Code cleaning

- use const_iterator instead of iterator when possible

Code cleaning
- use const_iterator instead of iterator when possible
5cbc62af · Johan Pascal · 8169072a · 5cbc62af · 5cbc62af · 5cbc62af
Commit 5cbc62af authored Jan 31, 2018 by Johan Pascal
6 changed files
--- a/src/lime.cpp
+++ b/src/lime.cpp
@@ -162,7 +162,7 @@ namespace lime {
 	void Lime<Curve>::get_Ik(std::vector<uint8_t> &Ik) {
 		get_SelfIdentityKey(); // make sure our Ik is loaded in object
 		// copy self Ik to output buffer
-		Ik.assign(m_Ik.publicKey().begin(), m_Ik.publicKey().end());
+		Ik.assign(m_Ik.publicKey().cbegin(), m_Ik.publicKey().cend());
 	}

 	template <typename Curve>
@@ -173,7 +173,7 @@ namespace lime {

 		/* Create the appropriate recipient infos and fill it with sessions found in cache */
 		std::vector<recipientInfos<Curve>> internal_recipients{};
-		for (auto &recipient : *recipients) {
+		for (const auto &recipient : *recipients) {
 			auto sessionElem = m_DR_sessions_cache.find(recipient.deviceId);
 			if (sessionElem != m_DR_sessions_cache.end()) { // session is in cache
 				if (sessionElem->second->isActive()) { // the session in cache is active

--- a/src/lime_double_ratchet.cpp
+++ b/src/lime_double_ratchet.cpp
@@ -327,8 +327,8 @@ namespace lime {
 		m_Ns++;

 		// build AD: given AD || sharedAD stored in session || header (see DR spec section 3.4)
-		AD.insert(AD.end(), m_sharedAD.begin(), m_sharedAD.end());
-		AD.insert(AD.end(), ciphertext.begin(), ciphertext.end()); // cipher text holds header only for now
+		AD.insert(AD.end(), m_sharedAD.cbegin(), m_sharedAD.cend());
+		AD.insert(AD.end(), ciphertext.cbegin(), ciphertext.cend()); // cipher text holds header only for now

 		// data will be written directly in the underlying structure by C library, so set size to the actual one
 		// header size + cipher text size + auth tag size
@@ -360,8 +360,8 @@ namespace lime {

 		// build an Associated Data buffer: given AD || shared AD stored in session || header (as in DR spec section 3.4)
 		std::vector<uint8_t> DRAD{AD}; // copy given AD
-		DRAD.insert(DRAD.end(), m_sharedAD.begin(), m_sharedAD.end());
-		DRAD.insert(DRAD.end(), ciphertext.begin(), ciphertext.begin()+header.size());
+		DRAD.insert(DRAD.end(), m_sharedAD.cbegin(), m_sharedAD.cend());
+		DRAD.insert(DRAD.end(), ciphertext.cbegin(), ciphertext.cbegin()+header.size());


 		DRMKey MK;
@@ -440,7 +440,7 @@ namespace lime {
 		// expansion of randomSeed to 48 bytes: 32 bytes random key + 16 bytes nonce
 		// use the expansion round of HKDF - RFC 5869
 		std::array<uint8_t,lime::settings::DRMessageKeySize+lime::settings::DRMessageIVSize> randomKey{};
-		std::vector<uint8_t> expansionRoundInput{lime::settings::hkdf_randomSeed_info.begin(), lime::settings::hkdf_randomSeed_info.end()};
+		std::vector<uint8_t> expansionRoundInput{lime::settings::hkdf_randomSeed_info.cbegin(), lime::settings::hkdf_randomSeed_info.cend()};
 		expansionRoundInput.push_back(0x01);
 		bctbx_hmacSha512(randomSeed.data(), randomSeed.size(), expansionRoundInput.data(), expansionRoundInput.size(), randomKey.size(), randomKey.data());

@@ -448,8 +448,8 @@ namespace lime {
 		cipherMessage.resize(plaintext.size()+lime::settings::DRMessageAuthTagSize);

 		// AD is source deviceId(gruu) || recipientUserId(sip uri)
-		std::vector<uint8_t> AD{sourceDeviceId.begin(),sourceDeviceId.end()};
-		AD.insert(AD.end(), recipientUserId.begin(), recipientUserId.end());
+		std::vector<uint8_t> AD{sourceDeviceId.cbegin(),sourceDeviceId.cend()};
+		AD.insert(AD.end(), recipientUserId.cbegin(), recipientUserId.cend());

 		// encrypt to cipherMessage buffer
 		if (bctbx_aes_gcm_encrypt_and_tag(randomKey.data(), lime::settings::DRMessageKeySize, // key buffer also hold the IV
@@ -464,12 +464,12 @@ namespace lime {

 		// Loop on each session, given Associated Data to Double Ratchet encryption is: auth tag of cipherMessage AEAD || sourceDeviceId || recipient device Id(gruu)
 		// build the common part to AD given to DR Session encryption
-		AD.assign(cipherMessage.begin()+plaintext.size(), cipherMessage.end());
-		AD.insert(AD.end(), sourceDeviceId.begin(), sourceDeviceId.end());
+		AD.assign(cipherMessage.cbegin()+plaintext.size(), cipherMessage.cend());
+		AD.insert(AD.end(), sourceDeviceId.cbegin(), sourceDeviceId.cend());

 		for(size_t i=0; i<recipients.size(); i++) {
 			std::vector<uint8_t> recipientAD{AD}; // copy AD
-			recipientAD.insert(recipientAD.end(), recipients[i].deviceId.begin(), recipients[i].deviceId.end()); //insert recipient device id(gruu)
+			recipientAD.insert(recipientAD.end(), recipients[i].deviceId.cbegin(), recipients[i].deviceId.cend()); //insert recipient device id(gruu)

 			recipients[i].DRSession->ratchetEncrypt(randomSeed, std::move(recipientAD), recipients[i].cipherHeader);
 		}
@@ -483,9 +483,9 @@ namespace lime {
 			throw BCTBX_EXCEPTION << "Invalid cipher message - too short";
 		}
 		// prepare the AD given to ratchet decrypt: auth tag from cipherMessage || source Device Id || recipient Device Id
-		std::vector<uint8_t> AD{cipherMessage.end()-lime::settings::DRMessageAuthTagSize, cipherMessage.end()};
-		AD.insert(AD.end(), sourceDeviceId.begin(), sourceDeviceId.end());
-		AD.insert(AD.end(), recipientDeviceId.begin(), recipientDeviceId.end());
+		std::vector<uint8_t> AD{cipherMessage.cend()-lime::settings::DRMessageAuthTagSize, cipherMessage.cend()};
+		AD.insert(AD.end(), sourceDeviceId.cbegin(), sourceDeviceId.cend());
+		AD.insert(AD.end(), recipientDeviceId.cbegin(), recipientDeviceId.cend());

 		// buffer to store the random seed used to derive key and IV to decrypt message
 		std::array<uint8_t, lime::settings::DRrandomSeedSize> randomSeed{};
@@ -501,8 +501,8 @@ namespace lime {

 			if (decryptStatus == true) { // we got the random key correctly deciphered
 				// recompute the AD used for this encryption: source Device Id || recipient User Id
-				std::vector<uint8_t> localAD{sourceDeviceId.begin(), sourceDeviceId.end()};
-				localAD.insert(localAD.end(), recipientUserId.begin(), recipientUserId.end());
+				std::vector<uint8_t> localAD{sourceDeviceId.cbegin(), sourceDeviceId.cend()};
+				localAD.insert(localAD.end(), recipientUserId.cbegin(), recipientUserId.cend());

 				// resize plaintext vector as it is adressed directly by C library: same as cipher message - authentication tag length
 				plaintext.resize(cipherMessage.size()-lime::settings::DRMessageAuthTagSize);
@@ -510,7 +510,7 @@ namespace lime {
 				// rebuild the random key and IV from given seed
 				// use the expansion round of HKDF - RFC 5869
 				std::array<uint8_t,lime::settings::DRMessageKeySize+lime::settings::DRMessageIVSize> randomKey{};
-				std::vector<uint8_t> expansionRoundInput{lime::settings::hkdf_randomSeed_info.begin(), lime::settings::hkdf_randomSeed_info.end()};
+				std::vector<uint8_t> expansionRoundInput{lime::settings::hkdf_randomSeed_info.cbegin(), lime::settings::hkdf_randomSeed_info.cend()};
 				expansionRoundInput.push_back(0x01);
 				bctbx_hmacSha512(randomSeed.data(), randomSeed.size(), expansionRoundInput.data(), expansionRoundInput.size(), randomKey.size(), randomKey.data());
 				bctbx_clean(randomSeed.data(), randomSeed.size());

--- a/src/lime_double_ratchet_protocol.cpp
+++ b/src/lime_double_ratchet_protocol.cpp
@@ -86,8 +86,8 @@ namespace lime {
 			message.assign(1, static_cast<uint8_t>(OPk_flag?DR_X3DH_OPk_flag::withOPk:DR_X3DH_OPk_flag::withoutOPk));
 			message.reserve(1+Ik.size()+Ek.size()+4+(OPk_flag?4:0));

-			message.insert(message.end(), Ik.begin(), Ik.end());
-			message.insert(message.end(), Ek.begin(), Ek.end());
+			message.insert(message.end(), Ik.cbegin(), Ik.cend());
+			message.insert(message.end(), Ek.cbegin(), Ek.cend());
 			message.push_back((SPk_id>>24)&0xFF);
 			message.push_back((SPk_id>>16)&0xFF);
 			message.push_back((SPk_id>>8)&0xFF);
@@ -119,10 +119,10 @@ namespace lime {
 			OPk_flag = (message[0] == static_cast<uint8_t>(DR_X3DH_OPk_flag::withOPk))?true:false;
 			size_t index = 1;

-			Ik.assign(message.begin()+index);
+			Ik.assign(message.cbegin()+index);
 			index += ED<Curve>::keyLength();

-			Ek.assign(message.begin()+index);
+			Ek.assign(message.cbegin()+index);
 			index += X<Curve>::keyLength();

 			SPk_id = static_cast<uint32_t>(message[index])<<24 |
@@ -173,7 +173,7 @@ namespace lime {
 					}

 					// copy the message in the output buffer
-					X3DH_initMessage.assign(message.begin()+3, message.begin()+3+x3dh_initMessageSize);
+					X3DH_initMessage.assign(message.cbegin()+3, message.cbegin()+3+x3dh_initMessageSize);
 				}
 					return true;

@@ -200,7 +200,7 @@ namespace lime {
 			if (X3DH_initMessage.size()>0) { // we do have an X3DH init message to insert in the header
 				header.push_back(static_cast<uint8_t>(lime::double_ratchet_protocol::DR_message_type::x3dhinit));
 				header.push_back(static_cast<uint8_t>(Curve::curveId()));
-				header.insert(header.end(), X3DH_initMessage.begin(), X3DH_initMessage.end());
+				header.insert(header.end(), X3DH_initMessage.cbegin(), X3DH_initMessage.cend());
 			} else {
 				header.push_back(static_cast<uint8_t>(lime::double_ratchet_protocol::DR_message_type::regular));
 				header.push_back(static_cast<uint8_t>(Curve::curveId()));
@@ -209,7 +209,7 @@ namespace lime {
 			header.push_back((uint8_t)(Ns&0xFF));
 			header.push_back((uint8_t)((PN>>8)&0xFF));
 			header.push_back((uint8_t)(PN&0xFF));
-			header.insert(header.end(), DHs.begin(), DHs.end());
+			header.insert(header.end(), DHs.cbegin(), DHs.cend());
 		 }

 		/**

--- a/src/lime_localStorage.cpp
+++ b/src/lime_localStorage.cpp
@@ -280,7 +280,7 @@ void Db::clean_SPk() {
 void Db::get_allLocalDevices(std::vector<std::string> &deviceIds) {
 	deviceIds.clear();
 	rowset<row> rs = (sql.prepare << "SELECT UserId FROM lime_LocalUsers;");
-	for (auto &r : rs) {
+	for (const auto &r : rs) {
 		deviceIds.push_back(r.get<string>(0));
 	}
 }
@@ -468,7 +468,7 @@ bool DR<DHKey>::session_save() {
 	}

 	// Shall we insert some skipped Message keys?
-	for ( auto rChain : m_mkskipped) { // loop all chains of message keys, each one is a DHr associated to an unordered map of MK indexed by Nr to be saved
+	for ( const auto &rChain : m_mkskipped) { // loop all chains of message keys, each one is a DHr associated to an unordered map of MK indexed by Nr to be saved
 		blob DHr(m_localStorage->sql);
 		DHr.write(0, (char *)(rChain.DHr.data()), rChain.DHr.size());
 		long DHid=0;
@@ -753,7 +753,7 @@ void Lime<Curve>::cache_DR_sessions(std::vector<recipientInfos<Curve>> &internal

 	size_t requestedDevicesCount = 0;
 	size_t allDevicesCount = 0;
-	for (auto &recipient : internal_recipients) {
+	for (const auto &recipient : internal_recipients) {
 		if (recipient.DRSession == nullptr) {
 			sqlString_requestedDevices.append("'").append(recipient.deviceId).append("',");
 			requestedDevicesCount++;
@@ -769,14 +769,14 @@ void Lime<Curve>::cache_DR_sessions(std::vector<recipientInfos<Curve>> &internal
 	// fetch all the verified devices (we don't directly fetch unverified device as some devices may not be in local storage at all)
 	rowset<row> rs_devices = (m_localStorage->sql.prepare << "SELECT d.DeviceId FROM lime_PeerDevices as d WHERE d.Verified = 1 AND d.DeviceId IN ("<<sqlString_allDevices<<");");
 	std::vector<std::string> verifiedDevices{}; // vector of verified deviceId
-	for (auto &r : rs_devices) {
+	for (const auto &r : rs_devices) {
 		verifiedDevices.push_back(r.get<string>(0));
 	}

 	// loop on internal recipient and mark the one verified as verified
 	for (auto &recipient : internal_recipients) {
 		recipient.identityVerified = false;
-		for (auto &verifiedDevice : verifiedDevices) {
+		for (const auto &verifiedDevice : verifiedDevices) {
 			if (verifiedDevice == recipient.deviceId) {
 				recipient.identityVerified = true;
 				break;
@@ -794,7 +794,7 @@ void Lime<Curve>::cache_DR_sessions(std::vector<recipientInfos<Curve>> &internal
 	rowset<row> rs = (m_localStorage->sql.prepare << "SELECT s.sessionId, d.DeviceId FROM DR_sessions as s INNER JOIN lime_PeerDevices as d ON s.Did=d.Did WHERE s.Uid= :Uid AND s.Status=1 AND d.DeviceId IN ("<<sqlString_requestedDevices<<");", use(m_db_Uid));

 	std::unordered_map<std::string, std::shared_ptr<DR<Curve>>> requestedDevices; // found session will be loaded and temp stored in this
-	for (auto &r : rs) {
+	for (const auto &r : rs) {
 		auto sessionId = r.get<int>(0);
 		auto peerDeviceId = r.get<string>(1);

@@ -864,7 +864,7 @@ template <typename Curve>
 void Lime<Curve>::get_DRSessions(const std::string &senderDeviceId, const long int ignoreThisDRSessionId, std::vector<std::shared_ptr<DR<Curve>>> &DRSessions) {
 	rowset<int> rs = (m_localStorage->sql.prepare << "SELECT s.sessionId FROM DR_sessions as s INNER JOIN lime_PeerDevices as d ON s.Did=d.Did WHERE d.DeviceId = :senderDeviceId AND s.Uid = :Uid AND s.sessionId <> :ignoreThisDRSessionId ORDER BY s.Status DESC, timeStamp ASC;", use(senderDeviceId), use (m_db_Uid), use(ignoreThisDRSessionId));

-	for (auto sessionId : rs) {
+	for (const auto &sessionId : rs) {
 		/* load session in cache DRSessions */
 		DRSessions.push_back(make_shared<DR<Curve>>(m_localStorage.get(), sessionId)); // load session from cache
 	}
@@ -934,7 +934,7 @@ void Lime<Curve>::X3DH_updateOPkStatus(const std::vector<uint32_t> &OPkIds) {
 	if (OPkIds.size()>0) { /* we have keys on server */
 		// build a comma-separated list of OPk id on server
 		std::string sqlString_OPkIds{""};
-		for (auto OPkId : OPkIds) {
+		for (const auto &OPkId : OPkIds) {
 			sqlString_OPkIds.append(to_string(OPkId)).append(",");
 		}


--- a/src/lime_x3dh.cpp
+++ b/src/lime_x3dh.cpp
@@ -52,7 +52,7 @@ namespace lime {
 	static void X3DH_HKDF(std::vector<uint8_t> &input, const std::string &info, T &output) noexcept {
 		std::array<uint8_t,64> prk; // hold the output of pre-computation, as we use SHA512 gets a 64 bytes
 		// expansion round input shall be info || 0x01
-		std::vector<uint8_t> expansionRoundInput{info.begin(), info.end()};
+		std::vector<uint8_t> expansionRoundInput{info.cbegin(), info.cend()};
 		expansionRoundInput.push_back(0x01);
 		std::array<uint8_t,64> zeroFilledSalt; zeroFilledSalt.fill(0);
 		bctbx_hmacSha512(zeroFilledSalt.data(), zeroFilledSalt.size(), input.data(), input.size(), prk.size(), prk.data());
@@ -66,7 +66,7 @@ namespace lime {
 	 */
 	template <typename Curve>
 	void Lime<Curve>::X3DH_init_sender_session(const std::vector<X3DH_peerBundle<Curve>> &peersBundle) {
-		for (auto &peerBundle : peersBundle) {
+		for (const auto &peerBundle : peersBundle) {
 			// Verifify SPk_signature, throw an exception if it fails
 			auto EDDSAContext = EDDSAInit<Curve>();
 			bctbx_EDDSA_setPublicKey(EDDSAContext, peerBundle.Ik.data(), peerBundle.Ik.size());
@@ -142,10 +142,10 @@ namespace lime {

 			// Generate the shared AD used in DR session
 			SharedADBuffer AD; // AD is HKDF(session Initiator Ik || session receiver Ik || session Initiator device Id || session receiver device Id)
-			std::vector<uint8_t>AD_input{m_Ik.publicKey().begin(), m_Ik.publicKey().end()};
-			AD_input.insert(AD_input.end(), peerBundle.Ik.begin(), peerBundle.Ik.end());
-			AD_input.insert(AD_input.end(), m_selfDeviceId.begin(), m_selfDeviceId.end());
-			AD_input.insert(AD_input.end(), peerBundle.deviceId.begin(), peerBundle.deviceId.end());
+			std::vector<uint8_t>AD_input{m_Ik.publicKey().cbegin(), m_Ik.publicKey().cend()};
+			AD_input.insert(AD_input.end(), peerBundle.Ik.cbegin(), peerBundle.Ik.cend());
+			AD_input.insert(AD_input.end(), m_selfDeviceId.cbegin(), m_selfDeviceId.cend());
+			AD_input.insert(AD_input.end(), peerBundle.deviceId.cbegin(), peerBundle.deviceId.cend());
 			X3DH_HKDF<SharedADBuffer>(AD_input, lime::settings::X3DH_AD_info, AD);

 			// Generate DR_Session and put it in cache(but not in localStorage yet, that would be done when first message generation will be complete)
@@ -239,10 +239,10 @@ namespace lime {

 		// Generate the shared AD used in DR session
 		SharedADBuffer AD; // AD is HKDF(session Initiator Ik || session receiver Ik || session Initiator device Id || session receiver device Id), we are receiver on this one
-		std::vector<uint8_t> AD_input{peerIk.begin(), peerIk.end()};
-		AD_input.insert(AD_input.end(), m_Ik.publicKey().begin(), m_Ik.publicKey().end());
-		AD_input.insert(AD_input.end(), senderDeviceId.begin(), senderDeviceId.end());
-		AD_input.insert(AD_input.end(), m_selfDeviceId.begin(), m_selfDeviceId.end());
+		std::vector<uint8_t> AD_input{peerIk.cbegin(), peerIk.cend()};
+		AD_input.insert(AD_input.end(), m_Ik.publicKey().cbegin(), m_Ik.publicKey().cend());
+		AD_input.insert(AD_input.end(), senderDeviceId.cbegin(), senderDeviceId.cend());
+		AD_input.insert(AD_input.end(), m_selfDeviceId.cbegin(), m_selfDeviceId.cend());
 		X3DH_HKDF<SharedADBuffer>(AD_input, lime::settings::X3DH_AD_info, AD);

 		// insert the new peer device Id in Storage, keep the Id used in table to give it to DR_Session which will need it to save itself into DB.

--- a/src/lime_x3dh_protocol.cpp
+++ b/src/lime_x3dh_protocol.cpp
@@ -107,7 +107,7 @@ namespace lime {
 			// create the header
 			message = X3DH_makeHeader(x3dh_message_type::registerUser, Curve::curveId());
 			// append the Ik
-			message.insert(message.end(), Ik.begin(), Ik.end());
+			message.insert(message.end(), Ik.cbegin(), Ik.cend());
 		}

 		// deleteUser : empty message, server retrieves deviceId to delete from authentication header, you cannot delete someone else!
@@ -126,8 +126,8 @@ namespace lime {
 			// create the header
 			message = X3DH_makeHeader(x3dh_message_type::postSPk, Curve::curveId());
 			// append SPk, Signature and SPkId
-			message.insert(message.end(), SPk.begin(), SPk.end());
-			message.insert(message.end(), Sig.begin(), Sig.end());
+			message.insert(message.end(), SPk.cbegin(), SPk.cend());
+			message.insert(message.end(), Sig.cbegin(), Sig.cend());
 			message.push_back(static_cast<uint8_t>((SPk_id>>24)&0xFF));
 			message.push_back(static_cast<uint8_t>((SPk_id>>16)&0xFF));
 			message.push_back(static_cast<uint8_t>((SPk_id>>8)&0xFF));
@@ -147,7 +147,7 @@ namespace lime {
 			message.push_back(static_cast<uint8_t>((OPkCount)&0xFF));

 			for (decltype(OPkCount) i=0; i<OPkCount; i++) {
-				message.insert(message.end(), OPks[i].begin(), OPks[i].end());
+				message.insert(message.end(), OPks[i].cbegin(), OPks[i].cend());
 				message.push_back(static_cast<uint8_t>((OPk_ids[i]>>24)&0xFF));
 				message.push_back(static_cast<uint8_t>((OPk_ids[i]>>16)&0xFF));
 				message.push_back(static_cast<uint8_t>((OPk_ids[i]>>8)&0xFF));
@@ -172,10 +172,10 @@ namespace lime {
 			}

 			// append a sequence of peer device Id size(on 2 bytes) || device id
-			for (auto &peer_device_id : peer_device_ids) {
+			for (const auto &peer_device_id : peer_device_ids) {
 				message.push_back(static_cast<uint8_t>(((peer_device_id.size())>>8)&0xFF));
 				message.push_back(static_cast<uint8_t>((peer_device_id.size())&0xFF));
-				message.insert(message.end(),peer_device_id.begin(), peer_device_id.end());
+				message.insert(message.end(),peer_device_id.cbegin(), peer_device_id.cend());
 				BCTBX_SLOGI<<"Request X3DH keys for device "<<peer_device_id;
 			}
 		}
@@ -261,7 +261,7 @@ namespace lime {
 				if (body.size() == X3DH_headerSize+1) {
 					BCTBX_SLOGE<<"X3DH server respond error : code "<<int(body[X3DH_headerSize])<<" (no error message)";
 				} else {
-					BCTBX_SLOGE<<"X3DH server respond error : code "<<int(body[X3DH_headerSize])<<" : "<<std::string(body.begin()+X3DH_headerSize+1, body.end());
+					BCTBX_SLOGE<<"X3DH server respond error : code "<<int(body[X3DH_headerSize])<<" : "<<std::string(body.cbegin()+X3DH_headerSize+1, body.cend());
 				}

 				switch (static_cast<uint8_t>(body[X3DH_headerSize])) {
@@ -343,7 +343,7 @@ namespace lime {
 					peersBundle.clear();
 					return false;
 				}
-				std::string deviceId{body.begin()+index, body.begin()+index+deviceIdSize};
+				std::string deviceId{body.cbegin()+index, body.cbegin()+index+deviceIdSize};
 				index += deviceIdSize;

 				// check if we have an OPk
@@ -357,16 +357,16 @@ namespace lime {
 				}

 				// retrieve simple pointers to all keys and signature, the X3DH_peerBundle constructor will construct the keys out of them
-				const auto Ik = body.begin()+index; index += ED<Curve>::keyLength();
-				const auto SPk = body.begin()+index; index += X<Curve>::keyLength();
+				const auto Ik = body.cbegin()+index; index += ED<Curve>::keyLength();
+				const auto SPk = body.cbegin()+index; index += X<Curve>::keyLength();
 				uint32_t SPk_id = static_cast<uint32_t>(body[index])<<24 |
 						static_cast<uint32_t>(body[index+1])<<16 |
 						static_cast<uint32_t>(body[index+2])<<8 |
 						static_cast<uint32_t>(body[index+3]);
 				index += 4;
-				const auto SPk_sig = body.begin()+index; index += Signature<Curve>::signatureLength();
+				const auto SPk_sig = body.cbegin()+index; index += Signature<Curve>::signatureLength();
 				if (haveOPk) {
-					const auto OPk = body.begin()+index; index += X<Curve>::keyLength();
+					const auto OPk = body.cbegin()+index; index += X<Curve>::keyLength();
 					uint32_t OPk_id = static_cast<uint32_t>(body[index])<<24 |
 						static_cast<uint32_t>(body[index+1])<<16 |
 						static_cast<uint32_t>(body[index+2])<<8 |