测试签名和验签。

libdrv/hash.h

@@ -7,6 +7,13 @@
 EXTERN_C_START
 
 
+BOOL WINAPI CngHashData(_In_z_ LPCWSTR pszAlgId,
+                        _In_reads_bytes_(DataSize) PUCHAR Data,
+                        _In_ ULONG DataSize,
+                        _Out_writes_bytes_all_(*HashSize) PUCHAR * Hash,
+                        _In_ ULONG * HashSize
+);
+
 BOOL HashFile(_In_ PFLT_FILTER Filter,
               __in_opt PFLT_INSTANCE Instance,
               _In_ PUNICODE_STRING FileName,

libdrv/signature.cpp

@@ -1 +1,88 @@
 #include "signature.h"
+#include "hash.h"
+
+
+NTSTATUS WINAPI EcdsaSignHash(_In_reads_bytes_(PrivateKeyLen) PUCHAR PrivateKey,
+                              _In_ ULONG PrivateKeyLen,
+                              _In_reads_bytes_(DataSize) PUCHAR Data,
+                              _In_ ULONG DataSize,
+                              _Out_writes_bytes_all_(*SignSize) PUCHAR * Sign,
+                              _In_ ULONG * SignSize
+)
+{
+    PUCHAR Hash = nullptr;
+    ULONG HashSize = 0;
+    BOOL ret = CngHashData(BCRYPT_SHA1_ALGORITHM, Data, DataSize, &Hash, &HashSize);
+    ASSERT(ret);
+
+    NTSTATUS                status = STATUS_UNSUCCESSFUL;
+    BCRYPT_ALG_HANDLE       hSignAlg = NULL;
+    status = BCryptOpenAlgorithmProvider(&hSignAlg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0);
+    ASSERT(NT_SUCCESS(status));
+
+    BCRYPT_KEY_HANDLE hPrivateKey = NULL;
+    status = BCryptImportKeyPair(hSignAlg,
+                                 NULL,
+                                 BCRYPT_ECCPRIVATE_BLOB,
+                                 &hPrivateKey,
+                                 PrivateKey,
+                                 PrivateKeyLen,
+                                 BCRYPT_NO_KEY_VALIDATION);
+    ASSERT(NT_SUCCESS(status));
+
+    status = BCryptSignHash(hPrivateKey, NULL, Hash, HashSize, NULL, 0, SignSize, 0);
+    ASSERT(NT_SUCCESS(status));
+
+    *Sign = (PUCHAR)ExAllocatePoolWithTag(NonPagedPool, *SignSize, TAG);
+    ASSERT(*Sign);
+
+    ULONG Result = 0;
+    status = BCryptSignHash(hPrivateKey, NULL, Hash, HashSize, *Sign, *SignSize, &Result, 0);
+    ASSERT(NT_SUCCESS(status));
+
+    BCryptCloseAlgorithmProvider(hSignAlg, 0);
+    BCryptDestroyKey(hPrivateKey);
+
+    return status;
+}
+
+
+BOOL WINAPI EcdsaVerifySignature(_In_reads_bytes_(PublicKeyLen) PUCHAR PublicKey,
+                                 _In_ ULONG PublicKeyLen,
+                                 _In_reads_bytes_(DataSize) PUCHAR Data,
+                                 _In_ ULONG DataSize,
+                                 _Out_writes_bytes_all_(SignSize) PUCHAR Sign,
+                                 _In_ ULONG SignSize
+)
+{
+    PUCHAR Hash = nullptr;
+    ULONG HashSize = 0;
+    BOOL IsVerify = FALSE;
+    BOOL ret = CngHashData(BCRYPT_SHA1_ALGORITHM, Data, DataSize, &Hash, &HashSize);
+    ASSERT(ret);
+
+    NTSTATUS                status = STATUS_UNSUCCESSFUL;
+    BCRYPT_ALG_HANDLE       hSignAlg = NULL;
+    status = BCryptOpenAlgorithmProvider(&hSignAlg, BCRYPT_ECDSA_P256_ALGORITHM, NULL, 0);
+    ASSERT(NT_SUCCESS(status));
+
+    BCRYPT_KEY_HANDLE hPublicKey = NULL;
+    status = BCryptImportKeyPair(hSignAlg,
+                                 NULL,
+                                 BCRYPT_ECCPUBLIC_BLOB,
+                                 &hPublicKey,
+                                 PublicKey,
+                                 PublicKeyLen,
+                                 BCRYPT_NO_KEY_VALIDATION);
+    ASSERT(NT_SUCCESS(status));
+
+    status = BCryptVerifySignature(hPublicKey, NULL, Hash, HashSize, Sign, SignSize, 0);
+    if (NT_SUCCESS(status)) {
+        IsVerify = TRUE;
+    }
+
+    BCryptCloseAlgorithmProvider(hSignAlg, 0);
+    BCryptDestroyKey(hPublicKey);
+
+    return IsVerify;
+}

libdrv/signature.h

@@ -6,7 +6,21 @@
 EXTERN_C_START
 
 
-
+NTSTATUS WINAPI EcdsaSignHash(_In_reads_bytes_(PrivateKeyLen) PUCHAR PrivateKey,
+                            _In_ ULONG PrivateKeyLen,
+                            _In_reads_bytes_(DataSize) PUCHAR Data,
+                            _In_ ULONG DataSize,
+                            _Out_writes_bytes_all_(*SignSize) PUCHAR * Sign,
+                            _In_ ULONG * SignSize
+);
+
+BOOL WINAPI EcdsaVerifySignature(_In_reads_bytes_(PublicKeyLen) PUCHAR PublicKey,
+                               _In_ ULONG PublicKeyLen,
+                               _In_reads_bytes_(DataSize) PUCHAR Data,
+                               _In_ ULONG DataSize,
+                               _Out_writes_bytes_all_(SignSize) PUCHAR Sign,
+                               _In_ ULONG SignSize
+);
 
 
 EXTERN_C_END

test/DriverEntry.cpp

@@ -7,6 +7,7 @@
 #include "c.h"
 #include "pe.h"
 #include "encrypt.h"
+#include "signature.h"
 
 
 //////////////////////////////////////////////////////////////////////////////////////////////////
@@ -56,7 +57,7 @@ EXTERN_C NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_ST
 
     //CreateSystemThreadInIdleProcess();
 
-    TestRsaEncrypt();
+    TestEcdsaSignature();
 
     return Status;
 }

test/signature.cpp

@@ -0,0 +1,93 @@
+#include "pch.h"
+#include "signature.h"
+
+
+void TestEcdsaSignature()
+/*
+功能：签名和验签的测试。
+
+注意：
+1.驱动竟然没有BCRYPT_DSA_ALGORITHM的算法，返回STATUS_NOT_FOUND。
+2.BCRYPT_ECDSA_P256_ALGORITHM倒是在驱动下支持。
+3.
+
+心得：
+1.签名的哈希不能是BCRYPT_SHA256_ALGORITHM，只能是BCRYPT_SHA1_ALGORITHM。
+2.签名的算法不能是BCRYPT_RSA_ALGORITHM和BCRYPT_RSA_SIGN_ALGORITHM。
+3.签名算法测试成功的有BCRYPT_DSA_ALGORITHM（3072和2048失败）和BCRYPT_ECDSA_P256_ALGORITHM。
+
+参考：
+1.https://docs.microsoft.com/zh-cn/windows/win32/seccng/signing-data-with-cng
+2.Windows-classic-samples\Samples\Security\SignHashAndVerifySignature
+3.ProcessHacker
+*/
+{
+    BCRYPT_ALG_HANDLE hAlgorithm = nullptr;
+    LPCWSTR AlgId = BCRYPT_ECDSA_P256_ALGORITHM;
+    LPCWSTR Implementation = nullptr;
+    ULONG   Flags = 0;
+    NTSTATUS NtStatus = BCryptOpenAlgorithmProvider(&hAlgorithm, AlgId, Implementation, Flags);
+    if (STATUS_SUCCESS != NtStatus) {
+        PrintEx(DPFLTR_DEFAULT_ID, DPFLTR_ERROR_LEVEL, "Status:%#x", NtStatus);
+        return;
+    }
+
+    BCRYPT_KEY_HANDLE hKey = nullptr;
+    ULONG   Length = 256;
+    NtStatus = BCryptGenerateKeyPair(hAlgorithm, &hKey, Length, 0);
+    if (STATUS_SUCCESS != NtStatus) {
+        BCryptCloseAlgorithmProvider(hAlgorithm, 0);
+        return;
+    }
+
+    //NtStatus = BCryptSetProperty
+
+    NtStatus = BCryptFinalizeKeyPair(hKey, 0);//这个还是很费时的。
+    ASSERT(STATUS_SUCCESS == NtStatus);
+
+    //////////////////////////////////////////////////////////////////////////////////////////////
+
+    ULONG PrivateKeyLen = 0;
+    NtStatus = BCryptExportKey(hKey, NULL, BCRYPT_ECCPRIVATE_BLOB, NULL, 0, &PrivateKeyLen, 0);
+    ASSERT(STATUS_SUCCESS == NtStatus);
+
+    PBCRYPT_DSA_KEY_BLOB PrivateKey = (PBCRYPT_DSA_KEY_BLOB)ExAllocatePoolWithTag(NonPagedPool, PrivateKeyLen, TAG);
+    ASSERT(PrivateKey);
+
+    NtStatus = BCryptExportKey(hKey, NULL, BCRYPT_ECCPRIVATE_BLOB, (PUCHAR)PrivateKey, PrivateKeyLen, &PrivateKeyLen, 0);
+    ASSERT(STATUS_SUCCESS == NtStatus);
+
+    //////////////////////////////////////////////////////////////////////////////////////////////
+
+    ULONG PublicKeyLen = 0;
+    NtStatus = BCryptExportKey(hKey, NULL, BCRYPT_ECCPUBLIC_BLOB, NULL, 0, &PublicKeyLen, 0);
+    ASSERT(STATUS_SUCCESS == NtStatus);
+
+    PBCRYPT_DSA_KEY_BLOB PublicKey = (PBCRYPT_DSA_KEY_BLOB)ExAllocatePoolWithTag(NonPagedPool, PublicKeyLen, TAG);
+    ASSERT(PublicKey);
+
+    NtStatus = BCryptExportKey(hKey, NULL, BCRYPT_ECCPUBLIC_BLOB, (PUCHAR)PublicKey, PublicKeyLen, &PublicKeyLen, 0);
+    ASSERT(STATUS_SUCCESS == NtStatus);
+
+    //////////////////////////////////////////////////////////////////////////////////////////////
+
+    const char * Data = "test";
+    ULONG DataSize = (ULONG)strlen(Data);
+
+    PUCHAR Sign = nullptr;
+    ULONG SignSize = 0;
+
+    EcdsaSignHash((PUCHAR)PrivateKey, PrivateKeyLen, (PUCHAR)Data, DataSize, &Sign, &SignSize);
+
+    EcdsaVerifySignature((PUCHAR)PublicKey, PublicKeyLen, (PUCHAR)Data, DataSize, Sign, SignSize);
+
+    ExFreePoolWithTag(Sign, TAG);
+
+    //////////////////////////////////////////////////////////////////////////////////////////////
+
+    ExFreePoolWithTag(PublicKey, TAG);
+    ExFreePoolWithTag(PrivateKey, TAG);
+
+    NtStatus = BCryptDestroyKey(hKey);
+    NtStatus = BCryptCloseAlgorithmProvider(hAlgorithm, 0);
+}

test/signature.h

@@ -0,0 +1,8 @@
+#pragma once
+
+class signature
+{
+
+};
+
+void TestEcdsaSignature();

test/test.vcxproj

@@ -212,6 +212,7 @@
     <ClInclude Include="pe.h" />
     <ClInclude Include="ProcessTest.h" />
     <ClInclude Include="RegistryTest.h" />
+    <ClInclude Include="signature.h" />
     <ClInclude Include="SsdtTest.h" />
   </ItemGroup>
   <ItemGroup>
@@ -223,6 +224,7 @@
     <ClCompile Include="pe.cpp" />
     <ClCompile Include="ProcessTest.cpp" />
     <ClCompile Include="RegistryTest.cpp" />
+    <ClCompile Include="signature.cpp" />
     <ClCompile Include="SsdtTest.cpp" />
   </ItemGroup>
   <ItemGroup>

test/test.vcxproj.filters

@@ -54,6 +54,9 @@
     <ClInclude Include="encrypt.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="signature.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="DriverEntry.cpp">
@@ -83,6 +86,9 @@
     <ClCompile Include="encrypt.cpp">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="signature.cpp">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <Text Include="readme.txt" />