1/*
2 * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24/*
25 *  SecItemSchema.c - CoreFoundation-based constants and functions for
26    access to Security items (certificates, keys, identities, and
27    passwords.)
28 */
29
30#include "SecItemSchema.h"
31
32// MARK -
33// MARK Keychain version 6 schema
34
35#define __FLAGS(ARG, ...) SECDBFLAGS(__VA_ARGS__)
36#define SECDBFLAGS(ARG, ...) __FLAGS_##ARG | __FLAGS(__VA_ARGS__)
37
38#define SecDbFlags(P,L,I,S,A,D,R,C,H,B,Z,E,N,U) (__FLAGS_##P|__FLAGS_##L|__FLAGS_##I|__FLAGS_##S|__FLAGS_##A|__FLAGS_##D|__FLAGS_##R|__FLAGS_##C|__FLAGS_##H|__FLAGS_##B|__FLAGS_##Z|__FLAGS_##E|__FLAGS_##N|__FLAGS_##U)
39
40#define __FLAGS_   0
41#define __FLAGS_P  kSecDbPrimaryKeyFlag
42#define __FLAGS_L  kSecDbInFlag
43#define __FLAGS_I  kSecDbIndexFlag
44#define __FLAGS_S  kSecDbSHA1ValueInFlag
45#define __FLAGS_A  kSecDbReturnAttrFlag
46#define __FLAGS_D  kSecDbReturnDataFlag
47#define __FLAGS_R  kSecDbReturnRefFlag
48#define __FLAGS_C  kSecDbInCryptoDataFlag
49#define __FLAGS_H  kSecDbInHashFlag
50#define __FLAGS_B  kSecDbInBackupFlag
51#define __FLAGS_Z  kSecDbDefault0Flag
52#define __FLAGS_E  kSecDbDefaultEmptyFlag
53#define __FLAGS_N  kSecDbNotNullFlag
54#define __FLAGS_U  kSecDbInAuthenticatedDataFlag
55
56//                                                                   ,-------------- P : Part of primary key
57//                                                                  / ,------------- L : Stored in local database
58//                                                                 / / ,------------ I : Attribute wants an index in the database
59//                                                                / / / ,----------- S : SHA1 hashed attribute value in database (implies L)
60//                                                               / / / / ,---------- A : Returned to client as attribute in queries
61//                                                              / / / / / ,--------- D : Returned to client as data in queries
62//                                                             / / / / / / ,-------- R : Returned to client as ref/persistant ref in queries
63//                                                            / / / / / / / ,------- C : Part of encrypted blob
64//                                                           / / / / / / / / ,------ H : Attribute is part of item SHA1 hash (Implied by C)
65//                                                          / / / / / / / / / ,----- B : Attribute is part of iTunes/iCloud backup bag
66//                                                         / / / / / / / / / / ,---- Z : Attribute has a default value of 0
67//                                                        / / / / / / / / / / / ,--- E : Attribute has a default value of "" or empty data
68//                                                       / / / / / / / / / / / / ,-- N : Attribute must have a value
69//                                                      / / / / / / / / / / / / / ,- U : Attribute is stored in authenticated, but not necessarily encrypted data
70//                                                     / / / / / / / / / / / / / /
71//                                                    / / / / / / / / / / / / / /
72//                                                    | | | | | | | | | | | | | |
73// common to all                                      | | | | | | | | | | | | | |
74SECDB_ATTR(v6rowid, "rowid", RowId,        SecDbFlags( ,L, , , , ,R, , ,B, , , , ));
75SECDB_ATTR(v6cdat, "cdat", CreationDate,   SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
76SECDB_ATTR(v6mdat, "mdat",ModificationDate,SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
77SECDB_ATTR(v6labl, "labl", Blob,           SecDbFlags( ,L, ,S,A, , ,C,H, , , , , ));
78SECDB_ATTR(v6data, "data", EncryptedData,  SecDbFlags( ,L, , , , , , , ,B, , , , ));
79SECDB_ATTR(v6agrp, "agrp", String,         SecDbFlags(P,L, , ,A, , , ,H, , , , ,U));
80SECDB_ATTR(v6pdmn, "pdmn", Access,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
81SECDB_ATTR(v6sync, "sync", Sync,           SecDbFlags(P,L,I, ,A, , , ,H, ,Z, ,N,U));
82SECDB_ATTR(v6tomb, "tomb", Tomb,           SecDbFlags( ,L, , , , , , ,H, ,Z, ,N,U));
83SECDB_ATTR(v6sha1, "sha1", SHA1,           SecDbFlags( ,L,I, ,A, ,R, , , , , , , ));
84SECDB_ATTR(v6accc, "accc", AccessControl,  SecDbFlags( , , , ,A, , , , , , , , , ));
85SECDB_ATTR(v6v_Data, "v_Data", Data,       SecDbFlags( , , , , ,D, ,C,H, , , , , ));
86SECDB_ATTR(v6v_pk, "v_pk", PrimaryKey,     SecDbFlags( , , , , , , , , , , , , , ));
87// genp and inet and keys                             | | | | | | | | | | | | |
88SECDB_ATTR(v6crtr, "crtr", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
89SECDB_ATTR(v6alis, "alis", Blob,           SecDbFlags( ,L, ,S,A, , ,C,H, , , , , ));
90// genp and inet                                      | | | | | | | | | | | | |
91SECDB_ATTR(v6desc, "desc", Blob,           SecDbFlags( ,L, ,S,A, , ,C,H, , , , , ));
92SECDB_ATTR(v6icmt, "icmt", Blob,           SecDbFlags( ,L, ,S,A, , ,C,H, , , , , ));
93SECDB_ATTR(v6type, "type", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
94SECDB_ATTR(v6invi, "invi", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
95SECDB_ATTR(v6nega, "nega", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
96SECDB_ATTR(v6cusi, "cusi", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
97SECDB_ATTR(v6prot, "prot", Blob,           SecDbFlags( ,L, ,S,A, , ,C,H, , , , , ));
98SECDB_ATTR(v6scrp, "scrp", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
99SECDB_ATTR(v6acct, "acct", Blob,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
100// genp only                                          | | | | | | | | | | | | |
101SECDB_ATTR(v6svce, "svce", Blob,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
102SECDB_ATTR(v6gena, "gena", Blob,           SecDbFlags( ,L, ,S,A, , ,C,H, , , , , ));
103// inet only                                          | | | | | | | | | | | | |
104SECDB_ATTR(v6sdmn, "sdmn", Blob,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
105SECDB_ATTR(v6srvr, "srvr", Blob,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
106SECDB_ATTR(v6ptcl, "ptcl", Number,         SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
107SECDB_ATTR(v6atyp, "atyp", Blob,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
108SECDB_ATTR(v6port, "port", Number,         SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
109SECDB_ATTR(v6path, "path", Blob,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
110// cert only                                          | | | | | | | | | | | | |
111SECDB_ATTR(v6ctyp, "ctyp", Number,         SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
112SECDB_ATTR(v6cenc, "cenc", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
113SECDB_ATTR(v6subj, "subj", Data,           SecDbFlags( ,L,I,S,A, , ,C,H, , , , , ));
114SECDB_ATTR(v6issr, "issr", Data,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
115SECDB_ATTR(v6slnr, "slnr", Data,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
116SECDB_ATTR(v6skid, "skid", Data,           SecDbFlags( ,L,I,S,A, , ,C,H, , , , , ));
117SECDB_ATTR(v6pkhh, "pkhh", Data,           SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
118// cert attributes that share names with common ones but have different flags
119SECDB_ATTR(v6certalis, "alis", Blob,       SecDbFlags( ,L,I,S,A, , ,C,H, , , , , ));
120// keys only                                          | | | | | | | | | | | | |
121SECDB_ATTR(v6kcls, "kcls", Number,         SecDbFlags(P,L,I,S,A, , ,C,H, ,Z, ,N, ));
122SECDB_ATTR(v6perm, "perm", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
123SECDB_ATTR(v6priv, "priv", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
124SECDB_ATTR(v6modi, "modi", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
125SECDB_ATTR(v6klbl, "klbl", Data,           SecDbFlags(P,L,I, ,A, , ,C,H, , ,E,N, ));
126SECDB_ATTR(v6atag, "atag", Blob,           SecDbFlags(P,L, ,S,A, , ,C,H, , ,E,N, ));
127SECDB_ATTR(v6bsiz, "bsiz", Number,         SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
128SECDB_ATTR(v6esiz, "esiz", Number,         SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
129SECDB_ATTR(v6sdat, "sdat", Date,           SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
130SECDB_ATTR(v6edat, "edat", Date,           SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
131SECDB_ATTR(v6sens, "sens", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
132SECDB_ATTR(v6asen, "asen", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
133SECDB_ATTR(v6extr, "extr", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
134SECDB_ATTR(v6next, "next", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
135SECDB_ATTR(v6encr, "encr", Number,         SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
136SECDB_ATTR(v6decr, "decr", Number,         SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
137SECDB_ATTR(v6drve, "drve", Number,         SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
138SECDB_ATTR(v6sign, "sign", Number,         SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
139SECDB_ATTR(v6vrfy, "vrfy", Number,         SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
140SECDB_ATTR(v6snrc, "snrc", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
141SECDB_ATTR(v6vyrc, "vyrc", Number,         SecDbFlags( ,L, , ,A, , ,C,H, , , , , ));
142SECDB_ATTR(v6wrap, "wrap", Number,         SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
143SECDB_ATTR(v6unwp, "unwp", Number,         SecDbFlags( ,L,I, ,A, , ,C,H, , , , , ));
144// keys attributes that share names with common ones but have different flags
145SECDB_ATTR(v6keytype, "type", Number,      SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
146SECDB_ATTR(v6keycrtr, "crtr", Number,      SecDbFlags(P,L, , ,A, , ,C,H, ,Z, ,N, ));
147
148const SecDbClass genp_class = {
149    .name = CFSTR("genp"),
150    .attrs = {
151        &v6rowid,
152        &v6cdat,
153        &v6mdat,
154        &v6desc,
155        &v6icmt,
156        &v6crtr,
157        &v6type,
158        &v6scrp,
159        &v6labl,
160        &v6alis,
161        &v6invi,
162        &v6nega,
163        &v6cusi,
164        &v6prot,
165        &v6acct,
166        &v6svce,
167        &v6gena,
168        &v6data,
169        &v6agrp,
170        &v6pdmn,
171        &v6sync,
172        &v6tomb,
173        &v6sha1,
174        &v6v_Data,
175        &v6v_pk,
176        &v6accc,
177        NULL
178    },
179};
180
181const SecDbClass inet_class = {
182    .name = CFSTR("inet"),
183    .attrs = {
184        &v6rowid,
185        &v6cdat,
186        &v6mdat,
187        &v6desc,
188        &v6icmt,
189        &v6crtr,
190        &v6type,
191        &v6scrp,
192        &v6labl,
193        &v6alis,
194        &v6invi,
195        &v6nega,
196        &v6cusi,
197        &v6prot,
198        &v6acct,
199        &v6sdmn,
200        &v6srvr,
201        &v6ptcl,
202        &v6atyp,
203        &v6port,
204        &v6path,
205        &v6data,
206        &v6agrp,
207        &v6pdmn,
208        &v6sync,
209        &v6tomb,
210        &v6sha1,
211        &v6v_Data,
212        &v6v_pk,
213        &v6accc,
214        0
215    },
216};
217
218const SecDbClass cert_class = {
219    .name = CFSTR("cert"),
220    .attrs = {
221        &v6rowid,
222        &v6cdat,
223        &v6mdat,
224        &v6ctyp,
225        &v6cenc,
226        &v6labl,
227        &v6certalis,
228        &v6subj,
229        &v6issr,
230        &v6slnr,
231        &v6skid,
232        &v6pkhh,
233        &v6data,
234        &v6agrp,
235        &v6pdmn,
236        &v6sync,
237        &v6tomb,
238        &v6sha1,
239        &v6v_Data,
240        &v6v_pk,
241        &v6accc,
242        0
243    },
244};
245
246const SecDbClass keys_class = {
247    .name = CFSTR("keys"),
248    .attrs = {
249        &v6rowid,
250        &v6cdat,
251        &v6mdat,
252        &v6kcls,
253        &v6labl,
254        &v6alis,
255        &v6perm,
256        &v6priv,
257        &v6modi,
258        &v6klbl,
259        &v6atag,
260        &v6keycrtr,
261        &v6keytype,
262        &v6bsiz,
263        &v6esiz,
264        &v6sdat,
265        &v6edat,
266        &v6sens,
267        &v6asen,
268        &v6extr,
269        &v6next,
270        &v6encr,
271        &v6decr,
272        &v6drve,
273        &v6sign,
274        &v6vrfy,
275        &v6snrc,
276        &v6vyrc,
277        &v6wrap,
278        &v6unwp,
279        &v6data,
280        &v6agrp,
281        &v6pdmn,
282        &v6sync,
283        &v6tomb,
284        &v6sha1,
285        &v6v_Data,
286        &v6v_pk,
287        &v6accc,
288        0
289    }
290};
291
292/* An identity which is really a cert + a key, so all cert and keys attrs are
293 allowed. */
294const SecDbClass identity_class = {
295    .name = CFSTR("idnt"),
296    .attrs = {
297        0
298    },
299};
300