Avoid reallocation in PIN padding

mrts · mrts · commit c58fd30e9e3d · 2025-01-14T21:35:01.000+02:00
WE2-1007

Signed-off-by: Mart Somermaa &lt;mrts@users.noreply.github.com&gt;
diff --git a/src/electronic-ids/pcsc/pcsc-common.hpp b/src/electronic-ids/pcsc/pcsc-common.hpp
@@ -46,7 +46,13 @@ inline pcsc_cpp::byte_vector getCertificate(pcsc_cpp::SmartCard& card,
 PCSC_CPP_CONSTEXPR_VECTOR inline pcsc_cpp::byte_vector
 addPaddingToPin(pcsc_cpp::byte_vector&& pin, size_t paddingLength, pcsc_cpp::byte_type paddingChar)
 {
-    pin.resize(std::max(pin.size(), paddingLength), paddingChar);
+    if (pin.capacity() < paddingLength) {
+        THROW(ProgrammingError,
+              "PIN buffer does not have enough capacity to pad without reallocation");
+    }
+    if (pin.size() < paddingLength) {
+        pin.insert(pin.end(), paddingLength - pin.size(), paddingChar);
+    }
     return std::move(pin);
 }
 
diff --git a/tests/mock/test-get-certificate.cpp b/tests/mock/test-get-certificate.cpp
@@ -55,6 +55,8 @@ TEST(electronic_id_test, selectCertificateEstIDEMIA)
     const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm();
 
     pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'};
+    authPin.reserve(12);
+
     const auto hash = calculateDigest(hashAlgo, dataToSign);
     const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash);
     if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, false)) {
@@ -70,6 +72,8 @@ TEST(electronic_id_test, selectCertificateEstIDEMIA)
     EXPECT_EQ(signingRetriesLeft.second, 3);
 
     pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5'};
+    signPin.reserve(12);
+
     EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true);
     const auto signSignature =
         cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo);
@@ -102,6 +106,8 @@ TEST(electronic_id_test, selectCertificateFinV3)
     const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm();
 
     pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'};
+    authPin.reserve(12);
+
     const auto hash = calculateDigest(hashAlgo, dataToSign);
     const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash);
     if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, true)) {
@@ -117,6 +123,8 @@ TEST(electronic_id_test, selectCertificateFinV3)
     EXPECT_EQ(signingRetriesLeft.second, 5);
 
     pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'};
+    signPin.reserve(12);
+
     EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true);
     const auto signSignature =
         cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo);
@@ -149,6 +157,8 @@ TEST(electronic_id_test, selectCertificateFinV4)
     const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm();
 
     pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'};
+    authPin.reserve(12);
+
     const auto hash = calculateDigest(hashAlgo, dataToSign);
     const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash);
     if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, true)) {
@@ -164,6 +174,8 @@ TEST(electronic_id_test, selectCertificateFinV4)
     EXPECT_EQ(signingRetriesLeft.second, 5);
 
     pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'};
+    signPin.reserve(12);
+
     EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true);
     const auto signSignature =
         cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo);
@@ -196,6 +208,8 @@ TEST(electronic_id_test, selectCertificateLat_V1)
     const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm();
 
     pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'};
+    authPin.reserve(64);
+
     const auto hash = calculateDigest(hashAlgo, dataToSign);
     const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash);
     if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, false)) {
@@ -211,6 +225,8 @@ TEST(electronic_id_test, selectCertificateLat_V1)
     EXPECT_EQ(signingRetriesLeft.second, 3);
 
     pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'};
+    signPin.reserve(64);
+
     EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true);
     const auto signSignature =
         cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo);
@@ -243,6 +259,8 @@ TEST(electronic_id_test, selectCertificateLatV2)
     const HashAlgorithm hashAlgo = authAlgo.hashAlgorithm();
 
     pcsc_cpp::byte_vector authPin {'1', '2', '3', '4'};
+    authPin.reserve(64);
+
     const auto hash = calculateDigest(hashAlgo, dataToSign);
     const auto authSignature = cardInfo->eid().signWithAuthKey(std::move(authPin), hash);
     if (!verify(hashAlgo, certificateAuth, dataToSign, authSignature, false)) {
@@ -258,6 +276,8 @@ TEST(electronic_id_test, selectCertificateLatV2)
     EXPECT_EQ(signingRetriesLeft.second, 3);
 
     pcsc_cpp::byte_vector signPin {'1', '2', '3', '4', '5', '6'};
+    signPin.reserve(64);
+
     EXPECT_EQ(cardInfo->eid().isSupportedSigningHashAlgorithm(hashAlgo), true);
     const auto signSignature =
         cardInfo->eid().signWithSigningKey(std::move(signPin), hash, hashAlgo);

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,13 @@ inline pcsc_cpp::byte_vector getCertificate(pcsc_cpp::SmartCard& card,`
`46`	`46`	`PCSC_CPP_CONSTEXPR_VECTOR inline pcsc_cpp::byte_vector`
`47`	`47`	`addPaddingToPin(pcsc_cpp::byte_vector&& pin, size_t paddingLength, pcsc_cpp::byte_type paddingChar)`
`48`	`48`	`{`
`49`		`- pin.resize(std::max(pin.size(), paddingLength), paddingChar);`
	`49`	`+ if (pin.capacity() < paddingLength) {`
	`50`	`+ THROW(ProgrammingError,`
	`51`	`+ "PIN buffer does not have enough capacity to pad without reallocation");`
	`52`	`+ }`
	`53`	`+ if (pin.size() < paddingLength) {`
	`54`	`+ pin.insert(pin.end(), paddingLength - pin.size(), paddingChar);`
	`55`	`+ }`
`50`	`56`	`return std::move(pin);`
`51`	`57`	`}`
`52`	`58`