src/crypto_openssl.c

   1 /*
   2 ** SQLCipher
   3 ** http://sqlcipher.net
   4 **
   5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
   6 ** All rights reserved.
   7 **
   8 ** Redistribution and use in source and binary forms, with or without
   9 ** modification, are permitted provided that the following conditions are met:
  10 **     * Redistributions of source code must retain the above copyright
  11 **       notice, this list of conditions and the following disclaimer.
  12 **     * Redistributions in binary form must reproduce the above copyright
  13 **       notice, this list of conditions and the following disclaimer in the
  14 **       documentation and/or other materials provided with the distribution.
  15 **     * Neither the name of the ZETETIC LLC nor the
  16 **       names of its contributors may be used to endorse or promote products
  17 **       derived from this software without specific prior written permission.
  18 **
  19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
  20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
  23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 **
  30 */
  31 /* BEGIN SQLCIPHER */
  32 #ifdef SQLITE_HAS_CODEC
  33 #ifdef SQLCIPHER_CRYPTO_OPENSSL
  34 #include "sqliteInt.h"
  35 #include "crypto.h"
  36 #include "sqlcipher.h"
  37 #include <openssl/rand.h>
  38 #include <openssl/evp.h>
  39 #include <openssl/objects.h>
  40 #include <openssl/hmac.h>
  41 #include <openssl/err.h>
  42
  43 static unsigned int openssl_init_count = 0;
  44
  45 #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
  46 static HMAC_CTX *HMAC_CTX_new(void)
  47 {
  48   HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
  49   if (ctx != NULL) {
  50     HMAC_CTX_init(ctx);
  51   }
  52   return ctx;
  53 }
  54
  55 /* Per 1.1.0 (https://wiki.openssl.org/index.php/1.1_API_Changes)
  56    HMAC_CTX_free should call HMAC_CTX_cleanup, then EVP_MD_CTX_Cleanup.
  57    HMAC_CTX_cleanup internally calls EVP_MD_CTX_cleanup so these
  58    calls are not needed. */
  59 static void HMAC_CTX_free(HMAC_CTX *ctx)
  60 {
  61   if (ctx != NULL) {
  62     HMAC_CTX_cleanup(ctx);
  63     OPENSSL_free(ctx);
  64   }
  65 }
  66 #endif
  67
  68 static int sqlcipher_openssl_add_random(void *ctx, void *buffer, int length) {
  69 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
  70   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND");
  71   sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
  72   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND");
  73 #endif
  74   RAND_add(buffer, length, 0);
  75 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
  76   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND");
  77   sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
  78   CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: left SQLCIPHER_MUTEX_PROVIDER_RAND");
  79 #endif
  80   return SQLITE_OK;
  81 }
  82
  83 #define OPENSSL_CIPHER EVP_aes_256_cbc()
  84
  85
  86 /* activate and initialize sqlcipher. Most importantly, this will automatically
  87    intialize OpenSSL's EVP system if it hasn't already be externally. Note that
  88    this function may be called multiple times as new codecs are intiialized.
  89    Thus it performs some basic counting to ensure that only the last and final
  90    sqlcipher_openssl_deactivate() will free the EVP structures.
  91 */
  92 static int sqlcipher_openssl_activate(void *ctx) {
  93   /* initialize openssl and increment the internal init counter
  94      but only if it hasn't been initalized outside of SQLCipher by this program
  95      e.g. on startup */
  96
  97   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
  98   sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
  99   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
 100
 101 #ifdef SQLCIPHER_FIPS
 102   if(!FIPS_mode()){
 103     if(!FIPS_mode_set(1)){
 104       unsigned long err = 0;
 105       ERR_load_crypto_strings();
 106 #ifdef __ANDROID__
 107       while((err = ERR_get_error()) != 0) {
 108         __android_log_print(ANDROID_LOG_ERROR, "sqlcipher","error: %lx. %s.", err, ERR_error_string(err, NULL));
 109       }
 110 #else
 111       ERR_print_errors_fp(stderr);
 112 #endif
 113     }
 114   }
 115 #endif
 116
 117   openssl_init_count++;
 118   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
 119   sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
 120   CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
 121   return SQLITE_OK;
 122 }
 123
 124 /* deactivate SQLCipher, most imporantly decremeting the activation count and
 125    freeing the EVP structures on the final deactivation to ensure that
 126    OpenSSL memory is cleaned up */
 127 static int sqlcipher_openssl_deactivate(void *ctx) {
 128   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
 129   sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
 130   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
 131
 132   openssl_init_count--;
 133
 134   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
 135   sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
 136   CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE");
 137   return SQLITE_OK;
 138 }
 139
 140 static const char* sqlcipher_openssl_get_provider_name(void *ctx) {
 141   return "openssl";
 142 }
 143
 144 static const char* sqlcipher_openssl_get_provider_version(void *ctx) {
 145   return OPENSSL_VERSION_TEXT;
 146 }
 147
 148 /* generate a defined number of random bytes */
 149 static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) {
 150   int rc = 0;
 151   /* concurrent calls to RAND_bytes can cause a crash under some openssl versions when a
 152      naive application doesn't use CRYPTO_set_locking_callback and
 153      CRYPTO_THREADID_set_callback to ensure openssl thread safety.
 154      This is simple workaround to prevent this common crash
 155      but a more proper solution is that applications setup platform-appropriate
 156      thread saftey in openssl externally */
 157 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
 158   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND");
 159   sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
 160   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND");
 161 #endif
 162   rc = RAND_bytes((unsigned char *)buffer, length);
 163 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
 164   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND");
 165   sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
 166   CODEC_TRACE_MUTEX("sqlcipher_openssl_random: left SQLCIPHER_MUTEX_PROVIDER_RAND");
 167 #endif
 168   return (rc == 1) ? SQLITE_OK : SQLITE_ERROR;
 169 }
 170
 171 static int sqlcipher_openssl_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
 172   unsigned int outlen;
 173   int rc = SQLITE_OK;
 174   HMAC_CTX* hctx = NULL;
 175
 176   if(in == NULL) goto error;
 177
 178   hctx = HMAC_CTX_new();
 179   if(hctx == NULL) goto error;
 180
 181   switch(algorithm) {
 182     case SQLCIPHER_HMAC_SHA1:
 183       if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha1(), NULL)) goto error;
 184       break;
 185     case SQLCIPHER_HMAC_SHA256:
 186       if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha256(), NULL)) goto error;
 187       break;
 188     case SQLCIPHER_HMAC_SHA512:
 189       if(!HMAC_Init_ex(hctx, hmac_key, key_sz, EVP_sha512(), NULL)) goto error;
 190       break;
 191     default:
 192       goto error;
 193   }
 194
 195   if(!HMAC_Update(hctx, in, in_sz)) goto error;
 196   if(in2 != NULL) {
 197     if(!HMAC_Update(hctx, in2, in2_sz)) goto error;
 198   }
 199   if(!HMAC_Final(hctx, out, &outlen)) goto error;
 200
 201   goto cleanup;
 202 error:
 203   rc = SQLITE_ERROR;
 204 cleanup:
 205   if(hctx) HMAC_CTX_free(hctx);
 206   return rc;
 207 }
 208
 209 static int sqlcipher_openssl_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
 210   int rc = SQLITE_OK;
 211
 212   switch(algorithm) {
 213     case SQLCIPHER_HMAC_SHA1:
 214       if(!PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha1(), key_sz, key)) goto error;
 215       break;
 216     case SQLCIPHER_HMAC_SHA256:
 217       if(!PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha256(), key_sz, key)) goto error;
 218       break;
 219     case SQLCIPHER_HMAC_SHA512:
 220       if(!PKCS5_PBKDF2_HMAC((const char *)pass, pass_sz, salt, salt_sz, workfactor, EVP_sha512(), key_sz, key)) goto error;
 221       break;
 222     default:
 223       return SQLITE_ERROR;
 224   }
 225
 226   goto cleanup;
 227 error:
 228   rc = SQLITE_ERROR;
 229 cleanup:
 230   return rc;
 231 }
 232
 233 static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
 234   int tmp_csz, csz, rc = SQLITE_OK;
 235   EVP_CIPHER_CTX* ectx = EVP_CIPHER_CTX_new();
 236   if(ectx == NULL) goto error;
 237   if(!EVP_CipherInit_ex(ectx, OPENSSL_CIPHER, NULL, NULL, NULL, mode)) goto error;
 238   if(!EVP_CIPHER_CTX_set_padding(ectx, 0)) goto error; /* no padding */
 239   if(!EVP_CipherInit_ex(ectx, NULL, NULL, key, iv, mode)) goto error;
 240   if(!EVP_CipherUpdate(ectx, out, &tmp_csz, in, in_sz)) goto error;
 241   csz = tmp_csz;
 242   out += tmp_csz;
 243   if(!EVP_CipherFinal_ex(ectx, out, &tmp_csz)) goto error;
 244   csz += tmp_csz;
 245   assert(in_sz == csz);
 246
 247   goto cleanup;
 248 error:
 249   rc = SQLITE_ERROR;
 250 cleanup:
 251   if(ectx) EVP_CIPHER_CTX_free(ectx);
 252   return rc;
 253 }
 254
 255 static const char* sqlcipher_openssl_get_cipher(void *ctx) {
 256   return OBJ_nid2sn(EVP_CIPHER_nid(OPENSSL_CIPHER));
 257 }
 258
 259 static int sqlcipher_openssl_get_key_sz(void *ctx) {
 260   return EVP_CIPHER_key_length(OPENSSL_CIPHER);
 261 }
 262
 263 static int sqlcipher_openssl_get_iv_sz(void *ctx) {
 264   return EVP_CIPHER_iv_length(OPENSSL_CIPHER);
 265 }
 266
 267 static int sqlcipher_openssl_get_block_sz(void *ctx) {
 268   return EVP_CIPHER_block_size(OPENSSL_CIPHER);
 269 }
 270
 271 static int sqlcipher_openssl_get_hmac_sz(void *ctx, int algorithm) {
 272   switch(algorithm) {
 273     case SQLCIPHER_HMAC_SHA1:
 274       return EVP_MD_size(EVP_sha1());
 275       break;
 276     case SQLCIPHER_HMAC_SHA256:
 277       return EVP_MD_size(EVP_sha256());
 278       break;
 279     case SQLCIPHER_HMAC_SHA512:
 280       return EVP_MD_size(EVP_sha512());
 281       break;
 282     default:
 283       return 0;
 284   }
 285 }
 286
 287 static int sqlcipher_openssl_ctx_init(void **ctx) {
 288   return sqlcipher_openssl_activate(*ctx);
 289 }
 290
 291 static int sqlcipher_openssl_ctx_free(void **ctx) {
 292   return sqlcipher_openssl_deactivate(NULL);
 293 }
 294
 295 static int sqlcipher_openssl_fips_status(void *ctx) {
 296 #ifdef SQLCIPHER_FIPS
 297   return FIPS_mode();
 298 #else
 299   return 0;
 300 #endif
 301 }
 302
 303 int sqlcipher_openssl_setup(sqlcipher_provider *p) {
 304   p->activate = sqlcipher_openssl_activate;
 305   p->deactivate = sqlcipher_openssl_deactivate;
 306   p->get_provider_name = sqlcipher_openssl_get_provider_name;
 307   p->random = sqlcipher_openssl_random;
 308   p->hmac = sqlcipher_openssl_hmac;
 309   p->kdf = sqlcipher_openssl_kdf;
 310   p->cipher = sqlcipher_openssl_cipher;
 311   p->get_cipher = sqlcipher_openssl_get_cipher;
 312   p->get_key_sz = sqlcipher_openssl_get_key_sz;
 313   p->get_iv_sz = sqlcipher_openssl_get_iv_sz;
 314   p->get_block_sz = sqlcipher_openssl_get_block_sz;
 315   p->get_hmac_sz = sqlcipher_openssl_get_hmac_sz;
 316   p->ctx_init = sqlcipher_openssl_ctx_init;
 317   p->ctx_free = sqlcipher_openssl_ctx_free;
 318   p->add_random = sqlcipher_openssl_add_random;
 319   p->fips_status = sqlcipher_openssl_fips_status;
 320   p->get_provider_version = sqlcipher_openssl_get_provider_version;
 321   return SQLITE_OK;
 322 }
 323
 324 #endif
 325 #endif
 326 /* END SQLCIPHER */