1/* 2 * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * SecItemSchema.c - CoreFoundation-based constants and functions for 26 access to Security items (certificates, keys, identities, and 27 passwords.) 28 */ 29 30#include "SecItemSchema.h" 31 32// MARK - 33// MARK Keychain version 6 schema 34 35#define __FLAGS(ARG, ...) SECDBFLAGS(__VA_ARGS__) 36#define SECDBFLAGS(ARG, ...) __FLAGS_##ARG | __FLAGS(__VA_ARGS__) 37 38#define SecDbFlags(P,L,I,S,A,D,R,C,H,B,Z,E,N,U) (__FLAGS_##P|__FLAGS_##L|__FLAGS_##I|__FLAGS_##S|__FLAGS_##A|__FLAGS_##D|__FLAGS_##R|__FLAGS_##C|__FLAGS_##H|__FLAGS_##B|__FLAGS_##Z|__FLAGS_##E|__FLAGS_##N|__FLAGS_##U) 39 40#define __FLAGS_ 0 41#define __FLAGS_P kSecDbPrimaryKeyFlag 42#define __FLAGS_L kSecDbInFlag 43#define __FLAGS_I kSecDbIndexFlag 44#define __FLAGS_S kSecDbSHA1ValueInFlag 45#define __FLAGS_A kSecDbReturnAttrFlag 46#define __FLAGS_D kSecDbReturnDataFlag 47#define __FLAGS_R kSecDbReturnRefFlag 48#define __FLAGS_C kSecDbInCryptoDataFlag 49#define __FLAGS_H kSecDbInHashFlag 50#define __FLAGS_B kSecDbInBackupFlag 51#define __FLAGS_Z kSecDbDefault0Flag 52#define __FLAGS_E kSecDbDefaultEmptyFlag 53#define __FLAGS_N kSecDbNotNullFlag 54#define __FLAGS_U kSecDbInAuthenticatedDataFlag 55 56// ,-------------- P : Part of primary key 57// / ,------------- L : Stored in local database 58// / / ,------------ I : Attribute wants an index in the database 59// / / / ,----------- S : SHA1 hashed attribute value in database (implies L) 60// / / / / ,---------- A : Returned to client as attribute in queries 61// / / / / / ,--------- D : Returned to client as data in queries 62// / / / / / / ,-------- R : Returned to client as ref/persistant ref in queries 63// / / / / / / / ,------- C : Part of encrypted blob 64// / / / / / / / / ,------ H : Attribute is part of item SHA1 hash (Implied by C) 65// / / / / / / / / / ,----- B : Attribute is part of iTunes/iCloud backup bag 66// / / / / / / / / / / ,---- Z : Attribute has a default value of 0 67// / / / / / / / / / / / ,--- E : Attribute has a default value of "" or empty data 68// / / / / / / / / / / / / ,-- N : Attribute must have a value 69// / / / / / / / / / / / / / ,- U : Attribute is stored in authenticated, but not necessarily encrypted data 70// / / / / / / / / / / / / / / 71// / / / / / / / / / / / / / / 72// | | | | | | | | | | | | | | 73// common to all | | | | | | | | | | | | | | 74SECDB_ATTR(v6rowid, "rowid", RowId, SecDbFlags( ,L, , , , ,R, , ,B, , , , )); 75SECDB_ATTR(v6cdat, "cdat", CreationDate, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 76SECDB_ATTR(v6mdat, "mdat",ModificationDate,SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 77SECDB_ATTR(v6labl, "labl", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); 78SECDB_ATTR(v6data, "data", EncryptedData, SecDbFlags( ,L, , , , , , , ,B, , , , )); 79SECDB_ATTR(v6agrp, "agrp", String, SecDbFlags(P,L, , ,A, , , ,H, , , , ,U)); 80SECDB_ATTR(v6pdmn, "pdmn", Access, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 81SECDB_ATTR(v6sync, "sync", Sync, SecDbFlags(P,L,I, ,A, , , ,H, ,Z, ,N,U)); 82SECDB_ATTR(v6tomb, "tomb", Tomb, SecDbFlags( ,L, , , , , , ,H, ,Z, ,N,U)); 83SECDB_ATTR(v6sha1, "sha1", SHA1, SecDbFlags( ,L,I, ,A, ,R, , , , , , , )); 84SECDB_ATTR(v6accc, "accc", AccessControl, SecDbFlags( , , , ,A, , , , , , , , , )); 85SECDB_ATTR(v6v_Data, "v_Data", Data, SecDbFlags( , , , , ,D, ,C,H, , , , , )); 86SECDB_ATTR(v6v_pk, "v_pk", PrimaryKey, SecDbFlags( , , , , , , , , , , , , , )); 87// genp and inet and keys | | | | | | | | | | | | | 88SECDB_ATTR(v6crtr, "crtr", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 89SECDB_ATTR(v6alis, "alis", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); 90// genp and inet | | | | | | | | | | | | | 91SECDB_ATTR(v6desc, "desc", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); 92SECDB_ATTR(v6icmt, "icmt", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); 93SECDB_ATTR(v6type, "type", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 94SECDB_ATTR(v6invi, "invi", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 95SECDB_ATTR(v6nega, "nega", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 96SECDB_ATTR(v6cusi, "cusi", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 97SECDB_ATTR(v6prot, "prot", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); 98SECDB_ATTR(v6scrp, "scrp", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 99SECDB_ATTR(v6acct, "acct", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 100// genp only | | | | | | | | | | | | | 101SECDB_ATTR(v6svce, "svce", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 102SECDB_ATTR(v6gena, "gena", Blob, SecDbFlags( ,L, ,S,A, , ,C,H, , , , , )); 103// inet only | | | | | | | | | | | | | 104SECDB_ATTR(v6sdmn, "sdmn", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 105SECDB_ATTR(v6srvr, "srvr", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 106SECDB_ATTR(v6ptcl, "ptcl", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 107SECDB_ATTR(v6atyp, "atyp", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 108SECDB_ATTR(v6port, "port", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 109SECDB_ATTR(v6path, "path", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 110// cert only | | | | | | | | | | | | | 111SECDB_ATTR(v6ctyp, "ctyp", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 112SECDB_ATTR(v6cenc, "cenc", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 113SECDB_ATTR(v6subj, "subj", Data, SecDbFlags( ,L,I,S,A, , ,C,H, , , , , )); 114SECDB_ATTR(v6issr, "issr", Data, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 115SECDB_ATTR(v6slnr, "slnr", Data, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 116SECDB_ATTR(v6skid, "skid", Data, SecDbFlags( ,L,I,S,A, , ,C,H, , , , , )); 117SECDB_ATTR(v6pkhh, "pkhh", Data, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 118// cert attributes that share names with common ones but have different flags 119SECDB_ATTR(v6certalis, "alis", Blob, SecDbFlags( ,L,I,S,A, , ,C,H, , , , , )); 120// keys only | | | | | | | | | | | | | 121SECDB_ATTR(v6kcls, "kcls", Number, SecDbFlags(P,L,I,S,A, , ,C,H, ,Z, ,N, )); 122SECDB_ATTR(v6perm, "perm", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 123SECDB_ATTR(v6priv, "priv", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 124SECDB_ATTR(v6modi, "modi", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 125SECDB_ATTR(v6klbl, "klbl", Data, SecDbFlags(P,L,I, ,A, , ,C,H, , ,E,N, )); 126SECDB_ATTR(v6atag, "atag", Blob, SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, )); 127SECDB_ATTR(v6bsiz, "bsiz", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 128SECDB_ATTR(v6esiz, "esiz", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 129SECDB_ATTR(v6sdat, "sdat", Date, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 130SECDB_ATTR(v6edat, "edat", Date, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 131SECDB_ATTR(v6sens, "sens", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 132SECDB_ATTR(v6asen, "asen", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 133SECDB_ATTR(v6extr, "extr", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 134SECDB_ATTR(v6next, "next", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 135SECDB_ATTR(v6encr, "encr", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 136SECDB_ATTR(v6decr, "decr", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 137SECDB_ATTR(v6drve, "drve", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 138SECDB_ATTR(v6sign, "sign", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 139SECDB_ATTR(v6vrfy, "vrfy", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 140SECDB_ATTR(v6snrc, "snrc", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 141SECDB_ATTR(v6vyrc, "vyrc", Number, SecDbFlags( ,L, , ,A, , ,C,H, , , , , )); 142SECDB_ATTR(v6wrap, "wrap", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 143SECDB_ATTR(v6unwp, "unwp", Number, SecDbFlags( ,L,I, ,A, , ,C,H, , , , , )); 144// keys attributes that share names with common ones but have different flags 145SECDB_ATTR(v6keytype, "type", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 146SECDB_ATTR(v6keycrtr, "crtr", Number, SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, )); 147 148const SecDbClass genp_class = { 149 .name = CFSTR("genp"), 150 .attrs = { 151 &v6rowid, 152 &v6cdat, 153 &v6mdat, 154 &v6desc, 155 &v6icmt, 156 &v6crtr, 157 &v6type, 158 &v6scrp, 159 &v6labl, 160 &v6alis, 161 &v6invi, 162 &v6nega, 163 &v6cusi, 164 &v6prot, 165 &v6acct, 166 &v6svce, 167 &v6gena, 168 &v6data, 169 &v6agrp, 170 &v6pdmn, 171 &v6sync, 172 &v6tomb, 173 &v6sha1, 174 &v6v_Data, 175 &v6v_pk, 176 &v6accc, 177 NULL 178 }, 179}; 180 181const SecDbClass inet_class = { 182 .name = CFSTR("inet"), 183 .attrs = { 184 &v6rowid, 185 &v6cdat, 186 &v6mdat, 187 &v6desc, 188 &v6icmt, 189 &v6crtr, 190 &v6type, 191 &v6scrp, 192 &v6labl, 193 &v6alis, 194 &v6invi, 195 &v6nega, 196 &v6cusi, 197 &v6prot, 198 &v6acct, 199 &v6sdmn, 200 &v6srvr, 201 &v6ptcl, 202 &v6atyp, 203 &v6port, 204 &v6path, 205 &v6data, 206 &v6agrp, 207 &v6pdmn, 208 &v6sync, 209 &v6tomb, 210 &v6sha1, 211 &v6v_Data, 212 &v6v_pk, 213 &v6accc, 214 0 215 }, 216}; 217 218const SecDbClass cert_class = { 219 .name = CFSTR("cert"), 220 .attrs = { 221 &v6rowid, 222 &v6cdat, 223 &v6mdat, 224 &v6ctyp, 225 &v6cenc, 226 &v6labl, 227 &v6certalis, 228 &v6subj, 229 &v6issr, 230 &v6slnr, 231 &v6skid, 232 &v6pkhh, 233 &v6data, 234 &v6agrp, 235 &v6pdmn, 236 &v6sync, 237 &v6tomb, 238 &v6sha1, 239 &v6v_Data, 240 &v6v_pk, 241 &v6accc, 242 0 243 }, 244}; 245 246const SecDbClass keys_class = { 247 .name = CFSTR("keys"), 248 .attrs = { 249 &v6rowid, 250 &v6cdat, 251 &v6mdat, 252 &v6kcls, 253 &v6labl, 254 &v6alis, 255 &v6perm, 256 &v6priv, 257 &v6modi, 258 &v6klbl, 259 &v6atag, 260 &v6keycrtr, 261 &v6keytype, 262 &v6bsiz, 263 &v6esiz, 264 &v6sdat, 265 &v6edat, 266 &v6sens, 267 &v6asen, 268 &v6extr, 269 &v6next, 270 &v6encr, 271 &v6decr, 272 &v6drve, 273 &v6sign, 274 &v6vrfy, 275 &v6snrc, 276 &v6vyrc, 277 &v6wrap, 278 &v6unwp, 279 &v6data, 280 &v6agrp, 281 &v6pdmn, 282 &v6sync, 283 &v6tomb, 284 &v6sha1, 285 &v6v_Data, 286 &v6v_pk, 287 &v6accc, 288 0 289 } 290}; 291 292/* An identity which is really a cert + a key, so all cert and keys attrs are 293 allowed. */ 294const SecDbClass identity_class = { 295 .name = CFSTR("idnt"), 296 .attrs = { 297 0 298 }, 299}; 300