web-eid · mrts · Apr 1, 2024 · Apr 1, 2024
diff --git a/include/electronic-id/electronic-id.hpp b/include/electronic-id/electronic-id.hpp
@@ -24,10 +24,6 @@
 
 #include "enums.hpp"
 
-#include "pcsc-cpp/pcsc-cpp.hpp"
-
-#include <memory>
-
 namespace electronic_id
 {
 
@@ -37,7 +33,7 @@ class ElectronicID
 {
 public:
     using ptr = std::shared_ptr<ElectronicID>;
-    using PinMinMaxLength = std::pair<size_t, size_t>;
+    using PinMinMaxLength = std::pair<uint8_t, uint8_t>;
     using PinRetriesRemainingAndMax = std::pair<uint8_t, int8_t>;
     using byte_vector = pcsc_cpp::byte_vector;
     using byte_type = pcsc_cpp::byte_type;

diff --git a/src/electronic-id.cpp b/src/electronic-id.cpp
@@ -85,7 +85,7 @@ const std::map<byte_vector, ElectronicIDConstructor> SUPPORTED_ATRS {
     {{0x3B, 0x9D, 0x18, 0x81, 0x31, 0xFC, 0x35, 0x80, 0x31, 0xC0, 0x69,
       0x4D, 0x54, 0x43, 0x4F, 0x53, 0x73, 0x02, 0x05, 0x05, 0xD3},
      constructor<Pkcs11ElectronicIDType::LitEIDv3>},
-     // LitEID v2.0
+    // LitEID v2.0
     {{0x3B, 0x9D, 0x18, 0x81, 0x31, 0xFC, 0x35, 0x80, 0x31, 0xC0, 0x69,
       0x4D, 0x54, 0x43, 0x4F, 0x53, 0x73, 0x02, 0x06, 0x04, 0xD1},
      constructor<Pkcs11ElectronicIDType::LitEIDv3>},

diff --git a/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp b/src/electronic-ids/ms-cryptoapi/MsCryptoApiElectronicID.hpp
@@ -38,8 +38,8 @@ class MsCryptoApiElectronicID : public ElectronicID
     MsCryptoApiElectronicID(PCCERT_CONTEXT certCtx, pcsc_cpp::byte_vector&& cert,
                             CertificateType cType, bool isRsa, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE k,
                             bool freeK) :
-        ElectronicID {std::make_unique<pcsc_cpp::SmartCard>()},
-        certContext {certCtx}, certData {cert}, certType {cType},
+        ElectronicID {std::make_unique<pcsc_cpp::SmartCard>()}, certContext {certCtx},
+        certData {cert}, certType {cType},
         // TODO: SignatureAlgorithm::PS?
         signatureAlgo {isRsa ? SignatureAlgorithm::RS : SignatureAlgorithm::ES}, key {k},
         freeKey {freeK}
@@ -59,7 +59,7 @@ class MsCryptoApiElectronicID : public ElectronicID
     // The following placeholders are not used as the external PIN dialog manages PIN length
     // validation.
     static const int8_t PIN_RETRY_COUNT_PLACEHOLDER = -1;
-    static const size_t PIN_LENGTH_PLACEHOLDER = 0;
+    static const uint8_t PIN_LENGTH_PLACEHOLDER = 0;
 
 private:
     // Use the external dialog provided by the CryptoAPI cryptographic service provider.

diff --git a/src/electronic-ids/pcsc/pcsc-common.hpp b/src/electronic-ids/pcsc/pcsc-common.hpp
@@ -52,7 +52,7 @@ inline pcsc_cpp::byte_vector addPaddingToPin(const pcsc_cpp::byte_vector& pin, s
 }
 
 inline void verifyPin(pcsc_cpp::SmartCard& card, pcsc_cpp::byte_type p2,
-                      const pcsc_cpp::byte_vector& pin, size_t pinMinLength, size_t paddingLength,
+                      const pcsc_cpp::byte_vector& pin, uint8_t pinMinLength, size_t paddingLength,
                       pcsc_cpp::byte_type paddingChar)
 {
     const pcsc_cpp::CommandApdu VERIFY_PIN {0x00, 0x20, 0x00, p2};
@@ -61,7 +61,7 @@ inline void verifyPin(pcsc_cpp::SmartCard& card, pcsc_cpp::byte_type p2,
     if (card.readerHasPinPad()) {
         const pcsc_cpp::CommandApdu verifyPin {VERIFY_PIN,
                                                addPaddingToPin({}, paddingLength, paddingChar)};
-        response = card.transmitCTL(verifyPin, 0, uint8_t(pinMinLength));
+        response = card.transmitCTL(verifyPin, 0, pinMinLength);
 
     } else {
         const pcsc_cpp::CommandApdu verifyPin {VERIFY_PIN,

diff --git a/src/electronic-ids/pkcs11/PKCS11CardManager.hpp b/src/electronic-ids/pkcs11/PKCS11CardManager.hpp
@@ -124,7 +124,7 @@ class PKCS11CardManager
         std::vector<CK_BYTE> cert, certID;
         int8_t retry;
         bool pinpad;
-        CK_ULONG minPinLen, maxPinLen;
+        uint8_t minPinLen, maxPinLen;
     };
 
     std::vector<Token> tokens() const
@@ -147,17 +147,15 @@ class PKCS11CardManager
 
             for (CK_OBJECT_HANDLE obj : findObject(session, CKO_CERTIFICATE)) {
                 result.push_back({
-                    std::string(reinterpret_cast<const char*>(tokenInfo.label),
-                                sizeof(tokenInfo.label)),
-                    std::string(reinterpret_cast<const char*>(tokenInfo.serialNumber),
-                                sizeof(tokenInfo.serialNumber)),
+                    {std::begin(tokenInfo.label), std::end(tokenInfo.label)},
+                    {std::begin(tokenInfo.serialNumber), std::end(tokenInfo.serialNumber)},
                     slotID,
                     attribute(session, obj, CKA_VALUE),
                     attribute(session, obj, CKA_ID),
                     pinRetryCount(tokenInfo.flags),
                     (tokenInfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH) > 0,
-                    tokenInfo.ulMinPinLen,
-                    tokenInfo.ulMaxPinLen,
+                    uint8_t(tokenInfo.ulMinPinLen),
+                    uint8_t(tokenInfo.ulMaxPinLen),
                 });
             }
 
@@ -211,15 +209,15 @@ class PKCS11CardManager
         //      token.certID.data());
 
         CK_KEY_TYPE keyType = CKK_RSA;
-        CK_ATTRIBUTE attribute = {CKA_KEY_TYPE, &keyType, sizeof(keyType)};
-        C(GetAttributeValue, session, privateKeyHandle[0], &attribute, 1ul);
+        CK_ATTRIBUTE attribute {CKA_KEY_TYPE, &keyType, sizeof(keyType)};
+        C(GetAttributeValue, session, privateKeyHandle[0], &attribute, 1UL);
 
-        const electronic_id::SignatureAlgorithm signatureAlgorithm = {
+        const electronic_id::SignatureAlgorithm signatureAlgorithm {
             keyType == CKK_ECDSA ? electronic_id::SignatureAlgorithm::ES
                                  : electronic_id::SignatureAlgorithm::RS,
             hashAlgo};
 
-        CK_MECHANISM mechanism = {keyType == CKK_ECDSA ? CKM_ECDSA : CKM_RSA_PKCS, nullptr, 0};
+        CK_MECHANISM mechanism {keyType == CKK_ECDSA ? CKM_ECDSA : CKM_RSA_PKCS, nullptr, 0};
         C(SignInit, session, &mechanism, privateKeyHandle[0]);
         std::vector<CK_BYTE> hashWithPaddingOID =
             keyType == CKK_RSA ? addRSAOID(hashAlgo, hash) : hash;
@@ -275,10 +273,9 @@ class PKCS11CardManager
 
     template <typename Func, typename... Args>
     static void Call(const char* function, const char* file, int line, const char* apiFunction,
-                     Func func, Args... args)
+                     Func&& func, Args... args)
     {
-        CK_RV rv = func(args...);
-        switch (rv) {
+        switch (CK_RV rv = func(args...)) {
         case CKR_OK:
         case CKR_CRYPTOKI_ALREADY_INITIALIZED:
             break;
@@ -310,7 +307,7 @@ class PKCS11CardManager
                 THROW_WITH_CALLER_INFO(Pkcs11Error,
                                        fn + " failed with return code " + pcsc_cpp::int2hexstr(rv),
                                        file, line, function);
-            };
+            }
             break;
         }
         default:
@@ -324,11 +321,11 @@ class PKCS11CardManager
     std::vector<CK_BYTE> attribute(CK_SESSION_HANDLE session, CK_OBJECT_CLASS obj,
                                    CK_ATTRIBUTE_TYPE attr) const
     {
-        CK_ATTRIBUTE attribute = {attr, nullptr, 0};
-        C(GetAttributeValue, session, obj, &attribute, 1ul);
+        CK_ATTRIBUTE attribute {attr, {}, 0};
+        C(GetAttributeValue, session, obj, &attribute, 1UL);
         std::vector<CK_BYTE> data(attribute.ulValueLen);
         attribute.pValue = data.data();
-        C(GetAttributeValue, session, obj, &attribute, 1ul);
+        C(GetAttributeValue, session, obj, &attribute, 1UL);
         return data;
     }
 
@@ -351,7 +348,7 @@ class PKCS11CardManager
         return objectHandle;
     }
 
-    static int8_t pinRetryCount(CK_FLAGS flags)
+    static constexpr int8_t pinRetryCount(CK_FLAGS flags) noexcept
     {
         // As PKCS#11 does not provide an API for querying remaining PIN retries, we currently
         // simply assume max retry count of 3, which is quite common. We might need to revisit this