示例#1
0
static long SignVerify(CReader & oReader, tPrivKey & key,
	const CByteArray & oCertData, unsigned long ulSignAlgo)
{
	CByteArray oData(1000);
	for (int i = 0; i < 300; i++)
		oData.Append((unsigned char) rand());

	long lHashAlgo = sign2hashAlgo(ulSignAlgo);

	if (lHashAlgo != -1)
	{
		CByteArray oSignature;
	
		CHash oHash;
		oHash.Init((tHashAlgo) lHashAlgo);
		oHash.Update(oData);

		if (ulSignAlgo == SIGN_ALGO_RSA_PKCS)
		{
			// To test SIGN_ALGO_RSA_PKCS, we take as input the SHA1 AID
			// plus the SHA1 hash of oData. This way, we can use OpenSSL's
			// SHA1 signature verification in VerifySignature().
			const unsigned char SHA1_AID[] = {0x30, 0x21, 0x30, 0x09,
				0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00,0x04, 0x14};
			CByteArray oTobeSigned(SHA1_AID, sizeof(SHA1_AID));
			oTobeSigned.Append(oHash.GetHash());
			oSignature = oReader.Sign(key, ulSignAlgo, oTobeSigned);
		}
		else
			oSignature = oReader.Sign(key, ulSignAlgo, oHash);

		bool bVerified = VerifySignature(oData, oSignature, oCertData, ulSignAlgo);

		return bVerified ? 0 : 1;
	}
	else
	{
		printf("      Signature algo %s can't be tested yet\n", SignAlgo2String(ulSignAlgo));
		return 0;
	}
}
示例#2
0
static CByteArray HashAndSign(CReader & oReader, const tPrivKey & key,
	unsigned long signAlgo, const CByteArray & oData)
{
	tHashAlgo hashAlgo;
	if (signAlgo == SIGN_ALGO_MD5_RSA_PKCS)
		hashAlgo = ALGO_MD5;
	else if (signAlgo == SIGN_ALGO_SHA1_RSA_PKCS)
		hashAlgo = ALGO_SHA1;
	else if (signAlgo == SIGN_ALGO_SHA256_RSA_PKCS)
		hashAlgo = ALGO_SHA256;
	else
	{
		printf("Unsupport signature algorithm %d, can't sign\n", signAlgo);
		return CByteArray();
	}

	CHash oHash;
	oHash.Init(hashAlgo);
	oHash.Update(oData);

	return oReader.Sign(key, signAlgo, oHash);
}