X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/SecurityTests/cspxutils/dbTool/dbAttrs.cpp diff --git a/SecurityTests/cspxutils/dbTool/dbAttrs.cpp b/SecurityTests/cspxutils/dbTool/dbAttrs.cpp new file mode 100644 index 00000000..1f83765a --- /dev/null +++ b/SecurityTests/cspxutils/dbTool/dbAttrs.cpp @@ -0,0 +1,444 @@ +/* Copyright (c) 2002-2003,2006,2008 Apple Inc. + * + * dbAttrs.cpp - Apple DL/DB/Keychain attributes and name/value pairs. + * The attribute lists here are not necessarily complete lists + * of the attrs in any given schema; they are only the ones we want + * to examine with dbTool. + */ + +#include "dbAttrs.h" +#include +#include +#include +#include + +/* declare a CSSM_DB_ATTRIBUTE_INFO with NAME_AS_STRING */ +#define DB_ATTRIBUTE(name, type) \ + { CSSM_DB_ATTRIBUTE_NAME_AS_STRING, \ + {(char *)#name}, \ + CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ + } + +/* declare a CSSM_DB_ATTRIBUTE_INFO with NAME_AS_INTEGER */ +#define DB_INT_ATTRIBUTE(name, type) \ + { CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER, \ + { (char *)name }, \ + CSSM_DB_ATTRIBUTE_FORMAT_ ## type \ + } + + +/* declare one entry in a table of nameValuePairs */ +#define NVP(attr) {attr, #attr} + +/* the NULL entry which terminates all nameValuePair tables */ +#define NVP_END {0, NULL} + +/* declare a RelationInfo */ +#define RELATION_INFO(relationId, attributes, nameValues) \ + { relationId, \ + #relationId, \ + sizeof(attributes) / sizeof(CSSM_DB_ATTRIBUTE_INFO), \ + attributes, \ + nameValues } + +/* CSSM_DB_RECORDTYPE names */ +const NameValuePair recordTypeNames[] = +{ + NVP(CSSM_DL_DB_SCHEMA_INFO), + NVP(CSSM_DL_DB_SCHEMA_INDEXES), + NVP(CSSM_DL_DB_SCHEMA_ATTRIBUTES), + NVP(CSSM_DL_DB_SCHEMA_PARSING_MODULE), + NVP(CSSM_DL_DB_RECORD_ANY), + NVP(CSSM_DL_DB_RECORD_CERT), + NVP(CSSM_DL_DB_RECORD_CRL), + NVP(CSSM_DL_DB_RECORD_POLICY), + NVP(CSSM_DL_DB_RECORD_GENERIC), + NVP(CSSM_DL_DB_RECORD_PUBLIC_KEY), + NVP(CSSM_DL_DB_RECORD_PRIVATE_KEY), + NVP(CSSM_DL_DB_RECORD_SYMMETRIC_KEY), + NVP(CSSM_DL_DB_RECORD_ALL_KEYS), + /* Apple-specific */ + NVP(CSSM_DL_DB_RECORD_GENERIC_PASSWORD), + NVP(CSSM_DL_DB_RECORD_INTERNET_PASSWORD), + NVP(CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD), + NVP(CSSM_DL_DB_RECORD_X509_CERTIFICATE), + NVP(CSSM_DL_DB_RECORD_X509_CRL), + NVP(CSSM_DL_DB_RECORD_USER_TRUST), + /* private to AppleCSPDL */ + NVP(DBBlobRelationID), + /* private to Sec layer */ + NVP(CSSM_DL_DB_RECORD_UNLOCK_REFERRAL), + NVP(CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE), + NVP_END +}; + +/* CSSM_CERT_TYPE names */ +const NameValuePair certTypeNames[] = +{ + NVP(CSSM_CERT_UNKNOWN), + NVP(CSSM_CERT_X_509v1), + NVP(CSSM_CERT_X_509v2), + NVP(CSSM_CERT_X_509v3), + NVP(CSSM_CERT_PGP), + NVP(CSSM_CERT_SPKI), + NVP(CSSM_CERT_SDSIv1), + NVP(CSSM_CERT_Intel), + NVP(CSSM_CERT_X_509_ATTRIBUTE), + NVP(CSSM_CERT_X9_ATTRIBUTE), + NVP(CSSM_CERT_TUPLE), + NVP(CSSM_CERT_ACL_ENTRY), + NVP(CSSM_CERT_MULTIPLE), + NVP_END +}; + +/* CSSM_CERT_ENCODING names */ +const NameValuePair certEncodingNames[] = +{ + NVP(CSSM_CERT_ENCODING_UNKNOWN), + NVP(CSSM_CERT_ENCODING_CUSTOM), + NVP(CSSM_CERT_ENCODING_BER), + NVP(CSSM_CERT_ENCODING_DER), + NVP(CSSM_CERT_ENCODING_NDR), + NVP(CSSM_CERT_ENCODING_SEXPR), + NVP(CSSM_CERT_ENCODING_PGP), + NVP(CSSM_CERT_ENCODING_MULTIPLE), + NVP_END +}; + +/* CSSM_CRL_TYPE names */ +const NameValuePair crlTypeNames[] = +{ + NVP(CSSM_CRL_TYPE_UNKNOWN), + NVP(CSSM_CRL_TYPE_X_509v1), + NVP(CSSM_CRL_TYPE_X_509v2), + NVP(CSSM_CRL_TYPE_SPKI), + NVP(CSSM_CRL_TYPE_MULTIPLE), + NVP_END +}; + +/* CSSM_CRL_ENCODING names */ +const NameValuePair crlEncodingNames[] = +{ + NVP(CSSM_CRL_ENCODING_UNKNOWN), + NVP(CSSM_CRL_ENCODING_CUSTOM), + NVP(CSSM_CRL_ENCODING_BER), + NVP(CSSM_CRL_ENCODING_DER), + NVP(CSSM_CRL_ENCODING_BLOOM), + NVP(CSSM_CRL_ENCODING_SEXPR), + NVP(CSSM_CRL_ENCODING_MULTIPLE), + NVP_END +}; + + +/* CSSM_ALGORITHMS names */ +const NameValuePair algIdNames[] = +{ + NVP(CSSM_ALGID_NONE), + NVP(CSSM_ALGID_DES), + NVP(CSSM_ALGID_DESX), + NVP(CSSM_ALGID_3DES_3KEY_EDE), + NVP(CSSM_ALGID_3DES_3KEY), + NVP(CSSM_ALGID_RC2), + NVP(CSSM_ALGID_RC5), + NVP(CSSM_ALGID_RC4), + NVP(CSSM_ALGID_RSA), + NVP(CSSM_ALGID_DSA), + NVP(CSSM_ALGID_FEE), + NVP_END +}; + +/* CSSM_DL_DB_SCHEMA_INFO */ +static const CSSM_DB_ATTRIBUTE_INFO schemaInfoAttrs[] = { + DB_ATTRIBUTE(RelationID, UINT32), + DB_ATTRIBUTE(RelationName, STRING), +}; + +static const NameValuePair *schemaInfoNvp[] = { + recordTypeNames, + NULL +}; + +const RelationInfo schemaInfoRelation = + RELATION_INFO(CSSM_DL_DB_SCHEMA_INFO, + schemaInfoAttrs, + schemaInfoNvp); + +/* CSSM_DL_DB_RECORD_ALL_KEYS (partial) */ +static const CSSM_DB_ATTRIBUTE_INFO allKeysAttrs[] = { + DB_ATTRIBUTE(KeyClass, UINT32), + DB_ATTRIBUTE(KeyType, UINT32), + DB_ATTRIBUTE(PrintName, BLOB), + DB_ATTRIBUTE(Alias, BLOB), + DB_ATTRIBUTE(Permanent, UINT32), + DB_ATTRIBUTE(Private, UINT32), + DB_ATTRIBUTE(Modifiable, UINT32), + DB_ATTRIBUTE(Label, BLOB), + DB_ATTRIBUTE(ApplicationTag, BLOB), + DB_ATTRIBUTE(KeyCreator, BLOB), + DB_ATTRIBUTE(KeySizeInBits, UINT32), + DB_ATTRIBUTE(EffectiveKeySize, UINT32), + DB_ATTRIBUTE(StartDate, BLOB), + DB_ATTRIBUTE(EndDate, BLOB), + DB_ATTRIBUTE(Sensitive, UINT32), + DB_ATTRIBUTE(AlwaysSensitive, UINT32), + DB_ATTRIBUTE(Extractable, UINT32), + DB_ATTRIBUTE(NeverExtractable, UINT32), + DB_ATTRIBUTE(Encrypt, UINT32), + DB_ATTRIBUTE(Decrypt, UINT32), + DB_ATTRIBUTE(Derive, UINT32), + DB_ATTRIBUTE(Sign, UINT32), + DB_ATTRIBUTE(Verify, UINT32), + DB_ATTRIBUTE(SignRecover, UINT32), + DB_ATTRIBUTE(VerifyRecover, UINT32), + DB_ATTRIBUTE(Wrap, UINT32), + DB_ATTRIBUTE(Unwrap, UINT32), +}; + +static const NameValuePair *allKeysNvp[] = { + recordTypeNames, /* KeyClass - in this context, + * a subset of these */ + algIdNames, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +const RelationInfo allKeysRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_ALL_KEYS, + allKeysAttrs, + allKeysNvp); + +/* CSSM_DL_DB_RECORD_ANY, with the few attrs that all records have in common */ +static const CSSM_DB_ATTRIBUTE_INFO anyRecordAttrs[] = { + DB_ATTRIBUTE(PrintName, BLOB) +}; + +static const NameValuePair *anyRecordNvp[] = { + NULL +}; + +const RelationInfo anyRecordRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_ANY, + anyRecordAttrs, + anyRecordNvp); + +/* CSSM_DL_DB_RECORD_CERT - obsolete */ +static const CSSM_DB_ATTRIBUTE_INFO certRecordAttrs[] = { + DB_ATTRIBUTE(CertType, UINT32), + DB_ATTRIBUTE(CertEncoding, UINT32), + DB_ATTRIBUTE(PrintName, BLOB), + DB_ATTRIBUTE(Alias, BLOB), + DB_ATTRIBUTE(CertIdentity, BLOB), + DB_ATTRIBUTE(KeyLabel, BLOB) +}; + +static const NameValuePair *certRecordNvp[] = { + certTypeNames, + certEncodingNames, + NULL, + NULL, + NULL, + NULL +}; + +const RelationInfo certRecordRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_CERT, + certRecordAttrs, + certRecordNvp); + +/* Apple-specific CSSM_DL_DB_RECORD_X509_CERTIFICATE */ +static const CSSM_DB_ATTRIBUTE_INFO x509CertRecordAttrs[] = { + DB_ATTRIBUTE(CertType, UINT32), + DB_ATTRIBUTE(CertEncoding, UINT32), + DB_ATTRIBUTE(PrintName, BLOB), + DB_ATTRIBUTE(Alias, BLOB), + DB_ATTRIBUTE(Subject, BLOB), + DB_ATTRIBUTE(Issuer, BLOB), + DB_ATTRIBUTE(SerialNumber, BLOB), + DB_ATTRIBUTE(SubjectKeyIdentifier, BLOB), + DB_ATTRIBUTE(PublicKeyHash, BLOB) +}; + +static const NameValuePair *x509CertRecordNvp[] = { + certTypeNames, + certEncodingNames, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +const RelationInfo x509CertRecordRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_X509_CERTIFICATE, + x509CertRecordAttrs, + x509CertRecordNvp); + + +/* Apple-specific CSSM_DL_DB_RECORD_X509_CRL */ +static const CSSM_DB_ATTRIBUTE_INFO x509CrlRecordAttrs[] = { + DB_ATTRIBUTE(CrlType, UINT32), + DB_ATTRIBUTE(CrlEncoding, UINT32), + DB_ATTRIBUTE(PrintName, BLOB), + DB_ATTRIBUTE(Alias, BLOB), + DB_ATTRIBUTE(Issuer, BLOB), + DB_ATTRIBUTE(ThisUpdate, BLOB), + DB_ATTRIBUTE(NextUpdate, BLOB), + DB_ATTRIBUTE(URI, BLOB), + DB_ATTRIBUTE(CrlNumber, UINT32), + DB_ATTRIBUTE(DeltaCrlNumber, UINT32), +}; + +static const NameValuePair *x509CrlRecordNvp[] = { + crlTypeNames, + crlEncodingNames, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +const RelationInfo x509CrlRecordRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_X509_CRL, + x509CrlRecordAttrs, + x509CrlRecordNvp); + + +/* generic keychain template, when recordType unknown */ +static const CSSM_DB_ATTRIBUTE_INFO genericKcAttrs[] = { + DB_INT_ATTRIBUTE(kSecInvisibleItemAttr, SINT32), + DB_ATTRIBUTE(PrintName, BLOB), + DB_INT_ATTRIBUTE(kSecDescriptionItemAttr, BLOB), + DB_INT_ATTRIBUTE(kSecTypeItemAttr, UINT32), + /* more to come */ +}; + +static const NameValuePair *genericKcNvp[] = { + NULL, + NULL, + NULL, + NULL, + NULL +}; + +const RelationInfo genericKcRelation = + RELATION_INFO(0, // not used! + genericKcAttrs, + genericKcNvp); + +/* UserTrust */ +static const CSSM_DB_ATTRIBUTE_INFO userTrustAttrs[] = { + DB_ATTRIBUTE(TrustedCertificate, BLOB), + DB_ATTRIBUTE(TrustedPolicy, BLOB), + DB_ATTRIBUTE(PrintName, BLOB), +}; + +static const NameValuePair *userTrustNvp[] = { + NULL, + NULL, + NULL, + NULL, +}; + +const RelationInfo userTrustRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_USER_TRUST, + userTrustAttrs, + userTrustNvp); + +/* remainder added after the schema were publicly available via Schema.h */ + +/* unlock referral record */ + +using namespace Security; +using namespace KeychainCore; + +static const CSSM_DB_ATTRIBUTE_INFO unlockReferralRecordAttrs[] = +{ + Schema::kUnlockReferralType, + Schema::kUnlockReferralDbName, + Schema::kUnlockReferralDbGuid, + Schema::kUnlockReferralDbSSID, + Schema::kUnlockReferralDbSSType, + Schema::kUnlockReferralDbNetname, + Schema::kUnlockReferralKeyLabel, + Schema::kUnlockReferralKeyAppTag, + Schema::kUnlockReferralPrintName, + Schema::kUnlockReferralAlias +}; + +const NameValuePair referralTypeNames[] = +{ + NVP(CSSM_APPLE_UNLOCK_TYPE_KEY_DIRECT), + NVP(CSSM_APPLE_UNLOCK_TYPE_WRAPPED_PRIVATE), + NVP_END +}; + + +static const NameValuePair *referralNvp[] = { + referralTypeNames, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL +}; + +const RelationInfo referralRecordRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_UNLOCK_REFERRAL, + unlockReferralRecordAttrs, + referralNvp); + +/* extended attribute record */ +static const CSSM_DB_ATTRIBUTE_INFO extendedAttrRecordAttrs[] = +{ + Schema::kExtendedAttributeRecordType, + Schema::kExtendedAttributeItemID, + Schema::kExtendedAttributeAttributeName, + Schema::kExtendedAttributeModDate, + Schema::kExtendedAttributeAttributeValue +}; + +static const NameValuePair *extendedAttrNvp[] = { + recordTypeNames, + NULL, + NULL, + NULL, + NULL +}; + +const RelationInfo extendedAttrRelation = + RELATION_INFO(CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE, + extendedAttrRecordAttrs, + extendedAttrNvp); +