search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add logcat option to PRAGMA cipher_profile
[sqlcipher.git] / src / crypto_impl.c
blobf280cea13fe7bd78dc3b5755d58ee67e055651e8
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36 #include <time.h>
37
38 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
39 #include <windows.h> /* amalgamator: dontcache */
40 #else
41 #include <sys/time.h> /* amalgamator: dontcache */
42 #endif
43
44 #ifndef OMIT_MEMLOCK
45 #if defined(__unix__) || defined(__APPLE__) || defined(_AIX)
46 #include <errno.h> /* amalgamator: dontcache */
47 #include <unistd.h> /* amalgamator: dontcache */
48 #include <sys/resource.h> /* amalgamator: dontcache */
49 #include <sys/mman.h> /* amalgamator: dontcache */
50 #endif
51 #endif
52
53 #ifdef SQLCIPHER_TEST
54 static volatile unsigned int cipher_test_flags = 0;
55 unsigned int sqlcipher_get_test_flags() {
56 return cipher_test_flags;
57 }
58 void sqlcipher_set_test_flags(unsigned int flags) {
59 cipher_test_flags = flags;
60 }
61
62 static volatile int cipher_test_rand = 0;
63 int sqlcipher_get_test_rand() {
64 return cipher_test_rand;
65 }
66 void sqlcipher_set_test_rand(int rand) {
67 cipher_test_rand = rand;
68 }
69 int sqlcipher_get_test_fail() {
70 int x;
71
72 /* if cipher_test_rand is not set to a non-zero value always fail (return true) */
73 if (cipher_test_rand == 0) return 1;
74
75 sqlite3_randomness(sizeof(x), &x);
76 return ((x % cipher_test_rand) == 0);
77 }
78 #endif
79
80 /* Generate code to return a string value */
81
82 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
83 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
84 static volatile int default_kdf_iter = PBKDF2_ITER;
85 static volatile int default_page_size = 4096;
86 static volatile int default_plaintext_header_sz = 0;
87 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
88 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
89 static volatile int mem_security_on = 0;
90 static volatile int mem_security_initialized = 0;
91 static volatile int mem_security_activated = 0;
92 static volatile unsigned int sqlcipher_activate_count = 0;
93 static volatile sqlite3_mem_methods default_mem_methods;
94 static sqlcipher_provider *default_provider = NULL;
95
96 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
97 static volatile FILE* sqlcipher_trace_file = NULL;
98 static volatile int sqlcipher_trace_logcat = 0;
99 static volatile int sqlcipher_trace_filter = 0;
100
101 sqlite3_mutex* sqlcipher_mutex(int mutex) {
102 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
103 return sqlcipher_static_mutex[mutex];
104 }
105
106 static int sqlcipher_mem_init(void *pAppData) {
107 return default_mem_methods.xInit(pAppData);
108 }
109 static void sqlcipher_mem_shutdown(void *pAppData) {
110 default_mem_methods.xShutdown(pAppData);
111 }
112 static void *sqlcipher_mem_malloc(int n) {
113 void *ptr = default_mem_methods.xMalloc(n);
114 if(mem_security_on) {
115 CODEC_TRACE_MEMORY("sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)", ptr, n);
116 sqlcipher_mlock(ptr, n);
117 if(!mem_security_activated) mem_security_activated = 1;
118 }
119 return ptr;
120 }
121 static int sqlcipher_mem_size(void *p) {
122 return default_mem_methods.xSize(p);
123 }
124 static void sqlcipher_mem_free(void *p) {
125 int sz;
126 if(mem_security_on) {
127 sz = sqlcipher_mem_size(p);
128 CODEC_TRACE_MEMORY("sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d)", p, sz, p, sz);
129 sqlcipher_memset(p, 0, sz);
130 sqlcipher_munlock(p, sz);
131 if(!mem_security_activated) mem_security_activated = 1;
132 }
133 default_mem_methods.xFree(p);
134 }
135 static void *sqlcipher_mem_realloc(void *p, int n) {
136 void *new = NULL;
137 int orig_sz = 0;
138 if(mem_security_on) {
139 orig_sz = sqlcipher_mem_size(p);
140 if (n==0) {
141 sqlcipher_mem_free(p);
142 return NULL;
143 } else if (!p) {
144 return sqlcipher_mem_malloc(n);
145 } else if(n <= orig_sz) {
146 return p;
147 } else {
148 new = sqlcipher_mem_malloc(n);
149 if(new) {
150 memcpy(new, p, orig_sz);
151 sqlcipher_mem_free(p);
152 }
153 return new;
154 }
155 } else {
156 return default_mem_methods.xRealloc(p, n);
157 }
158 }
159
160 static int sqlcipher_mem_roundup(int n) {
161 return default_mem_methods.xRoundup(n);
162 }
163
164 static sqlite3_mem_methods sqlcipher_mem_methods = {
165 sqlcipher_mem_malloc,
166 sqlcipher_mem_free,
167 sqlcipher_mem_realloc,
168 sqlcipher_mem_size,
169 sqlcipher_mem_roundup,
170 sqlcipher_mem_init,
171 sqlcipher_mem_shutdown,
172 0
173 };
174
175 void sqlcipher_init_memmethods() {
176 if(mem_security_initialized) return;
177 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
178 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
179 mem_security_on = mem_security_activated = 0;
180 }
181 mem_security_initialized = 1;
182 }
183
184 int sqlcipher_register_provider(sqlcipher_provider *p) {
185 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER");
186 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
187 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER");
188
189 if(default_provider != NULL && default_provider != p) {
190 /* only free the current registerd provider if it has been initialized
191 and it isn't a pointer to the same provider passed to the function
192 (i.e. protect against a caller calling register twice for the same provider) */
193 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
194 }
195 default_provider = p;
196 CODEC_TRACE_MUTEX("sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER");
197 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
198 CODEC_TRACE_MUTEX("sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER");
199
200 return SQLITE_OK;
201 }
202
203 /* return a pointer to the currently registered provider. This will
204 allow an application to fetch the current registered provider and
205 make minor changes to it */
206 sqlcipher_provider* sqlcipher_get_provider() {
207 return default_provider;
208 }
209
210 void sqlcipher_activate() {
211 CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex");
212 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
213 CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex");
214
215 /* allocate new mutexes */
216 if(sqlcipher_activate_count == 0) {
217 int i;
218 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
219 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
220 }
221 }
222
223 /* check to see if there is a provider registered at this point
224 if there no provider registered at this point, register the
225 default provider */
226 if(sqlcipher_get_provider() == NULL) {
227 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
228 #if defined (SQLCIPHER_CRYPTO_CC)
229 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
230 sqlcipher_cc_setup(p);
231 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
232 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
233 sqlcipher_ltc_setup(p);
234 #elif defined (SQLCIPHER_CRYPTO_NSS)
235 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
236 sqlcipher_nss_setup(p);
237 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
238 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
239 sqlcipher_openssl_setup(p);
240 #else
241 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
242 #endif
243 CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)", p);
244 #ifdef SQLCIPHER_EXT
245 sqlcipher_ext_provider_setup(p);
246 #endif
247 sqlcipher_register_provider(p);
248 CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)",p);
249 }
250
251 sqlcipher_activate_count++; /* increment activation count */
252
253 CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex");
254 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
255 CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex");
256 }
257
258 void sqlcipher_deactivate() {
259 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex");
260 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
261 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered static master mutex");
262
263 sqlcipher_activate_count--;
264 /* if no connections are using sqlcipher, cleanup globals */
265 if(sqlcipher_activate_count < 1) {
266 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER");
267 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
268 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER");
269
270 if(default_provider != NULL) {
271 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
272 default_provider = NULL;
273 }
274
275 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER");
276 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
277 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER");
278
279 #ifdef SQLCIPHER_EXT
280 sqlcipher_ext_provider_destroy();
281 #endif
282
283 /* last connection closed, free mutexes */
284 if(sqlcipher_activate_count == 0) {
285 int i;
286 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
287 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
288 }
289 }
290 sqlcipher_activate_count = 0; /* reset activation count */
291 }
292
293 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving static master mutex");
294 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
295 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left static master mutex");
296 }
297
298 /* constant time memset using volitile to avoid having the memset
299 optimized out by the compiler.
300 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
301 */
302 void* sqlcipher_memset(void *v, unsigned char value, u64 len) {
303 u64 i = 0;
304 volatile unsigned char *a = v;
305
306 if (v == NULL) return v;
307
308 CODEC_TRACE_MEMORY("sqlcipher_memset: setting %p[0-%llu]=%d)", a, len, value);
309 for(i = 0; i < len; i++) {
310 a[i] = value;
311 }
312
313 return v;
314 }
315
316 /* constant time memory check tests every position of a memory segement
317 matches a single value (i.e. the memory is all zeros)
318 returns 0 if match, 1 of no match */
319 int sqlcipher_ismemset(const void *v, unsigned char value, u64 len) {
320 const unsigned char *a = v;
321 u64 i = 0, result = 0;
322
323 for(i = 0; i < len; i++) {
324 result |= a[i] ^ value;
325 }
326
327 return (result != 0);
328 }
329
330 /* constant time memory comparison routine.
331 returns 0 if match, 1 if no match */
332 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
333 const unsigned char *a0 = v0, *a1 = v1;
334 int i = 0, result = 0;
335
336 for(i = 0; i < len; i++) {
337 result |= a0[i] ^ a1[i];
338 }
339
340 return (result != 0);
341 }
342
343 void sqlcipher_mlock(void *ptr, u64 sz) {
344 #ifndef OMIT_MEMLOCK
345 #if defined(__unix__) || defined(__APPLE__)
346 int rc;
347 unsigned long pagesize = sysconf(_SC_PAGESIZE);
348 unsigned long offset = (unsigned long) ptr % pagesize;
349
350 if(ptr == NULL || sz == 0) return;
351
352 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu", ptr - offset, sz + offset, pagesize);
353 rc = mlock(ptr - offset, sz + offset);
354 if(rc!=0) {
355 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
356 }
357 #elif defined(_WIN32)
358 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
359 int rc;
360 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualLock(%p,%d)", ptr, sz);
361 rc = VirtualLock(ptr, sz);
362 if(rc==0) {
363 CODEC_TRACE("sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
364 }
365 #endif
366 #endif
367 #endif
368 }
369
370 void sqlcipher_munlock(void *ptr, u64 sz) {
371 #ifndef OMIT_MEMLOCK
372 #if defined(__unix__) || defined(__APPLE__)
373 int rc;
374 unsigned long pagesize = sysconf(_SC_PAGESIZE);
375 unsigned long offset = (unsigned long) ptr % pagesize;
376
377 if(ptr == NULL || sz == 0) return;
378
379 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: calling munlock(%p,%lu)", ptr - offset, sz + offset);
380 rc = munlock(ptr - offset, sz + offset);
381 if(rc!=0) {
382 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
383 }
384 #elif defined(_WIN32)
385 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
386 int rc;
387 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)", ptr, sz);
388 rc = VirtualUnlock(ptr, sz);
389 if(!rc) {
390 CODEC_TRACE("sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
391 }
392 #endif
393 #endif
394 #endif
395 }
396
397 /**
398 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
399 * can be countend and memory leak detection works in the test suite.
400 * If ptr is not null memory will be freed.
401 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
402 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
403 * memory segment so it can be paged
404 */
405 void sqlcipher_free(void *ptr, u64 sz) {
406 CODEC_TRACE_MEMORY("sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
407 sqlcipher_memset(ptr, 0, sz);
408 sqlcipher_munlock(ptr, sz);
409 sqlite3_free(ptr);
410 }
411
412 /**
413 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
414 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
415 * attempts to lock the memory pages so sensitive information won't be swapped
416 */
417 void* sqlcipher_malloc(u64 sz) {
418 void *ptr;
419 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlite3Malloc(%llu)", sz);
420 ptr = sqlite3Malloc(sz);
421 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
422 sqlcipher_memset(ptr, 0, sz);
423 sqlcipher_mlock(ptr, sz);
424 return ptr;
425 }
426
427 char* sqlcipher_version() {
428 #ifdef CIPHER_VERSION_QUALIFIER
429 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
430 #else
431 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
432 #endif
433 return version;
434 }
435
436 /**
437 * Initialize new cipher_ctx struct. This function will allocate memory
438 * for the cipher context and for the key
439 *
440 * returns SQLITE_OK if initialization was successful
441 * returns SQLITE_NOMEM if an error occured allocating memory
442 */
443 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
444 cipher_ctx *c_ctx;
445 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating context");
446 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
447 c_ctx = *iCtx;
448 if(c_ctx == NULL) return SQLITE_NOMEM;
449
450 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating key");
451 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
452
453 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating hmac_key");
454 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
455
456 if(c_ctx->key == NULL) return SQLITE_NOMEM;
457 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
458
459 return SQLITE_OK;
460 }
461
462 /**
463 * Free and wipe memory associated with a cipher_ctx
464 */
465 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
466 cipher_ctx *c_ctx = *iCtx;
467 CODEC_TRACE("cipher_ctx_free: entered iCtx=%p", iCtx);
468 sqlcipher_free(c_ctx->key, ctx->key_sz);
469 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
470 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
471 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
472 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
473 }
474
475 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
476 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
477 int reserve = base_reserve;
478
479 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
480
481 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
482 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
483
484 /* calculate the amount of reserve needed in even increments of the cipher block size */
485 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
486 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
487
488 CODEC_TRACE("sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d",
489 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
490
491 ctx->reserve_sz = reserve;
492
493 return SQLITE_OK;
494 }
495
496 /**
497 * Compare one cipher_ctx to another.
498 *
499 * returns 0 if all the parameters (except the derived key data) are the same
500 * returns 1 otherwise
501 */
502 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
503 int are_equal = (
504 c1->pass_sz == c2->pass_sz
505 && (
506 c1->pass == c2->pass
507 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
508 (const unsigned char*)c2->pass,
509 c1->pass_sz)
510 ));
511
512 CODEC_TRACE("sqlcipher_cipher_ctx_cmp: entered \
513 c1=%p c2=%p \
514 c1->pass_sz=%d c2->pass_sz=%d \
515 c1->pass=%p c2->pass=%p \
516 c1->pass=%s c2->pass=%s \
517 sqlcipher_memcmp=%d \
518 are_equal=%d",
519 c1, c2,
520 c1->pass_sz, c2->pass_sz,
521 c1->pass, c2->pass,
522 c1->pass, c2->pass,
523 (c1->pass == NULL || c2->pass == NULL)
524 ? -1 : sqlcipher_memcmp(
525 (const unsigned char*)c1->pass,
526 (const unsigned char*)c2->pass,
527 c1->pass_sz),
528 are_equal
529 );
530
531 return !are_equal; /* return 0 if they are the same, 1 otherwise */
532 }
533
534 /**
535 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
536 * fully initialized context, you could copy it to write_ctx and all yet data
537 * and pass information across
538 *
539 * returns SQLITE_OK if initialization was successful
540 * returns SQLITE_NOMEM if an error occured allocating memory
541 */
542 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
543 void *key = target->key;
544 void *hmac_key = target->hmac_key;
545
546 CODEC_TRACE("sqlcipher_cipher_ctx_copy: entered target=%p, source=%p", target, source);
547 sqlcipher_free(target->pass, target->pass_sz);
548 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
549 memcpy(target, source, sizeof(cipher_ctx));
550
551 target->key = key; /* restore pointer to previously allocated key data */
552 memcpy(target->key, source->key, ctx->key_sz);
553
554 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
555 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
556
557 if(source->pass && source->pass_sz) {
558 target->pass = sqlcipher_malloc(source->pass_sz);
559 if(target->pass == NULL) return SQLITE_NOMEM;
560 memcpy(target->pass, source->pass, source->pass_sz);
561 }
562 if(source->keyspec) {
563 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
564 if(target->keyspec == NULL) return SQLITE_NOMEM;
565 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
566 }
567 return SQLITE_OK;
568 }
569
570 /**
571 * Set the keyspec for the cipher_ctx
572 *
573 * returns SQLITE_OK if assignment was successfull
574 * returns SQLITE_NOMEM if an error occured allocating memory
575 */
576 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
577 /* free, zero existing pointers and size */
578 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
579 c_ctx->keyspec = NULL;
580
581 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
582 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
583
584 c_ctx->keyspec[0] = 'x';
585 c_ctx->keyspec[1] = '\'';
586 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
587 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
588 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
589 return SQLITE_OK;
590 }
591
592 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
593 return ctx->store_pass;
594 }
595
596 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
597 ctx->store_pass = value;
598 }
599
600 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
601 *zKey = ctx->read_ctx->pass;
602 *nKey = ctx->read_ctx->pass_sz;
603 }
604
605 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
606 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = 1;
607 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = 1;
608 }
609
610 /**
611 * Set the passphrase for the cipher_ctx
612 *
613 * returns SQLITE_OK if assignment was successfull
614 * returns SQLITE_NOMEM if an error occured allocating memory
615 */
616 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
617 /* free, zero existing pointers and size */
618 sqlcipher_free(ctx->pass, ctx->pass_sz);
619 ctx->pass = NULL;
620 ctx->pass_sz = 0;
621
622 if(zKey && nKey) { /* if new password is provided, copy it */
623 ctx->pass_sz = nKey;
624 ctx->pass = sqlcipher_malloc(nKey);
625 if(ctx->pass == NULL) return SQLITE_NOMEM;
626 memcpy(ctx->pass, zKey, nKey);
627 }
628 return SQLITE_OK;
629 }
630
631 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
632 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
633 int rc;
634
635 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) return rc;
636 c_ctx->derive_key = 1;
637
638 if(for_ctx == 2)
639 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK)
640 return rc;
641
642 return SQLITE_OK;
643 }
644
645 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
646 return ctx->provider->get_cipher(ctx->provider_ctx);
647 }
648
649 /* set the global default KDF iteration */
650 void sqlcipher_set_default_kdf_iter(int iter) {
651 default_kdf_iter = iter;
652 }
653
654 int sqlcipher_get_default_kdf_iter() {
655 return default_kdf_iter;
656 }
657
658 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
659 ctx->kdf_iter = kdf_iter;
660 sqlcipher_set_derive_key(ctx, 1);
661 return SQLITE_OK;
662 }
663
664 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
665 return ctx->kdf_iter;
666 }
667
668 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
669 ctx->fast_kdf_iter = fast_kdf_iter;
670 sqlcipher_set_derive_key(ctx, 1);
671 return SQLITE_OK;
672 }
673
674 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
675 return ctx->fast_kdf_iter;
676 }
677
678 /* set the global default flag for HMAC */
679 void sqlcipher_set_default_use_hmac(int use) {
680 if(use) default_flags |= CIPHER_FLAG_HMAC;
681 else default_flags &= ~CIPHER_FLAG_HMAC;
682 }
683
684 int sqlcipher_get_default_use_hmac() {
685 return (default_flags & CIPHER_FLAG_HMAC) != 0;
686 }
687
688 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
689 hmac_salt_mask = mask;
690 }
691
692 unsigned char sqlcipher_get_hmac_salt_mask() {
693 return hmac_salt_mask;
694 }
695
696 /* set the codec flag for whether this individual database should be using hmac */
697 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
698 if(use) {
699 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_HMAC);
700 } else {
701 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_HMAC);
702 }
703
704 return sqlcipher_codec_ctx_reserve_setup(ctx);
705 }
706
707 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
708 return (ctx->flags & CIPHER_FLAG_HMAC) != 0;
709 }
710
711 /* the length of plaintext header size must be:
712 * 1. greater than or equal to zero
713 * 2. a multiple of the cipher block size
714 * 3. less than the usable size of the first database page
715 */
716 int sqlcipher_set_default_plaintext_header_size(int size) {
717 default_plaintext_header_sz = size;
718 return SQLITE_OK;
719 }
720
721 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
722 if(size >= 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
723 ctx->plaintext_header_sz = size;
724 return SQLITE_OK;
725 }
726 ctx->plaintext_header_sz = -1;
727 return SQLITE_ERROR;
728 }
729
730 int sqlcipher_get_default_plaintext_header_size() {
731 return default_plaintext_header_sz;
732 }
733
734 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
735 return ctx->plaintext_header_sz;
736 }
737
738 /* manipulate HMAC algorithm */
739 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
740 default_hmac_algorithm = algorithm;
741 return SQLITE_OK;
742 }
743
744 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
745 ctx->hmac_algorithm = algorithm;
746 return sqlcipher_codec_ctx_reserve_setup(ctx);
747 }
748
749 int sqlcipher_get_default_hmac_algorithm() {
750 return default_hmac_algorithm;
751 }
752
753 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
754 return ctx->hmac_algorithm;
755 }
756
757 /* manipulate KDF algorithm */
758 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
759 default_kdf_algorithm = algorithm;
760 return SQLITE_OK;
761 }
762
763 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
764 ctx->kdf_algorithm = algorithm;
765 return SQLITE_OK;
766 }
767
768 int sqlcipher_get_default_kdf_algorithm() {
769 return default_kdf_algorithm;
770 }
771
772 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
773 return ctx->kdf_algorithm;
774 }
775
776 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag) {
777 ctx->flags |= flag;
778 return SQLITE_OK;
779 }
780
781 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag) {
782 ctx->flags &= ~flag;
783 return SQLITE_OK;
784 }
785
786 int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag) {
787 return (ctx->flags & flag) != 0;
788 }
789
790 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
791 CODEC_TRACE("sqlcipher_codec_ctx_set_error: ctx=%p, error=%d", ctx, error);
792 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
793 ctx->pBt->pBt->db->errCode = error;
794 }
795
796 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
797 return ctx->reserve_sz;
798 }
799
800 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
801 return ctx->buffer;
802 }
803
804 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
805 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
806
807 if(!ctx->need_kdf_salt) {
808 return SQLITE_OK; /* don't reload salt when not needed */
809 }
810
811 /* read salt from header, if present, otherwise generate a new random salt */
812 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: obtaining salt");
813 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
814 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random");
815 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) return SQLITE_ERROR;
816 }
817 ctx->need_kdf_salt = 0;
818 return SQLITE_OK;
819 }
820
821 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
822 if(size >= ctx->kdf_salt_sz) {
823 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
824 ctx->need_kdf_salt = 0;
825 return SQLITE_OK;
826 }
827 return SQLITE_ERROR;
828 }
829
830 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
831 int rc = SQLITE_OK;
832 if(ctx->need_kdf_salt) {
833 rc = sqlcipher_codec_ctx_init_kdf_salt(ctx);
834 }
835 *salt = ctx->kdf_salt;
836 return rc;
837 }
838
839 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
840 *zKey = ctx->read_ctx->keyspec;
841 *nKey = ctx->keyspec_sz;
842 }
843
844 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
845 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
846 CODEC_TRACE(("cipher_page_size not a power of 2 and between 512 and 65536 inclusive"));
847 return SQLITE_ERROR;
848 }
849 /* attempt to free the existing page buffer */
850 sqlcipher_free(ctx->buffer,ctx->page_sz);
851 ctx->page_sz = size;
852
853 /* pre-allocate a page buffer of PageSize bytes. This will
854 be used as a persistent buffer for encryption and decryption
855 operations to avoid overhead of multiple memory allocations*/
856 ctx->buffer = sqlcipher_malloc(size);
857 if(ctx->buffer == NULL) return SQLITE_NOMEM;
858
859 return SQLITE_OK;
860 }
861
862 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
863 return ctx->page_sz;
864 }
865
866 void sqlcipher_set_default_pagesize(int page_size) {
867 default_page_size = page_size;
868 }
869
870 int sqlcipher_get_default_pagesize() {
871 return default_page_size;
872 }
873
874 void sqlcipher_set_mem_security(int on) {
875 /* memory security can only be enabled, not disabled */
876 if(on) {
877 mem_security_on = on;
878 mem_security_activated = 0;
879 }
880 }
881
882 int sqlcipher_get_mem_security() {
883 return mem_security_on && mem_security_activated;
884 }
885
886
887 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
888 int rc;
889 codec_ctx *ctx;
890
891 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating context");
892
893 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
894 ctx = *iCtx;
895
896 if(ctx == NULL) return SQLITE_NOMEM;
897
898 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
899
900 /* allocate space for salt data. Then read the first 16 bytes
901 directly off the database file. This is the salt for the
902 key derivation function. If we get a short read allocate
903 a new random salt value */
904 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating kdf_salt");
905 ctx->kdf_salt_sz = FILE_HEADER_SZ;
906 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
907 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
908
909 /* allocate space for separate hmac salt data. We want the
910 HMAC derivation salt to be different than the encryption
911 key derivation salt */
912 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating hmac_kdf_salt");
913 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
914 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
915
916 /* setup default flags */
917 ctx->flags = default_flags;
918
919 /* defer attempt to read KDF salt until first use */
920 ctx->need_kdf_salt = 1;
921
922 /* setup the crypto provider */
923 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating provider");
924 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
925 if(ctx->provider == NULL) return SQLITE_NOMEM;
926
927 /* make a copy of the provider to be used for the duration of the context */
928 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER");
929 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
930 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER");
931
932 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
933
934 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER");
935 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
936 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER");
937
938 CODEC_TRACE("sqlcipher_codec_ctx_init: calling provider ctx_init");
939 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) return rc;
940
941 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
942 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
943 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
944
945 /* establic the size for a hex-formated key specification, containing the
946 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
947 so oversize by 3 bytes */
948 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
949
950 /*
951 Always overwrite page size and set to the default because the first page of the database
952 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
953 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
954 */
955 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_pagesize with %d", default_page_size);
956 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) return rc;
957
958 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
959 CODEC_TRACE("sqlcipher_codec_ctx_init: setting default_kdf_iter");
960 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) return rc;
961
962 CODEC_TRACE("sqlcipher_codec_ctx_init: setting fast_kdf_iter");
963 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) return rc;
964
965 /* set the default HMAC and KDF algorithms which will determine the reserve size */
966 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_hmac_algorithm with %d", default_hmac_algorithm);
967 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) return rc;
968
969 /* Note that use_hmac is a special case that requires recalculation of page size
970 so we call set_use_hmac to perform setup */
971 CODEC_TRACE("sqlcipher_codec_ctx_init: setting use_hmac");
972 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, default_flags & CIPHER_FLAG_HMAC)) != SQLITE_OK) return rc;
973
974 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_kdf_algorithm with %d", default_kdf_algorithm);
975 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) return rc;
976
977 /* setup the default plaintext header size */
978 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_plaintext_header_size with %d", default_plaintext_header_sz);
979 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) return rc;
980
981 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
982 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing read_ctx");
983 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) return rc;
984
985 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing write_ctx");
986 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) return rc;
987
988 /* set the key material on one of the sub cipher contexts and sync them up */
989 CODEC_TRACE("sqlcipher_codec_ctx_init: setting pass key");
990 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) return rc;
991
992 CODEC_TRACE("sqlcipher_codec_ctx_init: copying write_ctx to read_ctx");
993 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) return rc;
994
995 return SQLITE_OK;
996 }
997
998 /**
999 * Free and wipe memory associated with a cipher_ctx, including the allocated
1000 * read_ctx and write_ctx.
1001 */
1002 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
1003 codec_ctx *ctx = *iCtx;
1004 CODEC_TRACE("codec_ctx_free: entered iCtx=%p", iCtx);
1005 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
1006 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
1007 sqlcipher_free(ctx->buffer, ctx->page_sz);
1008
1009 ctx->provider->ctx_free(&ctx->provider_ctx);
1010 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
1011
1012 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
1013 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
1014 sqlcipher_free(ctx, sizeof(codec_ctx));
1015 }
1016
1017 /** convert a 32bit unsigned integer to little endian byte ordering */
1018 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
1019 p[0] = (u8)v;
1020 p[1] = (u8)(v>>8);
1021 p[2] = (u8)(v>>16);
1022 p[3] = (u8)(v>>24);
1023 }
1024
1025 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
1026 unsigned char pgno_raw[sizeof(pgno)];
1027 /* we may convert page number to consistent representation before calculating MAC for
1028 compatibility across big-endian and little-endian platforms.
1029
1030 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
1031 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
1032 backwards compatibility on the most popular platforms, but can optionally be configured
1033 to use either big endian or native byte ordering via pragma. */
1034
1035 if(ctx->flags & CIPHER_FLAG_LE_PGNO) { /* compute hmac using little endian pgno*/
1036 sqlcipher_put4byte_le(pgno_raw, pgno);
1037 } else if(ctx->flags & CIPHER_FLAG_BE_PGNO) { /* compute hmac using big endian pgno */
1038 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1039 } else { /* use native byte ordering */
1040 memcpy(pgno_raw, &pgno, sizeof(pgno));
1041 }
1042
1043 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1044 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1045 valid pages out of order in a database */
1046 return ctx->provider->hmac(
1047 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1048 ctx->key_sz, in,
1049 in_sz, (unsigned char*) &pgno_raw,
1050 sizeof(pgno), out);
1051 }
1052
1053 /*
1054 * ctx - codec context
1055 * pgno - page number in database
1056 * size - size in bytes of input and output buffers
1057 * mode - 1 to encrypt, 0 to decrypt
1058 * in - pointer to input bytes
1059 * out - pouter to output bytes
1060 */
1061 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1062 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1063 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1064 int size;
1065
1066 /* calculate some required positions into various buffers */
1067 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1068 iv_out = out + size;
1069 iv_in = in + size;
1070
1071 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1072 random bytes. note, these pointers are only valid when using hmac */
1073 hmac_in = in + size + ctx->iv_sz;
1074 hmac_out = out + size + ctx->iv_sz;
1075 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1076
1077 CODEC_TRACE("codec_cipher:entered pgno=%d, mode=%d, size=%d", pgno, mode, size);
1078 CODEC_HEXDUMP("codec_cipher: input page data", in, page_sz);
1079
1080 /* the key size should never be zero. If it is, error out. */
1081 if(ctx->key_sz == 0) {
1082 CODEC_TRACE("codec_cipher: error possible context corruption, key_sz is zero for pgno=%d", pgno);
1083 goto error;
1084 }
1085
1086 if(mode == CIPHER_ENCRYPT) {
1087 /* start at front of the reserve block, write random data to the end */
1088 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1089 } else { /* CIPHER_DECRYPT */
1090 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1091 }
1092
1093 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT) && !ctx->skip_read_hmac) {
1094 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1095 CODEC_TRACE("codec_cipher: hmac operation on decrypt failed for pgno=%d", pgno);
1096 goto error;
1097 }
1098
1099 CODEC_TRACE("codec_cipher: comparing hmac on in=%p out=%p hmac_sz=%d", hmac_in, hmac_out, ctx->hmac_sz);
1100 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1101 if(sqlcipher_ismemset(in, 0, page_sz) == 0) {
1102 /* first check if the entire contents of the page is zeros. If so, this page
1103 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1104 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1105 and return SQLITE_OK to skip the decryption step. */
1106 CODEC_TRACE("codec_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK", pgno);
1107 sqlcipher_memset(out, 0, page_sz);
1108 return SQLITE_OK;
1109 } else {
1110 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1111 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1112 and return SQLITE_ERROR to the caller */
1113 CODEC_TRACE("codec_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR", pgno);
1114 goto error;
1115 }
1116 }
1117 }
1118
1119 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1120 CODEC_TRACE("codec_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR", mode, pgno);
1121 goto error;
1122 };
1123
1124 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1125 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1126 CODEC_TRACE("codec_cipher: hmac operation on encrypt failed for pgno=%d", pgno);
1127 goto error;
1128 };
1129 }
1130
1131 CODEC_HEXDUMP("codec_cipher: output page data", out_start, page_sz);
1132
1133 return SQLITE_OK;
1134 error:
1135 sqlcipher_memset(out, 0, page_sz);
1136 return SQLITE_ERROR;
1137 }
1138
1139 /**
1140 * Derive an encryption key for a cipher contex key based on the raw password.
1141 *
1142 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1143 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1144
1145 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1146 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1147 * as the key followed by the salt.
1148 *
1149 * Otherwise, a key data will be derived using PBKDF2
1150 *
1151 * returns SQLITE_OK if initialization was successful
1152 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1153 */
1154 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1155 int rc;
1156 CODEC_TRACE("cipher_ctx_key_derive: entered c_ctx->pass=%p, c_ctx->pass_sz=%d \
1157 ctx->kdf_salt=%p ctx->kdf_salt_sz=%d ctx->kdf_iter=%d \
1158 ctx->hmac_kdf_salt=%p, ctx->fast_kdf_iter=%d ctx->key_sz=%d",
1159 c_ctx->pass, c_ctx->pass_sz, ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1160 ctx->hmac_kdf_salt, ctx->fast_kdf_iter, ctx->key_sz);
1161
1162
1163 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1164
1165 /* if necessary, initialize the salt from the header or random source */
1166 if(ctx->need_kdf_salt) {
1167 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) return rc;
1168 }
1169
1170 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1171 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1172 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1173 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex");
1174 cipher_hex2bin(z, n, c_ctx->key);
1175 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1176 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1177 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex");
1178 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1179 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1180 } else {
1181 CODEC_TRACE("cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations", ctx->kdf_iter);
1182 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1183 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1184 ctx->key_sz, c_ctx->key) != SQLITE_OK) return SQLITE_ERROR;
1185 }
1186
1187 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1188 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) return rc;
1189
1190 /* if this context is setup to use hmac checks, generate a seperate and different
1191 key for HMAC. In this case, we use the output of the previous KDF as the input to
1192 this KDF run. This ensures a distinct but predictable HMAC key. */
1193 if(ctx->flags & CIPHER_FLAG_HMAC) {
1194 int i;
1195
1196 /* start by copying the kdf key into the hmac salt slot
1197 then XOR it with the fixed hmac salt defined at compile time
1198 this ensures that the salt passed in to derive the hmac key, while
1199 easy to derive and publically known, is not the same as the salt used
1200 to generate the encryption key */
1201 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1202 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1203 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1204 }
1205
1206 CODEC_TRACE("cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations",
1207 ctx->fast_kdf_iter);
1208
1209
1210 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1211 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1212 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) return SQLITE_ERROR;
1213 }
1214
1215 c_ctx->derive_key = 0;
1216 return SQLITE_OK;
1217 };
1218 return SQLITE_ERROR;
1219 }
1220
1221 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1222 /* derive key on first use if necessary */
1223 if(ctx->read_ctx->derive_key) {
1224 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1225 }
1226
1227 if(ctx->write_ctx->derive_key) {
1228 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1229 /* the relevant parameters are the same, just copy read key */
1230 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1231 } else {
1232 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) return SQLITE_ERROR;
1233 }
1234 }
1235
1236 /* TODO: wipe and free passphrase after key derivation */
1237 if(ctx->store_pass != 1) {
1238 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1239 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1240 }
1241
1242 return SQLITE_OK;
1243 }
1244
1245 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1246 if(source == CIPHER_READ_CTX) {
1247 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1248 } else {
1249 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1250 }
1251 }
1252
1253 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1254 return ctx->provider->get_provider_name(ctx->provider_ctx);
1255 }
1256
1257
1258 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1259 int rc;
1260 sqlite3 *db = NULL;
1261 sqlite3_stmt *statement = NULL;
1262 char *query_journal_mode = "PRAGMA journal_mode;";
1263 char *query_user_version = "PRAGMA user_version;";
1264
1265 rc = sqlite3_open(filename, &db);
1266 if(rc != SQLITE_OK) goto cleanup;
1267
1268 rc = sqlite3_key(db, key, key_sz);
1269 if(rc != SQLITE_OK) goto cleanup;
1270
1271 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1272 if(rc != SQLITE_OK) goto cleanup;
1273
1274 /* start by querying the user version.
1275 this will fail if the key is incorrect */
1276 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1277 if(rc != SQLITE_OK) goto cleanup;
1278
1279 rc = sqlite3_step(statement);
1280 if(rc == SQLITE_ROW) {
1281 *user_version = sqlite3_column_int(statement, 0);
1282 } else {
1283 goto cleanup;
1284 }
1285 sqlite3_finalize(statement);
1286
1287 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1288 if(rc != SQLITE_OK) goto cleanup;
1289
1290 rc = sqlite3_step(statement);
1291 if(rc == SQLITE_ROW) {
1292 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1293 } else {
1294 goto cleanup;
1295 }
1296 rc = SQLITE_OK;
1297 /* cleanup will finalize open statement */
1298
1299 cleanup:
1300 if(statement) sqlite3_finalize(statement);
1301 if(db) sqlite3_close(db);
1302 return rc;
1303 }
1304
1305 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1306 Pgno page = 1;
1307 int rc = 0;
1308 char *result;
1309 unsigned char *hmac_out = NULL;
1310 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1311 i64 file_sz;
1312
1313 Vdbe *v = sqlite3GetVdbe(pParse);
1314 sqlite3VdbeSetNumCols(v, 1);
1315 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1316
1317 if(fd == NULL || fd->pMethods == 0) {
1318 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1319 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1320 goto cleanup;
1321 }
1322
1323 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1324 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1325 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1326 goto cleanup;
1327 }
1328
1329 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1330 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1331 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1332 goto cleanup;
1333 }
1334
1335 sqlite3OsFileSize(fd, &file_sz);
1336 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1337
1338 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1339 i64 offset = (page - 1) * ctx->page_sz;
1340 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1341 int read_sz = ctx->page_sz;
1342
1343 /* skip integrity check on PAGER_MJ_PGNO since it will have no valid content */
1344 if(sqlite3pager_is_mj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1345
1346 if(page==1) {
1347 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1348 read_sz = read_sz - page1_offset;
1349 payload_sz = payload_sz - page1_offset;
1350 offset += page1_offset;
1351 }
1352
1353 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1354 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1355 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1356 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d", read_sz, page, offset);
1357 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1358 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1359 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1360 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1361 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1362 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1363 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1364 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1365 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1366 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1367 }
1368 }
1369
1370 if(file_sz % ctx->page_sz != 0) {
1371 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1372 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1373 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1374 }
1375
1376 cleanup:
1377 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1378 return SQLITE_OK;
1379 }
1380
1381 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1382 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1383 Db *pDb = 0;
1384 sqlite3 *db = ctx->pBt->db;
1385 const char *db_filename = sqlite3_db_filename(db, "main");
1386 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1387 Btree *pDest = NULL, *pSrc = NULL;
1388 sqlite3_file *srcfile, *destfile;
1389 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1390 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1391 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1392 #endif
1393 pass_sz = keyspec_sz = rc = user_version = 0;
1394
1395 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1396 goto cleanup; /* exit immediately if this is an in memory database */
1397
1398 /* pull the provided password / key material off the current codec context */
1399 pass_sz = ctx->read_ctx->pass_sz;
1400 pass = sqlcipher_malloc(pass_sz+1);
1401 memset(pass, 0, pass_sz+1);
1402 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1403
1404 /* Version 4 - current, no upgrade required, so exit immediately */
1405 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1406 if(rc == SQLITE_OK){
1407 CODEC_TRACE("No upgrade required - exiting");
1408 goto cleanup;
1409 }
1410
1411 for(i = 3; i > 0; i--) {
1412 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1413 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1414 if(rc == SQLITE_OK) {
1415 CODEC_TRACE("Version %d format found", i);
1416 goto migrate;
1417 }
1418 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1419 pragma_compat = NULL;
1420 }
1421
1422 /* if we exit the loop normally we failed to determine the version, this is an error */
1423 CODEC_TRACE("Upgrade format not determined");
1424 goto handle_error;
1425
1426 migrate:
1427
1428 temp = sqlite3_mprintf("%s-migrated", db_filename);
1429 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1430 * to determine whether the filename was URI formatted */
1431 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1432 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1433 sqlcipher_free(temp, sqlite3Strlen30(temp));
1434
1435 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1436 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1437
1438 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1439 if(rc != SQLITE_OK){
1440 CODEC_TRACE("set compatibility mode failed, error code %d", rc);
1441 goto handle_error;
1442 }
1443
1444 /* force journal mode to DELETE, we will set it back later if different */
1445 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1446 if(rc != SQLITE_OK){
1447 CODEC_TRACE("force journal mode DELETE failed, error code %d", rc);
1448 goto handle_error;
1449 }
1450
1451 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1452 if(rc != SQLITE_OK){
1453 CODEC_TRACE("attach failed, error code %d", rc);
1454 goto handle_error;
1455 }
1456
1457 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1458 if(rc != SQLITE_OK){
1459 CODEC_TRACE("keying attached database failed, error code %d", rc);
1460 goto handle_error;
1461 }
1462
1463 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1464 if(rc != SQLITE_OK){
1465 CODEC_TRACE("sqlcipher_export failed, error code %d", rc);
1466 goto handle_error;
1467 }
1468
1469 #ifdef SQLCIPHER_TEST
1470 if((sqlcipher_get_test_flags() & TEST_FAIL_MIGRATE) > 0) {
1471 rc = SQLITE_ERROR;
1472 CODEC_TRACE("simulated migrate failure, error code %d", rc);
1473 goto handle_error;
1474 }
1475 #endif
1476
1477 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1478 if(rc != SQLITE_OK){
1479 CODEC_TRACE("set user version failed, error code %d", rc);
1480 goto handle_error;
1481 }
1482
1483 if( !db->autoCommit ){
1484 CODEC_TRACE("cannot migrate from within a transaction");
1485 goto handle_error;
1486 }
1487 if( db->nVdbeActive>1 ){
1488 CODEC_TRACE("cannot migrate - SQL statements in progress");
1489 goto handle_error;
1490 }
1491
1492 pDest = db->aDb[0].pBt;
1493 pDb = &(db->aDb[db->nDb-1]);
1494 pSrc = pDb->pBt;
1495
1496 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1497 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1498 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1499 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1500 CODEC_TRACE("set btree page size to %d res %d rc %d", default_page_size, nRes, rc);
1501 if( rc!=SQLITE_OK ) goto handle_error;
1502
1503 sqlite3CodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1504 sqlite3CodecAttach(db, 0, keyspec, keyspec_sz);
1505
1506 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1507 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1508
1509 sqlite3OsClose(srcfile);
1510 sqlite3OsClose(destfile);
1511
1512 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1513 CODEC_TRACE("performing windows MoveFileExA");
1514
1515 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1516 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1517 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1518
1519 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1520 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1521 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1522
1523 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1524 CODEC_TRACE("move error");
1525 rc = SQLITE_ERROR;
1526 CODEC_TRACE("error occurred while renaming %d", rc);
1527 goto handle_error;
1528 }
1529 #else
1530 CODEC_TRACE("performing POSIX rename");
1531 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1532 CODEC_TRACE("error occurred while renaming %d", rc);
1533 goto handle_error;
1534 }
1535 #endif
1536 CODEC_TRACE("renamed migration database %s to main database %s: %d", migrated_db_filename, db_filename, rc);
1537
1538 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1539 CODEC_TRACE("reopened migration database: %d", rc);
1540 if( rc!=SQLITE_OK ) goto handle_error;
1541
1542 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1543 CODEC_TRACE("reopened main database: %d", rc);
1544 if( rc!=SQLITE_OK ) goto handle_error;
1545
1546 sqlite3pager_reset(pDest->pBt->pPager);
1547 CODEC_TRACE("reset pager");
1548
1549 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1550 CODEC_TRACE("DETACH DATABASE called %d", rc);
1551 if(rc != SQLITE_OK) goto cleanup;
1552
1553 sqlite3ResetAllSchemasOfConnection(db);
1554 CODEC_TRACE("reset all schemas");
1555
1556 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1557 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1558 CODEC_TRACE("%s: %d", set_journal_mode, rc);
1559 if( rc!=SQLITE_OK ) goto handle_error;
1560
1561 goto cleanup;
1562
1563 handle_error:
1564 CODEC_TRACE("An error occurred attempting to migrate the database - last error %d", rc);
1565
1566 cleanup:
1567 if(migrated_db_filename) {
1568 int del_rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1569 CODEC_TRACE("deleted migration database: %d", del_rc);
1570 }
1571
1572 if(pass) sqlcipher_free(pass, pass_sz);
1573 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1574 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1575 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1576 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1577 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1578 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1579 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1580 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1581 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1582 #endif
1583 return rc;
1584 }
1585
1586 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1587 const char *suffix = &zRight[random_sz-1];
1588 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1589 if (n > 0 &&
1590 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1591 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1592 n % 2 == 0) {
1593 int rc = 0;
1594 int buffer_sz = n / 2;
1595 unsigned char *random;
1596 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1597 CODEC_TRACE("sqlcipher_codec_add_random: using raw random blob from hex");
1598 random = sqlcipher_malloc(buffer_sz);
1599 memset(random, 0, buffer_sz);
1600 cipher_hex2bin(z, n, random);
1601 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1602 sqlcipher_free(random, buffer_sz);
1603 return rc;
1604 }
1605 return SQLITE_ERROR;
1606 }
1607
1608 #if !defined(SQLITE_OMIT_TRACE)
1609 static int sqlcipher_profile_callback(unsigned int trace, void *file, void *stmt, void *run_time){
1610 FILE *f = (FILE*) file;
1611 char *fmt = "Elapsed time:%.3f ms - %s\n";
1612 double elapsed = (*((sqlite3_uint64*)run_time))/1000000.0;
1613 #ifdef __ANDROID__
1614 if(f == NULL) {
1615 __android_log_print(ANDROID_LOG_DEBUG, "sqlcipher", fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt);
1616 }
1617 #endif
1618 if(f) fprintf(f, fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1619 return SQLITE_OK;
1620 }
1621 #endif
1622
1623 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1624 #if defined(SQLITE_OMIT_TRACE)
1625 return SQLITE_ERROR;
1626 #else
1627 FILE *f = NULL;
1628 if(sqlite3_stricmp(destination, "off") == 0){
1629 sqlite3_trace_v2(db, 0, NULL, NULL); /* disable tracing */
1630 } else {
1631 if(sqlite3_stricmp(destination, "stdout") == 0){
1632 f = stdout;
1633 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1634 f = stderr;
1635 }else if(sqlite3_stricmp(destination, "logcat") == 0){
1636 f = NULL; /* file pointer will be NULL indicating logcat on android */
1637 }else{
1638 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1639 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1640 #else
1641 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1642 #endif
1643 }
1644 sqlite3_trace_v2(db, SQLITE_TRACE_PROFILE, sqlcipher_profile_callback, f);
1645 }
1646 return SQLITE_OK;
1647 #endif
1648 }
1649
1650 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1651 return ctx->provider->fips_status(ctx->provider_ctx);
1652 }
1653
1654 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1655 return ctx->provider->get_provider_version(ctx->provider_ctx);
1656 }
1657
1658 #ifndef SQLCIPHER_OMIT_TRACE
1659 void sqlcipher_trace(unsigned int tag, const char *message, ...) {
1660 va_list params;
1661 if((sqlcipher_trace_filter & tag) == 0 || (sqlcipher_trace_logcat == 0 && sqlcipher_trace_file == NULL)) {
1662 /* no log target or tag not in included filters */
1663 return;
1664 }
1665 va_start(params, message);
1666 if(sqlcipher_trace_file != NULL){
1667 char buffer[20];
1668 struct tm tt;
1669 struct timeval tv;
1670 int ms;
1671 gettimeofday(&tv, NULL);
1672 ms = tv.tv_usec/1000.0;
1673 localtime_r(&tv.tv_sec, &tt);
1674 strftime(buffer, 20, "%Y-%m-%d %H:%M:%S", &tt);
1675 fprintf((FILE*)sqlcipher_trace_file, "%s.%03d: ", buffer, ms);
1676 vfprintf((FILE*)sqlcipher_trace_file, message, params);
1677 fprintf((FILE*)sqlcipher_trace_file, "\n");
1678 }
1679 #ifdef __ANDROID__
1680 if(sqlcipher_trace_logcat) {
1681 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1682 }
1683 #endif
1684 va_end(params);
1685 }
1686 #endif
1687
1688 int sqlcipher_set_trace_filter(unsigned int filter) {
1689 sqlcipher_trace_filter = filter;
1690 }
1691
1692 int sqlcipher_set_trace(const char *destination){
1693 #ifdef SQLCIPHER_OMIT_TRACE
1694 return SQLITE_ERROR;
1695 #else
1696 /* close open trace file if it is not stdout or stderr, then
1697 reset trace settings */
1698 if(sqlcipher_trace_file != NULL && sqlcipher_trace_file != stdout && sqlcipher_trace_file != stderr) {
1699 fclose((FILE*)sqlcipher_trace_file);
1700 }
1701 sqlcipher_trace_file = NULL;
1702 sqlcipher_trace_logcat = 0;
1703
1704 if(sqlite3_stricmp(destination, "logcat") == 0){
1705 sqlcipher_trace_logcat = 1;
1706 } else if(sqlite3_stricmp(destination, "stdout") == 0){
1707 sqlcipher_trace_file = stdout;
1708 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1709 sqlcipher_trace_file = stderr;
1710 }else if(sqlite3_stricmp(destination, "off") != 0){
1711 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1712 if(fopen_s(&sqlcipher_trace_file, destination, "a") != 0) return SQLITE_ERROR;
1713 #else
1714 if((sqlcipher_trace_file = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1715 #endif
1716 }
1717 sqlcipher_trace(SQLCIPHER_TRACE_CORE, "sqlcipher_set_trace: set trace to %s", destination);
1718 return SQLITE_OK;
1719 #endif
1720 }
1721
1722 #endif
1723 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.