X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/6b200bc335dc93c5516ccb52f14bd896d8c7fad7..refs/heads/master:/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp?ds=sidebyside diff --git a/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp b/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp index ca8f3623..b5bd9748 100644 --- a/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp +++ b/OSX/libsecurity_keychain/lib/SecKeychainItem.cpp @@ -38,11 +38,13 @@ #include #include #include +#include #include "SecBridge.h" #include "KCExceptions.h" #include "Access.h" #include "SecKeychainItemExtendedAttributes.h" +#include "LegacyAPICounts.h" extern "C" Boolean SecKeyIsCDSAKey(SecKeyRef ref); @@ -78,7 +80,6 @@ CFTypeID SecKeychainItemGetTypeID(void) { BEGIN_SECAPI - return gTypes().ItemImpl.typeID; END_SECAPI1(_kCFRuntimeNotATypeID) @@ -91,6 +92,9 @@ SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeLis SecAccessRef initialAccess, SecKeychainItemRef *itemRef) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemCreateFromContent", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); KCThrowParamErrIf_(length!=0 && data==NULL); Item item(itemClass, attrList, length, data); @@ -123,7 +127,10 @@ SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeLis OSStatus SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) { - BEGIN_SECKCITEMAPI + BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemModifyContent", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); item->modifyContent(attrList, length, data); @@ -136,6 +143,9 @@ OSStatus SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemCopyContent", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); item->getContent(itemClass, attrList, length, outData); @@ -148,6 +158,9 @@ OSStatus SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemFreeContent", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); ItemImpl::freeContent(attrList, data); @@ -158,7 +171,10 @@ SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data) OSStatus SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data) { - BEGIN_SECKCITEMAPI + BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemModifyAttributesAndData", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); item->modifyAttributesAndData(attrList, length, data); @@ -170,7 +186,7 @@ SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeyc OSStatus SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData) { - BEGIN_SECKCITEMAPI + BEGIN_SECKCITEMAPI Item item = ItemImpl::required(__itemImplRef); item->getAttributesAndData(info, itemClass, attrList, length, outData); @@ -183,7 +199,6 @@ OSStatus SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data) { BEGIN_SECAPI - ItemImpl::freeAttributesAndData(attrList, data); END_SECAPI @@ -193,7 +208,10 @@ SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *d OSStatus SecKeychainItemDelete(SecKeychainItemRef itemRef) { - BEGIN_SECKCITEMAPI + BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemDelete", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); Keychain keychain = item->keychain(); @@ -225,7 +243,7 @@ SecKeychainItemDelete(SecKeychainItemRef itemRef) OSStatus SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef) { - BEGIN_SECKCITEMAPI + BEGIN_SECKCITEMAPI // make sure this item has a keychain Keychain kc = ItemImpl::required(__itemImplRef)->keychain(); @@ -244,7 +262,10 @@ OSStatus SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef, SecAccessRef initialAccess, SecKeychainItemRef *itemCopy) { - BEGIN_SECKCITEMAPI + BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemCreateCopy", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item copy = ItemImpl::required(__itemImplRef)->copyTo(Keychain::optional(destKeychainRef), Access::optional(initialAccess)); if (itemCopy) { @@ -259,6 +280,9 @@ OSStatus SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef, const CSSM_DB_UNIQUE_RECORD **uniqueRecordID) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemGetUniqueRecordID", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Required(uniqueRecordID) = ItemImpl::required(__itemImplRef)->dbUniqueRecord(); @@ -270,44 +294,22 @@ OSStatus SecKeychainItemGetDLDBHandle(SecKeychainItemRef itemRef, CSSM_DL_DB_HANDLE* dldbHandle) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemGetDLDBHandle", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); *dldbHandle = ItemImpl::required(__itemImplRef)->keychain()->database()->handle(); END_SECKCITEMAPI } -#if 0 -static -OSStatus SecAccessCreateFromObject(CFTypeRef sourceRef, - SecAccessRef *accessRef) -{ - BEGIN_SECAPI - - Required(accessRef); // preflight - SecPointer access = new Access(*aclBearer(sourceRef)); - *accessRef = access->handle(); - - END_SECAPI -} - - -/*! - */ -static -OSStatus SecAccessModifyObject(SecAccessRef accessRef, CFTypeRef sourceRef) -{ - BEGIN_SECAPI - - Access::required(accessRef)->setAccess(*aclBearer(sourceRef), true); - - END_SECAPI -} -#endif - OSStatus SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef* accessRef) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemCopyAccess", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Required(accessRef); // preflight SecPointer access = new Access(*aclBearer(reinterpret_cast(__itemImplRef))); @@ -321,6 +323,9 @@ OSStatus SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef accessRef) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemSetAccess", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Access::required(accessRef)->setAccess(*aclBearer(reinterpret_cast(__itemImplRef)), true); @@ -332,9 +337,16 @@ SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef accessRef) OSStatus SecKeychainItemSetAccessWithPassword(SecKeychainItemRef itemRef, SecAccessRef accessRef, UInt32 passwordLength, const void * password) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemSetAccessWithPassword", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); OSStatus result; + if(!__itemImplRef) { + return errSecParam; + } + // try to unlock the keychain with this password first SecKeychainRef kc = NULL; result = SecKeychainItemCopyKeychain(__itemImplRef, &kc); @@ -363,6 +375,9 @@ OSStatus SecKeychainItemSetAccessWithPassword(SecKeychainItemRef itemRef, SecAcc OSStatus SecKeychainItemSetData(SecKeychainItemRef itemRef, UInt32 length, const void* data) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemSetData", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); ItemImpl::required(__itemImplRef)->setData(length, data); @@ -375,6 +390,9 @@ OSStatus SecKeychainItemSetData(SecKeychainItemRef itemRef, UInt32 length, const OSStatus SecKeychainItemGetData(SecKeychainItemRef itemRef, UInt32 maxLength, void* data, UInt32* actualLength) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemGetData", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); /* The caller either needs to specify data and maxLength or an actualLength, * so we return either the data itself or the actual length of the data or both. @@ -404,6 +422,9 @@ OSStatus SecKeychainItemGetData(SecKeychainItemRef itemRef, UInt32 maxLength, vo OSStatus SecKeychainItemUpdate(SecKeychainItemRef itemRef) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemUpdate", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); ItemImpl::required(__itemImplRef)->update(); @@ -415,6 +436,9 @@ OSStatus SecKeychainItemUpdate(SecKeychainItemRef itemRef) OSStatus SecKeychainItemAddNoUI(SecKeychainRef keychainRef, SecKeychainItemRef itemRef) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemAddNoUI", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); Keychain::optional(keychainRef)->add(item); @@ -427,6 +451,9 @@ OSStatus SecKeychainItemAddNoUI(SecKeychainRef keychainRef, SecKeychainItemRef i OSStatus SecKeychainItemAdd(SecKeychainItemRef itemRef) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemAdd", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); Keychain defaultKeychain = globals().storageManager.defaultKeychainUI(item); @@ -440,6 +467,9 @@ OSStatus SecKeychainItemAdd(SecKeychainItemRef itemRef) OSStatus SecKeychainItemCreateNew(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, SecKeychainItemRef* itemRef) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemCreateNew", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); RequiredParam(itemRef) = Item(itemClass, itemCreator, length, data, false)->handle(); @@ -451,6 +481,9 @@ OSStatus SecKeychainItemCreateNew(SecItemClass itemClass, OSType itemCreator, UI OSStatus SecKeychainItemGetAttribute(SecKeychainItemRef itemRef, SecKeychainAttribute* attribute, UInt32* actualLength) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemGetAttribute", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); ItemImpl::required(__itemImplRef)->getAttribute(RequiredParam(attribute), actualLength); @@ -462,6 +495,9 @@ OSStatus SecKeychainItemGetAttribute(SecKeychainItemRef itemRef, SecKeychainAttr OSStatus SecKeychainItemSetAttribute(SecKeychainItemRef itemRef, SecKeychainAttribute* attribute) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemSetAttribute", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); ItemImpl::required(__itemImplRef)->setAttribute(RequiredParam(attribute)); @@ -476,6 +512,9 @@ OSStatus SecKeychainItemSetAttribute(SecKeychainItemRef itemRef, SecKeychainAttr OSStatus SecKeychainItemFindFirst(SecKeychainRef keychainRef, const SecKeychainAttributeList *attrList, SecKeychainSearchRef *searchRef, SecKeychainItemRef *itemRef) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemFindFirst", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); KCCursor cursor; if (keychainRef) { @@ -499,6 +538,7 @@ OSStatus SecKeychainItemFindFirst(SecKeychainRef keychainRef, const SecKeychainA static OSStatus SecKeychainItemCreatePersistentReferenceFromCertificate(SecCertificateRef certRef, CFDataRef *persistentItemRef, Boolean isIdentity) { + COUNTLEGACYAPI OSStatus __secapiresult; if (!certRef || !persistentItemRef) { return errSecParam; @@ -536,7 +576,7 @@ static OSStatus SecKeychainItemCreatePersistentReferenceFromCertificate(SecCerti } CFErrorRef errorRef = NULL; - CFDataRef serialData = SecCertificateCopySerialNumber(certItem, &errorRef); + CFDataRef serialData = SecCertificateCopySerialNumberData(certItem, &errorRef); if (errorRef) { CFIndex err = CFErrorGetCode(errorRef); CFRelease(errorRef); @@ -589,7 +629,7 @@ OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CF } // first, query the iOS keychain { - const void *keys[] = { kSecValueRef, kSecReturnPersistentRef, kSecAttrNoLegacy }; + const void *keys[] = { kSecValueRef, kSecReturnPersistentRef, kSecUseDataProtectionKeychain }; const void *values[] = { itemRef, kCFBooleanTrue, kCFBooleanTrue }; CFRef query = CFDictionaryCreate(kCFAllocatorDefault, keys, values, sizeof(keys) / sizeof(*keys), @@ -619,6 +659,9 @@ OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CF // otherwise, not a certificate, so proceed as usual for keychain item BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemCreatePersistentReference", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(itemRef); item->copyPersistentReference(*persistentItemRef, false); END_SECAPI @@ -627,11 +670,14 @@ OSStatus SecKeychainItemCreatePersistentReference(SecKeychainItemRef itemRef, CF OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef, SecKeychainItemRef *itemRef) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemCopyFromPersistentReference", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); KCThrowParamErrIf_(!persistentItemRef || !itemRef); // first, query the iOS keychain { - const void *keys[] = { kSecValuePersistentRef, kSecReturnRef, kSecAttrNoLegacy}; + const void *keys[] = { kSecValuePersistentRef, kSecReturnRef, kSecUseDataProtectionKeychain}; const void *values[] = { persistentItemRef, kCFBooleanTrue, kCFBooleanTrue }; CFRef query = CFDictionaryCreate(kCFAllocatorDefault, keys, values, sizeof(keys) / sizeof(*keys), @@ -696,6 +742,9 @@ OSStatus SecKeychainItemCopyFromPersistentReference(CFDataRef persistentItemRef, OSStatus SecKeychainItemCopyRecordIdentifier(SecKeychainItemRef itemRef, CFDataRef *recordIdentifier) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemCopyRecordIdentifier", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); CSSM_DATA data; RequiredParam (recordIdentifier); @@ -713,6 +762,9 @@ SecKeychainItemCopyFromRecordIdentifier(SecKeychainRef keychainRef, CFDataRef recordIdentifier) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemCopyFromRecordIdentifier", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); // make a local Keychain reference RequiredParam (keychainRef); @@ -768,6 +820,9 @@ OSStatus SecKeychainItemCreateFromEncryptedContent(SecItemClass itemClass, SecAccessRef initialAccess, SecKeychainItemRef *itemRef, CFDataRef *localID) { BEGIN_SECAPI + os_activity_t activity = os_activity_create("SecKeychainItemCreateFromEncryptedContent", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); KCThrowParamErrIf_(length!=0 && data==NULL); RequiredParam (localID); @@ -839,6 +894,9 @@ OSStatus SecKeychainItemCopyAttributesAndEncryptedData(SecKeychainItemRef itemRe UInt32 *length, void **outData) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemCopyAttributesAndEncryptedData", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); item->doNotEncrypt (); @@ -850,6 +908,9 @@ OSStatus SecKeychainItemCopyAttributesAndEncryptedData(SecKeychainItemRef itemRe OSStatus SecKeychainItemModifyEncryptedData(SecKeychainItemRef itemRef, UInt32 length, const void *data) { BEGIN_SECKCITEMAPI + os_activity_t activity = os_activity_create("SecKeychainItemModifyEncryptedData", OS_ACTIVITY_CURRENT, OS_ACTIVITY_FLAG_IF_NONE_PRESENT); + os_activity_scope(activity); + os_release(activity); Item item = ItemImpl::required(__itemImplRef); item->doNotEncrypt ();