--- /dev/null
+/*
+ * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// AppleCSPUtils.cpp - CSP-wide utility functions
+//
+
+#include "AppleCSPUtils.h"
+#include <Security/cssmerr.h>
+#include <security_utilities/alloc.h>
+#include <security_cdsa_utilities/cssmdates.h>
+#include <string.h>
+#include <FEECSPUtils.h>
+#include <SHA1_MD5_Object.h>
+#include "RSA_DSA_keys.h"
+#include <syslog.h>
+
+/*
+ * Validate key attribute bits per specified key type.
+ *
+ * Used to check requested key attributes for new keys and for validating
+ * incoming existing keys. For checking key attributes for new keys,
+ * assumes that KEYATTR_RETURN_xxx bits have been checked elsewhere
+ * and stripped off before coming here.
+ */
+void cspValidateKeyAttr(
+ cspKeyType keyType,
+ uint32 keyAttr)
+{
+ uint32 sensitiveBit = (keyAttr & CSSM_KEYATTR_SENSITIVE) ? 1 : 0;
+ uint32 extractBit = (keyAttr & CSSM_KEYATTR_EXTRACTABLE) ? 1 : 0;
+
+ /* first general CSP-wide checks */
+ if(keyAttr & KEY_ATTR_RETURN_MASK) {
+ //errorLog0(" KEY_ATTR_RETURN bits set\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ if(keyAttr & CSSM_KEYATTR_PERMANENT) {
+ //errorLog0(" PERMANENT bit not supported\n");
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK);
+ }
+ if(keyAttr & CSSM_KEYATTR_PRIVATE) {
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYATTR_MASK);
+ }
+ /* Anything else? */
+
+ /* now check per keyType */
+ switch(keyType) {
+ case CKT_Session:
+ break;
+
+ case CKT_Public:
+ if(sensitiveBit || !extractBit) {
+ //errorLog0("Public keys must be extractable in the clear\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ break;
+
+ case CKT_Private:
+ //if(!sensitiveBit) {
+ // errorLog0("Private keys must have KEYATTR_SENSITIVE\n");
+ // CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ //}
+
+ /*
+ * One more restriction - EXTRACTABLE - caller must check since
+ * that involves KEYUSE bits.
+ */
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
+ }
+ return;
+}
+
+/*
+ * Perform sanity check of incoming key attribute bits for a given
+ * key type, and return a cspKeyStorage value.
+ *
+ * Called from any routine which generates a new key. This specifically
+ * excludes WrapKey().
+ */
+cspKeyStorage cspParseKeyAttr(
+ cspKeyType keyType,
+ uint32 keyAttr)
+{
+ uint32 sensitiveBit = (keyAttr & CSSM_KEYATTR_SENSITIVE) ? 1 : 0;
+ uint32 rtnDataBit = (keyAttr & CSSM_KEYATTR_RETURN_DATA) ? 1 : 0;
+ uint32 rtnRefBit = (keyAttr & CSSM_KEYATTR_RETURN_REF) ? 1 : 0;
+ uint32 extractBit = (keyAttr & CSSM_KEYATTR_EXTRACTABLE) ? 1 : 0;
+
+ cspKeyStorage rtn;
+
+ /* first general CDSA-wide checks */
+ if(keyAttr & (CSSM_KEYATTR_ALWAYS_SENSITIVE |
+ CSSM_KEYATTR_NEVER_EXTRACTABLE)) {
+ //errorLog0("ALWAYS_SENSITIVE, NEVER_EXTRACTABLE illegal at SPI\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ switch(keyAttr & KEY_ATTR_RETURN_MASK) {
+ /* ensure only one bit is set */
+ case CSSM_KEYATTR_RETURN_DATA:
+ rtn = CKS_Data;
+ break;
+ case CSSM_KEYATTR_RETURN_REF:
+ rtn = CKS_Ref;
+ break;
+ case CSSM_KEYATTR_RETURN_NONE:
+ rtn = CKS_None;
+ break;
+ case CSSM_KEYATTR_RETURN_DEFAULT:
+ /* CSP default */
+ rtnRefBit = 1;
+ rtn = CKS_Ref;
+ break;
+ default:
+ //errorLog0("Multiple KEYATTR_RETURN bits set\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+
+ /* now CSP-wide checks for all key types */
+ if(keyType != CKT_Session) {
+ /* session keys modifiable, no others are */
+ if(keyAttr & CSSM_KEYATTR_MODIFIABLE) {
+ //errorLog0("CSSM_KEYATTR_MODIFIABLE not supported\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ }
+ if(rtnDataBit) {
+ if(!extractBit) {
+ //errorLog0("RETURN_DATA and !EXTRACTABLE not supported\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ if(sensitiveBit) {
+ //errorLog0("RETURN_DATA and SENSITIVE not supported\n");
+ CssmError::throwMe(CSSMERR_CSP_INVALID_KEYATTR_MASK);
+ }
+ }
+
+ /* now check per keyType. We're ust checking for things specific
+ * to KEYATTR_RETURN_xxx; cspValidateKeyAttr will check other fields. */
+ #if 0
+ // nothing for now
+ switch(keyType) {
+ case CKT_Session:
+ break;
+
+ case MKT_Public:
+ break;
+
+ case MKT_Private:
+ if(rtnDataBit) {
+ errorLog0("Private keys must be generated by ref\n");
+ goto errorOut;
+ }
+ /*
+ * One more restriction - EXTRACTABLE - caller must check since
+ * that involves KEYUSE bits.
+ */
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
+ }
+ #endif // 0
+
+ /* validate other common static attributes */
+ cspValidateKeyAttr(keyType, (keyAttr & ~KEY_ATTR_RETURN_MASK));
+ return rtn;
+}
+
+
+/* used in cspValidateKeyUsageBits() */
+/*
+ * This is a vestige from OS9/ASA. In the real world there are in fact certs with
+ * keyUsage extensions which specify, e.g., verify and wrap. I think we'll just
+ * have to ignore the old exclusivity rules.
+ */
+#define IGNORE_KEYUSE_EXCLUSIVITY 1
+#if IGNORE_KEYUSE_EXCLUSIVITY
+#define checkExclusiveUsage(ku, cb, ob, em)
+#else
+static void checkExclusiveUsage(
+ uint32 keyUsage, // requested usage word
+ uint32 checkBits, // if any of these are set
+ uint32 otherBits, // these are the only other bits which can be set
+ const char *errMsg)
+{
+ if(keyUsage & checkBits) {
+ if(keyUsage & ~otherBits) {
+ errorLog0((char *)errMsg);
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK);
+ }
+ }
+}
+#endif /* IGNORE_KEYUSE_EXCLUSIVITY */
+
+/*
+ * Validate key usage bits for specified key type.
+ */
+void cspValidateKeyUsageBits (
+ cspKeyType keyType,
+ uint32 keyUsage)
+{
+ /* general restrictions */
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_ANY,
+ CSSM_KEYUSE_ANY,
+ "CSSM_KEYUSE_ANY overload");
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_DERIVE,
+ CSSM_KEYUSE_DERIVE,
+ "CSSM_KEYUSE_DERIVE overload\n");
+
+ /* brute force per key type. */
+ switch(keyType) {
+ case CKT_Session:
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT,
+ CSSM_KEYUSE_ENCRYPT | CSSM_KEYUSE_DECRYPT,
+ "session key usage: encrypt/decrypt overload\n");
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY |
+ CSSM_KEYUSE_SIGN_RECOVER | CSSM_KEYUSE_VERIFY_RECOVER,
+ CSSM_KEYUSE_SIGN | CSSM_KEYUSE_VERIFY |
+ CSSM_KEYUSE_SIGN_RECOVER | CSSM_KEYUSE_VERIFY_RECOVER,
+ "session key usage: sign/verify overload\n");
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP,
+ CSSM_KEYUSE_WRAP | CSSM_KEYUSE_UNWRAP,
+ "session key usage: wrap/unwrap overload\n");
+ break;
+
+ case CKT_Public:
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_ENCRYPT,
+ CSSM_KEYUSE_ENCRYPT,
+ "public key usage: encrypt overload\n");
+ if(keyUsage & CSSM_KEYUSE_DECRYPT) {
+ errorLog0("public key usage: DECRYPT illegal\n");
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK);
+ }
+ if(keyUsage & (CSSM_KEYUSE_SIGN | CSSM_KEYUSE_SIGN_RECOVER)) {
+ errorLog0("public key usage: SIGN illegal\n");
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK);
+ }
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_VERIFY_RECOVER,
+ CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_VERIFY_RECOVER,
+ "public key usage: verify overload\n");
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_WRAP,
+ CSSM_KEYUSE_WRAP,
+ "public key usage: wrap overload\n");
+ if(keyUsage & CSSM_KEYUSE_UNWRAP) {
+ errorLog0("public key usage: UNWRAP illegal\n");
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK);
+ }
+ break;
+
+ case CKT_Private:
+ if(keyUsage & CSSM_KEYUSE_ENCRYPT) {
+ errorLog0("private key usage: ENCRYPT illegal\n");
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK);
+ }
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_DECRYPT,
+ CSSM_KEYUSE_DECRYPT,
+ "private key usage: decrypt overload\n");
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_SIGN | CSSM_KEYUSE_SIGN_RECOVER,
+ CSSM_KEYUSE_SIGN | CSSM_KEYUSE_SIGN_RECOVER,
+ "private key usage: sign overload\n");
+ if(keyUsage & (CSSM_KEYUSE_VERIFY | CSSM_KEYUSE_VERIFY_RECOVER)) {
+ errorLog0("private key usage: VERIFY illegal\n");
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK);
+ }
+ if(keyUsage & CSSM_KEYUSE_WRAP) {
+ errorLog0("private key usage: WRAP illegal\n");
+ CssmError::throwMe(CSSMERR_CSP_UNSUPPORTED_KEYUSAGE_MASK);
+ }
+ checkExclusiveUsage(keyUsage,
+ CSSM_KEYUSE_UNWRAP,
+ CSSM_KEYUSE_UNWRAP,
+ "private key usage: unwrap overload\n");
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
+ }
+}
+
+/*
+ * Validate existing key's usage bits against intended use.
+ */
+
+/*
+ * For now, a key marked for KEYUSE_{WRAP|UNWRAP} can also be used for
+ * KEYUSE_{ENCRYPT|DECRYPT}. This is a temporary workaround for
+ * Radar 2716153.
+ */
+#define RELAXED_WRAP_USAGE 1
+
+void cspValidateIntendedKeyUsage(
+ const CSSM_KEYHEADER *hdr,
+ CSSM_KEYUSE intendedUsage)
+{
+ uint32 keyUsage = hdr->KeyUsage;
+ cspKeyType keyType;
+
+ /* first, the obvious */
+ if(keyUsage & CSSM_KEYUSE_ANY) {
+ /* OK for now */
+ return;
+ }
+ if(!(keyUsage & intendedUsage)) {
+ #if RELAXED_WRAP_USAGE
+ if(! ( ( (keyUsage & CSSM_KEYUSE_WRAP) &&
+ (intendedUsage == CSSM_KEYUSE_ENCRYPT)
+ ) ||
+ ( (keyUsage & CSSM_KEYUSE_UNWRAP) &&
+ (intendedUsage == CSSM_KEYUSE_DECRYPT)
+ )
+ ) )
+ #endif
+ CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
+ }
+
+ /* now validate all of the key's usage bits - this is mainly to
+ * prevent and detect tampering */
+ switch(hdr->KeyClass) {
+ case CSSM_KEYCLASS_SESSION_KEY:
+ keyType = CKT_Session;
+ break;
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ keyType = CKT_Public;
+ break;
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ keyType = CKT_Private;
+ break;
+ default:
+ CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
+ }
+ try {
+ cspValidateKeyUsageBits(keyType, keyUsage);
+ }
+ catch (...) {
+ /* override error.... */
+ CssmError::throwMe(CSSMERR_CSP_KEY_USAGE_INCORRECT);
+ }
+}
+
+/*
+ * Set up a key header.
+ */
+void setKeyHeader(
+ CSSM_KEYHEADER &hdr,
+ const Guid &myGuid,
+ CSSM_ALGORITHMS alg,
+ CSSM_KEYCLASS keyClass,
+ CSSM_KEYATTR_FLAGS attrs,
+ CSSM_KEYUSE use)
+{
+ memset(&hdr, 0, sizeof(CSSM_KEYHEADER));
+ hdr.HeaderVersion = CSSM_KEYHEADER_VERSION;
+ hdr.CspId = myGuid;
+ hdr.AlgorithmId = alg;
+ hdr.KeyClass = keyClass;
+ hdr.KeyUsage = use;
+ hdr.KeyAttr = attrs;
+
+ // defaults (change as needed)
+ hdr.WrapAlgorithmId = CSSM_ALGID_NONE;
+}
+
+/*
+ * Ensure that indicated CssmData can handle 'length' bytes
+ * of data. Malloc the Data ptr if necessary.
+ */
+void setUpCssmData(
+ CssmData &data,
+ size_t length,
+ Allocator &allocator)
+{
+ /* FIXME - I'm sure Perry has more elegant ways of doing this,
+ * but I can't figure them out. */
+ if(data.Length == 0) {
+ data.Data = (uint8 *)allocator.malloc(length);
+ }
+ else if(data.Length < length) {
+ CssmError::throwMe(CSSMERR_CSP_INVALID_DATA);
+ }
+ data.Length = length;
+}
+
+void setUpData(
+ CSSM_DATA &data,
+ size_t length,
+ Allocator &allocator)
+{
+ setUpCssmData(CssmData::overlay(data), length, allocator);
+}
+
+void freeCssmData(
+ CssmData &data,
+ Allocator &allocator)
+{
+ if(data.Data) {
+ allocator.free(data.Data);
+ data.Data = NULL;
+ }
+ data.Length = 0;
+}
+
+void freeData(
+ CSSM_DATA *data,
+ Allocator &allocator,
+ bool freeStruct) // free the CSSM_DATA itself
+{
+ if(data == NULL) {
+ return;
+ }
+ if(data->Data) {
+ allocator.free(data->Data);
+ data->Data = NULL;
+ }
+ data->Length = 0;
+ if(freeStruct) {
+ allocator.free(data);
+ }
+}
+
+/*
+ * Copy source to destination, mallocing destination if necessary.
+ */
+void copyCssmData(
+ const CssmData &src,
+ CssmData &dst,
+ Allocator &allocator)
+{
+ setUpCssmData(dst, src.Length, allocator);
+ memmove(dst.Data, src.Data, src.Length);
+}
+
+void copyData(
+ const CSSM_DATA &src,
+ CSSM_DATA &dst,
+ Allocator &allocator)
+{
+ copyCssmData(CssmData::overlay(src),
+ CssmData::overlay(dst),
+ allocator);
+}
+
+/*
+ * Compare two CSSM_DATAs, return CSSM_TRUE if identical.
+ */
+CSSM_BOOL cspCompareCssmData(
+ const CSSM_DATA *data1,
+ const CSSM_DATA *data2)
+{
+ if((data1 == NULL) || (data1->Data == NULL) ||
+ (data2 == NULL) || (data2->Data == NULL) ||
+ (data1->Length != data2->Length)) {
+ return CSSM_FALSE;
+ }
+ if(data1->Length != data2->Length) {
+ return CSSM_FALSE;
+ }
+ if(memcmp(data1->Data, data2->Data, data1->Length) == 0) {
+ return CSSM_TRUE;
+ }
+ else {
+ return CSSM_FALSE;
+ }
+}
+
+/*
+ * This takes care of mallocing the KeyLabel field.
+ */
+void copyCssmHeader(
+ const CssmKey::Header &src,
+ CssmKey::Header &dst,
+ Allocator &allocator)
+{
+ dst = src;
+}
+
+/*
+ * Given a wrapped key, infer its raw format for custom Apple unwrapping.
+ * This is a real kludge; it only works as long as each the key's
+ * default format is used to generate the blob to be wrapped.
+ */
+CSSM_KEYBLOB_FORMAT inferFormat(
+ const CssmKey &wrappedKey)
+{
+ switch(wrappedKey.keyClass()) {
+ case CSSM_KEYCLASS_SESSION_KEY:
+ return CSSM_KEYBLOB_RAW_FORMAT_OCTET_STRING;
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ switch(wrappedKey.algorithm()) {
+ case CSSM_ALGID_RSA:
+ return RSA_PUB_KEY_FORMAT;
+ case CSSM_ALGID_DSA:
+ return DSA_PUB_KEY_FORMAT;
+ #ifdef CRYPTKIT_CSP_ENABLE
+ case CSSM_ALGID_FEE:
+ return FEE_KEYBLOB_DEFAULT_FORMAT;
+ case CSSM_ALGID_ECDSA:
+ return CSSM_KEYBLOB_RAW_FORMAT_X509;
+ #endif
+ case CSSM_ALGID_DH:
+ return CSSM_KEYBLOB_RAW_FORMAT_PKCS3;
+ default:
+ /* punt */
+ return CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ }
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ switch(wrappedKey.algorithm()) {
+ case CSSM_ALGID_RSA:
+ return RSA_PRIV_KEY_FORMAT;
+ case CSSM_ALGID_DSA:
+ return DSA_PRIV_KEY_FORMAT;
+ #ifdef CRYPTKIT_CSP_ENABLE
+ case CSSM_ALGID_FEE:
+ return FEE_KEYBLOB_DEFAULT_FORMAT;
+ case CSSM_ALGID_ECDSA:
+ return CSSM_KEYBLOB_RAW_FORMAT_OPENSSL;
+ #endif
+ case CSSM_ALGID_DH:
+ return CSSM_KEYBLOB_RAW_FORMAT_PKCS3;
+ default:
+ /* punt */
+ return CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ }
+ default:
+ /* punt */
+ return CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ }
+}
+
+/*
+ * Given a key and a Context, obtain the optional associated
+ * CSSM_ATTRIBUTE_{PUBLIC,PRIVATE,SYMMETRIC}_KEY_FORMAT attribute as a
+ * CSSM_KEYBLOB_FORMAT.
+ */
+CSSM_KEYBLOB_FORMAT requestedKeyFormat(
+ const Context &context,
+ const CssmKey &key)
+{
+ CSSM_ATTRIBUTE_TYPE attrType;
+
+ switch(key.keyClass()) {
+ case CSSM_KEYCLASS_SESSION_KEY:
+ attrType = CSSM_ATTRIBUTE_SYMMETRIC_KEY_FORMAT;
+ break;
+ case CSSM_KEYCLASS_PUBLIC_KEY:
+ attrType = CSSM_ATTRIBUTE_PUBLIC_KEY_FORMAT;
+ break;
+ case CSSM_KEYCLASS_PRIVATE_KEY:
+ attrType = CSSM_ATTRIBUTE_PRIVATE_KEY_FORMAT;
+ break;
+ default:
+ return CSSM_KEYBLOB_RAW_FORMAT_NONE;
+ }
+ /* not present ==> 0 ==> CSSM_KEYBLOB_RAW_FORMAT_NONE */
+ return context.getInt(attrType);
+}
+
+/* one-shot SHA1 digest */
+void cspGenSha1Hash(
+ const void *inData,
+ size_t inDataLen,
+ void *out) // caller mallocs, digest goes here
+{
+ SHA1Object sha1;
+
+ sha1.digestInit();
+ sha1.digestUpdate(inData, inDataLen);
+ sha1.digestFinal(out);
+}
+
+/*
+ * Convert a CSSM_DATE to a CssmUniformDate, or NULL if the CSSM_DATE
+ * is empty.
+ */
+static CssmUniformDate *cspGetUniformDate(
+ const CSSM_DATE &cdate)
+{
+ bool isZero = true;
+ unsigned char *cp = (unsigned char *)&cdate;
+ for(unsigned i=0; i<sizeof(cdate); i++) {
+ if(*cp++ != 0) {
+ isZero = false;
+ break;
+ }
+ }
+ if(isZero) {
+ return NULL;
+ }
+ else {
+ return new CssmUniformDate(CssmDate::overlay(cdate));
+ }
+}
+
+/*
+ * Get "now" as a CssmUniformDate.
+ */
+static CssmUniformDate *cspNow()
+{
+ CFAbsoluteTime cfTime = CFAbsoluteTimeGetCurrent();
+ return new CssmUniformDate(cfTime);
+}
+
+#define keyDateDebug(args...) secdebug("keyDate", ## args)
+
+/*
+ * Verify temporal validity of specified key.
+ * An empty (all zero) time field means "ignore this".
+ * Throws CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE or
+ * CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE as appropriate.
+ */
+void cspVerifyKeyTimes(
+ const CSSM_KEYHEADER &hdr)
+{
+ CSSM_RETURN err = CSSM_OK;
+ CssmUniformDate *now = NULL; // evaluate lazily
+ CssmUniformDate *end = NULL; // ditto
+ CssmUniformDate *start = cspGetUniformDate(hdr.StartDate);
+
+ if(start) {
+ now = cspNow();
+ if(*now < *start) {
+ keyDateDebug("Invalid start date");
+ err = CSSMERR_CSP_APPLE_INVALID_KEY_START_DATE;
+ }
+ else {
+ keyDateDebug("Valid start date");
+ }
+ }
+ else {
+ keyDateDebug("Empty start date");
+ }
+
+ if(!err) {
+ end = cspGetUniformDate(hdr.EndDate);
+ if(end) {
+ if(now == NULL) {
+ now = cspNow();
+ }
+ if(*now > *end) {
+ keyDateDebug("Invalid end date");
+ err = CSSMERR_CSP_APPLE_INVALID_KEY_END_DATE;
+ }
+ else {
+ keyDateDebug("Valid end date");
+ }
+ }
+ else {
+ keyDateDebug("Empty end date");
+ }
+ }
+ if(now) {
+ delete now;
+ }
+ if(end) {
+ delete end;
+ }
+ if(start) {
+ delete start;
+ }
+ if(err) {
+ CssmError::throwMe(err);
+ }
+}
+
projects / apple / security.git / blobdiff