From 261c0d07eb60d38e439c42973c2a00a8c6dce54c Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Mon, 5 Aug 2024 23:03:37 +0300 Subject: [PATCH] Take PIN ownership to minimze memory copy-s WE2-1007 Signed-off-by: Raul Metsma --- include/electronic-id/electronic-id.hpp | 4 +- .../ms-cryptoapi/MsCryptoApiElectronicID.cpp | 4 +- .../ms-cryptoapi/MsCryptoApiElectronicID.hpp | 4 +- src/electronic-ids/pcsc/EIDIDEMIA.cpp | 12 ++--- src/electronic-ids/pcsc/EIDIDEMIA.hpp | 4 +- src/electronic-ids/pcsc/FinEID.cpp | 27 +++++------ src/electronic-ids/pcsc/FinEID.hpp | 10 ++--- src/electronic-ids/pcsc/PcscElectronicID.hpp | 20 ++++----- src/electronic-ids/pcsc/pcsc-common.hpp | 13 +++--- .../pkcs11/Pkcs11ElectronicID.cpp | 4 +- .../pkcs11/Pkcs11ElectronicID.hpp | 4 +- tests/integration/test-authenticate.cpp | 6 +-- tests/integration/test-signing.cpp | 2 +- tests/mock/test-get-certificate.cpp | 45 ++++++++++--------- 14 files changed, 78 insertions(+), 81 deletions(-) diff --git a/include/electronic-id/electronic-id.hpp b/include/electronic-id/electronic-id.hpp index cf72a55..d0affd2 100644 --- a/include/electronic-id/electronic-id.hpp +++ b/include/electronic-id/electronic-id.hpp @@ -65,7 +65,7 @@ class ElectronicID virtual PinRetriesRemainingAndMax authPinRetriesLeft() const = 0; - virtual pcsc_cpp::byte_vector signWithAuthKey(const byte_vector& pin, + virtual pcsc_cpp::byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const = 0; // Functions related to signing. @@ -77,7 +77,7 @@ class ElectronicID virtual PinRetriesRemainingAndMax signingPinRetriesLeft() const = 0; - virtual Signature signWithSigningKey(const byte_vector& pin, const byte_vector& hash, + virtual Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const = 0; // General functions. diff --git a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.cpp b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.cpp index 7337707..a513a78 100644 --- a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.cpp +++ b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.cpp @@ -34,7 +34,7 @@ JsonWebSignatureAlgorithm MsCryptoApiElectronicID::authSignatureAlgorithm() cons return getAuthAlgorithmFromCert(certData); } -byte_vector MsCryptoApiElectronicID::signWithAuthKey(const byte_vector& /* pin */, +byte_vector MsCryptoApiElectronicID::signWithAuthKey(byte_vector&& /* pin */, const byte_vector& hash) const { if (certType != CertificateType::AUTHENTICATION) { @@ -56,7 +56,7 @@ const std::set& MsCryptoApiElectronicID::supportedSigningAlg } ElectronicID::Signature -MsCryptoApiElectronicID::signWithSigningKey(const byte_vector& /* pin */, const byte_vector& hash, +MsCryptoApiElectronicID::signWithSigningKey(byte_vector&& /* pin */, const byte_vector& hash, const HashAlgorithm hashAlgo) const { if (certType != CertificateType::SIGNING) { diff --git a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp index 493c960..7abc53a 100644 --- a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp +++ b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp @@ -84,7 +84,7 @@ class MsCryptoApiElectronicID : public ElectronicID return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER}; } - byte_vector signWithAuthKey(const byte_vector& pin, const byte_vector& hash) const override; + byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override; const std::set& supportedSigningAlgorithms() const override; @@ -98,7 +98,7 @@ class MsCryptoApiElectronicID : public ElectronicID return {uint8_t(PIN_RETRY_COUNT_PLACEHOLDER), PIN_RETRY_COUNT_PLACEHOLDER}; } - Signature signWithSigningKey(const byte_vector& pin, const byte_vector& hash, + Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const override; std::string name() const override diff --git a/src/electronic-ids/pcsc/EIDIDEMIA.cpp b/src/electronic-ids/pcsc/EIDIDEMIA.cpp index d3e1750..72a9cde 100644 --- a/src/electronic-ids/pcsc/EIDIDEMIA.cpp +++ b/src/electronic-ids/pcsc/EIDIDEMIA.cpp @@ -46,15 +46,15 @@ byte_vector EIDIDEMIA::getCertificateImpl(const CertificateType type) const : selectCertificate().SIGN_CERT); } -byte_vector EIDIDEMIA::signWithAuthKeyImpl(const byte_vector& pin, const byte_vector& hash) const +byte_vector EIDIDEMIA::signWithAuthKeyImpl(byte_vector&& pin, const byte_vector& hash) const { // Select authentication application and authentication security environment. transmitApduWithExpectedResponse(*card, selectApplicationID().MAIN_AID); transmitApduWithExpectedResponse(*card, selectApplicationID().AUTH_AID); selectAuthSecurityEnv(); - verifyPin(*card, AUTH_PIN_REFERENCE, pin, authPinMinMaxLength().first, pinBlockLength(), - PIN_PADDING_CHAR); + verifyPin(*card, AUTH_PIN_REFERENCE, std::move(pin), authPinMinMaxLength().first, + pinBlockLength(), PIN_PADDING_CHAR); return internalAuthenticate(*card, authSignatureAlgorithm().isRSAWithPKCS1Padding() @@ -69,7 +69,7 @@ ElectronicID::PinRetriesRemainingAndMax EIDIDEMIA::authPinRetriesLeftImpl() cons return pinRetriesLeft(AUTH_PIN_REFERENCE); } -ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(const byte_vector& pin, +ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const { @@ -88,8 +88,8 @@ ElectronicID::Signature EIDIDEMIA::signWithSigningKeyImpl(const byte_vector& pin } } - verifyPin(*card, signingPinReference(), pin, signingPinMinMaxLength().first, pinBlockLength(), - PIN_PADDING_CHAR); + verifyPin(*card, signingPinReference(), std::move(pin), signingPinMinMaxLength().first, + pinBlockLength(), PIN_PADDING_CHAR); return {useInternalAuthenticateAndRSAWithPKCS1PaddingDuringSigning() ? internalAuthenticate(*card, addRSAOID(hashAlgo, hash), name()) diff --git a/src/electronic-ids/pcsc/EIDIDEMIA.hpp b/src/electronic-ids/pcsc/EIDIDEMIA.hpp index afdf8f4..aaa2ef6 100644 --- a/src/electronic-ids/pcsc/EIDIDEMIA.hpp +++ b/src/electronic-ids/pcsc/EIDIDEMIA.hpp @@ -49,10 +49,10 @@ class EIDIDEMIA : public PcscElectronicID byte_vector getCertificateImpl(const CertificateType type) const override; PinRetriesRemainingAndMax authPinRetriesLeftImpl() const override; - byte_vector signWithAuthKeyImpl(const byte_vector& pin, const byte_vector& hash) const override; + byte_vector signWithAuthKeyImpl(byte_vector&& pin, const byte_vector& hash) const override; PinRetriesRemainingAndMax signingPinRetriesLeftImpl() const override; - Signature signWithSigningKeyImpl(const byte_vector& pin, const byte_vector& hash, + Signature signWithSigningKeyImpl(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const override; virtual const SelectApplicationIDCmds& selectApplicationID() const; diff --git a/src/electronic-ids/pcsc/FinEID.cpp b/src/electronic-ids/pcsc/FinEID.cpp index 0cbe40b..b70c29c 100644 --- a/src/electronic-ids/pcsc/FinEID.cpp +++ b/src/electronic-ids/pcsc/FinEID.cpp @@ -75,9 +75,9 @@ byte_vector FinEIDv3::getCertificateImpl(const CertificateType type) const *card, type.isAuthentication() ? SELECT_AUTH_CERT_FILE : SELECT_SIGN_CERT_FILE_V3); } -byte_vector FinEIDv3::signWithAuthKeyImpl(const byte_vector& pin, const byte_vector& hash) const +byte_vector FinEIDv3::signWithAuthKeyImpl(byte_vector&& pin, const byte_vector& hash) const { - return sign(authSignatureAlgorithm().hashAlgorithm(), hash, pin, AUTH_PIN_REFERENCE, + return sign(authSignatureAlgorithm().hashAlgorithm(), hash, std::move(pin), AUTH_PIN_REFERENCE, authPinMinMaxLength(), AUTH_KEY_REFERENCE, RSA_PSS_ALGO, 0x00); } @@ -91,11 +91,10 @@ const std::set& FinEIDv3::supportedSigningAlgorithms() const return ELLIPTIC_CURVE_SIGNATURE_ALGOS(); } -ElectronicID::Signature FinEIDv3::signWithSigningKeyImpl(const byte_vector& pin, - const byte_vector& hash, +ElectronicID::Signature FinEIDv3::signWithSigningKeyImpl(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const { - return {sign(hashAlgo, hash, pin, SIGNING_PIN_REFERENCE, signingPinMinMaxLength(), + return {sign(hashAlgo, hash, std::move(pin), SIGNING_PIN_REFERENCE, signingPinMinMaxLength(), SIGNING_KEY_REFERENCE_V3, ECDSA_ALGO, 0x40), {SignatureAlgorithm::ES, hashAlgo}}; } @@ -105,10 +104,9 @@ ElectronicID::PinRetriesRemainingAndMax FinEIDv3::signingPinRetriesLeftImpl() co return pinRetriesLeft(SIGNING_PIN_REFERENCE); } -byte_vector FinEIDv3::sign(const HashAlgorithm hashAlgo, const byte_vector& hash, - const byte_vector& pin, byte_type pinReference, - PinMinMaxLength pinMinMaxLength, byte_type keyReference, - byte_type signatureAlgo, byte_type LE) const +byte_vector FinEIDv3::sign(const HashAlgorithm hashAlgo, const byte_vector& hash, byte_vector&& pin, + byte_type pinReference, PinMinMaxLength pinMinMaxLength, + byte_type keyReference, byte_type signatureAlgo, byte_type LE) const { if (signatureAlgo != ECDSA_ALGO && hashAlgo.isSHA3()) { THROW(ArgumentFatalError, "No OID for algorithm " + std::string(hashAlgo)); @@ -137,7 +135,7 @@ byte_vector FinEIDv3::sign(const HashAlgorithm hashAlgo, const byte_vector& hash transmitApduWithExpectedResponse(*card, SELECT_MASTER_FILE); - verifyPin(*card, pinReference, pin, pinMinMaxLength.first, pinMinMaxLength.second, + verifyPin(*card, pinReference, std::move(pin), pinMinMaxLength.first, pinMinMaxLength.second, PIN_PADDING_CHAR); // Select security environment for COMPUTE SIGNATURE. selectSecurityEnv(*card, 0xB6, signatureAlgo, keyReference, name()); @@ -198,17 +196,16 @@ byte_vector FinEIDv4::getCertificateImpl(const CertificateType type) const *card, type.isAuthentication() ? SELECT_AUTH_CERT_FILE : SELECT_SIGN_CERT_FILE_V4); } -byte_vector FinEIDv4::signWithAuthKeyImpl(const byte_vector& pin, const byte_vector& hash) const +byte_vector FinEIDv4::signWithAuthKeyImpl(byte_vector&& pin, const byte_vector& hash) const { - return sign(authSignatureAlgorithm().hashAlgorithm(), hash, pin, AUTH_PIN_REFERENCE, + return sign(authSignatureAlgorithm().hashAlgorithm(), hash, std::move(pin), AUTH_PIN_REFERENCE, authPinMinMaxLength(), AUTH_KEY_REFERENCE, ECDSA_ALGO, 0x60); } -ElectronicID::Signature FinEIDv4::signWithSigningKeyImpl(const byte_vector& pin, - const byte_vector& hash, +ElectronicID::Signature FinEIDv4::signWithSigningKeyImpl(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const { - return {sign(hashAlgo, hash, pin, SIGNING_PIN_REFERENCE, signingPinMinMaxLength(), + return {sign(hashAlgo, hash, std::move(pin), SIGNING_PIN_REFERENCE, signingPinMinMaxLength(), SIGNING_KEY_REFERENCE_V4, ECDSA_ALGO, 0x60), {SignatureAlgorithm::ES, hashAlgo}}; } diff --git a/src/electronic-ids/pcsc/FinEID.hpp b/src/electronic-ids/pcsc/FinEID.hpp index ef1f429..a532768 100644 --- a/src/electronic-ids/pcsc/FinEID.hpp +++ b/src/electronic-ids/pcsc/FinEID.hpp @@ -49,12 +49,12 @@ class FinEIDv3 : public PcscElectronicID std::string name() const override { return "FinEID v3"; } Type type() const override { return FinEID; } - byte_vector signWithAuthKeyImpl(const byte_vector& pin, const byte_vector& hash) const override; + byte_vector signWithAuthKeyImpl(byte_vector&& pin, const byte_vector& hash) const override; - Signature signWithSigningKeyImpl(const byte_vector& pin, const byte_vector& hash, + Signature signWithSigningKeyImpl(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const override; - byte_vector sign(const HashAlgorithm hashAlgo, const byte_vector& hash, const byte_vector& pin, + byte_vector sign(const HashAlgorithm hashAlgo, const byte_vector& hash, byte_vector&& pin, byte_type pinReference, PinMinMaxLength pinMinMaxLength, byte_type keyReference, byte_type signatureAlgo, byte_type LE) const; @@ -76,9 +76,9 @@ class FinEIDv4 : public FinEIDv3 std::string name() const override { return "FinEID v4"; } - byte_vector signWithAuthKeyImpl(const byte_vector& pin, const byte_vector& hash) const override; + byte_vector signWithAuthKeyImpl(byte_vector&& pin, const byte_vector& hash) const override; - Signature signWithSigningKeyImpl(const byte_vector& pin, const byte_vector& hash, + Signature signWithSigningKeyImpl(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const override; }; diff --git a/src/electronic-ids/pcsc/PcscElectronicID.hpp b/src/electronic-ids/pcsc/PcscElectronicID.hpp index 07005c7..a8876b2 100644 --- a/src/electronic-ids/pcsc/PcscElectronicID.hpp +++ b/src/electronic-ids/pcsc/PcscElectronicID.hpp @@ -35,29 +35,27 @@ class PcscElectronicID : public ElectronicID PcscElectronicID(pcsc_cpp::SmartCard::ptr _card) : ElectronicID(std::move(_card)) {} protected: - pcsc_cpp::byte_vector getCertificate(const CertificateType type) const override + byte_vector getCertificate(const CertificateType type) const override { auto transactionGuard = card->beginTransaction(); return getCertificateImpl(type); } - pcsc_cpp::byte_vector signWithAuthKey(const pcsc_cpp::byte_vector& pin, - const pcsc_cpp::byte_vector& hash) const override + byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override { validateAuthHashLength(authSignatureAlgorithm(), name(), hash); auto transactionGuard = card->beginTransaction(); - return signWithAuthKeyImpl(pin, hash); + return signWithAuthKeyImpl(std::move(pin), hash); } - Signature signWithSigningKey(const pcsc_cpp::byte_vector& pin, - const pcsc_cpp::byte_vector& hash, + Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const override { validateSigningHash(*this, hashAlgo, hash); auto transactionGuard = card->beginTransaction(); - return signWithSigningKeyImpl(pin, hash, hashAlgo); + return signWithSigningKeyImpl(std::move(pin), hash, hashAlgo); } PinRetriesRemainingAndMax signingPinRetriesLeft() const override @@ -77,15 +75,13 @@ class PcscElectronicID : public ElectronicID // they have to be implemented when adding a new electronic ID. // This design follows the non-virtual interface pattern. - virtual pcsc_cpp::byte_vector getCertificateImpl(const CertificateType type) const = 0; + virtual byte_vector getCertificateImpl(const CertificateType type) const = 0; - virtual pcsc_cpp::byte_vector signWithAuthKeyImpl(const pcsc_cpp::byte_vector& pin, - const pcsc_cpp::byte_vector& hash) const = 0; + virtual byte_vector signWithAuthKeyImpl(byte_vector&& pin, const byte_vector& hash) const = 0; virtual PinRetriesRemainingAndMax authPinRetriesLeftImpl() const = 0; - virtual Signature signWithSigningKeyImpl(const pcsc_cpp::byte_vector& pin, - const pcsc_cpp::byte_vector& hash, + virtual Signature signWithSigningKeyImpl(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const = 0; virtual PinRetriesRemainingAndMax signingPinRetriesLeftImpl() const = 0; diff --git a/src/electronic-ids/pcsc/pcsc-common.hpp b/src/electronic-ids/pcsc/pcsc-common.hpp index e02d598..b72b9ae 100644 --- a/src/electronic-ids/pcsc/pcsc-common.hpp +++ b/src/electronic-ids/pcsc/pcsc-common.hpp @@ -43,16 +43,15 @@ inline pcsc_cpp::byte_vector getCertificate(pcsc_cpp::SmartCard& card, return readBinary(card, length, MAX_LE_VALUE); } -inline pcsc_cpp::byte_vector addPaddingToPin(const pcsc_cpp::byte_vector& pin, size_t paddingLength, +inline pcsc_cpp::byte_vector addPaddingToPin(pcsc_cpp::byte_vector&& pin, size_t paddingLength, pcsc_cpp::byte_type paddingChar) { - auto paddedPin = pin; - paddedPin.resize(std::max(pin.size(), paddingLength), paddingChar); - return paddedPin; + pin.resize(std::max(pin.size(), paddingLength), paddingChar); + return pin; } inline void verifyPin(pcsc_cpp::SmartCard& card, pcsc_cpp::byte_type p2, - const pcsc_cpp::byte_vector& pin, uint8_t pinMinLength, size_t paddingLength, + pcsc_cpp::byte_vector&& pin, uint8_t pinMinLength, size_t paddingLength, pcsc_cpp::byte_type paddingChar) { const pcsc_cpp::CommandApdu VERIFY_PIN {0x00, 0x20, 0x00, p2}; @@ -64,8 +63,8 @@ inline void verifyPin(pcsc_cpp::SmartCard& card, pcsc_cpp::byte_type p2, response = card.transmitCTL(verifyPin, 0, pinMinLength); } else { - const pcsc_cpp::CommandApdu verifyPin {VERIFY_PIN, - addPaddingToPin(pin, paddingLength, paddingChar)}; + const pcsc_cpp::CommandApdu verifyPin { + VERIFY_PIN, addPaddingToPin(std::move(pin), paddingLength, paddingChar)}; response = card.transmit(verifyPin); } diff --git a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp index c5a5bd0..62874a2 100644 --- a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp +++ b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.cpp @@ -214,7 +214,7 @@ ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::authPinRetriesLeft() return {authToken.retry, module.retryMax}; } -pcsc_cpp::byte_vector Pkcs11ElectronicID::signWithAuthKey(const byte_vector& pin, +pcsc_cpp::byte_vector Pkcs11ElectronicID::signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const { REQUIRE_NON_NULL(manager) @@ -254,7 +254,7 @@ ElectronicID::PinRetriesRemainingAndMax Pkcs11ElectronicID::signingPinRetriesLef return {signingToken.retry, module.retryMax}; } -ElectronicID::Signature Pkcs11ElectronicID::signWithSigningKey(const byte_vector& pin, +ElectronicID::Signature Pkcs11ElectronicID::signWithSigningKey(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const { diff --git a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp index de67919..593bb92 100644 --- a/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp +++ b/src/electronic-ids/pkcs11/Pkcs11ElectronicID.hpp @@ -59,13 +59,13 @@ class Pkcs11ElectronicID : public ElectronicID PinMinMaxLength authPinMinMaxLength() const override; PinRetriesRemainingAndMax authPinRetriesLeft() const override; - byte_vector signWithAuthKey(const byte_vector& pin, const byte_vector& hash) const override; + byte_vector signWithAuthKey(byte_vector&& pin, const byte_vector& hash) const override; const std::set& supportedSigningAlgorithms() const override; PinMinMaxLength signingPinMinMaxLength() const override; PinRetriesRemainingAndMax signingPinRetriesLeft() const override; - Signature signWithSigningKey(const byte_vector& pin, const byte_vector& hash, + Signature signWithSigningKey(byte_vector&& pin, const byte_vector& hash, const HashAlgorithm hashAlgo) const override; void release() const override; diff --git a/tests/integration/test-authenticate.cpp b/tests/integration/test-authenticate.cpp index 7f16919..0ff19ea 100644 --- a/tests/integration/test-authenticate.cpp +++ b/tests/integration/test-authenticate.cpp @@ -57,15 +57,15 @@ TEST(electronic_id_test, authenticate) GTEST_ASSERT_GE(cardInfo->eid().authPinRetriesLeft().first, 0U); - const byte_vector pin {'1', '2', '3', '4'}; + byte_vector pin {'1', '2', '3', '4'}; std::cout << "WARNING! Using hard-coded PIN " - << std::string(reinterpret_cast(pin.data()), pin.size()) << '\n'; + << std::string_view(reinterpret_cast(pin.data()), pin.size()) << '\n'; const byte_vector dataToSign {'H', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!'}; const JsonWebSignatureAlgorithm hashAlgo = cardInfo->eid().authSignatureAlgorithm(); const byte_vector hash = calculateDigest(hashAlgo.hashAlgorithm(), dataToSign); - auto signature = cardInfo->eid().signWithAuthKey(pin, hash); + auto signature = cardInfo->eid().signWithAuthKey(std::move(pin), hash); std::cout << "Authentication signature: " << signature << '\n'; diff --git a/tests/integration/test-signing.cpp b/tests/integration/test-signing.cpp index d013b08..72a4491 100644 --- a/tests/integration/test-signing.cpp +++ b/tests/integration/test-signing.cpp @@ -65,7 +65,7 @@ static void signing(HashAlgorithm hashAlgo) const byte_vector dataToSign {'H', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!'}; const byte_vector hash = calculateDigest(hashAlgo, dataToSign); - auto signature = cardInfo->eid().signWithSigningKey(pin, hash, hashAlgo); + auto signature = cardInfo->eid().signWithSigningKey(std::move(pin), hash, hashAlgo); std::cout << "Signing signature: " << signature.first << '\n'; diff --git a/tests/mock/test-get-certificate.cpp b/tests/mock/test-get-certificate.cpp index 816ad33..0333f65 100644 --- a/tests/mock/test-get-certificate.cpp +++ b/tests/mock/test-get-certificate.cpp @@ -54,9 +54,9 @@ TEST(electronic_id_test, selectCertificateEstIDEMIA) EXPECT_EQ(authAlgo, JsonWebSignatureAlgorithm::ES384); const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm(); - const pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; + pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; const auto hash = calculateDigest(hashAlgo, dataToSign); - const auto authSignature = cardInfo->eid().signWithAuthKey(authPin, hash); + const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash); if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, false)) { throw std::runtime_error("Signature is invalid"); } @@ -69,9 +69,10 @@ TEST(electronic_id_test, selectCertificateEstIDEMIA) EXPECT_EQ(signingRetriesLeft.first, 3U); EXPECT_EQ(signingRetriesLeft.second, 3); - const pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5'}; + pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5'}; EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true); - const auto signSignature = cardInfo->eid().signWithSigningKey(signPin, hash, hashAlgo); + const auto signSignature = + cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo); EXPECT_EQ(signSignature.second, SignatureAlgorithm::ES384); if (!verify(hashAlgo, certificateSign, dataToSign, signSignature.first, false)) { throw std::runtime_error("Signature is invalid"); @@ -100,9 +101,9 @@ TEST(electronic_id_test, selectCertificateFinV3) EXPECT_EQ(authAlgo, JsonWebSignatureAlgorithm::PS256); const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm(); - const pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; + pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; const auto hash = calculateDigest(hashAlgo, dataToSign); - const auto authSignature = cardInfo->eid().signWithAuthKey(authPin, hash); + const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash); if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, true)) { throw std::runtime_error("Signature is invalid"); } @@ -115,9 +116,10 @@ TEST(electronic_id_test, selectCertificateFinV3) EXPECT_EQ(signingRetriesLeft.first, 5U); EXPECT_EQ(signingRetriesLeft.second, 5); - const pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; + pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true); - const auto signSignature = cardInfo->eid().signWithSigningKey(signPin, hash, hashAlgo); + const auto signSignature = + cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo); EXPECT_EQ(signSignature.second, SignatureAlgorithm::ES256); if (!verify(hashAlgo, certificateSign, dataToSign, signSignature.first, false)) { throw std::runtime_error("Signature is invalid"); @@ -146,9 +148,9 @@ TEST(electronic_id_test, selectCertificateFinV4) EXPECT_EQ(authAlgo, JsonWebSignatureAlgorithm::ES384); const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm(); - const pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; + pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; const auto hash = calculateDigest(hashAlgo, dataToSign); - const auto authSignature = cardInfo->eid().signWithAuthKey(authPin, hash); + const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash); if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, true)) { throw std::runtime_error("Signature is invalid"); } @@ -161,9 +163,10 @@ TEST(electronic_id_test, selectCertificateFinV4) EXPECT_EQ(signingRetriesLeft.first, 5U); EXPECT_EQ(signingRetriesLeft.second, 5); - const pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; + pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true); - const auto signSignature = cardInfo->eid().signWithSigningKey(signPin, hash, hashAlgo); + const auto signSignature = + cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo); EXPECT_EQ(signSignature.second, SignatureAlgorithm::ES384); if (!verify(hashAlgo, certificateSign, dataToSign, signSignature.first, false)) { throw std::runtime_error("Signature is invalid"); @@ -192,9 +195,9 @@ TEST(electronic_id_test, selectCertificateLat_V1) EXPECT_EQ(authAlgo, JsonWebSignatureAlgorithm::RS256); const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm(); - const pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; + pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; const auto hash = calculateDigest(hashAlgo, dataToSign); - const auto authSignature = cardInfo->eid().signWithAuthKey(authPin, hash); + const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash); if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, false)) { throw std::runtime_error("Signature is invalid"); } @@ -207,9 +210,10 @@ TEST(electronic_id_test, selectCertificateLat_V1) EXPECT_EQ(signingRetriesLeft.first, 3U); EXPECT_EQ(signingRetriesLeft.second, 3); - const pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; + pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true); - const auto signSignature = cardInfo->eid().signWithSigningKey(signPin, hash, hashAlgo); + const auto signSignature = + cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo); EXPECT_EQ(signSignature.second, SignatureAlgorithm::RS256); if (!verify(hashAlgo, certificateSign, dataToSign, signSignature.first, false)) { throw std::runtime_error("Signature is invalid"); @@ -238,9 +242,9 @@ TEST(electronic_id_test, selectCertificateLatV2) EXPECT_EQ(authAlgo, JsonWebSignatureAlgorithm::RS256); const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm(); - const pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; + pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'}; const auto hash = calculateDigest(hashAlgo, dataToSign); - const auto authSignature = cardInfo->eid().signWithAuthKey(authPin, hash); + const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash); if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, false)) { throw std::runtime_error("Signature is invalid"); } @@ -253,9 +257,10 @@ TEST(electronic_id_test, selectCertificateLatV2) EXPECT_EQ(signingRetriesLeft.first, 3U); EXPECT_EQ(signingRetriesLeft.second, 3); - const pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; + pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'}; EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true); - const auto signSignature = cardInfo->eid().signWithSigningKey(signPin, hash, hashAlgo); + const auto signSignature = + cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo); EXPECT_EQ(signSignature.second, SignatureAlgorithm::RS256); if (!verify(hashAlgo, certificateSign, dataToSign, signSignature.first, false)) { throw std::runtime_error("Signature is invalid");