From 6a466c7dcd8a0865060a23c9ab89a3b2c0e2c25a Mon Sep 17 00:00:00 2001 From: Raul Metsma Date: Mon, 1 Apr 2024 14:38:11 +0300 Subject: [PATCH] Fix coverity warnings IB-7930 Signed-off-by: Raul Metsma --- include/electronic-id/electronic-id.hpp | 6 +--- src/electronic-id.cpp | 2 +- .../ms-cryptoapi/MsCryptoApiElectronicID.hpp | 6 ++-- src/electronic-ids/pcsc/pcsc-common.hpp | 4 +-- .../pkcs11/PKCS11CardManager.hpp | 35 +++++++++---------- 5 files changed, 23 insertions(+), 30 deletions(-) diff --git a/include/electronic-id/electronic-id.hpp b/include/electronic-id/electronic-id.hpp index 481feda..0fabab9 100644 --- a/include/electronic-id/electronic-id.hpp +++ b/include/electronic-id/electronic-id.hpp @@ -24,10 +24,6 @@ #include "enums.hpp" -#include "pcsc-cpp/pcsc-cpp.hpp" - -#include - namespace electronic_id { @@ -37,7 +33,7 @@ class ElectronicID { public: using ptr = std::shared_ptr; - using PinMinMaxLength = std::pair; + using PinMinMaxLength = std::pair; using PinRetriesRemainingAndMax = std::pair; using byte_vector = pcsc_cpp::byte_vector; using byte_type = pcsc_cpp::byte_type; diff --git a/src/electronic-id.cpp b/src/electronic-id.cpp index 3c5de9e..85d67fa 100644 --- a/src/electronic-id.cpp +++ b/src/electronic-id.cpp @@ -85,7 +85,7 @@ const std::map SUPPORTED_ATRS { {{0x3B, 0x9D, 0x18, 0x81, 0x31, 0xFC, 0x35, 0x80, 0x31, 0xC0, 0x69, 0x4D, 0x54, 0x43, 0x4F, 0x53, 0x73, 0x02, 0x05, 0x05, 0xD3}, constructor}, - // LitEID v2.0 + // LitEID v2.0 {{0x3B, 0x9D, 0x18, 0x81, 0x31, 0xFC, 0x35, 0x80, 0x31, 0xC0, 0x69, 0x4D, 0x54, 0x43, 0x4F, 0x53, 0x73, 0x02, 0x06, 0x04, 0xD1}, constructor}, diff --git a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp index 602dac9..ad7ebe1 100644 --- a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp +++ b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp @@ -38,8 +38,8 @@ class MsCryptoApiElectronicID : public ElectronicID MsCryptoApiElectronicID(PCCERT_CONTEXT certCtx, pcsc_cpp::byte_vector&& cert, CertificateType cType, bool isRsa, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE k, bool freeK) : - ElectronicID {std::make_unique()}, - certContext {certCtx}, certData {cert}, certType {cType}, + ElectronicID {std::make_unique()}, certContext {certCtx}, + certData {cert}, certType {cType}, // TODO: SignatureAlgorithm::PS? signatureAlgo {isRsa ? SignatureAlgorithm::RS : SignatureAlgorithm::ES}, key {k}, freeKey {freeK} @@ -59,7 +59,7 @@ class MsCryptoApiElectronicID : public ElectronicID // The following placeholders are not used as the external PIN dialog manages PIN length // validation. static const int8_t PIN_RETRY_COUNT_PLACEHOLDER = -1; - static const size_t PIN_LENGTH_PLACEHOLDER = 0; + static const uint8_t PIN_LENGTH_PLACEHOLDER = 0; private: // Use the external dialog provided by the CryptoAPI cryptographic service provider. diff --git a/src/electronic-ids/pcsc/pcsc-common.hpp b/src/electronic-ids/pcsc/pcsc-common.hpp index caf5338..ce56e64 100644 --- a/src/electronic-ids/pcsc/pcsc-common.hpp +++ b/src/electronic-ids/pcsc/pcsc-common.hpp @@ -52,7 +52,7 @@ inline pcsc_cpp::byte_vector addPaddingToPin(const pcsc_cpp::byte_vector& pin, s } inline void verifyPin(pcsc_cpp::SmartCard& card, pcsc_cpp::byte_type p2, - const pcsc_cpp::byte_vector& pin, size_t pinMinLength, size_t paddingLength, + const pcsc_cpp::byte_vector& pin, uint8_t pinMinLength, size_t paddingLength, pcsc_cpp::byte_type paddingChar) { const pcsc_cpp::CommandApdu VERIFY_PIN {0x00, 0x20, 0x00, p2}; @@ -61,7 +61,7 @@ inline void verifyPin(pcsc_cpp::SmartCard& card, pcsc_cpp::byte_type p2, if (card.readerHasPinPad()) { const pcsc_cpp::CommandApdu verifyPin {VERIFY_PIN, addPaddingToPin({}, paddingLength, paddingChar)}; - response = card.transmitCTL(verifyPin, 0, uint8_t(pinMinLength)); + response = card.transmitCTL(verifyPin, 0, pinMinLength); } else { const pcsc_cpp::CommandApdu verifyPin {VERIFY_PIN, diff --git a/src/electronic-ids/pkcs11/PKCS11CardManager.hpp b/src/electronic-ids/pkcs11/PKCS11CardManager.hpp index 169c74c..8558ec6 100644 --- a/src/electronic-ids/pkcs11/PKCS11CardManager.hpp +++ b/src/electronic-ids/pkcs11/PKCS11CardManager.hpp @@ -124,7 +124,7 @@ class PKCS11CardManager std::vector cert, certID; int8_t retry; bool pinpad; - CK_ULONG minPinLen, maxPinLen; + uint8_t minPinLen, maxPinLen; }; std::vector tokens() const @@ -147,17 +147,15 @@ class PKCS11CardManager for (CK_OBJECT_HANDLE obj : findObject(session, CKO_CERTIFICATE)) { result.push_back({ - std::string(reinterpret_cast(tokenInfo.label), - sizeof(tokenInfo.label)), - std::string(reinterpret_cast(tokenInfo.serialNumber), - sizeof(tokenInfo.serialNumber)), + {std::begin(tokenInfo.label), std::end(tokenInfo.label)}, + {std::begin(tokenInfo.serialNumber), std::end(tokenInfo.serialNumber)}, slotID, attribute(session, obj, CKA_VALUE), attribute(session, obj, CKA_ID), pinRetryCount(tokenInfo.flags), (tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) > 0, - tokenInfo.ulMinPinLen, - tokenInfo.ulMaxPinLen, + uint8_t(tokenInfo.ulMinPinLen), + uint8_t(tokenInfo.ulMaxPinLen), }); } @@ -211,15 +209,15 @@ class PKCS11CardManager // token.certID.data()); CK_KEY_TYPE keyType = CKK_RSA; - CK_ATTRIBUTE attribute = {CKA_KEY_TYPE, &keyType, sizeof(keyType)}; - C(GetAttributeValue, session, privateKeyHandle[0], &attribute, 1ul); + CK_ATTRIBUTE attribute {CKA_KEY_TYPE, &keyType, sizeof(keyType)}; + C(GetAttributeValue, session, privateKeyHandle[0], &attribute, 1UL); - const electronic_id::SignatureAlgorithm signatureAlgorithm = { + const electronic_id::SignatureAlgorithm signatureAlgorithm { keyType == CKK_ECDSA ? electronic_id::SignatureAlgorithm::ES : electronic_id::SignatureAlgorithm::RS, hashAlgo}; - CK_MECHANISM mechanism = {keyType == CKK_ECDSA ? CKM_ECDSA : CKM_RSA_PKCS, nullptr, 0}; + CK_MECHANISM mechanism {keyType == CKK_ECDSA ? CKM_ECDSA : CKM_RSA_PKCS, nullptr, 0}; C(SignInit, session, &mechanism, privateKeyHandle[0]); std::vector hashWithPaddingOID = keyType == CKK_RSA ? addRSAOID(hashAlgo, hash) : hash; @@ -275,10 +273,9 @@ class PKCS11CardManager template static void Call(const char* function, const char* file, int line, const char* apiFunction, - Func func, Args... args) + Func&& func, Args... args) { - CK_RV rv = func(args...); - switch (rv) { + switch (CK_RV rv = func(args...)) { case CKR_OK: case CKR_CRYPTOKI_ALREADY_INITIALIZED: break; @@ -310,7 +307,7 @@ class PKCS11CardManager THROW_WITH_CALLER_INFO(Pkcs11Error, fn + " failed with return code " + pcsc_cpp::int2hexstr(rv), file, line, function); - }; + } break; } default: @@ -324,11 +321,11 @@ class PKCS11CardManager std::vector attribute(CK_SESSION_HANDLE session, CK_OBJECT_CLASS obj, CK_ATTRIBUTE_TYPE attr) const { - CK_ATTRIBUTE attribute = {attr, nullptr, 0}; - C(GetAttributeValue, session, obj, &attribute, 1ul); + CK_ATTRIBUTE attribute {attr, {}, 0}; + C(GetAttributeValue, session, obj, &attribute, 1UL); std::vector data(attribute.ulValueLen); attribute.pValue = data.data(); - C(GetAttributeValue, session, obj, &attribute, 1ul); + C(GetAttributeValue, session, obj, &attribute, 1UL); return data; } @@ -351,7 +348,7 @@ class PKCS11CardManager return objectHandle; } - static int8_t pinRetryCount(CK_FLAGS flags) + static constexpr int8_t pinRetryCount(CK_FLAGS flags) noexcept { // As PKCS#11 does not provide an API for querying remaining PIN retries, we currently // simply assume max retry count of 3, which is quite common. We might need to revisit this