src/crypto.h

   1 /*
   2 ** SQLCipher
   3 ** crypto.h developed by Stephen Lombardo (Zetetic LLC)
   4 ** sjlombardo at zetetic dot net
   5 ** http://zetetic.net
   6 **
   7 ** Copyright (c) 2008, ZETETIC LLC
   8 ** All rights reserved.
   9 **
  10 ** Redistribution and use in source and binary forms, with or without
  11 ** modification, are permitted provided that the following conditions are met:
  12 **     * Redistributions of source code must retain the above copyright
  13 **       notice, this list of conditions and the following disclaimer.
  14 **     * Redistributions in binary form must reproduce the above copyright
  15 **       notice, this list of conditions and the following disclaimer in the
  16 **       documentation and/or other materials provided with the distribution.
  17 **     * Neither the name of the ZETETIC LLC nor the
  18 **       names of its contributors may be used to endorse or promote products
  19 **       derived from this software without specific prior written permission.
  20 **
  21 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
  22 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  23 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  24 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
  25 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  26 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  27 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  28 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  29 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  30 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  31 **
  32 */
  33 /* BEGIN CRYPTO */
  34 #ifdef SQLITE_HAS_CODEC
  35 #ifndef CRYPTO_H
  36 #define CRYPTO_H
  37
  38 #define FILE_HEADER_SZ 16
  39
  40 #ifndef CIPHER_VERSION
  41 #define CIPHER_VERSION "2.1.0"
  42 #endif
  43
  44 #ifndef CIPHER
  45 #define CIPHER "aes-256-cbc"
  46 #endif
  47
  48 #define CIPHER_DECRYPT 0
  49 #define CIPHER_ENCRYPT 1
  50
  51 #define CIPHER_READ_CTX 0
  52 #define CIPHER_WRITE_CTX 1
  53 #define CIPHER_READWRITE_CTX 2
  54
  55 #ifndef PBKDF2_ITER
  56 #define PBKDF2_ITER 4000
  57 #endif
  58
  59 /* possible flags for cipher_ctx->flags */
  60 #define CIPHER_FLAG_HMAC          0x01
  61 #define CIPHER_FLAG_LE_PGNO       0x02
  62 #define CIPHER_FLAG_BE_PGNO       0x04
  63
  64 #ifndef DEFAULT_CIPHER_FLAGS
  65 #define DEFAULT_CIPHER_FLAGS CIPHER_FLAG_HMAC | CIPHER_FLAG_LE_PGNO
  66 #endif
  67
  68
  69 /* by default, sqlcipher will use a reduced number of iterations to generate
  70    the HMAC key / or transform a raw cipher key
  71    */
  72 #ifndef FAST_PBKDF2_ITER
  73 #define FAST_PBKDF2_ITER 2
  74 #endif
  75
  76 /* this if a fixed random array that will be xor'd with the database salt to ensure that the
  77    salt passed to the HMAC key derivation function is not the same as that used to derive
  78    the encryption key. This can be overridden at compile time but it will make the resulting
  79    binary incompatible with the default builds when using HMAC. A future version of SQLcipher
  80    will likely allow this to be defined at runtime via pragma */
  81 #ifndef HMAC_SALT_MASK
  82 #define HMAC_SALT_MASK 0x3a
  83 #endif
  84
  85 #ifdef CODEC_DEBUG
  86 #define CODEC_TRACE(X)  {printf X;fflush(stdout);}
  87 #else
  88 #define CODEC_TRACE(X)
  89 #endif
  90
  91 #ifdef CODEC_DEBUG_PAGEDATA
  92 #define CODEC_HEXDUMP(DESC,BUFFER,LEN)  \
  93   { \
  94     int __pctr; \
  95     printf(DESC); \
  96     for(__pctr=0; __pctr < LEN; __pctr++) { \
  97       if(__pctr % 16 == 0) printf("\n%05x: ",__pctr); \
  98       printf("%02x ",((unsigned char*) BUFFER)[__pctr]); \
  99     } \
 100     printf("\n"); \
 101     fflush(stdout); \
 102   }
 103 #else
 104 #define CODEC_HEXDUMP(DESC,BUFFER,LEN)
 105 #endif
 106
 107 /* extensions defined in pager.c */
 108 void sqlite3pager_get_codec(Pager *pPager, void **ctx);
 109 int sqlite3pager_is_mj_pgno(Pager *pPager, Pgno pgno);
 110 sqlite3_file *sqlite3Pager_get_fd(Pager *pPager);
 111 void sqlite3pager_sqlite3PagerSetCodec(
 112   Pager *pPager,
 113   void *(*xCodec)(void*,void*,Pgno,int),
 114   void (*xCodecSizeChng)(void*,int,int),
 115   void (*xCodecFree)(void*),
 116   void *pCodec
 117 );
 118 void sqlite3pager_sqlite3PagerSetError(Pager *pPager, int error);
 119 /* end extensions defined in pager.c */
 120
 121 /*
 122 **  Simple shared routines for converting hex char strings to binary data
 123  */
 124 static int cipher_hex2int(char c) {
 125   return (c>='0' && c<='9') ? (c)-'0' :
 126          (c>='A' && c<='F') ? (c)-'A'+10 :
 127          (c>='a' && c<='f') ? (c)-'a'+10 : 0;
 128 }
 129
 130 static void cipher_hex2bin(const char *hex, int sz, unsigned char *out){
 131   int i;
 132   for(i = 0; i < sz; i += 2){
 133     out[i/2] = (cipher_hex2int(hex[i])<<4) | cipher_hex2int(hex[i+1]);
 134   }
 135 }
 136
 137 /* extensions defined in crypto_impl.c */
 138
 139 typedef struct codec_ctx codec_ctx;
 140
 141 /* utility functions */
 142 int sqlcipher_ismemset(const unsigned char *a0, unsigned char value, int len);
 143 int sqlcipher_memcmp(const unsigned char *a0, const unsigned char *a1, int len);
 144 int sqlcipher_pseudorandom(void *, int);
 145 void sqlcipher_free(void *, int);
 146
 147 /* activation and initialization */
 148 void sqlcipher_activate();
 149 void sqlcipher_deactivate();
 150 int sqlcipher_codec_ctx_init(codec_ctx **, Db *, Pager *, sqlite3_file *, const void *, int);
 151 void sqlcipher_codec_ctx_free(codec_ctx **);
 152 int sqlcipher_codec_key_derive(codec_ctx *);
 153 int sqlcipher_codec_key_copy(codec_ctx *, int);
 154
 155 /* page cipher implementation */
 156 int sqlcipher_page_cipher(codec_ctx *, int, Pgno, int, int, unsigned char *, unsigned char *);
 157
 158 /* context setters & getters */
 159 void sqlcipher_codec_ctx_set_error(codec_ctx *, int);
 160
 161 int sqlcipher_codec_ctx_set_pass(codec_ctx *, const void *, int, int);
 162 void sqlcipher_codec_get_pass(codec_ctx *, void **zKey, int *nKey);
 163
 164 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *, int);
 165 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *);
 166 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *);
 167
 168 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *, int, int);
 169 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx, int);
 170
 171 void* sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx);
 172
 173 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *, int, int);
 174
 175 int sqlcipher_codec_ctx_set_cipher(codec_ctx *, const char *, int);
 176 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx, int for_ctx);
 177
 178 void* sqlcipher_codec_ctx_get_data(codec_ctx *);
 179
 180 void sqlcipher_exportFunc(sqlite3_context *, int, sqlite3_value **);
 181
 182 void sqlcipher_set_default_use_hmac(int use);
 183 int sqlcipher_get_default_use_hmac();
 184
 185 void sqlcipher_set_hmac_salt_mask(unsigned char mask);
 186
 187 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use);
 188 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx, int for_ctx);
 189
 190 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag);
 191 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag);
 192
 193 /* end extensions defined in crypto_impl.c */
 194
 195 #endif
 196 #endif
 197 /* END CRYPTO */