Skip to content

Commit

Permalink
Verify given signature validity
Browse files Browse the repository at this point in the history
WE2-818

Signed-off-by: Raul Metsma <[email protected]>
  • Loading branch information
metsma committed Nov 16, 2023
1 parent 162b117 commit a7ca7f4
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 10 deletions.
11 changes: 6 additions & 5 deletions src/controller/command-handlers/authenticate.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -55,8 +55,9 @@ QVariantMap createAuthenticationToken(const QString& signatureAlgorithm,
};
}

QByteArray createSignature(const QString& origin, const QString& challengeNonce,
const ElectronicID& eid, const pcsc_cpp::byte_vector& pin)
QByteArray createSignature(const QString& origin, const QByteArray& cert,
const QString& challengeNonce, const ElectronicID& eid,
const pcsc_cpp::byte_vector& pin)
{
static const auto SIGNATURE_ALGO_TO_HASH =
std::map<JsonWebSignatureAlgorithm, QCryptographicHash::Algorithm> {
Expand All @@ -83,7 +84,7 @@ QByteArray createSignature(const QString& origin, const QString& challengeNonce,
const auto hashToBeSigned =
pcsc_cpp::byte_vector {hashToBeSignedQBytearray.cbegin(), hashToBeSignedQBytearray.cend()};

const auto signature = eid.signWithAuthKey(pin, hashToBeSigned);
const auto signature = eid.signWithAuthKey({cert.cbegin(), cert.cend()}, pin, hashToBeSigned);

return QByteArray::fromRawData(reinterpret_cast<const char*>(signature.data()),
int(signature.size()))
Expand Down Expand Up @@ -122,8 +123,8 @@ QVariantMap Authenticate::onConfirm(WebEidUI* window,
auto pin = getPin(cardCertAndPin.cardInfo->eid().smartcard(), window);

try {
const auto signature =
createSignature(origin.url(), challengeNonce, cardCertAndPin.cardInfo->eid(), pin);
const auto signature = createSignature(origin.url(), cardCertAndPin.certificateBytesInDer,
challengeNonce, cardCertAndPin.cardInfo->eid(), pin);

// Erase the PIN memory.
// TODO: Use a scope guard. Verify that the buffers are actually zeroed and no copies
Expand Down
12 changes: 8 additions & 4 deletions src/controller/command-handlers/sign.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,13 @@ using namespace electronic_id;
namespace
{

QPair<QString, QVariantMap> signHash(const ElectronicID& eid, const pcsc_cpp::byte_vector& pin,
const QByteArray& docHash, const HashAlgorithm hashAlgo)
QPair<QString, QVariantMap> signHash(const ElectronicID& eid, const QByteArray& cert,
const pcsc_cpp::byte_vector& pin, const QByteArray& docHash,
const HashAlgorithm hashAlgo)
{
const auto hashBytes = pcsc_cpp::byte_vector {docHash.begin(), docHash.end()};
const auto signature = eid.signWithSigningKey(pin, hashBytes, hashAlgo);
const auto signature =
eid.signWithSigningKey({cert.cbegin(), cert.cend()}, pin, hashBytes, hashAlgo);

const auto signatureBase64 =
QByteArray::fromRawData(reinterpret_cast<const char*>(signature.first.data()),
Expand Down Expand Up @@ -98,7 +100,9 @@ QVariantMap Sign::onConfirm(WebEidUI* window, const CardCertificateAndPinInfo& c
auto pin = getPin(cardCertAndPin.cardInfo->eid().smartcard(), window);

try {
const auto signature = signHash(cardCertAndPin.cardInfo->eid(), pin, docHash, hashAlgo);
const auto signature =
signHash(cardCertAndPin.cardInfo->eid(), cardCertAndPin.certificateBytesInDer, pin,
docHash, hashAlgo);

// Erase PIN memory.
// TODO: Use a scope guard. Verify that the buffers are actually zeroed
Expand Down

0 comments on commit a7ca7f4

Please sign in to comment.