src/crypto_openssl.c

   1 /*
   2 ** SQLCipher
   3 ** http://sqlcipher.net
   4 **
   5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
   6 ** All rights reserved.
   7 **
   8 ** Redistribution and use in source and binary forms, with or without
   9 ** modification, are permitted provided that the following conditions are met:
  10 **     * Redistributions of source code must retain the above copyright
  11 **       notice, this list of conditions and the following disclaimer.
  12 **     * Redistributions in binary form must reproduce the above copyright
  13 **       notice, this list of conditions and the following disclaimer in the
  14 **       documentation and/or other materials provided with the distribution.
  15 **     * Neither the name of the ZETETIC LLC nor the
  16 **       names of its contributors may be used to endorse or promote products
  17 **       derived from this software without specific prior written permission.
  18 **
  19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
  20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
  23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 **
  30 */
  31 /* BEGIN SQLCIPHER */
  32 #ifdef SQLITE_HAS_CODEC
  33 #ifdef SQLCIPHER_CRYPTO_OPENSSL
  34 #include "sqliteInt.h"
  35 #include "crypto.h"
  36 #include "sqlcipher.h"
  37 #include <openssl/rand.h>
  38 #include <openssl/evp.h>
  39 #include <openssl/hmac.h>
  40 #include <openssl/err.h>
  41
  42 typedef struct {
  43   EVP_CIPHER *evp_cipher;
  44 } openssl_ctx;
  45
  46 static unsigned int openssl_external_init = 0;
  47 static unsigned int openssl_init_count = 0;
  48 static sqlite3_mutex* openssl_rand_mutex = NULL;
  49
  50 #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER < 0x20700000L
  51 static HMAC_CTX *HMAC_CTX_new(void)
  52 {
  53   HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
  54   if (ctx != NULL) {
  55     HMAC_CTX_init(ctx);
  56   }
  57   return ctx;
  58 }
  59
  60 /* Per 1.1.0 (https://wiki.openssl.org/index.php/1.1_API_Changes)
  61    HMAC_CTX_free should call HMAC_CTX_cleanup, then EVP_MD_CTX_Cleanup.
  62    HMAC_CTX_cleanup internally calls EVP_MD_CTX_cleanup so these
  63    calls are not needed. */
  64 static void HMAC_CTX_free(HMAC_CTX *ctx)
  65 {
  66   if (ctx != NULL) {
  67     HMAC_CTX_cleanup(ctx);
  68     OPENSSL_free(ctx);
  69   }
  70 }
  71 #endif
  72
  73 static int sqlcipher_openssl_add_random(void *ctx, void *buffer, int length) {
  74 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
  75   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: entering openssl_rand_mutex %p\n", openssl_rand_mutex);
  76   sqlite3_mutex_enter(openssl_rand_mutex);
  77   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: entered openssl_rand_mutex %p\n", openssl_rand_mutex);
  78 #endif
  79   RAND_add(buffer, length, 0);
  80 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
  81   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: leaving openssl_rand_mutex %p\n", openssl_rand_mutex);
  82   sqlite3_mutex_leave(openssl_rand_mutex);
  83   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: left openssl_rand_mutex %p\n", openssl_rand_mutex);
  84 #endif
  85   return SQLITE_OK;
  86 }
  87
  88 /* activate and initialize sqlcipher. Most importantly, this will automatically
  89    intialize OpenSSL's EVP system if it hasn't already be externally. Note that
  90    this function may be called multiple times as new codecs are intiialized.
  91    Thus it performs some basic counting to ensure that only the last and final
  92    sqlcipher_openssl_deactivate() will free the EVP structures.
  93 */
  94 static int sqlcipher_openssl_activate(void *ctx) {
  95   /* initialize openssl and increment the internal init counter
  96      but only if it hasn't been initalized outside of SQLCipher by this program
  97      e.g. on startup */
  98   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: entering static master mutex");
  99   sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
 100   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: entered static master mutex");
 101
 102   if(openssl_init_count == 0 && EVP_get_cipherbyname(CIPHER) != NULL) {
 103     /* if openssl has not yet been initialized by this library, but
 104        a call to get_cipherbyname works, then the openssl library
 105        has been initialized externally already. */
 106     openssl_external_init = 1;
 107   }
 108
 109 #ifdef SQLCIPHER_FIPS
 110   if(!FIPS_mode()){
 111     if(!FIPS_mode_set(1)){
 112       ERR_load_crypto_strings();
 113       ERR_print_errors_fp(stderr);
 114     }
 115   }
 116 #endif
 117
 118   if(openssl_init_count == 0 && openssl_external_init == 0)  {
 119     /* if the library was not externally initialized, then should be now */
 120 #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER < 0x20700000L
 121     OpenSSL_add_all_algorithms();
 122 #endif
 123   }
 124
 125 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
 126   if(openssl_rand_mutex == NULL) {
 127     /* allocate a mutex to guard against concurrent calls to RAND_bytes() */
 128     CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: allocating openssl_rand_mutex");
 129     openssl_rand_mutex = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
 130     CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: allocated openssl_rand_mutex %p", openssl_rand_mutex);
 131   }
 132 #endif
 133
 134   openssl_init_count++;
 135   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: leaving static master mutex");
 136   sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
 137   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: left static master mutex");
 138   return SQLITE_OK;
 139 }
 140
 141 /* deactivate SQLCipher, most imporantly decremeting the activation count and
 142    freeing the EVP structures on the final deactivation to ensure that
 143    OpenSSL memory is cleaned up */
 144 static int sqlcipher_openssl_deactivate(void *ctx) {
 145   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: entering static master mutex");
 146   sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
 147   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: entered static master mutex");
 148   openssl_init_count--;
 149
 150   if(openssl_init_count == 0) {
 151     if(openssl_external_init == 0) {
 152     /* if OpenSSL hasn't be initialized externally, and the counter reaches zero
 153        after it's decremented, release EVP memory
 154        Note: this code will only be reached if OpensSSL_add_all_algorithms()
 155        is called by SQLCipher internally. This should prevent SQLCipher from
 156        "cleaning up" openssl when it was initialized externally by the program */
 157 #if OPENSSL_VERSION_NUMBER < 0x10100000L || LIBRESSL_VERSION_NUMBER < 0x20700000L
 158       EVP_cleanup();
 159 #endif
 160     } else {
 161       openssl_external_init = 0;
 162     }
 163 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
 164     CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: freeing openssl_rand_mutex %p", openssl_rand_mutex);
 165     sqlite3_mutex_free(openssl_rand_mutex);
 166     CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: freed openssl_rand_mutex %p", openssl_rand_mutex);
 167     openssl_rand_mutex = NULL;
 168 #endif
 169   }
 170   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: leaving static master mutex");
 171   sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
 172   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: left static master mutex");
 173   return SQLITE_OK;
 174 }
 175
 176 static const char* sqlcipher_openssl_get_provider_name(void *ctx) {
 177   return "openssl";
 178 }
 179
 180 static const char* sqlcipher_openssl_get_provider_version(void *ctx) {
 181   return OPENSSL_VERSION_TEXT;
 182 }
 183
 184 /* generate a defined number of random bytes */
 185 static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) {
 186   int rc = 0;
 187   /* concurrent calls to RAND_bytes can cause a crash under some openssl versions when a
 188      naive application doesn't use CRYPTO_set_locking_callback and
 189      CRYPTO_THREADID_set_callback to ensure openssl thread safety.
 190      This is simple workaround to prevent this common crash
 191      but a more proper solution is that applications setup platform-appropriate
 192      thread saftey in openssl externally */
 193 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
 194   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: entering openssl_rand_mutex %p", openssl_rand_mutex);
 195   sqlite3_mutex_enter(openssl_rand_mutex);
 196   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: entered openssl_rand_mutex %p", openssl_rand_mutex);
 197 #endif
 198   rc = RAND_bytes((unsigned char *)buffer, length);
 199 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
 200   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: leaving openssl_rand_mutex %p", openssl_rand_mutex);
 201   sqlite3_mutex_leave(openssl_rand_mutex);
 202   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: left openssl_rand_mutex %p", openssl_rand_mutex);
 203 #endif
 204   return (rc == 1) ? SQLITE_OK : SQLITE_ERROR;
 205 }
 206
 207 static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
 208   unsigned int outlen;
 209   HMAC_CTX* hctx = HMAC_CTX_new();
 210   if(hctx == NULL || in == NULL) return SQLITE_ERROR;
 211
 212   switch(algorithm) {
 213     case SQLCIPHER_HMAC_SHA1:
 214       HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL);
 215       break;
 216     case SQLCIPHER_HMAC_SHA256:
 217       HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL);
 218       return EVP_MD_size(EVP_sha256());;
 219       break;
 220     case SQLCIPHER_HMAC_SHA512:
 221       HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL);
 222       break;
 223     default:
 224       return SQLITE_ERROR;
 225   }
 226
 227   HMAC_Update(hctx, in, in_sz);
 228   if(in2 != NULL) HMAC_Update(hctx, in2, in2_sz);
 229   HMAC_Final(hctx, out, &outlen);
 230   HMAC_CTX_free(hctx);
 231   return SQLITE_OK;
 232 }
 233
 234 static int sqlcipher_openssl_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
 235   switch(algorithm) {
 236     case SQLCIPHER_HMAC_SHA1:
 237       PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha1(), key_sz, key);
 238       break;
 239     case SQLCIPHER_HMAC_SHA256:
 240       PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha256(), key_sz, key);
 241       break;
 242     case SQLCIPHER_HMAC_SHA512:
 243       PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha512(), key_sz, key);
 244       break;
 245     default:
 246       return SQLITE_ERROR;
 247   }
 248   return SQLITE_OK;
 249 }
 250
 251 static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
 252   int tmp_csz, csz;
 253   EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
 254   if(ectx == NULL) return SQLITE_ERROR;
 255   EVP_CipherInit_ex(ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, NULL, mode);
 256   EVP_CIPHER_CTX_set_padding(ectx, 0); /* no padding */
 257   EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode);
 258   EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz);
 259   csz = tmp_csz;
 260   out += tmp_csz;
 261   EVP_CipherFinal_ex(ectx, out, &tmp_csz);
 262   csz += tmp_csz;
 263   EVP_CIPHER_CTX_free(ectx);
 264   assert(in_sz == csz);
 265   return SQLITE_OK;
 266 }
 267
 268 static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) {
 269   openssl_ctx *o_ctx = (openssl_ctx *)ctx;
 270   EVP_CIPHER* cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
 271   if(cipher != NULL) {
 272     o_ctx->evp_cipher = cipher;
 273   }
 274   return cipher != NULL ? SQLITE_OK : SQLITE_ERROR;
 275 }
 276
 277 static const char* sqlcipher_openssl_get_cipher(void *ctx) {
 278   return EVP_CIPHER_name(((openssl_ctx *)ctx)->evp_cipher);
 279 }
 280
 281 static int sqlcipher_openssl_get_key_sz(void *ctx) {
 282   return EVP_CIPHER_key_length(((openssl_ctx *)ctx)->evp_cipher);
 283 }
 284
 285 static int sqlcipher_openssl_get_iv_sz(void *ctx) {
 286   return EVP_CIPHER_iv_length(((openssl_ctx *)ctx)->evp_cipher);
 287 }
 288
 289 static int sqlcipher_openssl_get_block_sz(void *ctx) {
 290   return EVP_CIPHER_block_size(((openssl_ctx *)ctx)->evp_cipher);
 291 }
 292
 293 static int sqlcipher_openssl_get_hmac_sz(void *ctx, int algorithm) {
 294   switch(algorithm) {
 295     case SQLCIPHER_HMAC_SHA1:
 296       return EVP_MD_size(EVP_sha1());
 297       break;
 298     case SQLCIPHER_HMAC_SHA256:
 299       return EVP_MD_size(EVP_sha256());
 300       break;
 301     case SQLCIPHER_HMAC_SHA512:
 302       return EVP_MD_size(EVP_sha512());
 303       break;
 304     default:
 305       return 0;
 306   }
 307 }
 308
 309 static int sqlcipher_openssl_ctx_copy(void *target_ctx, void *source_ctx) {
 310   memcpy(target_ctx, source_ctx, sizeof(openssl_ctx));
 311   return SQLITE_OK;
 312 }
 313
 314 static int sqlcipher_openssl_ctx_cmp(void *c1, void *c2) {
 315   return ((openssl_ctx *)c1)->evp_cipher == ((openssl_ctx *)c2)->evp_cipher;
 316 }
 317
 318 static int sqlcipher_openssl_ctx_init(void **ctx) {
 319   *ctx = sqlcipher_malloc(sizeof(openssl_ctx));
 320   if(*ctx == NULL) return SQLITE_NOMEM;
 321   sqlcipher_openssl_activate(*ctx);
 322   return SQLITE_OK;
 323 }
 324
 325 static int sqlcipher_openssl_ctx_free(void **ctx) {
 326   sqlcipher_openssl_deactivate(*ctx);
 327   sqlcipher_free(*ctx, sizeof(openssl_ctx));
 328   return SQLITE_OK;
 329 }
 330
 331 static int sqlcipher_openssl_fips_status(void *ctx) {
 332 #ifdef SQLCIPHER_FIPS
 333   return FIPS_mode();
 334 #else
 335   return 0;
 336 #endif
 337 }
 338
 339 int sqlcipher_openssl_setup(sqlcipher_provider *p) {
 340   p->activate = sqlcipher_openssl_activate;
 341   p->deactivate = sqlcipher_openssl_deactivate;
 342   p->get_provider_name = sqlcipher_openssl_get_provider_name;
 343   p->random = sqlcipher_openssl_random;
 344   p->hmac = sqlcipher_openssl_hmac;
 345   p->kdf = sqlcipher_openssl_kdf;
 346   p->cipher = sqlcipher_openssl_cipher;
 347   p->set_cipher = sqlcipher_openssl_set_cipher;
 348   p->get_cipher = sqlcipher_openssl_get_cipher;
 349   p->get_key_sz = sqlcipher_openssl_get_key_sz;
 350   p->get_iv_sz = sqlcipher_openssl_get_iv_sz;
 351   p->get_block_sz = sqlcipher_openssl_get_block_sz;
 352   p->get_hmac_sz = sqlcipher_openssl_get_hmac_sz;
 353   p->ctx_copy = sqlcipher_openssl_ctx_copy;
 354   p->ctx_cmp = sqlcipher_openssl_ctx_cmp;
 355   p->ctx_init = sqlcipher_openssl_ctx_init;
 356   p->ctx_free = sqlcipher_openssl_ctx_free;
 357   p->add_random = sqlcipher_openssl_add_random;
 358   p->fips_status = sqlcipher_openssl_fips_status;
 359   p->get_provider_version = sqlcipher_openssl_get_provider_version;
 360   return SQLITE_OK;
 361 }
 362
 363 #endif
 364 #endif
 365 /* END SQLCIPHER */