[apple/security.git] / sec / securityd / SecDbItem.h

/*
 * Copyright (c) 2012 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
 @header SecDbItem
 The functions provided in SecDbItem provide an interface to
 database items (certificates, keys, identities, and passwords).
 */

#ifndef _SECURITYD_SECDBITEM_H_
#define _SECURITYD_SECDBITEM_H_

#include <CoreFoundation/CoreFoundation.h>
#include <TargetConditionals.h>
#include <corecrypto/ccsha1.h> // For CCSHA1_OUTPUT_SIZE
#include <sqlite3.h>
#include <utilities/SecCFError.h>
#include <utilities/SecCFWrappers.h>
#include <utilities/SecDb.h>
#include <utilities/SecAKSWrappers.h>

#if TARGET_OS_MAC && !(TARGET_OS_EMBEDDED || TARGET_IPHONE_SIMULATOR)
#define USE_KEYSTORE  1
#elif TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR
#define USE_KEYSTORE  1
#else /* no keystore on this platform */
#define USE_KEYSTORE  0
#endif

#if USE_KEYSTORE
#include <Kernel/IOKit/crypto/AppleKeyStoreDefs.h>
#endif /* USE_KEYSTORE */

__BEGIN_DECLS

// TODO: Get this out of this file
#if USE_KEYSTORE
typedef int32_t keyclass_t;
#else

/* TODO: this needs to be available in the sim! */
#define kAppleKeyStoreKeyWrap 0
#define kAppleKeyStoreKeyUnwrap 1
typedef int32_t keyclass_t;
typedef int32_t key_handle_t;
enum key_classes {
    key_class_ak = 6,
    key_class_ck,
    key_class_dk,
    key_class_aku,
    key_class_cku,
    key_class_dku
};
#endif /* !USE_KEYSTORE */

// MARK SecDbAttrKind, SecDbFlag

typedef enum {
    kSecDbBlobAttr,  // CFString or CFData, preserves caller provided type.
    kSecDbDataAttr,
    kSecDbStringAttr,
    kSecDbNumberAttr,
    kSecDbDateAttr,
    kSecDbCreationDateAttr,
    kSecDbModificationDateAttr,
    kSecDbSHA1Attr,
    kSecDbRowIdAttr,
    kSecDbEncryptedDataAttr,
    kSecDbPrimaryKeyAttr,
    kSecDbSyncAttr,
    kSecDbTombAttr,
    kSecDbAccessAttr
} SecDbAttrKind;

enum {
    kSecDbPrimaryKeyFlag    = (1 <<  0),    // attr is part of primary key
    kSecDbInFlag            = (1 <<  1),    // attr exists in db
    kSecDbIndexFlag         = (1 <<  2),    // attr should have a db index
    kSecDbSHA1ValueInFlag   = (1 <<  3),    // col in db is sha1 of attr value
    kSecDbReturnAttrFlag    = (1 <<  4),
    kSecDbReturnDataFlag    = (1 <<  5),
    kSecDbReturnRefFlag     = (1 <<  6),
    kSecDbInCryptoDataFlag  = (1 <<  7),
    kSecDbInHashFlag        = (1 <<  8),
    kSecDbInBackupFlag      = (1 <<  9),
    kSecDbDefault0Flag      = (1 << 10),    // default attr value is 0
    kSecDbDefaultEmptyFlag  = (1 << 11),    // default attr value is ""
    kSecDbNotNullFlag       = (1 << 12),    // attr value can't be null
};

#define SecVersionDbFlag(v) ((v & 0xFF) << 8)

#define SecDbFlagGetVersion(flags) ((flags >> 8) & 0xFF)

#define SECDB_ATTR(var, name, kind, flags) const SecDbAttr var = { CFSTR(name), kSecDb ## kind ## Attr, flags }

typedef struct SecDbAttr {
    CFStringRef name;
    SecDbAttrKind kind;
    CFOptionFlags flags;
} SecDbAttr;

typedef struct SecDbClass {
    CFStringRef name;
    const SecDbAttr *attrs[];
} SecDbClass;

typedef struct Pair *SecDbPairRef;
typedef struct Query *SecDbQueryRef;

/* Return types. */
typedef uint32_t ReturnTypeMask;
enum
{
    kSecReturnDataMask = 1 << 0,
    kSecReturnAttributesMask = 1 << 1,
    kSecReturnRefMask = 1 << 2,
    kSecReturnPersistentRefMask = 1 << 3,
};

/* Constant indicating there is no limit to the number of results to return. */
enum
{
    kSecMatchUnlimited = kCFNotFound
};

typedef struct Pair
{
    const void *key;
    const void *value;
} Pair;

/* Nothing in this struct is retained since all the
 values below are extracted from the dictionary passed in by the
 caller. */
typedef struct Query
{
    /* Class of this query. */
    const SecDbClass *q_class;

    /* Dictionary with all attributes and values in clear (to be encrypted). */
    CFMutableDictionaryRef q_item;

    /* q_pairs is an array of Pair structs.  Elements with indices
     [0, q_attr_end) contain attribute key value pairs.  Elements with
     indices [q_match_begin, q_match_end) contain match key value pairs.
     Thus q_attr_end is the number of attrs in q_pairs and
     q_match_begin - q_match_end is the number of matches in q_pairs.  */
    CFIndex q_match_begin;
    CFIndex q_match_end;
    CFIndex q_attr_end;

    CFErrorRef q_error;
    ReturnTypeMask q_return_type;

    CFDataRef q_data;
    CFTypeRef q_ref;
    sqlite_int64 q_row_id;

    CFArrayRef q_use_item_list;
    CFBooleanRef q_use_tomb;
#if defined(MULTIPLE_KEYCHAINS)
    CFArrayRef q_use_keychain;
    CFArrayRef q_use_keychain_list;
#endif /* !defined(MULTIPLE_KEYCHAINS) */

    /* Value of kSecMatchLimit key if present. */
    CFIndex q_limit;

    /* True if query contained a kSecAttrSynchronizable attribute,
     * regardless of its actual value. If this is false, then we
     * will add an explicit sync=0 to the query. */
    bool q_sync;

    // Set to true if we modified any item as part of executing this query
    bool q_changed;

    // Set to true if we modified any synchronizable item as part of executing this query
    bool q_sync_changed;

    /* Keybag handle to use for this item. */
    keybag_handle_t q_keybag;
    keyclass_t q_keyclass;
    //CFStringRef q_keyclass_s;

    // SHA1 digest of DER encoded primary key
    CFDataRef q_primary_key_digest;

    CFArrayRef q_match_issuer;

    /* Store all the corrupted rows found during the query */
    CFMutableArrayRef corrupted_rows;

    Pair q_pairs[];
} Query;


#define SecDbForEachAttr(class, attr) for (const SecDbAttr * const* _pattr = (class)->attrs, *attr = *_pattr; attr; attr = *(++_pattr))

#define SecDbForEachAttrWithMask(class, attr, flag_mask) SecDbForEachAttr(class, attr) if ((attr->flags & (flag_mask)) == (flag_mask))

// MARK: Stuff that needs to move out of SecItemServer.c

// Move this or do crypto in a block
bool ks_encrypt_data(keybag_handle_t keybag, keyclass_t keyclass, CFDataRef plainText, CFDataRef *pBlob, CFErrorRef *error);
bool ks_decrypt_data(keybag_handle_t keybag, keyclass_t *pkeyclass, CFDataRef blob, CFDataRef *pPlainText,
                            uint32_t *version_p, CFErrorRef *error);

CFDataRef kc_copy_sha1(size_t len, const void *data, CFErrorRef *error);
CFDataRef kc_copy_plist_sha1(CFPropertyListRef plist, CFErrorRef *error);
CFDataRef kc_plist_copy_der(CFPropertyListRef plist, CFErrorRef *error);
Query *query_create(const SecDbClass *qclass, CFDictionaryRef query, CFErrorRef *error);
bool query_destroy(Query *q, CFErrorRef *error);

// MARK: SecDbItem

typedef struct SecDbItem *SecDbItemRef;

enum SecDbItemState {
    kSecDbItemDirty,          // We have no edata (or if we do it's invalid), attributes are the truth
    kSecDbItemEncrypted,      // Attributes haven't been decrypted yet from edata
    kSecDbItemClean,          // Attributes and _edata are in sync.
    kSecDbItemDecrypting,     // Temporary state while we are decrypting so set knows not to blow away the edata.
    kSecDbItemEncrypting,     // Temporary state while we are encrypting so set knows to move to clean.
};

struct SecDbItem {
    CFRuntimeBase _base;
    const SecDbClass *class;
    keyclass_t keyclass;
    keybag_handle_t keybag;
    //sqlite3_int64 _rowid;
    //CFDataRef _primaryKey;
    //CFDataRef _sha1;
    //CFDataRef _edata;
    enum SecDbItemState _edataState;
    CFMutableDictionaryRef attributes;
};

// TODO: Make this a callback to client
bool SecDbItemDecrypt(SecDbItemRef item, CFDataRef edata, CFErrorRef *error);

CFTypeID SecDbItemGetTypeID(void);

static inline size_t SecDbClassAttrCount(const SecDbClass *dbClass) {
    size_t n_attrs = 0;
    SecDbForEachAttr(dbClass, attr) { n_attrs++; }
    return n_attrs;
}

const SecDbAttr *SecDbClassAttrWithKind(const SecDbClass *class, SecDbAttrKind kind, CFErrorRef *error);

SecDbItemRef SecDbItemCreateWithAttributes(CFAllocatorRef allocator, const SecDbClass *class, CFDictionaryRef attributes, keybag_handle_t keybag, CFErrorRef *error);

const SecDbClass *SecDbItemGetClass(SecDbItemRef item);
const keybag_handle_t SecDbItemGetKeybag(SecDbItemRef item);
bool SecDbItemSetKeybag(SecDbItemRef item, keybag_handle_t keybag, CFErrorRef *error);
keyclass_t SecDbItemGetKeyclass(SecDbItemRef item, CFErrorRef *error);
bool SecDbItemSetKeyclass(SecDbItemRef item, keyclass_t keyclass, CFErrorRef *error);

CFTypeRef SecDbItemGetCachedValueWithName(SecDbItemRef item, CFStringRef name);
CF_RETURNS_NOT_RETAINED CFTypeRef SecDbItemGetValue(SecDbItemRef item, const SecDbAttr *desc, CFErrorRef *error);

bool SecDbItemSetValue(SecDbItemRef item, const SecDbAttr *desc, CFTypeRef value, CFErrorRef *error);
bool SecDbItemSetValues(SecDbItemRef item, CFDictionaryRef values, CFErrorRef *error);
bool SecDbItemSetValueWithName(SecDbItemRef item, CFStringRef name, CFTypeRef value, CFErrorRef *error);

sqlite3_int64 SecDbItemGetRowId(SecDbItemRef item, CFErrorRef *error);
bool SecDbItemSetRowId(SecDbItemRef item, sqlite3_int64 rowid, CFErrorRef *error);

bool SecDbItemIsSyncable(SecDbItemRef item);

bool SecDbItemSetSyncable(SecDbItemRef item, bool sync, CFErrorRef *error);

bool SecDbItemIsTombstone(SecDbItemRef item);

CFMutableDictionaryRef SecDbItemCopyPListWithMask(SecDbItemRef item, CFOptionFlags mask, CFErrorRef *error);

CFDataRef SecDbItemGetPrimaryKey(SecDbItemRef item, CFErrorRef *error);
CFDataRef SecDbItemGetSHA1(SecDbItemRef item, CFErrorRef *error);

CFDataRef SecDbItemCopyEncryptedDataToBackup(SecDbItemRef item, uint64_t handle, CFErrorRef *error);

SecDbItemRef SecDbItemCreateWithStatement(CFAllocatorRef allocator, const SecDbClass *class, sqlite3_stmt *stmt, keybag_handle_t keybag, CFErrorRef *error, bool (^return_attr)(const SecDbAttr *attr));

SecDbItemRef SecDbItemCreateWithEncryptedData(CFAllocatorRef allocator, const SecDbClass *class,
                                              CFDataRef edata, keybag_handle_t keybag, CFErrorRef *error);

SecDbItemRef SecDbItemCreateWithPrimaryKey(CFAllocatorRef allocator, const SecDbClass *class, CFDataRef primary_key);

#if 0
SecDbItemRef SecDbItemCreateWithRowId(CFAllocatorRef allocator, const SecDbClass *class, sqlite_int64 row_id, keybag_handle_t keybag, CFErrorRef *error);
#endif

SecDbItemRef SecDbItemCopyWithUpdates(SecDbItemRef item, CFDictionaryRef updates, CFErrorRef *error);

SecDbItemRef SecDbItemCopyTombstone(SecDbItemRef item, CFErrorRef *error);

bool SecDbItemInsertOrReplace(SecDbItemRef item, SecDbConnectionRef dbconn, CFErrorRef *error, void(^duplicate)(SecDbItemRef item, SecDbItemRef *replace));

bool SecDbItemInsert(SecDbItemRef item, SecDbConnectionRef dbconn, CFErrorRef *error);

bool SecDbItemDelete(SecDbItemRef item, SecDbConnectionRef dbconn, bool makeTombstone, CFErrorRef *error);

// Low level update, just do the update
bool SecDbItemDoUpdate(SecDbItemRef old_item, SecDbItemRef new_item, SecDbConnectionRef dbconn, CFErrorRef *error, bool (^use_attr_in_where)(const SecDbAttr *attr));

// High level update, will replace tombstones and create them if needed.
bool SecDbItemUpdate(SecDbItemRef old_item, SecDbItemRef new_item, SecDbConnectionRef dbconn, bool makeTombstone, CFErrorRef *error);

bool SecDbItemSelect(SecDbQueryRef query, SecDbConnectionRef dbconn, CFErrorRef *error,
                     bool (^use_attr_in_where)(const SecDbAttr *attr),
                     bool (^add_where_sql)(CFMutableStringRef sql, bool *needWhere),
                     bool (^bind_added_where)(sqlite3_stmt *stmt, int col),
                     void (^handle_row)(SecDbItemRef item, bool *stop));

CFStringRef SecDbItemCopySelectSQL(SecDbQueryRef query,
                                   bool (^return_attr)(const SecDbAttr *attr),
                                   bool (^use_attr_in_where)(const SecDbAttr *attr),
                                   bool (^add_where_sql)(CFMutableStringRef sql, bool *needWhere));
bool SecDbItemSelectBind(SecDbQueryRef query, sqlite3_stmt *stmt, CFErrorRef *error,
                         bool (^use_attr_in_where)(const SecDbAttr *attr),
                         bool (^bind_added_where)(sqlite3_stmt *stmt, int col));


// MARK: -
// MARK: SQL Construction helpers -- These should become private in the future

void SecDbAppendElement(CFMutableStringRef sql, CFStringRef value, bool *needComma);
void SecDbAppendWhereOrAnd(CFMutableStringRef sql, bool *needWhere);
void SecDbAppendWhereOrAndEquals(CFMutableStringRef sql, CFStringRef col, bool *needWhere);

// MARK: -
// MARK: SecItemDb (a SecDb of SecDbItems)

typedef struct SecItemDb *SecItemDbRef;
typedef struct SecItemDbConnection *SecItemDbConnectionRef;

struct SecItemDb {
    CFRuntimeBase _base;
    SecDbRef db;
    CFDictionaryRef classes; // className -> SecItemClass mapping
};

struct SecItemDbConnection {
    SecDbConnectionRef db;
};

SecItemDbRef SecItemDbCreate(SecDbRef db);
SecItemDbRef SecItemDbRegisterClass(SecItemDbRef db, const SecDbClass *class, void(^upgrade)(SecDbItemRef item, uint32_t current_version));

SecItemDbConnectionRef SecItemDbAquireConnection(SecItemDbRef db);
void SecItemDbReleaseConnection(SecItemDbRef db, SecItemDbConnectionRef dbconn);

bool SecItemDbInsert(SecItemDbConnectionRef dbconn, SecDbItemRef item, CFErrorRef *error);

bool SecItemDbDelete(SecItemDbConnectionRef dbconn, SecDbItemRef item, CFErrorRef *error);

// Low level update, just do the update
bool SecItemDbDoUpdate(SecItemDbConnectionRef dbconn, SecDbItemRef old_item, SecDbItemRef new_item, CFErrorRef *error,
                       bool (^use_attr_in_where)(const SecDbAttr *attr));

// High level update, will replace tombstones and create them if needed.
bool SecItemDbUpdate(SecItemDbConnectionRef dbconn, SecDbItemRef old_item, SecDbItemRef new_item, CFErrorRef *error);

bool SecItemDbSelect(SecItemDbConnectionRef dbconn, SecDbQueryRef query, CFErrorRef *error,
                     bool (^use_attr_in_where)(const SecDbAttr *attr),
                     bool (^add_where_sql)(CFMutableStringRef sql, bool *needWhere),
                     bool (^bind_added_where)(sqlite3_stmt *stmt, int col),
                     void (^handle_row)(SecDbItemRef item, bool *stop));

// MARK: type converters.
// TODO: these should be static and private to SecDbItem, or part of the schema

CFStringRef copyString(CFTypeRef obj);
CFDataRef copyData(CFTypeRef obj);
CFTypeRef copyBlob(CFTypeRef obj);
CFDataRef copySHA1(CFTypeRef obj);
CFTypeRef copyNumber(CFTypeRef obj);
CFDateRef copyDate(CFTypeRef obj);

__END_DECLS

#endif /* _SECURITYD_SECDBITEM_H_ */
Commit	Line	Data
427c49bc A	1	/*
	2	* Copyright (c) 2012 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	/*!
	25	@header SecDbItem
	26	The functions provided in SecDbItem provide an interface to
	27	database items (certificates, keys, identities, and passwords).
	28	*/
	29
	30	#ifndef _SECURITYD_SECDBITEM_H_
	31	#define _SECURITYD_SECDBITEM_H_
	32
	33	#include <CoreFoundation/CoreFoundation.h>
	34	#include <TargetConditionals.h>
	35	#include <corecrypto/ccsha1.h> // For CCSHA1_OUTPUT_SIZE
	36	#include <sqlite3.h>
	37	#include <utilities/SecCFError.h>
	38	#include <utilities/SecCFWrappers.h>
	39	#include <utilities/SecDb.h>
	40	#include <utilities/SecAKSWrappers.h>
	41
	42	#if TARGET_OS_MAC && !(TARGET_OS_EMBEDDED \|\| TARGET_IPHONE_SIMULATOR)
	43	#define USE_KEYSTORE 1
	44	#elif TARGET_OS_EMBEDDED && !TARGET_IPHONE_SIMULATOR
	45	#define USE_KEYSTORE 1
	46	#else /* no keystore on this platform */
	47	#define USE_KEYSTORE 0
	48	#endif
	49
	50	#if USE_KEYSTORE
	51	#include <Kernel/IOKit/crypto/AppleKeyStoreDefs.h>
	52	#endif /* USE_KEYSTORE */
	53
	54	__BEGIN_DECLS
	55
	56	// TODO: Get this out of this file
	57	#if USE_KEYSTORE
	58	typedef int32_t keyclass_t;
	59	#else
	60
	61	/* TODO: this needs to be available in the sim! */
	62	#define kAppleKeyStoreKeyWrap 0
	63	#define kAppleKeyStoreKeyUnwrap 1
	64	typedef int32_t keyclass_t;
65	typedef int32_t key_handle_t;
66	enum key_classes {
67	key_class_ak = 6,
68	key_class_ck,
69	key_class_dk,
70	key_class_aku,
71	key_class_cku,
72	key_class_dku
73	};
74	#endif /* !USE_KEYSTORE */
75
76	// MARK SecDbAttrKind, SecDbFlag
77
78	typedef enum {
79	kSecDbBlobAttr, // CFString or CFData, preserves caller provided type.
80	kSecDbDataAttr,
81	kSecDbStringAttr,
82	kSecDbNumberAttr,
83	kSecDbDateAttr,
84	kSecDbCreationDateAttr,
85	kSecDbModificationDateAttr,
86	kSecDbSHA1Attr,
87	kSecDbRowIdAttr,
88	kSecDbEncryptedDataAttr,
89	kSecDbPrimaryKeyAttr,
90	kSecDbSyncAttr,
91	kSecDbTombAttr,
92	kSecDbAccessAttr
93	} SecDbAttrKind;
94
95	enum {
96	kSecDbPrimaryKeyFlag = (1 << 0), // attr is part of primary key
97	kSecDbInFlag = (1 << 1), // attr exists in db
98	kSecDbIndexFlag = (1 << 2), // attr should have a db index
99	kSecDbSHA1ValueInFlag = (1 << 3), // col in db is sha1 of attr value
100	kSecDbReturnAttrFlag = (1 << 4),
101	kSecDbReturnDataFlag = (1 << 5),
102	kSecDbReturnRefFlag = (1 << 6),
103	kSecDbInCryptoDataFlag = (1 << 7),
104	kSecDbInHashFlag = (1 << 8),
105	kSecDbInBackupFlag = (1 << 9),
106	kSecDbDefault0Flag = (1 << 10), // default attr value is 0
107	kSecDbDefaultEmptyFlag = (1 << 11), // default attr value is ""
108	kSecDbNotNullFlag = (1 << 12), // attr value can't be null
109	};
110
111	#define SecVersionDbFlag(v) ((v & 0xFF) << 8)
112
113	#define SecDbFlagGetVersion(flags) ((flags >> 8) & 0xFF)
114
115	#define SECDB_ATTR(var, name, kind, flags) const SecDbAttr var = { CFSTR(name), kSecDb ## kind ## Attr, flags }
116
117	typedef struct SecDbAttr {
118	CFStringRef name;
119	SecDbAttrKind kind;
120	CFOptionFlags flags;
121	} SecDbAttr;
122
123	typedef struct SecDbClass {
124	CFStringRef name;
125	const SecDbAttr *attrs[];
126	} SecDbClass;
127
128	typedef struct Pair *SecDbPairRef;
129	typedef struct Query *SecDbQueryRef;
130
131	/* Return types. */
132	typedef uint32_t ReturnTypeMask;
133	enum
134	{
135	kSecReturnDataMask = 1 << 0,
136	kSecReturnAttributesMask = 1 << 1,
137	kSecReturnRefMask = 1 << 2,
138	kSecReturnPersistentRefMask = 1 << 3,
139	};
140
141	/* Constant indicating there is no limit to the number of results to return. */
142	enum
143	{
144	kSecMatchUnlimited = kCFNotFound
145	};
146
147	typedef struct Pair
148	{
149	const void *key;
150	const void *value;
151	} Pair;
152
153	/* Nothing in this struct is retained since all the
154	values below are extracted from the dictionary passed in by the
155	caller. */
156	typedef struct Query
157	{
158	/* Class of this query. */
159	const SecDbClass *q_class;
160
161	/* Dictionary with all attributes and values in clear (to be encrypted). */
162	CFMutableDictionaryRef q_item;
163
164	/* q_pairs is an array of Pair structs. Elements with indices
165	[0, q_attr_end) contain attribute key value pairs. Elements with
166	indices [q_match_begin, q_match_end) contain match key value pairs.
167	Thus q_attr_end is the number of attrs in q_pairs and
168	q_match_begin - q_match_end is the number of matches in q_pairs. */
169	CFIndex q_match_begin;
170	CFIndex q_match_end;
171	CFIndex q_attr_end;
172
173	CFErrorRef q_error;
174	ReturnTypeMask q_return_type;
175
176	CFDataRef q_data;
177	CFTypeRef q_ref;
178	sqlite_int64 q_row_id;
179
180	CFArrayRef q_use_item_list;
181	CFBooleanRef q_use_tomb;
182	#if defined(MULTIPLE_KEYCHAINS)
183	CFArrayRef q_use_keychain;
184	CFArrayRef q_use_keychain_list;
185	#endif /* !defined(MULTIPLE_KEYCHAINS) */
186
187	/* Value of kSecMatchLimit key if present. */
188	CFIndex q_limit;
189
190	/* True if query contained a kSecAttrSynchronizable attribute,
191	* regardless of its actual value. If this is false, then we
192	* will add an explicit sync=0 to the query. */
193	bool q_sync;
194
195	// Set to true if we modified any item as part of executing this query
196	bool q_changed;
197
198	// Set to true if we modified any synchronizable item as part of executing this query
199	bool q_sync_changed;
200
201	/* Keybag handle to use for this item. */
202	keybag_handle_t q_keybag;
203	keyclass_t q_keyclass;
204	//CFStringRef q_keyclass_s;
205
206	// SHA1 digest of DER encoded primary key
207	CFDataRef q_primary_key_digest;
208
209	CFArrayRef q_match_issuer;
210
211	/* Store all the corrupted rows found during the query */
212	CFMutableArrayRef corrupted_rows;
213
214	Pair q_pairs[];
215	} Query;
216
217
218	#define SecDbForEachAttr(class, attr) for (const SecDbAttr * const* _pattr = (class)->attrs, attr = _pattr; attr; attr = *(++_pattr))
219
220	#define SecDbForEachAttrWithMask(class, attr, flag_mask) SecDbForEachAttr(class, attr) if ((attr->flags & (flag_mask)) == (flag_mask))
221
222	// MARK: Stuff that needs to move out of SecItemServer.c
223
224	// Move this or do crypto in a block
225	bool ks_encrypt_data(keybag_handle_t keybag, keyclass_t keyclass, CFDataRef plainText, CFDataRef pBlob, CFErrorRef error);
226	bool ks_decrypt_data(keybag_handle_t keybag, keyclass_t pkeyclass, CFDataRef blob, CFDataRef pPlainText,
227	uint32_t version_p, CFErrorRef error);
228
229	CFDataRef kc_copy_sha1(size_t len, const void data, CFErrorRef error);
230	CFDataRef kc_copy_plist_sha1(CFPropertyListRef plist, CFErrorRef *error);
231	CFDataRef kc_plist_copy_der(CFPropertyListRef plist, CFErrorRef *error);
232	Query query_create(const SecDbClass qclass, CFDictionaryRef query, CFErrorRef *error);
233	bool query_destroy(Query q, CFErrorRef error);
234
235	// MARK: SecDbItem
236
237	typedef struct SecDbItem *SecDbItemRef;
238
239	enum SecDbItemState {
240	kSecDbItemDirty, // We have no edata (or if we do it's invalid), attributes are the truth
241	kSecDbItemEncrypted, // Attributes haven't been decrypted yet from edata
242	kSecDbItemClean, // Attributes and _edata are in sync.
243	kSecDbItemDecrypting, // Temporary state while we are decrypting so set knows not to blow away the edata.
244	kSecDbItemEncrypting, // Temporary state while we are encrypting so set knows to move to clean.
245	};
246
247	struct SecDbItem {
248	CFRuntimeBase _base;
249	const SecDbClass *class;
250	keyclass_t keyclass;
251	keybag_handle_t keybag;
252	//sqlite3_int64 _rowid;
253	//CFDataRef _primaryKey;
254	//CFDataRef _sha1;
255	//CFDataRef _edata;
256	enum SecDbItemState _edataState;
257	CFMutableDictionaryRef attributes;
258	};
259
260	// TODO: Make this a callback to client
261	bool SecDbItemDecrypt(SecDbItemRef item, CFDataRef edata, CFErrorRef *error);
262
263	CFTypeID SecDbItemGetTypeID(void);
264
265	static inline size_t SecDbClassAttrCount(const SecDbClass *dbClass) {
266	size_t n_attrs = 0;
267	SecDbForEachAttr(dbClass, attr) { n_attrs++; }
268	return n_attrs;
269	}
270
271	const SecDbAttr SecDbClassAttrWithKind(const SecDbClass class, SecDbAttrKind kind, CFErrorRef *error);
272
273	SecDbItemRef SecDbItemCreateWithAttributes(CFAllocatorRef allocator, const SecDbClass class, CFDictionaryRef attributes, keybag_handle_t keybag, CFErrorRef error);
274
275	const SecDbClass *SecDbItemGetClass(SecDbItemRef item);
276	const keybag_handle_t SecDbItemGetKeybag(SecDbItemRef item);
277	bool SecDbItemSetKeybag(SecDbItemRef item, keybag_handle_t keybag, CFErrorRef *error);
278	keyclass_t SecDbItemGetKeyclass(SecDbItemRef item, CFErrorRef *error);
279	bool SecDbItemSetKeyclass(SecDbItemRef item, keyclass_t keyclass, CFErrorRef *error);
280
281	CFTypeRef SecDbItemGetCachedValueWithName(SecDbItemRef item, CFStringRef name);
282	CF_RETURNS_NOT_RETAINED CFTypeRef SecDbItemGetValue(SecDbItemRef item, const SecDbAttr desc, CFErrorRef error);
283
284	bool SecDbItemSetValue(SecDbItemRef item, const SecDbAttr desc, CFTypeRef value, CFErrorRef error);
285	bool SecDbItemSetValues(SecDbItemRef item, CFDictionaryRef values, CFErrorRef *error);
286	bool SecDbItemSetValueWithName(SecDbItemRef item, CFStringRef name, CFTypeRef value, CFErrorRef *error);
287
288	sqlite3_int64 SecDbItemGetRowId(SecDbItemRef item, CFErrorRef *error);
289	bool SecDbItemSetRowId(SecDbItemRef item, sqlite3_int64 rowid, CFErrorRef *error);
290
291	bool SecDbItemIsSyncable(SecDbItemRef item);
292
293	bool SecDbItemSetSyncable(SecDbItemRef item, bool sync, CFErrorRef *error);
294
295	bool SecDbItemIsTombstone(SecDbItemRef item);
296
297	CFMutableDictionaryRef SecDbItemCopyPListWithMask(SecDbItemRef item, CFOptionFlags mask, CFErrorRef *error);
298
299	CFDataRef SecDbItemGetPrimaryKey(SecDbItemRef item, CFErrorRef *error);
300	CFDataRef SecDbItemGetSHA1(SecDbItemRef item, CFErrorRef *error);
301
302	CFDataRef SecDbItemCopyEncryptedDataToBackup(SecDbItemRef item, uint64_t handle, CFErrorRef *error);
303
304	SecDbItemRef SecDbItemCreateWithStatement(CFAllocatorRef allocator, const SecDbClass class, sqlite3_stmt stmt, keybag_handle_t keybag, CFErrorRef error, bool (^return_attr)(const SecDbAttr attr));
305
306	SecDbItemRef SecDbItemCreateWithEncryptedData(CFAllocatorRef allocator, const SecDbClass *class,
307	CFDataRef edata, keybag_handle_t keybag, CFErrorRef *error);
308
309	SecDbItemRef SecDbItemCreateWithPrimaryKey(CFAllocatorRef allocator, const SecDbClass *class, CFDataRef primary_key);
310
311	#if 0
312	SecDbItemRef SecDbItemCreateWithRowId(CFAllocatorRef allocator, const SecDbClass class, sqlite_int64 row_id, keybag_handle_t keybag, CFErrorRef error);
313	#endif
314
315	SecDbItemRef SecDbItemCopyWithUpdates(SecDbItemRef item, CFDictionaryRef updates, CFErrorRef *error);
316
317	SecDbItemRef SecDbItemCopyTombstone(SecDbItemRef item, CFErrorRef *error);
318
319	bool SecDbItemInsertOrReplace(SecDbItemRef item, SecDbConnectionRef dbconn, CFErrorRef error, void(^duplicate)(SecDbItemRef item, SecDbItemRef replace));
320
321	bool SecDbItemInsert(SecDbItemRef item, SecDbConnectionRef dbconn, CFErrorRef *error);
322
323	bool SecDbItemDelete(SecDbItemRef item, SecDbConnectionRef dbconn, bool makeTombstone, CFErrorRef *error);
324
325	// Low level update, just do the update
326	bool SecDbItemDoUpdate(SecDbItemRef old_item, SecDbItemRef new_item, SecDbConnectionRef dbconn, CFErrorRef error, bool (^use_attr_in_where)(const SecDbAttr attr));
327
328	// High level update, will replace tombstones and create them if needed.
329	bool SecDbItemUpdate(SecDbItemRef old_item, SecDbItemRef new_item, SecDbConnectionRef dbconn, bool makeTombstone, CFErrorRef *error);
330
331	bool SecDbItemSelect(SecDbQueryRef query, SecDbConnectionRef dbconn, CFErrorRef *error,
332	bool (^use_attr_in_where)(const SecDbAttr *attr),
333	bool (^add_where_sql)(CFMutableStringRef sql, bool *needWhere),
334	bool (^bind_added_where)(sqlite3_stmt *stmt, int col),
335	void (^handle_row)(SecDbItemRef item, bool *stop));
336
337	CFStringRef SecDbItemCopySelectSQL(SecDbQueryRef query,
338	bool (^return_attr)(const SecDbAttr *attr),
339	bool (^use_attr_in_where)(const SecDbAttr *attr),
340	bool (^add_where_sql)(CFMutableStringRef sql, bool *needWhere));
341	bool SecDbItemSelectBind(SecDbQueryRef query, sqlite3_stmt stmt, CFErrorRef error,
342	bool (^use_attr_in_where)(const SecDbAttr *attr),
343	bool (^bind_added_where)(sqlite3_stmt *stmt, int col));
344
345
346	// MARK: -
347	// MARK: SQL Construction helpers -- These should become private in the future
348
349	void SecDbAppendElement(CFMutableStringRef sql, CFStringRef value, bool *needComma);
350	void SecDbAppendWhereOrAnd(CFMutableStringRef sql, bool *needWhere);
351	void SecDbAppendWhereOrAndEquals(CFMutableStringRef sql, CFStringRef col, bool *needWhere);
352
353	// MARK: -
354	// MARK: SecItemDb (a SecDb of SecDbItems)
355
356	typedef struct SecItemDb *SecItemDbRef;
357	typedef struct SecItemDbConnection *SecItemDbConnectionRef;
358
359	struct SecItemDb {
360	CFRuntimeBase _base;
361	SecDbRef db;
362	CFDictionaryRef classes; // className -> SecItemClass mapping
363	};
364
365	struct SecItemDbConnection {
366	SecDbConnectionRef db;
367	};
368
369	SecItemDbRef SecItemDbCreate(SecDbRef db);
370	SecItemDbRef SecItemDbRegisterClass(SecItemDbRef db, const SecDbClass *class, void(^upgrade)(SecDbItemRef item, uint32_t current_version));
371
372	SecItemDbConnectionRef SecItemDbAquireConnection(SecItemDbRef db);
373	void SecItemDbReleaseConnection(SecItemDbRef db, SecItemDbConnectionRef dbconn);
374
375	bool SecItemDbInsert(SecItemDbConnectionRef dbconn, SecDbItemRef item, CFErrorRef *error);
376
377	bool SecItemDbDelete(SecItemDbConnectionRef dbconn, SecDbItemRef item, CFErrorRef *error);
378
379	// Low level update, just do the update
380	bool SecItemDbDoUpdate(SecItemDbConnectionRef dbconn, SecDbItemRef old_item, SecDbItemRef new_item, CFErrorRef *error,
381	bool (^use_attr_in_where)(const SecDbAttr *attr));
382
383	// High level update, will replace tombstones and create them if needed.
384	bool SecItemDbUpdate(SecItemDbConnectionRef dbconn, SecDbItemRef old_item, SecDbItemRef new_item, CFErrorRef *error);
385
386	bool SecItemDbSelect(SecItemDbConnectionRef dbconn, SecDbQueryRef query, CFErrorRef *error,
387	bool (^use_attr_in_where)(const SecDbAttr *attr),
388	bool (^add_where_sql)(CFMutableStringRef sql, bool *needWhere),
389	bool (^bind_added_where)(sqlite3_stmt *stmt, int col),
390	void (^handle_row)(SecDbItemRef item, bool *stop));
391
392	// MARK: type converters.
393	// TODO: these should be static and private to SecDbItem, or part of the schema
394
395	CFStringRef copyString(CFTypeRef obj);
396	CFDataRef copyData(CFTypeRef obj);
397	CFTypeRef copyBlob(CFTypeRef obj);
398	CFDataRef copySHA1(CFTypeRef obj);
399	CFTypeRef copyNumber(CFTypeRef obj);
400	CFDateRef copyDate(CFTypeRef obj);
401
402	__END_DECLS
403
404	#endif /* _SECURITYD_SECDBITEM_H_ */