#include <wincrypt.h>
void MSCrptAPIGenFileSignatue_byFileHash(CONST PBYTE pbyFileHashData,
CONST DWORD dwHashDataSize,)
{
//Signature method1: Sign Hash Data
DWORD dwProvType = PROV_RSA_AES;
//#define CALG_SHA_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
//#define ALG_SID_SHA_256 12
ALG_ID hashAlgo = ALG_CLASS_HASH | ALG_TYPE_ANY | 12;//CALG_SHA_256 compile error ??????????
if (AlgorithmType_SHA1 == emAlgorithmType)
{
dwProvType = PROV_RSA_FULL;
hashAlgo = CALG_SHA1;
}
if( !CryptAcquireContextA( &hProv, "SAIO_CERT", NULL, dwProvType, 0) )
{
if( !CryptAcquireContextA( &hProv, "SAIO_CERT", NULL,dwProvType, CRYPT_NEWKEYSET))
{
dwRet = ERR_HSM_SIGN_DATA;
goto END;
}
}
WriteBufferToFile("HashData.bin", pbyFileHashData, dwHashDataSize);
//ReverseBuffer(pbyFileHashData, dwHashDataSize);
//WriteBufferToFile("HashData2.bin", pbyFileHashData, dwHashDataSize);
if (!CryptCreateHash(hProv, hashAlgo, 0, 0, &hHash))
{
dwRet = ERR_HSM_SIGN_DATA;
goto END;
}
if (!CryptSetHashParam(hHash, HP_HASHVAL, pbyFileHashData, 0))
{
dwRet = ERR_HSM_SIGN_DATA;
goto END;
}
BYTE byTempPrivateKeyBuffer[PRIVATE_KEY_4096_SIZE] = {0};
DWORD dwPrivteSize = sizeof(byTempPrivateKeyBuffer);
string strPrvKeyFileName = "..\\Data\\Sign\\Input\\";
strPrvKeyFileName += lpHSMKeyName;
//Read private key buffer from file
ReadBufferFromFile(strPrvKeyFileName.c_str(), byTempPrivateKeyBuffer, &dwPrivteSize);
if (!CryptImportKey(hProv, byTempPrivateKeyBuffer, dwPrivteSize, 0, 0, &hKey))
{
dwRet = ERR_HSM_SIGN_DATA;
goto END;
}
if (!CryptSignHash(hHash, AT_SIGNATURE, NULL, NULL, NULL, pdwSignatureDataSize))
{
dwRet = ERR_HSM_SIGN_DATA;
goto END;
}
if (!CryptSignHash(hHash, AT_SIGNATURE, NULL, NULL, pbySignatureData, pdwSignatureDataSize))
{
dwRet = ERR_HSM_SIGN_DATA;
goto END;
}
ReverseBuffer(pbySignatureData, *pdwSignatureDataSize);
WriteBufferToFile("File_Data.sign", pbySignatureData, *pdwSignatureDataSize);
}
void MSCrptAPIGenFileSignatue_byFile()
{
BOOL bRet = FALSE;
HCRYPTPROV hProv = 0;
HCRYPTHASH hHash = 0;
HCRYPTKEY hKey = 0;
HANDLE hFile = NULL;
DWORD dwFileSize = 0, len;
BYTE byTempBuf[2049] = {0};
hFile = CreateFile(lpszCataFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
if (INVALID_HANDLE_VALUE == hFile)
{
return FALSE;
}
DWORD dwProvType = PROV_RSA_AES;
ALG_ID hashAlgo = CALG_SHA_256;
if (AlgorithmType_SHA1 == emAlAlgorithmType)
{
dwProvType = PROV_RSA_FULL;
hashAlgo = CALG_SHA1;
}
if (!CryptAcquireContext(&hProv, SAIO_CSP, NULL, dwProvType, 0))
{
if (GetLastError() == NTE_BAD_KEYSET)
{
if(!CryptAcquireContext(&hProv,SAIO_CSP,NULL, PROV_RSA_FULL, CRYPT_NEWKEYSET))
{
goto HashExit;
}
}
}
//
// Create a hash object.
//
DWORD dwError = 0;
if ( !CryptCreateHash(hProv, hashAlgo ,0 ,0 ,&hHash))
{
dwError = GetLastError();
goto HashExit;
}
dwFileSize = GetFileSize(hFile, NULL);
while(dwFileSize != 0)
{
bRet = ReadFile(hFile, byTempBuf, 2048, &len, NULL);
//
// Check for end of file.
//
if (bRet && len==0)
{
break;
}
CryptHashData(hHash, byTempBuf, len, 0);
dwFileSize -= len;
}
if (hFile != NULL)
{
CloseHandle(hFile);
}
//----------------------------------------------------------------
// 4. Import Private Key to CSP.
// The return hKey is not used here.
dwRet = ImportCryptKey(hProv, m_cPrivateKeyBuffer.GetBuffer(), m_cPrivateKeyBuffer.GetLength(), &hKey);
if (dwRet != ERR_OK)
{
goto END;
}
//----------------------------------------------------------------
// 5. Sign hash and then write the signed hash (digital signature)
// to Certificate buffer (Cert)
//
// Here we sign hash instead of data (cTempBuf).
// Because all signature algorithms are asymmetric and thus slow,
// the CryptoAPI does not allow data to be signed directly.
// Instead, data is first hashed and CryptSignHash is used to sign the hash.
dwBufferLen = 0;
if (!CryptSignHash(hHash, AT_SIGNATURE, NULL, 0, NULL, &dwBufferLen))
{
dwRet = ERR_SIGN_HASH;
goto HashExit;
}
if (!CryptSignHash(hHash, AT_SIGNATURE,NULL, 0, m_cSaioCert.sign, &dwBufferLen))
{
dwRet = ERR_SIGN_HASH;
goto HashExit;
}
if (dwBufferLen > MAX_SIGN_LEN)
{
dwRet = ERR_SIGN_HASH;
goto HashExit;
}
HashExit:
if (hKey != NULL)
{
CryptDestroyKey(hKey);
}
if (hHash != NULL)
{
CryptDestroyHash(hHash);
}
if (hProv != NULL)
{
CryptReleaseContext(hProv, 0);
}
return bRet;
}
[MS Crypt API][原]计算文件签名
最新推荐文章于 2019-02-13 11:45:28 发布