Skip to content

Commit

Permalink
Take PIN ownership to minimze memory copy-s
Browse files Browse the repository at this point in the history
followup WE2-479

Signed-off-by: Raul Metsma <[email protected]>
  • Loading branch information
metsma committed Oct 16, 2024
1 parent b8d6e7f commit 97d14a1
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 27 deletions.
22 changes: 8 additions & 14 deletions src/controller/command-handlers/authenticate.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ QVariantMap createAuthenticationToken(const QString& signatureAlgorithm,
}

QByteArray createSignature(const QString& origin, const QString& challengeNonce,
const ElectronicID& eid, const pcsc_cpp::byte_vector& pin)
const ElectronicID& eid, pcsc_cpp::byte_vector&& pin)
{
static const std::map<JsonWebSignatureAlgorithm, QCryptographicHash::Algorithm>
SIGNATURE_ALGO_TO_HASH {
Expand Down Expand Up @@ -86,7 +86,7 @@ QByteArray createSignature(const QString& origin, const QString& challengeNonce,
const pcsc_cpp::byte_vector hashToBeSigned {hashToBeSignedQBytearray.cbegin(),
hashToBeSignedQBytearray.cend()};

const auto signature = eid.signWithAuthKey(pin, hashToBeSigned);
const auto signature = eid.signWithAuthKey(std::move(pin), hashToBeSigned);

return QByteArray::fromRawData(reinterpret_cast<const char*>(signature.data()),
int(signature.size()))
Expand Down Expand Up @@ -120,20 +120,14 @@ Authenticate::Authenticate(const CommandWithArguments& cmd) : CertificateReader(
QVariantMap Authenticate::onConfirm(WebEidUI* window,
const CardCertificateAndPinInfo& cardCertAndPin)
{
const auto signatureAlgorithm =
QString::fromStdString(cardCertAndPin.cardInfo->eid().authSignatureAlgorithm());

pcsc_cpp::byte_vector pin;
getPin(pin, cardCertAndPin.cardInfo->eid(), window);
auto pin_cleanup = qScopeGuard([&pin] {
// Erase PIN memory.
std::fill(pin.begin(), pin.end(), '\0');
});

try {
const auto signatureAlgorithm =
QString::fromStdString(cardCertAndPin.cardInfo->eid().authSignatureAlgorithm());
pcsc_cpp::byte_vector pin;
pin.reserve(5 + 16); // Avoid realloc: apdu + pin padding
getPin(pin, cardCertAndPin.cardInfo->eid(), window);
const auto signature =
createSignature(origin.url(), challengeNonce, cardCertAndPin.cardInfo->eid(), pin);

createSignature(origin.url(), challengeNonce, cardCertAndPin.cardInfo->eid(), std::move(pin));
return createAuthenticationToken(signatureAlgorithm, cardCertAndPin.certificateBytesInDer,
signature);

Expand Down
19 changes: 7 additions & 12 deletions src/controller/command-handlers/sign.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ using namespace electronic_id;
namespace
{

QPair<QString, QVariantMap> signHash(const ElectronicID& eid, const pcsc_cpp::byte_vector& pin,
QPair<QString, QVariantMap> signHash(const ElectronicID& eid, pcsc_cpp::byte_vector&& pin,
const QByteArray& docHash, const HashAlgorithm hashAlgo)
{
const auto hashBytes = pcsc_cpp::byte_vector {docHash.begin(), docHash.end()};
const auto signature = eid.signWithSigningKey(pin, hashBytes, hashAlgo);
const auto signature = eid.signWithSigningKey(std::move(pin), hashBytes, hashAlgo);

const auto signatureBase64 =
QByteArray::fromRawData(reinterpret_cast<const char*>(signature.first.data()),
Expand Down Expand Up @@ -97,16 +97,11 @@ void Sign::emitCertificatesReady(const std::vector<CardCertificateAndPinInfo>& c

QVariantMap Sign::onConfirm(WebEidUI* window, const CardCertificateAndPinInfo& cardCertAndPin)
{
pcsc_cpp::byte_vector pin;
getPin(pin, cardCertAndPin.cardInfo->eid(), window);
auto pin_cleanup = qScopeGuard([&pin] {
// Erase PIN memory.
std::fill(pin.begin(), pin.end(), '\0');
});

try {
const auto signature = signHash(cardCertAndPin.cardInfo->eid(), pin, docHash, hashAlgo);

pcsc_cpp::byte_vector pin;
pin.reserve(5 + 16); // Avoid realloc: apdu + pin padding
getPin(pin, cardCertAndPin.cardInfo->eid(), window);
const auto signature = signHash(cardCertAndPin.cardInfo->eid(), std::move(pin), docHash, hashAlgo);
return {{QStringLiteral("signature"), signature.first},
{QStringLiteral("signatureAlgorithm"), signature.second}};

Expand Down Expand Up @@ -144,7 +139,7 @@ void Sign::validateAndStoreDocHashAndHashAlgo(const QVariantMap& args)
docHash =
QByteArray::fromBase64(validateAndGetArgument<QByteArray>(QStringLiteral("hash"), args));

QString hashAlgoInput = validateAndGetArgument<QString>(QStringLiteral("hashFunction"), args);
auto hashAlgoInput = validateAndGetArgument<QString>(QStringLiteral("hashFunction"), args);
if (hashAlgoInput.size() > 8) {
THROW(CommandHandlerInputDataError, "hashFunction value is invalid");
}
Expand Down

0 comments on commit 97d14a1

Please sign in to comment.