static long SignVerify(CReader & oReader, tPrivKey & key,
const CByteArray & oCertData, unsigned long ulSignAlgo)
{
CByteArray oData(1000);
for (int i = 0; i < 300; i++)
oData.Append((unsigned char) rand());
long lHashAlgo = sign2hashAlgo(ulSignAlgo);
if (lHashAlgo != -1)
{
CByteArray oSignature;
CHash oHash;
oHash.Init((tHashAlgo) lHashAlgo);
oHash.Update(oData);
if (ulSignAlgo == SIGN_ALGO_RSA_PKCS)
{
// To test SIGN_ALGO_RSA_PKCS, we take as input the SHA1 AID
// plus the SHA1 hash of oData. This way, we can use OpenSSL's
// SHA1 signature verification in VerifySignature().
const unsigned char SHA1_AID[] = {0x30, 0x21, 0x30, 0x09,
0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,0x04, 0x14};
CByteArray oTobeSigned(SHA1_AID, sizeof(SHA1_AID));
oTobeSigned.Append(oHash.GetHash());
oSignature = oReader.Sign(key, ulSignAlgo, oTobeSigned);
}
else
oSignature = oReader.Sign(key, ulSignAlgo, oHash);
bool bVerified = VerifySignature(oData, oSignature, oCertData, ulSignAlgo);
return bVerified ? 0 : 1;
}
else
{
printf(" Signature algo %s can't be tested yet\n", SignAlgo2String(ulSignAlgo));
return 0;
}
}
static CByteArray HashAndSign(CReader & oReader, const tPrivKey & key,
unsigned long signAlgo, const CByteArray & oData)
{
tHashAlgo hashAlgo;
if (signAlgo == SIGN_ALGO_MD5_RSA_PKCS)
hashAlgo = ALGO_MD5;
else if (signAlgo == SIGN_ALGO_SHA1_RSA_PKCS)
hashAlgo = ALGO_SHA1;
else if (signAlgo == SIGN_ALGO_SHA256_RSA_PKCS)
hashAlgo = ALGO_SHA256;
else
{
printf("Unsupport signature algorithm %d, can't sign\n", signAlgo);
return CByteArray();
}
CHash oHash;
oHash.Init(hashAlgo);
oHash.Update(oData);
return oReader.Sign(key, signAlgo, oHash);
}