwMjE3
MzMzMFoXDTEwMTIwMjE3MzMzMFowSDAWAgU0AAAACBcNMTAxMTAyMTcyODEzWjAW
AgU0AAAAChcNMTAxMTAyMTczMTQ2WjAWAgU0AAAACxcNMTAxMTAyMTczMzI1WjAN
BgkqhkiG9w0BAQsFAAOCAQEANvBqPIisvPqfjjsIUO7gmpz3tbKRiG5RDTSf5fBc
G9t9nznk6mUIgo8u0+55Y8hYdFJ5XDlGKwYNW5csmnte+JChk8VyJdHIjVbu0dA/
fpp1hw1gTRXgEv/XuFBupLoU57UQGMFtjZ77asXFFWhrE04WsdZ/Hov0PI/JpguW
FK3M6a9pwnqUU9QmNE9rFEUO5YOCFHQeq/f4fxUqkxn62e07SBoRPAM2PSmt0C4w
MTopOvwYe3JSmPsUxdmXlnhaJswZzwfCvJojuPb27hmgB5BPS/Yy3P3n8oJfMS/m
KOPQxxzVC7CO5ATipfARoLWrTyphJ14lAJ2uAGYO/zLWwzGCAdowggHWAgEBMEow
QTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDFRSMzQgU2FtcGxlczEbMBkGA1UEAxMS
VFIzNCBTYW1wbGUgQ0EgS0RIAgU0AAAABjALBglghkgBZQMEAgGgZTAYBgkqhkiG
9w0BCQMxCwYJKoZIhvcNAQcBMBgGCiqGSIb3DQEJGQMxCgQIfeocAIlOJGowLwYJ
KoZIhvcNAQkEMSIEIIeYFo5vfzEY7ehSK2M237Vs/fldtwY8tyMO8AtNZm0aMA0G
CSqGSIb3DQEBAQUABIIBAE80v8n2d8D3kBFwR7HqYM/TMltuf10kfDrB8LYMqLLp
JXOhQctjYBetCTDQ0kK75szZyaapV1cjmowsmfwejK6IrS1qtueiVsjFLmqROECz
QiqSdSZ/iPZ82Brdkwd//jD20n2XYIpdmBUhSL7XD65DPz963KcSYARf9bPkK1wK
FB9ozwsW4YeuT2Rv0QpwCBJEKspvIpKM8D8pJQHT+3cEMGurGVQtvXaG396YuOJs
qg4mLN+92YRSBY61rRrlFxX4ARwtn6a9RuHW8P+dOTYkT9t0msZByYdJrk8V2oyQ
VtM8wqN6incGM24kRrcZvoU5lsEz9brY6Uz/wvC+JB0=
-----END TR34_Sample_UBT_KDH PEM File-----

以下是另一种形式的信息：

3082043C06092A864886F70D010702A082042D30820429020101310D300B0609608648016503040201305B06092A864886F70D010701A04E044C304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B524402053400000007A18201D8308201D43081BD020101300D06092A864886F70D01010B05003041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B4448170D3130313130323137333333305A170D3130313230323137333333305A3048301602053400000008170D3130313130323137323831335A30160205340000000A170D3130313130323137333134365A30160205340000000B170D3130313130323137333332355A300D06092A864886F70D01010B0500038201010036F06A3C88ACBCFA9F8E3B0850EEE09A9CF7B5B291886E510D349FE5F05C1BDB7D9F39E4EA6508828F2ED3EE7963C8587452795C39462B060D5B972C9A7B5EF890A193C57225D1C88D56EED1D03F7E9A75870D604D15E012FFD7B8506EA4BA14E7B51018C16D8D9EFB6AC5C515686B134E16B1D67F1E8BF43C8FC9A60B9614ADCCE9AF69C27A9453D426344F6B14450EE5838214741EABF7F87F152A9319FAD9ED3B481A113C03363D29ADD02E30313A293AFC187B725298FB14C5D99796785A26CC19CF07C2BC9A23B8F6F6EE19A007904F4BF632DCFDE7F2825F312FE628E3D0C71CD50BB08EE404E2A5F011A0B5AB4F2A61275E25009DAE00660EFF32D6C3318201DA308201D6020101304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B301906035504031312545233342053616D706C65204341204B444802053400000006300B0609608648016503040201A065301806092A864886F70D010903310B06092A864886F70D0107013018060A2A864886F70D01091903310A04087DEA1C00894E246A302F06092A864886F70D010904312204208798168E6F7F3118EDE8522B6336DFB56CFDF95DB7063CB7230EF00B4D666D1A300D06092A864886F70D0101010500048201004F34BFC9F677C0F790117047B1EA60CFD3325B6E7F5D247C3AC1F0B60CA8B2E92573A141CB636017AD0930D0D242BBE6CCD9C9A6A95757239A8C2C99FC1E8CAE88AD2D6AB6E7A256C8C52E6A913840B3422A9275267F88F67CD81ADD93077FFE30F6D27D97608A5D98152148BED70FAE433F3F7ADCA71260045FF5B3E42B5C0A141F68CF0B16E187AE4F646FD10A700812442ACA6F22928CF03F292501D3FB7704306BAB19542DBD7686DFDE98B8E26CAA0E262CDFBDD98452058EB5AD1AE51715F8011C2D9FA6BD46E1D6F0FF9D3936244FDB749AC641C98749AE4F15DA8C9056D33CC2A37A8A7706336E2446B719BE853996C133F5BAD8E94CFFC2F0BE241D

---

这是带有signedattrs的CMS-PKCS7 SignedData消息。您引用的摘要是signedattrs中的messagedigest元素，如5.4所述。encapContentInfo中八位字符串eContent的值部分摘要如5.2所述

因为您没有显示任何代码开始，这里是绝对最小值：

#include <stdio.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>

int main (void){
  unsigned char hash[32]; 

  // TEST CODE doesn't check or handle errors; DON'T USE FOR REAL
  BIO *in = BIO_push (BIO_new(BIO_f_base64()), BIO_new_file ("54262612.pem","r"));
  // file's PEM type not understood by PEM_read_PKCS7; rather than fixing
  PKCS7 *outer = d2i_PKCS7_bio (in, NULL); // just bypass it
  // assume signeddata with (nonomitted) content octetstring; should check
  ASN1_OCTET_STRING *cont = outer->d.sign->contents->d.data;

  // assume hash is sha256; should check digestalgs and signerinfo(s)
  EVP_Digest (cont->data, cont->length, hash, NULL, EVP_sha256(), NULL);
  for( int i = 0; i < 32; i++ ) printf ("%02x", hash[i]); putchar ('\n');
  return 0;
}

#包括
#包括
#包括
#包括
内部主（空）{
无符号字符散列[32]；
//测试代码不检查或处理错误；不用于实际测试
BIO*in=BIO_push（BIO_new（BIO_f_base64（）），BIO_new_文件（“54262612.pem”，“r”）；
//PEM_read_PKCS7不理解文件的PEM类型，而不是修复
PKCS7*outer=d2i_PKCS7_bio（in，NULL）；//只需绕过它
//假设signeddata具有（未省略）内容octetstring；应检查
ASN1\u八位字节\u字符串*cont=outer->d.sign->contents->d.data；
//假设哈希为sha256；应检查摘要和签名信息
EVP_摘要（cont->data，cont->length，hash，NULL，EVP_sha256（），NULL）；
对于（inti=0；i<32；i++）printf（“%02x”，hash[i]）；putchar（'\n'）；
返回0；
}

感谢您的回复。我应该提供一个代码示例。C不是我的强项语言。我会尽量让它编译和测试。这里是php:$hex=hex2bin（$data）$r=strtoupper（散列（$v，$hex，false））；我在找$DATA的价值谢谢！c程序工作并计算相同的散列。我能够看到足够多的数据，从原始字符串中提取出来。以下是散列中使用的数据：304A3041310B300906035504061302555331153013060355040A130C545233342053616D706C6573311B30190603550403131254523342053616D706C6520441204B5240205340000007后续。。。你能告诉我消息底部的签名是用什么数据生成的吗？我有公钥，但我似乎无法验证它，因为我不知道使用了什么数据；这是对SignedAttr及其“自然”标记集的重新编码，而不是实际消息中的CONTEXT-0标记。顺便说一句，如果你想完全验证消息，你应该将摘要和内容类型与SignedAttr匹配，验证cert下SignedAttr的签名，并验证cert，所有这些PHP crypto都可以为你做，只要它是一个文件和SMIME格式（这是一个小的调整）。再次更正。我用一组31xx的标记对CONTEXT-0标记进行了重新编码，并立即用公钥对其进行了验证。我在复习第五节，谢谢！