CByteArray CPkiCard::Sign(const tPrivKey & key, const tPin & Pin,
unsigned long algo, CHash & oHash)
{
CByteArray oHashResult = oHash.GetHash();
return Sign(key, Pin, algo, oHashResult);
}
static long SignVerify(CReader & oReader, tPrivKey & key,
const CByteArray & oCertData, unsigned long ulSignAlgo)
{
CByteArray oData(1000);
for (int i = 0; i < 300; i++)
oData.Append((unsigned char) rand());
long lHashAlgo = sign2hashAlgo(ulSignAlgo);
if (lHashAlgo != -1)
{
CByteArray oSignature;
CHash oHash;
oHash.Init((tHashAlgo) lHashAlgo);
oHash.Update(oData);
if (ulSignAlgo == SIGN_ALGO_RSA_PKCS)
{
// To test SIGN_ALGO_RSA_PKCS, we take as input the SHA1 AID
// plus the SHA1 hash of oData. This way, we can use OpenSSL's
// SHA1 signature verification in VerifySignature().
const unsigned char SHA1_AID[] = {0x30, 0x21, 0x30, 0x09,
0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,0x04, 0x14};
CByteArray oTobeSigned(SHA1_AID, sizeof(SHA1_AID));
oTobeSigned.Append(oHash.GetHash());
oSignature = oReader.Sign(key, ulSignAlgo, oTobeSigned);
}
else
oSignature = oReader.Sign(key, ulSignAlgo, oHash);
bool bVerified = VerifySignature(oData, oSignature, oCertData, ulSignAlgo);
return bVerified ? 0 : 1;
}
else
{
printf(" Signature algo %s can't be tested yet\n", SignAlgo2String(ulSignAlgo));
return 0;
}
}
CByteArray CReader::Sign(const tPrivKey & key, unsigned long algo,
CHash & oHash)
{
if (m_poCard == NULL)
throw CMWEXCEPTION(EIDMW_ERR_NO_CARD);
unsigned long ulSupportedAlgos = m_poCard->GetSupportedAlgorithms();
if ((algo & ulSupportedAlgos & SIGN_ALGO_MD5_RSA_PKCS) ||
(algo & ulSupportedAlgos & SIGN_ALGO_SHA1_RSA_PKCS) ||
(algo & ulSupportedAlgos & SIGN_ALGO_SHA256_RSA_PKCS) ||
(algo & ulSupportedAlgos & SIGN_ALGO_SHA384_RSA_PKCS) ||
(algo & ulSupportedAlgos & SIGN_ALGO_SHA512_RSA_PKCS) ||
(algo & ulSupportedAlgos & SIGN_ALGO_RIPEMD160_RSA_PKCS))
{
return m_poCard->Sign(key, GetPinByID(key.ulAuthID), algo, oHash);
}
else
{
CByteArray oHashResult = oHash.GetHash();
return Sign(key, algo, oHashResult);
}
}