web-eid · mrts · Mar 1, 2024 · Feb 10, 2024
diff --git a/lib/libpcsc-cpp/include/pcsc-cpp/pcsc-cpp.hpp b/lib/libpcsc-cpp/include/pcsc-cpp/pcsc-cpp.hpp
@@ -35,6 +35,25 @@
     Class(Class&&) = delete;                                                                       \
     Class& operator=(Class&&) = delete
 
+#ifdef WIN32
+#define PCSC_CPP_WARNING_PUSH __pragma(warning(push))
+#define PCSC_CPP_WARNING_POP __pragma(warning(pop))
+#define PCSC_CPP_WARNING_DISABLE_CLANG(text)
+#define PCSC_CPP_WARNING_DISABLE_GCC(text)
+#define PCSC_CPP_WARNING_DISABLE_MSVC(number) __pragma(warning(disable: number))
+#else
+#define PCSC_CPP_DO_PRAGMA(text) _Pragma(#text)
+#define PCSC_CPP_WARNING_PUSH PCSC_CPP_DO_PRAGMA(GCC diagnostic push)
+#define PCSC_CPP_WARNING_POP PCSC_CPP_DO_PRAGMA(GCC diagnostic pop)
+#if __clang__
+#define PCSC_CPP_WARNING_DISABLE_CLANG(text) PCSC_CPP_DO_PRAGMA(clang diagnostic ignored text)
+#else
+#define PCSC_CPP_WARNING_DISABLE_CLANG(text)
+#endif
+#define PCSC_CPP_WARNING_DISABLE_GCC(text) PCSC_CPP_DO_PRAGMA(GCC diagnostic ignored text)
+#define PCSC_CPP_WARNING_DISABLE_MSVC(text)
+#endif
+
 namespace pcsc_cpp
 {
 
@@ -75,8 +94,8 @@ struct ResponseApdu
 
     byte_vector data;
 
-    static const size_t MAX_DATA_SIZE = 256;
-    static const size_t MAX_SIZE = MAX_DATA_SIZE + 2; // + sw1 and sw2
+    static constexpr size_t MAX_DATA_SIZE = 256;
+    static constexpr size_t MAX_SIZE = MAX_DATA_SIZE + 2; // + sw1 and sw2
 
     ResponseApdu(byte_type s1, byte_type s2, byte_vector d = {}) :
         sw1(s1), sw2(s2), data(std::move(d))
@@ -85,15 +104,21 @@ struct ResponseApdu
 
     ResponseApdu() = default;
 
-    static ResponseApdu fromBytes(const byte_vector& data)
+    static ResponseApdu fromBytes(byte_vector data)
     {
         if (data.size() < 2) {
             throw std::invalid_argument("Need at least 2 bytes for creating ResponseApdu");
         }
 
+PCSC_CPP_WARNING_PUSH
+PCSC_CPP_WARNING_DISABLE_GCC("-Warray-bounds") // avoid GCC 13 false positive warning
+        byte_type sw1 = data[data.size() - 2];
+        byte_type sw2 = data[data.size() - 1];
+        data.resize(data.size() - 2);
+PCSC_CPP_WARNING_POP
+
         // SW1 and SW2 are in the end
-        return ResponseApdu {data[data.size() - 2], data[data.size() - 1],
-                             byte_vector {data.cbegin(), data.cend() - 2}};
+        return {sw1, sw2, std::move(data)};
     }
 
     byte_vector toBytes() const

diff --git a/lib/libpcsc-cpp/src/SmartCard.cpp b/lib/libpcsc-cpp/src/SmartCard.cpp
@@ -130,7 +130,7 @@ class CardImpl
         SCard(Transmit, cardHandle, &_protocol, commandBytes.data(), DWORD(commandBytes.size()),
               nullptr, responseBytes.data(), &responseLength);
 
-        auto response = toResponse(responseBytes, responseLength);
+        auto response = toResponse(std::move(responseBytes), responseLength);
 
         if (response.sw1 == ResponseApdu::MORE_DATA_AVAILABLE) {
             getMoreResponseData(response);
@@ -175,7 +175,7 @@ class CardImpl
                   DWORD(responseBytes.size()), &responseLength);
         }
 
-        return toResponse(responseBytes, responseLength);
+        return toResponse(std::move(responseBytes), responseLength);
     }
 
     void beginTransaction() const { SCard(BeginTransaction, cardHandle); }
@@ -189,7 +189,7 @@ class CardImpl
     const SCARD_IO_REQUEST _protocol;
     std::map<DRIVER_FEATURES, uint32_t> features;
 
-    ResponseApdu toResponse(byte_vector& responseBytes, size_t responseLength) const
+    ResponseApdu toResponse(byte_vector&& responseBytes, size_t responseLength) const
     {
         if (responseLength > responseBytes.size()) {
             THROW(Error, "SCardTransmit: received more bytes than buffer size");
@@ -198,7 +198,7 @@ class CardImpl
 
         // TODO: debug("Received: " + bytes2hexstr(responseBytes))
 
-        auto response = ResponseApdu::fromBytes(responseBytes);
+        auto response = ResponseApdu::fromBytes(std::move(responseBytes));
 
         // Let expected errors through for handling in upper layers or in if blocks below.
         switch (response.sw1) {

diff --git a/src/electronic-id.cpp b/src/electronic-id.cpp
@@ -51,7 +51,7 @@ constexpr auto constructor(const Reader& reader)
 }
 
 template <Pkcs11ElectronicIDType value>
-constexpr auto constructor(const Reader&)
+constexpr auto constructor(const Reader& /*reader*/)
 {
     return std::make_unique<Pkcs11ElectronicID>(value);
 }
@@ -156,9 +156,8 @@ ElectronicID::ptr getElectronicID(const pcsc_cpp::Reader& reader)
 
 bool ElectronicID::isSupportedSigningHashAlgorithm(const HashAlgorithm hashAlgo) const
 {
-    auto supported = supportedSigningAlgorithms();
-    return std::any_of(supported.cbegin(), supported.cend(),
-                       [hashAlgo](SignatureAlgorithm signAlgo) { return signAlgo == hashAlgo; });
+    const auto &supported = supportedSigningAlgorithms();
+    return std::find(supported.cbegin(), supported.cend(), hashAlgo) != supported.cend();
 }
 
 AutoSelectFailed::AutoSelectFailed(Reason r) :

diff --git a/src/electronic-ids/pcsc/FinEID.cpp b/src/electronic-ids/pcsc/FinEID.cpp
@@ -142,7 +142,7 @@ byte_vector FinEIDv3::sign(const HashAlgorithm hashAlgo, const byte_vector& hash
     byte_vector tlv {0x90, byte_type(hash.size())};
     tlv.insert(tlv.cend(), hash.cbegin(), hash.cend());
 
-    const CommandApdu computeSignature {{0x00, 0x2A, 0x90, 0xA0}, tlv};
+    const CommandApdu computeSignature {{0x00, 0x2A, 0x90, 0xA0}, std::move(tlv)};
     const auto response = card->transmit(computeSignature);
 
     if (response.sw1 == ResponseApdu::WRONG_LENGTH) {

diff --git a/tests/integration/test-authenticate.cpp b/tests/integration/test-authenticate.cpp
@@ -36,12 +36,12 @@ TEST(electronic_id_test, authenticate)
 
     EXPECT_TRUE(cardInfo);
 
-    std::cout << "Selected card: " << cardInfo->eid().name() << std::endl;
+    std::cout << "Selected card: " << cardInfo->eid().name() << '\n';
 
     byte_vector cert = cardInfo->eid().getCertificate(CertificateType::AUTHENTICATION);
 
     std::cout << "Does the reader have a PIN-pad? "
-              << (cardInfo->eid().smartcard().readerHasPinPad() ? "yes" : "no") << std::endl;
+              << (cardInfo->eid().smartcard().readerHasPinPad() ? "yes" : "no") << '\n';
 
     if (cardInfo->eid().authSignatureAlgorithm() != JsonWebSignatureAlgorithm::ES384
         && cardInfo->eid().authSignatureAlgorithm() != JsonWebSignatureAlgorithm::RS256
@@ -52,21 +52,21 @@ TEST(electronic_id_test, authenticate)
             "currently supported");
     }
 
-    GTEST_ASSERT_GE(cardInfo->eid().authPinRetriesLeft().first, 0u);
+    GTEST_ASSERT_GE(cardInfo->eid().authPinRetriesLeft().first, 0U);
 
-    const auto pin = cardInfo->eid().name() == "EstEID Gemalto v3.5.8"
+    const auto &pin = cardInfo->eid().name() == "EstEID Gemalto v3.5.8"
         ? byte_vector {'0', '0', '9', '0'} // Gemalto test card default PIN1
         : byte_vector {'1', '2', '3', '4'};
 
     std::cout << "WARNING! Using hard-coded PIN "
-              << std::string(reinterpret_cast<const char*>(pin.data()), pin.size()) << std::endl;
+              << std::string(reinterpret_cast<const char*>(pin.data()), pin.size()) << '\n';
 
-    const byte_vector dataToSign = {'H', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!'};
+    const byte_vector dataToSign {'H', 'e', 'l', 'l', 'o', ' ', 'w', 'o', 'r', 'l', 'd', '!'};
     const JsonWebSignatureAlgorithm hashAlgo = cardInfo->eid().authSignatureAlgorithm();
     const byte_vector hash = calculateDigest(hashAlgo.hashAlgorithm(), dataToSign);
     auto signature = cardInfo->eid().signWithAuthKey(pin, hash);
 
-    std::cout << "Authentication signature: " << pcsc_cpp::bytes2hexstr(signature) << std::endl;
+    std::cout << "Authentication signature: " << pcsc_cpp::bytes2hexstr(signature) << '\n';
 
     if (!verify(hashAlgo.hashAlgorithm(), cert, dataToSign, signature,
                 hashAlgo == JsonWebSignatureAlgorithm::PS256)) {