diff --git a/lib/libelectronic-id b/lib/libelectronic-id index 7991e0ec..2ec7e046 160000 --- a/lib/libelectronic-id +++ b/lib/libelectronic-id @@ -1 +1 @@ -Subproject commit 7991e0ecc5839a12d076166f663de5f3c7dcb8c0 +Subproject commit 2ec7e046849eaac34c8fa95b9e9186322fb7d155 diff --git a/src/controller/command-handlers/authenticate.cpp b/src/controller/command-handlers/authenticate.cpp index 3af44db0..eab323dd 100644 --- a/src/controller/command-handlers/authenticate.cpp +++ b/src/controller/command-handlers/authenticate.cpp @@ -57,7 +57,7 @@ QVariantMap createAuthenticationToken(const QString& signatureAlgorithm, } QByteArray createSignature(const QString& origin, const QString& challengeNonce, - const ElectronicID& eid, const pcsc_cpp::byte_vector& pin) + const ElectronicID& eid, pcsc_cpp::byte_vector&& pin) { static const std::map SIGNATURE_ALGO_TO_HASH { @@ -86,7 +86,7 @@ QByteArray createSignature(const QString& origin, const QString& challengeNonce, const pcsc_cpp::byte_vector hashToBeSigned {hashToBeSignedQBytearray.cbegin(), hashToBeSignedQBytearray.cend()}; - const auto signature = eid.signWithAuthKey(pin, hashToBeSigned); + const auto signature = eid.signWithAuthKey(std::move(pin), hashToBeSigned); return QByteArray::fromRawData(reinterpret_cast(signature.data()), int(signature.size())) @@ -120,20 +120,13 @@ Authenticate::Authenticate(const CommandWithArguments& cmd) : CertificateReader( QVariantMap Authenticate::onConfirm(WebEidUI* window, const CardCertificateAndPinInfo& cardCertAndPin) { - const auto signatureAlgorithm = - QString::fromStdString(cardCertAndPin.cardInfo->eid().authSignatureAlgorithm()); - - pcsc_cpp::byte_vector pin; - getPin(pin, cardCertAndPin.cardInfo->eid(), window); - auto pin_cleanup = qScopeGuard([&pin] { - // Erase PIN memory. - std::fill(pin.begin(), pin.end(), '\0'); - }); - try { + const auto signatureAlgorithm = + QString::fromStdString(cardCertAndPin.cardInfo->eid().authSignatureAlgorithm()); + pcsc_cpp::byte_vector pin; + getPin(pin, cardCertAndPin.cardInfo->eid(), window); const auto signature = - createSignature(origin.url(), challengeNonce, cardCertAndPin.cardInfo->eid(), pin); - + createSignature(origin.url(), challengeNonce, cardCertAndPin.cardInfo->eid(), std::move(pin)); return createAuthenticationToken(signatureAlgorithm, cardCertAndPin.certificateBytesInDer, signature); diff --git a/src/controller/command-handlers/sign.cpp b/src/controller/command-handlers/sign.cpp index 5b383aba..cbf490cd 100644 --- a/src/controller/command-handlers/sign.cpp +++ b/src/controller/command-handlers/sign.cpp @@ -32,11 +32,11 @@ using namespace electronic_id; namespace { -QPair signHash(const ElectronicID& eid, const pcsc_cpp::byte_vector& pin, +QPair signHash(const ElectronicID& eid, pcsc_cpp::byte_vector&& pin, const QByteArray& docHash, const HashAlgorithm hashAlgo) { const auto hashBytes = pcsc_cpp::byte_vector {docHash.begin(), docHash.end()}; - const auto signature = eid.signWithSigningKey(pin, hashBytes, hashAlgo); + const auto signature = eid.signWithSigningKey(std::move(pin), hashBytes, hashAlgo); const auto signatureBase64 = QByteArray::fromRawData(reinterpret_cast(signature.first.data()), @@ -97,16 +97,10 @@ void Sign::emitCertificatesReady(const std::vector& c QVariantMap Sign::onConfirm(WebEidUI* window, const CardCertificateAndPinInfo& cardCertAndPin) { - pcsc_cpp::byte_vector pin; - getPin(pin, cardCertAndPin.cardInfo->eid(), window); - auto pin_cleanup = qScopeGuard([&pin] { - // Erase PIN memory. - std::fill(pin.begin(), pin.end(), '\0'); - }); - try { - const auto signature = signHash(cardCertAndPin.cardInfo->eid(), pin, docHash, hashAlgo); - + pcsc_cpp::byte_vector pin; + getPin(pin, cardCertAndPin.cardInfo->eid(), window); + const auto signature = signHash(cardCertAndPin.cardInfo->eid(), std::move(pin), docHash, hashAlgo); return {{QStringLiteral("signature"), signature.first}, {QStringLiteral("signatureAlgorithm"), signature.second}};