Skip to content

Commit

Permalink
Improve code clarity on IsTimeGreaterThanEqual (#17178)
Browse files Browse the repository at this point in the history 
* Improve code clarity on IsTimeGreaterThanEqual

Existing code is very hard to validate given the complex boolean
expression.

Split the logic into clearer steps of comparing year, month,
day, hr, min, sec individually.

The code change should generally be a NOOP except code clarity.

* Update src/crypto/CHIPCryptoPALmbedTLS.cpp

Co-authored-by: Evgeny Margolis <[email protected]>

Co-authored-by: Evgeny Margolis <[email protected]>
  • Loading branch information
@andy31415 @emargolis
andy31415 and emargolis authored Apr 8, 2022
1 parent 34f57f3 commit ca44a4c
Showing 1 changed file with 22 additions and 21 deletions.
43 changes: 22 additions & 21 deletions src/crypto/CHIPCryptoPALmbedTLS.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1351,27 +1351,28 @@ CHIP_ERROR ValidateCertificateChain(const uint8_t * rootCertificate, size_t root

inline bool IsTimeGreaterThanEqual(const mbedtls_x509_time * const timeA, const mbedtls_x509_time * const timeB)
{
return timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) ||
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon)) ||
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day)) ||
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(hour)) ||
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(min) > timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(min)) ||
(timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(year) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(year) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(mon) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(day) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(day) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(hour) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(min) == timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(min) &&
timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(sec) >= timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(sec));

// checks if two values are different and if yes, then returns first > second.
#define RETURN_STRICTLY_GREATER_IF_DIFFERENT(component) \
{ \
auto valueA = timeA->CHIP_CRYPTO_PAL_PRIVATE_X509(component); \
auto valueB = timeB->CHIP_CRYPTO_PAL_PRIVATE_X509(component); \
\
if (valueA != valueB) \
{ \
return valueA > valueB; \
} \
}

RETURN_STRICTLY_GREATER_IF_DIFFERENT(year);
RETURN_STRICTLY_GREATER_IF_DIFFERENT(mon);
RETURN_STRICTLY_GREATER_IF_DIFFERENT(day);
RETURN_STRICTLY_GREATER_IF_DIFFERENT(hour);
RETURN_STRICTLY_GREATER_IF_DIFFERENT(min);
RETURN_STRICTLY_GREATER_IF_DIFFERENT(sec);

// all above are equal
return true;
}

CHIP_ERROR IsCertificateValidAtIssuance(const ByteSpan & referenceCertificate, const ByteSpan & toBeEvaluatedCertificate)
Expand Down

0 comments on commit ca44a4c

Please sign in to comment.