Procedure

tCryptography.Certsigndata

Module

XuDsigS

Last Modified

7/15/2014 3:26:44 PM

Visibility

Private

Owner

tCryptography

Declaration

procedure Certsigndata;

Calls Hierarchy


tCryptography.Certsigndata
 ├CryptSignMessage
 ├MimeEncodedSize
 ├MimeEncode
 ├tCryptography.CertChainCheck
 │ ├CertCreateCertificateChainEngine
 │ ├Memo
 │ ├tCryptography.RaiseErr
 │ ├CertGetCertificateChain
 │ └SetStatus
 │   └Memo
 ├tCryptography.Release
 │ ├tCryptography.sCardReattach
 │ │ └SCardReconnect
 │ ├CryptMsgClose
 │ ├CertFreeCertificateContext
 │ ├CertCloseStore
 │ ├SCardDisconnect
 │ └SCardReleaseContext
 └tCryptography.CheckSig
   ├CryptMsgOpenToDecode
   ├CryptMsgUpdate
   ├tCryptography.RaiseErr
   ├CryptMsgGetParam
   ├CertOpenStore
   ├CertGetSubjectCertificateFromStore
   ├CertGetNameString
   ├CryptMsgControl
   ├CertVerifyTimeValidity
   └tCryptography.Release...

Called-By Hierarchy


tCryptography.Certsigndata
  tCryptography.SignData┘ 

Calls

Name Declaration Comments
tCryptography.CertChainCheck function CertChainCheck(pCertContext: PCCERT_CONTEXT): boolean; -
tCryptography.CheckSig function CheckSig(pBlob: pointer; Blobsize: DWORD): boolean; -
CryptSignMessage function CryptSignMessage(pSignPara :PCRYPT_SIGN_MESSAGE_PARA; fDetachedSignature :BOOL; cToBeSigned :DWORD; const rgpbToBeSigned : PBYTE; rgcbToBeSigned : PDWORD; pbSignedBlob :PBYTE; pcbSignedBlob :PDWORD):BOOL ; stdcall; -
MimeEncode procedure MimeEncode(var InputBuffer; const InputByteCount: Cardinal; var OutputBuffer); -
MimeEncodedSize function MimeEncodedSize(const I: Cardinal): Cardinal; -
tCryptography.Release procedure Release; -

Called-By

Name Declaration Comments
tCryptography.SignData function SignData: boolean; -


Source

873   procedure tCryptography.CertSignData;
874   var
875     LastErr: DWORD;
876     pbEncodedBlob: array of byte;
877     cbEncodedBlob: DWORD;
878     cbContent: DWORD;
879     rgpbToBeSigned: array [0..0] of PByte;
880     rgcbToBeSigned: array [0..0] of PDWORD;
881     Encodedsize: integer;
882     str: string;
883   begin
884     SignMsgParam.cbSize := sizeof(SignMsgParam);
885     //zero out the stuff we don't use in the CRYPT_SIGN_MESSAGE_PARA
886     SignMsgParam.pvHashAuxInfo := nil;
887     SignMsgParam.cMsgCert := 0;
888     SignMsgParam.rgpMsgCert := nil;
889     SignMsgParam.cMsgCrl := 0;
890     SignMsgParam.rgpMsgCrl := nil;
891     SignMsgParam.cAuthAttr := 0;
892     SignMsgParam.rgAuthAttr := nil;
893     SignMsgParam.cUnauthAttr := 0;
894     SignMsgParam.rgUnauthAttr := nil;
895     SignMsgParam.dwFlags := 0;
896     //Now for the parameters we want to use
897     SignMsgParam.dwInnerContentType := 0;
898     SignMsgParam.pSigningCert := pCertContext;
899     SignMsgParam.dwMsgEncodingType := c_ENCODING_TYPE;
900     SignMsgParam.HashAlgorithm.pszObjId := szOID_RSA_SHA1RSA; //szOID_RSA_SHA256RSA; //szOID_RSA_SHA1RSA; //szOID_RSA_MD2;
901     //Include the Signing Cert
902     SignMsgParam.cMsgCert := 1;
903     SignMsgParam.rgpMsgCert := @pCertContext;
904     //And now the data to be signed (the hash in this case)
905     cbContent := length(fHashValue);
906     rgpbToBeSigned[0] := @fHashValue;
907     rgcbToBeSigned[0] := @cbContent;
908     cbEncodedBlob := 0;
909     cbEncodedBlob := 4096;  //Fixed size normal Sig is < 2K
910     setlength(pbEncodedBlob, cbEncodedBlob + 1);
911     // We set detachedsignature to false because we did
912     // the hash ourselfs
913     if not CryptSignMessage(@SignMsgParam,
914                     False,  //DetachedSignature
915                     1,
916                     rgpbToBeSigned[0],  //rgpbToBeSigned,
917                     rgcbToBeSigned[0],  //rgcbToBeSigned,
918                     pointer(pbEncodedBlob),     //Pointer to return Blob
919                     @cbEncodedBlob) then
920     begin
921       SigningStatus := false;
922       TrackingMsg.Add('Returned from CryptSignMessage with failure');
923       LastErr := GetLastError;
924       Reason := '89802010^Signature Error - ' + SysErrorMessage(LastErr);
925       TrackingMsg.Add(Reason);
926     end;
927     if SigningStatus then
928     begin   //1
929       //Try and use Base64 encoding
930       //Get the size of the Encoded string
931       EncodedSize := MimeEncodedSize(cbEncodedBlob);
932       str := '';
933       //Set the size of the string
934       SetLength(str, EncodedSize);
935       //Now to do the encodeing
936       MimeEncode(PChar(pbEncodedBlob)^, cbEncodedBlob, PChar(str)^);
937       fSignatureStr := str;
938       //Lets check the Cert Chain
939       TrackingMsg.Add('Going to CertChainCheck');
940       CertChainCheck(pCertContext);
941       TrackingMsg.Add('Returned from CertChainCheck');
942     end; //if 1
943     //Release the CertContext and CertStore
944     Release;
945   
946     //Test if we can load the signature back in
947     if SigningStatus then
948       if not CheckSig(pointer(pbEncodedBlob),cbEncodedBlob) then
949       begin
950         TrackingMsg.Add('CheckSig (checking can load signature back) failed');
951         SigningStatus := false;
952         Reason := '89802009^Signature Check failed';
953       end;
954   end;