Verify given signature validity

WE2-818 Signed-off-by: Raul Metsma <[email protected]>
web-eid · Apr 29, 2024 · 212ddea · 212ddea
1 parent 083c77e
commit 212ddea
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 10 deletions.
diff --git a/lib/libelectronic-id b/lib/libelectronic-id
diff --git a/src/controller/command-handlers/authenticate.cpp b/src/controller/command-handlers/authenticate.cpp
@@ -55,8 +55,9 @@ QVariantMap createAuthenticationToken(const QString& signatureAlgorithm,
     };
 }
 
-QByteArray createSignature(const QString& origin, const QString& challengeNonce,
-                           const ElectronicID& eid, const pcsc_cpp::byte_vector& pin)
+QByteArray createSignature(const QString& origin, const QByteArray& cert,
+                           const QString& challengeNonce, const ElectronicID& eid,
+                           const pcsc_cpp::byte_vector& pin)
 {
     static const std::map<JsonWebSignatureAlgorithm, QCryptographicHash::Algorithm>
         SIGNATURE_ALGO_TO_HASH {
@@ -85,7 +86,7 @@ QByteArray createSignature(const QString& origin, const QString& challengeNonce,
     const pcsc_cpp::byte_vector hashToBeSigned {hashToBeSignedQBytearray.cbegin(),
                                                 hashToBeSignedQBytearray.cend()};
 
-    const auto signature = eid.signWithAuthKey(pin, hashToBeSigned);
+    const auto signature = eid.signWithAuthKey({cert.cbegin(), cert.cend()}, pin, hashToBeSigned);
 
     return QByteArray::fromRawData(reinterpret_cast<const char*>(signature.data()),
                                    int(signature.size()))
@@ -125,8 +126,8 @@ QVariantMap Authenticate::onConfirm(WebEidUI* window,
     auto pin = getPin(cardCertAndPin.cardInfo->eid().smartcard(), window);
 
     try {
-        const auto signature =
-            createSignature(origin.url(), challengeNonce, cardCertAndPin.cardInfo->eid(), pin);
+        const auto signature = createSignature(origin.url(), cardCertAndPin.certificateBytesInDer,
+                                               challengeNonce, cardCertAndPin.cardInfo->eid(), pin);
 
         // Erase the PIN memory.
         // TODO: Use a scope guard. Verify that the buffers are actually zeroed and no copies

diff --git a/src/controller/command-handlers/sign.cpp b/src/controller/command-handlers/sign.cpp
@@ -30,11 +30,13 @@ using namespace electronic_id;
 namespace
 {
 
-QPair<QString, QVariantMap> signHash(const ElectronicID& eid, const pcsc_cpp::byte_vector& pin,
-                                     const QByteArray& docHash, const HashAlgorithm hashAlgo)
+QPair<QString, QVariantMap> signHash(const ElectronicID& eid, const QByteArray& cert,
+                                     const pcsc_cpp::byte_vector& pin, const QByteArray& docHash,
+                                     const HashAlgorithm hashAlgo)
 {
     const auto hashBytes = pcsc_cpp::byte_vector {docHash.begin(), docHash.end()};
-    const auto signature = eid.signWithSigningKey(pin, hashBytes, hashAlgo);
+    const auto signature =
+        eid.signWithSigningKey({cert.cbegin(), cert.cend()}, pin, hashBytes, hashAlgo);
 
     const auto signatureBase64 =
         QByteArray::fromRawData(reinterpret_cast<const char*>(signature.first.data()),
@@ -98,7 +100,9 @@ QVariantMap Sign::onConfirm(WebEidUI* window, const CardCertificateAndPinInfo& c
     auto pin = getPin(cardCertAndPin.cardInfo->eid().smartcard(), window);
 
     try {
-        const auto signature = signHash(cardCertAndPin.cardInfo->eid(), pin, docHash, hashAlgo);
+        const auto signature =
+            signHash(cardCertAndPin.cardInfo->eid(), cardCertAndPin.certificateBytesInDer, pin,
+                     docHash, hashAlgo);
 
         // Erase PIN memory.
         // TODO: Use a scope guard. Verify that the buffers are actually zeroed