+/*
+ * Copyright (c) 2000-2001,2011-2014 Apple Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+#include "securestorage.h"
+#include <security_cdsa_client/genkey.h>
+//#include <Security/Access.h> //@@@CONV
+#include <security_utilities/osxcode.h>
+#include <memory>
+
+using namespace CssmClient;
+//using namespace KeychainCore;
+
+//
+// Manage CSPDL attachments
+//
+CSPDLImpl::CSPDLImpl(const Guid &guid)
+: CSPImpl(Cssm::standard()->autoModule(guid)),
+DLImpl(CSPImpl::module())
+{
+}
+
+CSPDLImpl::CSPDLImpl(const Module &module)
+: CSPImpl(module),
+DLImpl(module)
+{
+}
+
+CSPDLImpl::~CSPDLImpl()
+try
+{
+}
+catch (...)
+{
+}
+
+Allocator &CSPDLImpl::allocator() const
+{
+ DLImpl::allocator(); return CSPImpl::allocator();
+}
+
+void CSPDLImpl::allocator(Allocator &alloc)
+{
+ CSPImpl::allocator(alloc); DLImpl::allocator(alloc);
+}
+
+bool CSPDLImpl::operator <(const CSPDLImpl &other) const
+{
+ return (static_cast<const CSPImpl &>(*this) < static_cast<const CSPImpl &>(other) ||
+ (!(static_cast<const CSPImpl &>(other) < static_cast<const CSPImpl &>(*this))
+ && static_cast<const DLImpl &>(*this) < static_cast<const DLImpl &>(other)));
+}
+
+bool CSPDLImpl::operator ==(const CSPDLImpl &other) const
+{
+ return (static_cast<const CSPImpl &>(*this) == static_cast<const CSPImpl &>(other)
+ && static_cast<const DLImpl &>(*this) == static_cast<const DLImpl &>(other));
+}
+
+CSSM_SERVICE_MASK CSPDLImpl::subserviceMask() const
+{
+ return CSPImpl::subserviceType() | DLImpl::subserviceType();
+}
+
+void CSPDLImpl::subserviceId(uint32 id)
+{
+ CSPImpl::subserviceId(id); DLImpl::subserviceId(id);
+}
+
+
+//
+// Secure storage
+//
+SSCSPDLImpl::SSCSPDLImpl(const Guid &guid) : CSPDLImpl::CSPDLImpl(guid)
+{
+}
+
+SSCSPDLImpl::SSCSPDLImpl(const Module &module) : CSPDLImpl::CSPDLImpl(module)
+{
+}
+
+SSCSPDLImpl::~SSCSPDLImpl()
+{
+}
+
+DbImpl *
+SSCSPDLImpl::newDb(const char *inDbName, const CSSM_NET_ADDRESS *inDbLocation)
+{
+ return new SSDbImpl(SSCSPDL(this), inDbName, inDbLocation);
+}
+
+
+//
+// SSDbImpl -- Secure Storage Database Implementation
+//
+SSDbImpl::SSDbImpl(const SSCSPDL &cspdl, const char *inDbName,
+ const CSSM_NET_ADDRESS *inDbLocation)
+: DbImpl(cspdl, inDbName, inDbLocation)
+{
+}
+
+SSDbImpl::~SSDbImpl()
+{
+}
+
+void
+SSDbImpl::create()
+{
+ DbImpl::create();
+}
+
+void
+SSDbImpl::open()
+{
+ DbImpl::open();
+}
+
+SSDbUniqueRecord
+SSDbImpl::insert(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *rc)
+{
+ // Get the handle of the DL underlying this CSPDL.
+ CSSM_DL_DB_HANDLE dldbh;
+ passThrough(CSSM_APPLECSPDL_DB_GET_HANDLE, NULL,
+ reinterpret_cast<void **>(&dldbh));
+
+ // Turn off autocommit on the underlying DL and remember the old state.
+ CSSM_BOOL autoCommit = CSSM_TRUE;
+ check(CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ 0, reinterpret_cast<void **>(&autoCommit)));
+ SSGroup group(SSDb(this), rc);
+ const CSSM_ACCESS_CREDENTIALS *cred = rc ? rc->AccessCred : NULL;
+ try
+ {
+ return insert(recordType, attributes, data, group, cred);
+ if (autoCommit)
+ {
+ // autoCommit was on so commit now that we are done and turn
+ // it back on.
+ check(CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_COMMIT, NULL, NULL));
+ CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<const void *>(autoCommit), NULL);
+ }
+ }
+ catch(...)
+ {
+ try { group->deleteKey(cred); } catch (...) {}
+ if (autoCommit)
+ {
+ // autoCommit was off so rollback since we failed and turn
+ // autoCommit back on.
+ CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_ROLLBACK, NULL, NULL);
+ CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<const void *>(autoCommit), NULL);
+ }
+ throw;
+ }
+
+ // keep the compiler happy -- this path is NEVER taken
+ CssmError::throwMe(0);
+}
+
+SSDbUniqueRecord
+SSDbImpl::insert(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data, const SSGroup &group,
+ const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ // Create an encoded dataBlob for this item.
+ CssmDataContainer dataBlob(allocator());
+ group->encodeDataBlob(data, cred, dataBlob);
+
+ // Insert the record with the new juicy dataBlob.
+ return SSDbUniqueRecord(safe_cast<SSDbUniqueRecordImpl *>
+ (&(*DbImpl::insert(recordType, attributes, &dataBlob))));
+}
+
+
+// DbCursorMaker
+DbCursorImpl *
+SSDbImpl::newDbCursor(const CSSM_QUERY &query, Allocator &allocator)
+{
+ return new SSDbCursorImpl(Db(this), query, allocator);
+}
+
+DbCursorImpl *
+SSDbImpl::newDbCursor(uint32 capacity, Allocator &allocator)
+{
+ return new SSDbCursorImpl(Db(this), capacity, allocator);
+}
+
+
+// SSDbUniqueRecordMaker
+DbUniqueRecordImpl *
+SSDbImpl::newDbUniqueRecord()
+{
+ return new SSDbUniqueRecordImpl(Db(this));
+}
+
+
+//
+// SSGroup -- Group key with acl, used to protect a group of items.
+//
+// @@@ Get this from a shared spot.
+CSSM_DB_NAME_ATTR(SSGroupImpl::kLabel, 6, (char*) "Label", 0, NULL, BLOB);
+
+// Create a new group.
+SSGroupImpl::SSGroupImpl(const SSDb &ssDb,
+ const CSSM_RESOURCE_CONTROL_CONTEXT *credAndAclEntry)
+: KeyImpl(ssDb->csp()), mLabel(ssDb->allocator())
+{
+ mLabel.Length = kLabelSize;
+ mLabel.Data = reinterpret_cast<uint8 *>
+ (mLabel.mAllocator.malloc(mLabel.Length));
+
+ // Get our csp and set up a random number generation context.
+ CSP csp(this->csp());
+ Random random(csp, CSSM_ALGID_APPLE_YARROW);
+
+ // Generate a kLabelSize byte random number that will be the label of
+ // the key which we store in the dataBlob.
+ random.generate(mLabel, (uint32)mLabel.Length);
+
+ // Overwrite the first 4 bytes with the magic cookie for a group.
+ reinterpret_cast<uint32 *>(mLabel.Data)[0] = h2n(uint32(kGroupMagic));
+
+ // @@@ Ensure that the label is unique (Chance of collision is 2^80 --
+ // birthday paradox).
+
+ // Generate a permanent 3DES key that we will use to encrypt the data.
+ GenerateKey genKey(csp, CSSM_ALGID_3DES_3KEY, 192);
+ genKey.database(ssDb);
+
+ // Set the acl of the key correctly here
+ genKey.rcc(credAndAclEntry);
+
+ // Generate the key
+ genKey(*this, KeySpec(CSSM_KEYUSE_ENCRYPT|CSSM_KEYUSE_DECRYPT,
+ CSSM_KEYATTR_PERMANENT|CSSM_KEYATTR_SENSITIVE,
+ mLabel));
+
+ // Activate ourself so CSSM_FreeKey will get called when we go out of
+ // scope.
+ activate();
+}
+
+// Lookup an existing group based on a dataBlob.
+SSGroupImpl::SSGroupImpl(const SSDb &ssDb, const CSSM_DATA &dataBlob)
+: KeyImpl(ssDb->csp()), mLabel(ssDb->allocator())
+{
+ if (dataBlob.Length < kLabelSize + kIVSize)
+ CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // Not a SS record
+
+ mLabel = CssmData(dataBlob.Data, kLabelSize);
+ if (*reinterpret_cast<const uint32 *>(mLabel.Data) != h2n (uint32(kGroupMagic)))
+ CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // Not a SS record
+
+ // Look up the symmetric key with that label.
+ DbCursor cursor(new DbDbCursorImpl(ssDb, 0, Allocator::standard()));
+ cursor->recordType(CSSM_DL_DB_RECORD_SYMMETRIC_KEY);
+ cursor->add(CSSM_DB_EQUAL, kLabel, mLabel);
+
+ DbUniqueRecord keyId;
+ CssmDataContainer keyData(ssDb->allocator());
+ if (!cursor->next(NULL, &keyData, keyId))
+ CssmError::throwMe(CSSMERR_DL_RECORD_NOT_FOUND); // The key can't be found
+
+ // Set the key part of ourself.
+ static_cast<CSSM_KEY &>(*this) =
+ *reinterpret_cast<const CSSM_KEY *>(keyData.Data);
+
+ // Activate ourself so CSSM_FreeKey will get called when we go out of
+ // scope.
+ activate();
+}
+
+bool
+SSGroupImpl::isGroup(const CSSM_DATA &dataBlob)
+{
+ return dataBlob.Length >= kLabelSize + kIVSize
+ && *reinterpret_cast<const uint32 *>(dataBlob.Data) == h2n(uint32(kGroupMagic));
+}
+
+const CssmData
+SSGroupImpl::label() const
+{
+ return mLabel;
+}
+
+void
+SSGroupImpl::decodeDataBlob(const CSSM_DATA &dataBlob,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ Allocator &allocator, CSSM_DATA &data)
+{
+ // First get the IV and the cipherText from the blob.
+ CssmData iv(&dataBlob.Data[kLabelSize], kIVSize);
+ CssmData cipherText(&dataBlob.Data[kLabelSize + kIVSize],
+ dataBlob.Length - (kLabelSize + kIVSize));
+
+ CssmDataContainer plainText1(allocator);
+ CssmDataContainer plainText2(allocator);
+ // Decrypt the data
+ // @@@ Don't use staged decrypt once the AppleCSPDL can do combo
+ // encryption.
+ // Setup decryption context
+ Decrypt decrypt(csp(), algorithm());
+ decrypt.mode(CSSM_ALGMODE_CBCPadIV8);
+ decrypt.padding(CSSM_PADDING_PKCS1);
+ decrypt.initVector(iv);
+ decrypt.key(Key(this));
+ decrypt.cred(AccessCredentials::overlay(cred));
+ decrypt.decrypt(&cipherText, 1, &plainText1, 1);
+ decrypt.final(plainText2);
+
+ // Use DL allocator for allocating memory for data.
+ CSSM_SIZE length = plainText1.Length + plainText2.Length;
+ data.Data = allocator.alloc<uint8>((UInt32)length);
+ data.Length = length;
+ memcpy(data.Data, plainText1.Data, plainText1.Length);
+ memcpy(&data.Data[plainText1.Length], plainText2.Data, plainText2.Length);
+}
+
+void
+SSGroupImpl::encodeDataBlob(const CSSM_DATA *data,
+ const CSSM_ACCESS_CREDENTIALS *cred,
+ CssmDataContainer &dataBlob)
+{
+ // Get our csp and set up a random number generation context.
+ CSP csp(this->csp());
+ Random random(csp, CSSM_ALGID_APPLE_YARROW);
+
+ // Encrypt data using key and encode it in a dataBlob.
+
+ // First calculate a random IV.
+ uint8 ivBuf[kIVSize];
+ CssmData iv(ivBuf, kIVSize);
+ random.generate(iv, kIVSize);
+
+ // Setup encryption context
+ Encrypt encrypt(csp, algorithm());
+ encrypt.mode(CSSM_ALGMODE_CBCPadIV8);
+ encrypt.padding(CSSM_PADDING_PKCS1);
+ encrypt.initVector(iv);
+ encrypt.key(Key(this));
+ encrypt.cred(AccessCredentials::overlay(cred));
+
+ // Encrypt the data
+ const CssmData nothing;
+ const CssmData *plainText = data ? CssmData::overlay(data) : ¬hing;
+ // @@@ Don't use staged encrypt once the AppleCSPDL can do combo
+ // encryption.
+ CssmDataContainer cipherText1, cipherText2;
+ encrypt.encrypt(plainText, 1, &cipherText1, 1);
+ encrypt.final(cipherText2);
+
+ // Create a dataBlob containing the label followed by the IV followed
+ // by the cipherText.
+ CSSM_SIZE length = (kLabelSize + kIVSize
+ + cipherText1.Length + cipherText2.Length);
+ dataBlob.Data = dataBlob.mAllocator.alloc<uint8>((UInt32)length);
+ dataBlob.Length = length;
+ memcpy(dataBlob.Data, mLabel.Data, kLabelSize);
+ memcpy(&dataBlob.Data[kLabelSize], iv.Data, kIVSize);
+ memcpy(&dataBlob.Data[kLabelSize + kIVSize],
+ cipherText1.Data, cipherText1.Length);
+ memcpy(&dataBlob.Data[kLabelSize + kIVSize + cipherText1.Length],
+ cipherText2.Data, cipherText2.Length);
+}
+
+
+//
+// SSDbCursorImpl -- Secure Storage Database Cursor Implementation.
+//
+SSDbCursorImpl::SSDbCursorImpl(const Db &db, const CSSM_QUERY &query,
+ Allocator &allocator)
+: DbDbCursorImpl(db, query, allocator)
+{
+}
+
+SSDbCursorImpl::SSDbCursorImpl(const Db &db, uint32 capacity,
+ Allocator &allocator)
+: DbDbCursorImpl(db, capacity, allocator)
+{
+}
+
+bool
+SSDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data,
+ DbUniqueRecord &uniqueId)
+{
+ return next(attributes, data, uniqueId, NULL);
+}
+
+bool
+SSDbCursorImpl::next(DbAttributes *attributes, ::CssmDataContainer *data,
+ DbUniqueRecord &uniqueId,
+ const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ if (!data)
+ return DbDbCursorImpl::next(attributes, data, uniqueId);
+
+ DbAttributes noAttrs, *attrs;
+ attrs = attributes ? attributes : &noAttrs;
+
+ // Get the datablob for this record
+ CssmDataContainer dataBlob(allocator());
+ for (;;)
+ {
+ if (!DbDbCursorImpl::next(attrs, &dataBlob, uniqueId))
+ return false;
+
+ // Keep going until we find a non key type record.
+ CSSM_DB_RECORDTYPE rt = attrs->recordType();
+ if (rt != CSSM_DL_DB_RECORD_SYMMETRIC_KEY
+ && rt != CSSM_DL_DB_RECORD_PRIVATE_KEY
+ && rt != CSSM_DL_DB_RECORD_PUBLIC_KEY)
+ {
+ // @@@ Check the label and if it doesn't start with the magic for a SSKey return the key.
+ break;
+ }
+ else
+ {
+ // Free the key we just retrieved
+ database()->csp()->freeKey(*reinterpret_cast<CssmKey *>(dataBlob.Data));
+ }
+ }
+
+ if (!SSGroupImpl::isGroup(dataBlob))
+ {
+ data->Data = dataBlob.Data;
+ data->Length = dataBlob.Length;
+ dataBlob.Data = NULL;
+ dataBlob.Length = 0;
+ return true;
+ }
+
+ // Get the group for dataBlob
+ SSGroup group(database(), dataBlob);
+
+ // Decode the dataBlob, pass in the DL allocator.
+ group->decodeDataBlob(dataBlob, cred, database()->allocator(), *data);
+ return true;
+}
+
+bool
+SSDbCursorImpl::nextKey(DbAttributes *attributes, Key &key,
+ DbUniqueRecord &uniqueId)
+{
+ DbAttributes noAttrs, *attrs;
+ attrs = attributes ? attributes : &noAttrs;
+ CssmDataContainer keyData(database()->allocator());
+ for (;;)
+ {
+ if (!DbDbCursorImpl::next(attrs, &keyData, uniqueId))
+ return false;
+ // Keep going until we find a key type record.
+ CSSM_DB_RECORDTYPE rt = attrs->recordType();
+ if (rt == CSSM_DL_DB_RECORD_SYMMETRIC_KEY
+ || rt == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || rt == CSSM_DL_DB_RECORD_PUBLIC_KEY)
+ break;
+ }
+
+ key = Key(database()->csp(), *reinterpret_cast<CSSM_KEY *>(keyData.Data));
+ return true;
+}
+
+void
+SSDbCursorImpl::activate()
+{
+ return DbDbCursorImpl::activate();
+}
+
+void
+SSDbCursorImpl::deactivate()
+{
+ return DbDbCursorImpl::deactivate();
+}
+
+
+//
+// SSDbUniqueRecordImpl -- Secure Storage UniqueRecord Implementation.
+//
+SSDbUniqueRecordImpl::SSDbUniqueRecordImpl(const Db &db)
+: DbUniqueRecordImpl(db)
+{
+}
+
+SSDbUniqueRecordImpl::~SSDbUniqueRecordImpl()
+{
+}
+
+void
+SSDbUniqueRecordImpl::deleteRecord()
+{
+ deleteRecord(NULL);
+}
+
+void
+SSDbUniqueRecordImpl::deleteRecord(const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ // Get the datablob for this record
+ // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
+ CssmDataContainer dataBlob(allocator());
+ DbAttributes attributes;
+
+ DbUniqueRecordImpl::get(&attributes, &dataBlob);
+ CSSM_KEY_PTR keyPtr = (CSSM_KEY_PTR) dataBlob.data();
+
+ // delete data part first:
+ // (1) don't leave data without keys around
+ // (2) delete orphaned data anyway
+ DbUniqueRecordImpl::deleteRecord();
+
+ // @@@ Use transactions?
+ if (SSGroupImpl::isGroup(dataBlob))
+ try {
+ // Get the group for dataBlob
+ SSGroup group(database(), dataBlob);
+ // Delete the group (key)
+ group->deleteKey(cred);
+ } catch (const CssmError &err) {
+ switch (err.error) {
+ case CSSMERR_DL_RECORD_NOT_FOUND:
+ // Zombie item (no group key). Finally at peace! No error
+ break;
+ default:
+
+ if (attributes.recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY ||
+ attributes.recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY ||
+ attributes.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ {
+ allocator().free(keyPtr->KeyData.Data);
+ }
+
+ throw;
+ }
+ }
+
+ if (attributes.recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY ||
+ attributes.recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY ||
+ attributes.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ {
+ allocator().free(keyPtr->KeyData.Data);
+ }
+}
+
+void
+SSDbUniqueRecordImpl::modify(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data,
+ CSSM_DB_MODIFY_MODE modifyMode)
+{
+ modify(recordType, attributes, data, modifyMode, NULL);
+}
+
+void
+SSDbUniqueRecordImpl::modify(CSSM_DB_RECORDTYPE recordType,
+ const CSSM_DB_RECORD_ATTRIBUTE_DATA *attributes,
+ const CSSM_DATA *data,
+ CSSM_DB_MODIFY_MODE modifyMode,
+ const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ if (!data)
+ {
+ DbUniqueRecordImpl::modify(recordType, attributes, NULL, modifyMode);
+ return;
+ }
+
+ // Get the datablob for this record
+ // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
+ CssmDataContainer oldDataBlob(allocator());
+ DbUniqueRecordImpl::get(NULL, &oldDataBlob);
+
+ if (!SSGroupImpl::isGroup(oldDataBlob))
+ {
+ DbUniqueRecordImpl::modify(recordType, attributes, data, modifyMode);
+ return;
+ }
+
+ // Get the group for oldDataBlob
+ SSGroup group(database(), oldDataBlob);
+
+ // Create a new dataBlob.
+ CssmDataContainer dataBlob(allocator());
+ group->encodeDataBlob(data, cred, dataBlob);
+ DbUniqueRecordImpl::modify(recordType, attributes, &dataBlob, modifyMode);
+}
+
+void
+SSDbUniqueRecordImpl::get(DbAttributes *attributes, ::CssmDataContainer *data)
+{
+ get(attributes, data, NULL);
+}
+
+void
+SSDbUniqueRecordImpl::get(DbAttributes *attributes, ::CssmDataContainer *data,
+ const CSSM_ACCESS_CREDENTIALS *cred)
+{
+ if (!data)
+ {
+ DbUniqueRecordImpl::get(attributes, NULL);
+ return;
+ }
+
+ // Get the datablob for this record
+ // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
+ CssmDataContainer dataBlob(allocator());
+ DbUniqueRecordImpl::get(attributes, &dataBlob);
+
+ if (!SSGroupImpl::isGroup(dataBlob))
+ {
+ data->Data = dataBlob.Data;
+ data->Length = dataBlob.Length;
+ dataBlob.Data = NULL;
+ dataBlob.Length = 0;
+ return;
+ }
+
+ // Get the group for dataBlob
+ SSGroup group(database(), dataBlob);
+
+ // Decode the dataBlob, pass in the DL allocator.
+ group->decodeDataBlob(dataBlob, cred, allocator(), *data);
+}
+
+SSGroup
+SSDbUniqueRecordImpl::group()
+{
+ // Get the datablob for this record
+ // @@@ Fixme so we don't need to call DbUniqueRecordImpl::get
+ CssmDataContainer dataBlob(allocator());
+ DbUniqueRecordImpl::get(NULL, &dataBlob);
+ return SSGroup(database(), dataBlob);
+}
projects / apple / security.git / blobdiff