const static CFStringRef SignName = CFSTR("com.apple.security.Sign"), VerifyName = CFSTR("com.apple.security.Verify");
const CFStringRef __nonnull kSecKeyAttributeName = CFSTR("KEY"), kSecSignatureAttributeName = CFSTR("Signature"), kSecInputIsAttributeName = CFSTR("InputIs");
const static CFStringRef SignName = CFSTR("com.apple.security.Sign"), VerifyName = CFSTR("com.apple.security.Verify");
const CFStringRef __nonnull kSecKeyAttributeName = CFSTR("KEY"), kSecSignatureAttributeName = CFSTR("Signature"), kSecInputIsAttributeName = CFSTR("InputIs");
CFErrorRef do_sec_fail(OSStatus code, const char *func, const char *file, int line) {
CFStringRef msg = CFStringCreateWithFormat(NULL, NULL, CFSTR("Internal error #%x at %s %s:%d"), (unsigned)code, func, file, line);
CFErrorRef err = fancy_error(CFSTR("Internal CSSM error"), code, msg);
CFErrorRef do_sec_fail(OSStatus code, const char *func, const char *file, int line) {
CFStringRef msg = CFStringCreateWithFormat(NULL, NULL, CFSTR("Internal error #%x at %s %s:%d"), (unsigned)code, func, file, line);
CFErrorRef err = fancy_error(CFSTR("Internal CSSM error"), code, msg);
}
CFIndex c = CFArrayGetCount(*a);
CFArrayAppendValue(*a, dc);
}
CFIndex c = CFArrayGetCount(*a);
CFArrayAppendValue(*a, dc);
// Could use NoCopy and hold onto the allocation, and that will be a good idea when we can have it not so oversized
CFDataRef result = CFDataCreate(NULL, sig.Data, sig.Length);
SecTransformCustomSetAttribute(ref, kSecTransformOutputAttributeName, kSecTransformMetaAttributeValue, result);
// Could use NoCopy and hold onto the allocation, and that will be a good idea when we can have it not so oversized
CFDataRef result = CFDataCreate(NULL, sig.Data, sig.Length);
SecTransformCustomSetAttribute(ref, kSecTransformOutputAttributeName, kSecTransformMetaAttributeValue, result);
OSStatus rc = CSSM_SignData(cch, &c_d, 1, (input_is == kSecInputIsDigest) ? sign_alg->digest_algo : CSSM_ALGID_NONE, &sig);
SEC_FAIL(rc);
OSStatus rc = CSSM_SignData(cch, &c_d, 1, (input_is == kSecInputIsDigest) ? sign_alg->digest_algo : CSSM_ALGID_NONE, &sig);
SEC_FAIL(rc);
assert(sig.Length <= 32*1024);
CSSM_DeleteContext(cch);
// Could use NoCopy and hold onto the allocation, and that will be a good idea when we can have it not so oversized
CFDataRef result = CFDataCreate(NULL, sig.Data, sig.Length);
SecTransformCustomSetAttribute(ref, kSecTransformOutputAttributeName, kSecTransformMetaAttributeValue, result);
assert(sig.Length <= 32*1024);
CSSM_DeleteContext(cch);
// Could use NoCopy and hold onto the allocation, and that will be a good idea when we can have it not so oversized
CFDataRef result = CFDataCreate(NULL, sig.Data, sig.Length);
SecTransformCustomSetAttribute(ref, kSecTransformOutputAttributeName, kSecTransformMetaAttributeValue, result);
SecTransformSetAttributeAction(ref, kSecTransformActionAttributeNotification, kSecDigestTypeAttribute,
^(SecTransformAttributeRef ah, CFTypeRef value)
{
SecTransformSetAttributeAction(ref, kSecTransformActionAttributeNotification, kSecDigestTypeAttribute,
^(SecTransformAttributeRef ah, CFTypeRef value)
{
-
- if (!cssm_key->KeyHeader.KeyUsage & CSSM_KEYUSE_SIGN)
+
+ if (((!cssm_key->KeyHeader.KeyUsage) & CSSM_KEYUSE_SIGN) // Keep the previous test to be compatible with existing apps
+ || ((dyld_get_program_sdk_version() >= DYLD_MACOSX_VERSION_10_13) // Better check for newly compiled apps
+ && !(cssm_key->KeyHeader.KeyUsage & (CSSM_KEYUSE_SIGN|CSSM_KEYUSE_ANY))))
CFTypeRef error = CreateSecTransformErrorRef(kSecTransformErrorInvalidInput, "Key %@ can not be used to sign", key);
SecTransformCustomSetAttribute(ref, kSecTransformAbortAttributeName, kSecTransformMetaAttributeValue, error);
return (CFTypeRef)NULL;
}
CFTypeRef error = CreateSecTransformErrorRef(kSecTransformErrorInvalidInput, "Key %@ can not be used to sign", key);
SecTransformCustomSetAttribute(ref, kSecTransformAbortAttributeName, kSecTransformMetaAttributeValue, error);
return (CFTypeRef)NULL;
}
-
- if (!cssm_key->KeyHeader.KeyUsage & CSSM_KEYUSE_VERIFY)
+
+ if (((!cssm_key->KeyHeader.KeyUsage) & CSSM_KEYUSE_SIGN) // Keep the previous test to be compatible with existing apps
+ || ((dyld_get_program_sdk_version() >= DYLD_MACOSX_VERSION_10_13) // Better check for newly compiled apps
+ && !(cssm_key->KeyHeader.KeyUsage & (CSSM_KEYUSE_VERIFY|CSSM_KEYUSE_ANY))))
- // This key cannot verify!
- return (CFTypeRef)CreateSecTransformErrorRef(kSecTransformErrorInvalidInput, "Key %@ can not be used to verify", key);
+ key = NULL; // This key cannot verify!
+ CFTypeRef error = (CFTypeRef)CreateSecTransformErrorRef(kSecTransformErrorInvalidInput, "Key %@ can not be used to verify", key);
+ SecTransformCustomSetAttribute(ref, kSecTransformAbortAttributeName, kSecTransformMetaAttributeValue, error);
+ return (CFTypeRef)NULL;
c_d.Data = (void*)CFDataGetBytePtr(alldata);
c_d.Length = CFDataGetLength(alldata);
rc = CSSM_VerifyData(cch, &c_d, 1, (input_is == kSecInputIsDigest) ? verify_alg->digest_algo : CSSM_ALGID_NONE, &sig);
c_d.Data = (void*)CFDataGetBytePtr(alldata);
c_d.Length = CFDataGetLength(alldata);
rc = CSSM_VerifyData(cch, &c_d, 1, (input_is == kSecInputIsDigest) ? verify_alg->digest_algo : CSSM_ALGID_NONE, &sig);
SecTransformSetAttributeAction(ref, kSecTransformActionAttributeNotification, kSecDigestTypeAttribute,
^(SecTransformAttributeRef ah, CFTypeRef value)
{
SecTransformSetAttributeAction(ref, kSecTransformActionAttributeNotification, kSecDigestTypeAttribute,
^(SecTransformAttributeRef ah, CFTypeRef value)
{
SecTransformSetAttribute(tr, kSecSignatureAttributeName, signature, error);
}
SecTransformSetAttribute(tr, kSecDigestTypeAttribute, kSecDigestSHA1, NULL);
SecTransformSetAttribute(tr, kSecSignatureAttributeName, signature, error);
}
SecTransformSetAttribute(tr, kSecDigestTypeAttribute, kSecDigestSHA1, NULL);
SecTransformSetAttribute(tr, kSecInputIsAttributeName, kSecInputIsPlainText, NULL);
return tr;
SecTransformSetAttribute(tr, kSecInputIsAttributeName, kSecInputIsPlainText, NULL);
return tr;
projects / apple / security.git / blobdiff