search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove redefines for PAGER_MJ_PGNO to PAGER_SJ_PGNO
[sqlcipher.git] / src / crypto_impl.c
blob9b580e7a2a5ccb2fab905b50df16c6f4b26fc2b7
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36
37 #ifdef SQLCIPHER_TEST
38 static volatile unsigned int cipher_test_flags = 0;
39 unsigned int sqlcipher_get_test_flags() {
40 return cipher_test_flags;
41 }
42 void sqlcipher_set_test_flags(unsigned int flags) {
43 cipher_test_flags = flags;
44 }
45
46 static volatile int cipher_test_rand = 0;
47 int sqlcipher_get_test_rand() {
48 return cipher_test_rand;
49 }
50 void sqlcipher_set_test_rand(int rand) {
51 cipher_test_rand = rand;
52 }
53 int sqlcipher_get_test_fail() {
54 int x;
55
56 /* if cipher_test_rand is not set to a non-zero value always fail (return true) */
57 if (cipher_test_rand == 0) return 1;
58
59 sqlite3_randomness(sizeof(x), &x);
60 return ((x % cipher_test_rand) == 0);
61 }
62 #endif
63
64 /* Generate code to return a string value */
65
66 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
67 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
68 static volatile int default_kdf_iter = PBKDF2_ITER;
69 static volatile int default_page_size = 4096;
70 static volatile int default_plaintext_header_sz = 0;
71 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
72 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
73 static volatile int sqlcipher_mem_security_on = 0;
74 static volatile int sqlcipher_mem_executed = 0;
75 static volatile int sqlcipher_mem_initialized = 0;
76 static volatile unsigned int sqlcipher_activate_count = 0;
77 static volatile sqlite3_mem_methods default_mem_methods;
78 static sqlcipher_provider *default_provider = NULL;
79
80 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
81 static volatile FILE* sqlcipher_log_file = NULL;
82 static volatile int sqlcipher_log_logcat = 0;
83 static volatile unsigned int sqlcipher_log_level = SQLCIPHER_LOG_NONE;
84
85 sqlite3_mutex* sqlcipher_mutex(int mutex) {
86 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
87 return sqlcipher_static_mutex[mutex];
88 }
89
90 static int sqlcipher_mem_init(void *pAppData) {
91 return default_mem_methods.xInit(pAppData);
92 }
93 static void sqlcipher_mem_shutdown(void *pAppData) {
94 default_mem_methods.xShutdown(pAppData);
95 }
96 static void *sqlcipher_mem_malloc(int n) {
97 void *ptr = default_mem_methods.xMalloc(n);
98 if(!sqlcipher_mem_executed) sqlcipher_mem_executed = 1;
99 if(sqlcipher_mem_security_on) {
100 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)", ptr, n);
101 sqlcipher_mlock(ptr, n);
102 }
103 return ptr;
104 }
105 static int sqlcipher_mem_size(void *p) {
106 return default_mem_methods.xSize(p);
107 }
108 static void sqlcipher_mem_free(void *p) {
109 int sz;
110 if(!sqlcipher_mem_executed) sqlcipher_mem_executed = 1;
111 if(sqlcipher_mem_security_on) {
112 sz = sqlcipher_mem_size(p);
113 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d)", p, sz, p, sz);
114 sqlcipher_memset(p, 0, sz);
115 sqlcipher_munlock(p, sz);
116 }
117 default_mem_methods.xFree(p);
118 }
119 static void *sqlcipher_mem_realloc(void *p, int n) {
120 void *new = NULL;
121 int orig_sz = 0;
122 if(sqlcipher_mem_security_on) {
123 orig_sz = sqlcipher_mem_size(p);
124 if (n==0) {
125 sqlcipher_mem_free(p);
126 return NULL;
127 } else if (!p) {
128 return sqlcipher_mem_malloc(n);
129 } else if(n <= orig_sz) {
130 return p;
131 } else {
132 new = sqlcipher_mem_malloc(n);
133 if(new) {
134 memcpy(new, p, orig_sz);
135 sqlcipher_mem_free(p);
136 }
137 return new;
138 }
139 } else {
140 return default_mem_methods.xRealloc(p, n);
141 }
142 }
143
144 static int sqlcipher_mem_roundup(int n) {
145 return default_mem_methods.xRoundup(n);
146 }
147
148 static sqlite3_mem_methods sqlcipher_mem_methods = {
149 sqlcipher_mem_malloc,
150 sqlcipher_mem_free,
151 sqlcipher_mem_realloc,
152 sqlcipher_mem_size,
153 sqlcipher_mem_roundup,
154 sqlcipher_mem_init,
155 sqlcipher_mem_shutdown,
156 0
157 };
158
159 void sqlcipher_init_memmethods() {
160 if(sqlcipher_mem_initialized) return;
161 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
162 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
163 sqlcipher_mem_security_on = sqlcipher_mem_executed = sqlcipher_mem_initialized = 0;
164 } else {
165 sqlcipher_mem_initialized = 1;
166 }
167 }
168
169 int sqlcipher_register_provider(sqlcipher_provider *p) {
170 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER");
171 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
172 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER");
173
174 if(default_provider != NULL && default_provider != p) {
175 /* only free the current registerd provider if it has been initialized
176 and it isn't a pointer to the same provider passed to the function
177 (i.e. protect against a caller calling register twice for the same provider) */
178 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
179 }
180 default_provider = p;
181 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER");
182 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
183 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER");
184
185 return SQLITE_OK;
186 }
187
188 /* return a pointer to the currently registered provider. This will
189 allow an application to fetch the current registered provider and
190 make minor changes to it */
191 sqlcipher_provider* sqlcipher_get_provider() {
192 return default_provider;
193 }
194
195 void sqlcipher_activate() {
196 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: entering static master mutex");
197 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
198 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: entered static master mutex");
199
200 /* allocate new mutexes */
201 if(sqlcipher_activate_count == 0) {
202 int i;
203 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
204 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
205 }
206 }
207
208 /* check to see if there is a provider registered at this point
209 if there no provider registered at this point, register the
210 default provider */
211 if(sqlcipher_get_provider() == NULL) {
212 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
213 #if defined (SQLCIPHER_CRYPTO_CC)
214 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
215 sqlcipher_cc_setup(p);
216 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
217 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
218 sqlcipher_ltc_setup(p);
219 #elif defined (SQLCIPHER_CRYPTO_NSS)
220 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
221 sqlcipher_nss_setup(p);
222 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
223 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
224 sqlcipher_openssl_setup(p);
225 #else
226 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
227 #endif
228 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_activate: calling sqlcipher_register_provider(%p)", p);
229 #ifdef SQLCIPHER_EXT
230 sqlcipher_ext_provider_setup(p);
231 #endif
232 sqlcipher_register_provider(p);
233 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_activate: called sqlcipher_register_provider(%p)",p);
234 }
235
236 sqlcipher_activate_count++; /* increment activation count */
237
238 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: leaving static master mutex");
239 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
240 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: left static master mutex");
241 }
242
243 void sqlcipher_deactivate() {
244 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entering static master mutex");
245 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
246 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entered static master mutex");
247
248 sqlcipher_activate_count--;
249 /* if no connections are using sqlcipher, cleanup globals */
250 if(sqlcipher_activate_count < 1) {
251 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER");
252 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
253 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER");
254
255 if(default_provider != NULL) {
256 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
257 default_provider = NULL;
258 }
259
260 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER");
261 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
262 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER");
263
264 #ifdef SQLCIPHER_EXT
265 sqlcipher_ext_provider_destroy();
266 #endif
267
268 /* last connection closed, free mutexes */
269 if(sqlcipher_activate_count == 0) {
270 int i;
271 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
272 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
273 }
274 }
275 sqlcipher_activate_count = 0; /* reset activation count */
276 }
277
278 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: leaving static master mutex");
279 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
280 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: left static master mutex");
281 }
282
283 /* constant time memset using volitile to avoid having the memset
284 optimized out by the compiler.
285 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
286 */
287 void* sqlcipher_memset(void *v, unsigned char value, sqlite_uint64 len) {
288 sqlite_uint64 i = 0;
289 volatile unsigned char *a = v;
290
291 if (v == NULL) return v;
292
293 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_memset: setting %p[0-%llu]=%d)", a, len, value);
294 for(i = 0; i < len; i++) {
295 a[i] = value;
296 }
297
298 return v;
299 }
300
301 /* constant time memory check tests every position of a memory segement
302 matches a single value (i.e. the memory is all zeros)
303 returns 0 if match, 1 of no match */
304 int sqlcipher_ismemset(const void *v, unsigned char value, sqlite_uint64 len) {
305 const unsigned char *a = v;
306 sqlite_uint64 i = 0, result = 0;
307
308 for(i = 0; i < len; i++) {
309 result |= a[i] ^ value;
310 }
311
312 return (result != 0);
313 }
314
315 /* constant time memory comparison routine.
316 returns 0 if match, 1 if no match */
317 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
318 const unsigned char *a0 = v0, *a1 = v1;
319 int i = 0, result = 0;
320
321 for(i = 0; i < len; i++) {
322 result |= a0[i] ^ a1[i];
323 }
324
325 return (result != 0);
326 }
327
328 void sqlcipher_mlock(void *ptr, sqlite_uint64 sz) {
329 #ifndef OMIT_MEMLOCK
330 #if defined(__unix__) || defined(__APPLE__)
331 int rc;
332 unsigned long pagesize = sysconf(_SC_PAGESIZE);
333 unsigned long offset = (unsigned long) ptr % pagesize;
334
335 if(ptr == NULL || sz == 0) return;
336
337 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu", ptr - offset, sz + offset, pagesize);
338 rc = mlock(ptr - offset, sz + offset);
339 if(rc!=0) {
340 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
341 }
342 #elif defined(_WIN32)
343 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
344 int rc;
345 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_lock: calling VirtualLock(%p,%d)", ptr, sz);
346 rc = VirtualLock(ptr, sz);
347 if(rc==0) {
348 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
349 }
350 #endif
351 #endif
352 #endif
353 }
354
355 void sqlcipher_munlock(void *ptr, sqlite_uint64 sz) {
356 #ifndef OMIT_MEMLOCK
357 #if defined(__unix__) || defined(__APPLE__)
358 int rc;
359 unsigned long pagesize = sysconf(_SC_PAGESIZE);
360 unsigned long offset = (unsigned long) ptr % pagesize;
361
362 if(ptr == NULL || sz == 0) return;
363
364 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_unlock: calling munlock(%p,%lu)", ptr - offset, sz + offset);
365 rc = munlock(ptr - offset, sz + offset);
366 if(rc!=0) {
367 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
368 }
369 #elif defined(_WIN32)
370 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
371 int rc;
372 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)", ptr, sz);
373 rc = VirtualUnlock(ptr, sz);
374 if(!rc) {
375 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
376 }
377 #endif
378 #endif
379 #endif
380 }
381
382 /**
383 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
384 * can be countend and memory leak detection works in the test suite.
385 * If ptr is not null memory will be freed.
386 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
387 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
388 * memory segment so it can be paged
389 */
390 void sqlcipher_free(void *ptr, sqlite_uint64 sz) {
391 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
392 sqlcipher_memset(ptr, 0, sz);
393 sqlcipher_munlock(ptr, sz);
394 sqlite3_free(ptr);
395 }
396
397 /**
398 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
399 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
400 * attempts to lock the memory pages so sensitive information won't be swapped
401 */
402 void* sqlcipher_malloc(sqlite_uint64 sz) {
403 void *ptr;
404 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_malloc: calling sqlite3Malloc(%llu)", sz);
405 ptr = sqlite3Malloc(sz);
406 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
407 sqlcipher_memset(ptr, 0, sz);
408 sqlcipher_mlock(ptr, sz);
409 return ptr;
410 }
411
412 char* sqlcipher_version() {
413 #ifdef CIPHER_VERSION_QUALIFIER
414 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
415 #else
416 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
417 #endif
418 return version;
419 }
420
421 /**
422 * Initialize new cipher_ctx struct. This function will allocate memory
423 * for the cipher context and for the key
424 *
425 * returns SQLITE_OK if initialization was successful
426 * returns SQLITE_NOMEM if an error occured allocating memory
427 */
428 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
429 cipher_ctx *c_ctx;
430 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating context");
431 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
432 c_ctx = *iCtx;
433 if(c_ctx == NULL) return SQLITE_NOMEM;
434
435 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating key");
436 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
437
438 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating hmac_key");
439 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
440
441 if(c_ctx->key == NULL) return SQLITE_NOMEM;
442 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
443
444 return SQLITE_OK;
445 }
446
447 /**
448 * Free and wipe memory associated with a cipher_ctx
449 */
450 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
451 cipher_ctx *c_ctx = *iCtx;
452 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_free: iCtx=%p", iCtx);
453 sqlcipher_free(c_ctx->key, ctx->key_sz);
454 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
455 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
456 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
457 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
458 }
459
460 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
461 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
462 int reserve = base_reserve;
463
464 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
465
466 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
467 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
468
469 /* calculate the amount of reserve needed in even increments of the cipher block size */
470 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
471 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
472
473 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d",
474 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
475
476 ctx->reserve_sz = reserve;
477
478 return SQLITE_OK;
479 }
480
481 /**
482 * Compare one cipher_ctx to another.
483 *
484 * returns 0 if all the parameters (except the derived key data) are the same
485 * returns 1 otherwise
486 */
487 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
488 int are_equal = (
489 c1->pass_sz == c2->pass_sz
490 && (
491 c1->pass == c2->pass
492 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
493 (const unsigned char*)c2->pass,
494 c1->pass_sz)
495 ));
496
497 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_cmp: c1=%p c2=%p sqlcipher_memcmp(c1->pass, c2_pass)=%d are_equal=%d",
498 c1, c2,
499 (c1->pass == NULL || c2->pass == NULL) ?
500 -1 :
501 sqlcipher_memcmp(
502 (const unsigned char*)c1->pass,
503 (const unsigned char*)c2->pass,
504 c1->pass_sz
505 ),
506 are_equal
507 );
508
509 return !are_equal; /* return 0 if they are the same, 1 otherwise */
510 }
511
512 /**
513 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
514 * fully initialized context, you could copy it to write_ctx and all yet data
515 * and pass information across
516 *
517 * returns SQLITE_OK if initialization was successful
518 * returns SQLITE_NOMEM if an error occured allocating memory
519 */
520 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
521 void *key = target->key;
522 void *hmac_key = target->hmac_key;
523
524 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_copy: target=%p, source=%p", target, source);
525 sqlcipher_free(target->pass, target->pass_sz);
526 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
527 memcpy(target, source, sizeof(cipher_ctx));
528
529 target->key = key; /* restore pointer to previously allocated key data */
530 memcpy(target->key, source->key, ctx->key_sz);
531
532 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
533 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
534
535 if(source->pass && source->pass_sz) {
536 target->pass = sqlcipher_malloc(source->pass_sz);
537 if(target->pass == NULL) return SQLITE_NOMEM;
538 memcpy(target->pass, source->pass, source->pass_sz);
539 }
540 if(source->keyspec) {
541 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
542 if(target->keyspec == NULL) return SQLITE_NOMEM;
543 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
544 }
545 return SQLITE_OK;
546 }
547
548 /**
549 * Set the keyspec for the cipher_ctx
550 *
551 * returns SQLITE_OK if assignment was successfull
552 * returns SQLITE_NOMEM if an error occured allocating memory
553 */
554 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
555 /* free, zero existing pointers and size */
556 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
557 c_ctx->keyspec = NULL;
558
559 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
560 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
561
562 c_ctx->keyspec[0] = 'x';
563 c_ctx->keyspec[1] = '\'';
564 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
565 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
566 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
567 return SQLITE_OK;
568 }
569
570 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
571 return ctx->store_pass;
572 }
573
574 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
575 ctx->store_pass = value;
576 }
577
578 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
579 *zKey = ctx->read_ctx->pass;
580 *nKey = ctx->read_ctx->pass_sz;
581 }
582
583 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
584 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = 1;
585 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = 1;
586 }
587
588 /**
589 * Set the passphrase for the cipher_ctx
590 *
591 * returns SQLITE_OK if assignment was successfull
592 * returns SQLITE_NOMEM if an error occured allocating memory
593 */
594 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
595 /* free, zero existing pointers and size */
596 sqlcipher_free(ctx->pass, ctx->pass_sz);
597 ctx->pass = NULL;
598 ctx->pass_sz = 0;
599
600 if(zKey && nKey) { /* if new password is provided, copy it */
601 ctx->pass_sz = nKey;
602 ctx->pass = sqlcipher_malloc(nKey);
603 if(ctx->pass == NULL) return SQLITE_NOMEM;
604 memcpy(ctx->pass, zKey, nKey);
605 }
606 return SQLITE_OK;
607 }
608
609 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
610 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
611 int rc;
612
613 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) {
614 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_pass: error %d from sqlcipher_cipher_ctx_set_pass", rc);
615 return rc;
616 }
617
618 c_ctx->derive_key = 1;
619
620 if(for_ctx == 2) {
621 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK) {
622 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_pass: error %d from sqlcipher_cipher_ctx_copy", rc);
623 return rc;
624 }
625 }
626
627 return SQLITE_OK;
628 }
629
630 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
631 return ctx->provider->get_cipher(ctx->provider_ctx);
632 }
633
634 /* set the global default KDF iteration */
635 void sqlcipher_set_default_kdf_iter(int iter) {
636 default_kdf_iter = iter;
637 }
638
639 int sqlcipher_get_default_kdf_iter() {
640 return default_kdf_iter;
641 }
642
643 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
644 ctx->kdf_iter = kdf_iter;
645 sqlcipher_set_derive_key(ctx, 1);
646 return SQLITE_OK;
647 }
648
649 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
650 return ctx->kdf_iter;
651 }
652
653 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
654 ctx->fast_kdf_iter = fast_kdf_iter;
655 sqlcipher_set_derive_key(ctx, 1);
656 return SQLITE_OK;
657 }
658
659 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
660 return ctx->fast_kdf_iter;
661 }
662
663 /* set the global default flag for HMAC */
664 void sqlcipher_set_default_use_hmac(int use) {
665 if(use) default_flags |= CIPHER_FLAG_HMAC;
666 else default_flags &= ~CIPHER_FLAG_HMAC;
667 }
668
669 int sqlcipher_get_default_use_hmac() {
670 return (default_flags & CIPHER_FLAG_HMAC) != 0;
671 }
672
673 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
674 hmac_salt_mask = mask;
675 }
676
677 unsigned char sqlcipher_get_hmac_salt_mask() {
678 return hmac_salt_mask;
679 }
680
681 /* set the codec flag for whether this individual database should be using hmac */
682 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
683 if(use) {
684 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_HMAC);
685 } else {
686 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_HMAC);
687 }
688
689 return sqlcipher_codec_ctx_reserve_setup(ctx);
690 }
691
692 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
693 return (ctx->flags & CIPHER_FLAG_HMAC) != 0;
694 }
695
696 /* the length of plaintext header size must be:
697 * 1. greater than or equal to zero
698 * 2. a multiple of the cipher block size
699 * 3. less than the usable size of the first database page
700 */
701 int sqlcipher_set_default_plaintext_header_size(int size) {
702 default_plaintext_header_sz = size;
703 return SQLITE_OK;
704 }
705
706 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
707 if(size >= 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
708 ctx->plaintext_header_sz = size;
709 return SQLITE_OK;
710 }
711 ctx->plaintext_header_sz = -1;
712 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_plaintext_header_size: attempt to set invalid plantext_header_size %d", size);
713 return SQLITE_ERROR;
714 }
715
716 int sqlcipher_get_default_plaintext_header_size() {
717 return default_plaintext_header_sz;
718 }
719
720 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
721 return ctx->plaintext_header_sz;
722 }
723
724 /* manipulate HMAC algorithm */
725 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
726 default_hmac_algorithm = algorithm;
727 return SQLITE_OK;
728 }
729
730 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
731 ctx->hmac_algorithm = algorithm;
732 return sqlcipher_codec_ctx_reserve_setup(ctx);
733 }
734
735 int sqlcipher_get_default_hmac_algorithm() {
736 return default_hmac_algorithm;
737 }
738
739 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
740 return ctx->hmac_algorithm;
741 }
742
743 /* manipulate KDF algorithm */
744 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
745 default_kdf_algorithm = algorithm;
746 return SQLITE_OK;
747 }
748
749 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
750 ctx->kdf_algorithm = algorithm;
751 return SQLITE_OK;
752 }
753
754 int sqlcipher_get_default_kdf_algorithm() {
755 return default_kdf_algorithm;
756 }
757
758 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
759 return ctx->kdf_algorithm;
760 }
761
762 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag) {
763 ctx->flags |= flag;
764 return SQLITE_OK;
765 }
766
767 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag) {
768 ctx->flags &= ~flag;
769 return SQLITE_OK;
770 }
771
772 int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag) {
773 return (ctx->flags & flag) != 0;
774 }
775
776 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
777 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_error: ctx=%p, error=%d", ctx, error);
778 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
779 ctx->pBt->pBt->db->errCode = error;
780 }
781
782 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
783 return ctx->reserve_sz;
784 }
785
786 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
787 return ctx->buffer;
788 }
789
790 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
791 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
792
793 if(!ctx->need_kdf_salt) {
794 return SQLITE_OK; /* don't reload salt when not needed */
795 }
796
797 /* read salt from header, if present, otherwise generate a new random salt */
798 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init_kdf_salt: obtaining salt");
799 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
800 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random");
801 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) {
802 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init_kdf_salt: error retrieving random bytes from provider");
803 return SQLITE_ERROR;
804 }
805 }
806 ctx->need_kdf_salt = 0;
807 return SQLITE_OK;
808 }
809
810 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
811 if(size >= ctx->kdf_salt_sz) {
812 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
813 ctx->need_kdf_salt = 0;
814 return SQLITE_OK;
815 }
816 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_kdf_salt: attempt to set salt of incorrect size %d", size);
817 return SQLITE_ERROR;
818 }
819
820 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
821 int rc = SQLITE_OK;
822 if(ctx->need_kdf_salt) {
823 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) {
824 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_get_kdf_salt: error %d from sqlcipher_codec_ctx_init_kdf_salt", rc);
825 }
826 }
827 *salt = ctx->kdf_salt;
828
829 return rc;
830 }
831
832 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
833 *zKey = ctx->read_ctx->keyspec;
834 *nKey = ctx->keyspec_sz;
835 }
836
837 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
838 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
839 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_page_size not a power of 2 and between 512 and 65536 inclusive");
840 return SQLITE_ERROR;
841 }
842 /* attempt to free the existing page buffer */
843 sqlcipher_free(ctx->buffer,ctx->page_sz);
844 ctx->page_sz = size;
845
846 /* pre-allocate a page buffer of PageSize bytes. This will
847 be used as a persistent buffer for encryption and decryption
848 operations to avoid overhead of multiple memory allocations*/
849 ctx->buffer = sqlcipher_malloc(size);
850 if(ctx->buffer == NULL) return SQLITE_NOMEM;
851
852 return SQLITE_OK;
853 }
854
855 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
856 return ctx->page_sz;
857 }
858
859 void sqlcipher_set_default_pagesize(int page_size) {
860 default_page_size = page_size;
861 }
862
863 int sqlcipher_get_default_pagesize() {
864 return default_page_size;
865 }
866
867 void sqlcipher_set_mem_security(int on) {
868 /* memory security can only be enabled, not disabled */
869 if(on) {
870 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_set_mem_security: on");
871 sqlcipher_mem_security_on = on;
872 }
873 }
874
875 int sqlcipher_get_mem_security() {
876 /* only report that memory security is enabled if pragma cipher_memory_security is ON and
877 SQLCipher's allocator/deallocator was run at least one timecurrently used */
878 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_get_mem_security: sqlcipher_mem_security_on = %d, sqlcipher_mem_executed = %d", sqlcipher_mem_security_on, sqlcipher_mem_executed);
879 return sqlcipher_mem_security_on && sqlcipher_mem_executed;
880 }
881
882
883 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
884 int rc;
885 codec_ctx *ctx;
886
887 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating context");
888
889 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
890 ctx = *iCtx;
891
892 if(ctx == NULL) return SQLITE_NOMEM;
893
894 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
895
896 /* allocate space for salt data. Then read the first 16 bytes
897 directly off the database file. This is the salt for the
898 key derivation function. If we get a short read allocate
899 a new random salt value */
900 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating kdf_salt");
901 ctx->kdf_salt_sz = FILE_HEADER_SZ;
902 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
903 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
904
905 /* allocate space for separate hmac salt data. We want the
906 HMAC derivation salt to be different than the encryption
907 key derivation salt */
908 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating hmac_kdf_salt");
909 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
910 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
911
912 /* setup default flags */
913 ctx->flags = default_flags;
914
915 /* defer attempt to read KDF salt until first use */
916 ctx->need_kdf_salt = 1;
917
918 /* setup the crypto provider */
919 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating provider");
920 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
921 if(ctx->provider == NULL) return SQLITE_NOMEM;
922
923 /* make a copy of the provider to be used for the duration of the context */
924 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER");
925 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
926 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER");
927
928 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
929
930 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER");
931 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
932 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER");
933
934 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) {
935 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d returned from ctx_init", rc);
936 return rc;
937 }
938
939 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
940 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
941 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
942
943 /* establic the size for a hex-formated key specification, containing the
944 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
945 so oversize by 3 bytes */
946 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
947
948 /*
949 Always overwrite page size and set to the default because the first page of the database
950 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
951 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
952 */
953 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) {
954 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d returned from sqlcipher_codec_ctx_set_pagesize with %d", rc, default_page_size);
955 return rc;
956 }
957
958 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
959 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) {
960 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting default_kdf_iter %d", rc, default_kdf_iter);
961 return rc;
962 }
963
964 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) {
965 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting fast_kdf_iter to %d", rc, FAST_PBKDF2_ITER);
966 return rc;
967 }
968
969 /* set the default HMAC and KDF algorithms which will determine the reserve size */
970 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) {
971 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_hmac_algorithm with %d", rc, default_hmac_algorithm);
972 return rc;
973 }
974
975 /* Note that use_hmac is a special case that requires recalculation of page size
976 so we call set_use_hmac to perform setup */
977 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, default_flags & CIPHER_FLAG_HMAC)) != SQLITE_OK) {
978 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting use_hmac %d", rc, default_flags & CIPHER_FLAG_HMAC);
979 return rc;
980 }
981
982 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) {
983 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_kdf_algorithm with %d", rc, default_kdf_algorithm);
984 return rc;
985 }
986
987 /* setup the default plaintext header size */
988 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) {
989 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_plaintext_header_size with %d", rc, default_plaintext_header_sz);
990 return rc;
991 }
992
993 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
994 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) {
995 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d initializing read_ctx", rc);
996 return rc;
997 }
998
999 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) {
1000 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d initializing write_ctx", rc);
1001 return rc;
1002 }
1003
1004 /* set the key material on one of the sub cipher contexts and sync them up */
1005 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) {
1006 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting pass key", rc);
1007 return rc;
1008 }
1009
1010 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) {
1011 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d copying write_ctx to read_ctx", rc);
1012 return rc;
1013 }
1014
1015 return SQLITE_OK;
1016 }
1017
1018 /**
1019 * Free and wipe memory associated with a cipher_ctx, including the allocated
1020 * read_ctx and write_ctx.
1021 */
1022 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
1023 codec_ctx *ctx = *iCtx;
1024 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_ctx_free: iCtx=%p", iCtx);
1025 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
1026 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
1027 sqlcipher_free(ctx->buffer, ctx->page_sz);
1028
1029 ctx->provider->ctx_free(&ctx->provider_ctx);
1030 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
1031
1032 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
1033 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
1034 sqlcipher_free(ctx, sizeof(codec_ctx));
1035 }
1036
1037 /** convert a 32bit unsigned integer to little endian byte ordering */
1038 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
1039 p[0] = (u8)v;
1040 p[1] = (u8)(v>>8);
1041 p[2] = (u8)(v>>16);
1042 p[3] = (u8)(v>>24);
1043 }
1044
1045 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
1046 unsigned char pgno_raw[sizeof(pgno)];
1047 /* we may convert page number to consistent representation before calculating MAC for
1048 compatibility across big-endian and little-endian platforms.
1049
1050 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
1051 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
1052 backwards compatibility on the most popular platforms, but can optionally be configured
1053 to use either big endian or native byte ordering via pragma. */
1054
1055 if(ctx->flags & CIPHER_FLAG_LE_PGNO) { /* compute hmac using little endian pgno*/
1056 sqlcipher_put4byte_le(pgno_raw, pgno);
1057 } else if(ctx->flags & CIPHER_FLAG_BE_PGNO) { /* compute hmac using big endian pgno */
1058 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1059 } else { /* use native byte ordering */
1060 memcpy(pgno_raw, &pgno, sizeof(pgno));
1061 }
1062
1063 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1064 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1065 valid pages out of order in a database */
1066 return ctx->provider->hmac(
1067 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1068 ctx->key_sz, in,
1069 in_sz, (unsigned char*) &pgno_raw,
1070 sizeof(pgno), out);
1071 }
1072
1073 /*
1074 * ctx - codec context
1075 * pgno - page number in database
1076 * size - size in bytes of input and output buffers
1077 * mode - 1 to encrypt, 0 to decrypt
1078 * in - pointer to input bytes
1079 * out - pouter to output bytes
1080 */
1081 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1082 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1083 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1084 int size;
1085
1086 /* calculate some required positions into various buffers */
1087 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1088 iv_out = out + size;
1089 iv_in = in + size;
1090
1091 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1092 random bytes. note, these pointers are only valid when using hmac */
1093 hmac_in = in + size + ctx->iv_sz;
1094 hmac_out = out + size + ctx->iv_sz;
1095 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1096
1097 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: pgno=%d, mode=%d, size=%d", pgno, mode, size);
1098 CODEC_HEXDUMP("sqlcipher_page_cipher: input page data", in, page_sz);
1099
1100 /* the key size should never be zero. If it is, error out. */
1101 if(ctx->key_sz == 0) {
1102 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: error possible context corruption, key_sz is zero for pgno=%d", pgno);
1103 goto error;
1104 }
1105
1106 if(mode == CIPHER_ENCRYPT) {
1107 /* start at front of the reserve block, write random data to the end */
1108 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1109 } else { /* CIPHER_DECRYPT */
1110 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1111 }
1112
1113 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT) && !ctx->skip_read_hmac) {
1114 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1115 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac operation on decrypt failed for pgno=%d", pgno);
1116 goto error;
1117 }
1118
1119 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: comparing hmac on in=%p out=%p hmac_sz=%d", hmac_in, hmac_out, ctx->hmac_sz);
1120 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1121 if(sqlite3BtreeGetAutoVacuum(ctx->pBt) != BTREE_AUTOVACUUM_NONE && sqlcipher_ismemset(in, 0, page_sz) == 0) {
1122 /* first check if the entire contents of the page is zeros. If so, this page
1123 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1124 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1125 and return SQLITE_OK to skip the decryption step. */
1126 sqlcipher_log(SQLCIPHER_LOG_WARN, "sqlcipher_page_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK", pgno);
1127 sqlcipher_memset(out, 0, page_sz);
1128 return SQLITE_OK;
1129 } else {
1130 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1131 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1132 and return SQLITE_ERROR to the caller */
1133 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR", pgno);
1134 goto error;
1135 }
1136 }
1137 }
1138
1139 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1140 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR", mode, pgno);
1141 goto error;
1142 };
1143
1144 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1145 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1146 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac operation on encrypt failed for pgno=%d", pgno);
1147 goto error;
1148 };
1149 }
1150
1151 CODEC_HEXDUMP("sqlcipher_page_cipher: output page data", out_start, page_sz);
1152
1153 return SQLITE_OK;
1154 error:
1155 sqlcipher_memset(out, 0, page_sz);
1156 return SQLITE_ERROR;
1157 }
1158
1159 /**
1160 * Derive an encryption key for a cipher contex key based on the raw password.
1161 *
1162 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1163 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1164
1165 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1166 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1167 * as the key followed by the salt.
1168 *
1169 * Otherwise, a key data will be derived using PBKDF2
1170 *
1171 * returns SQLITE_OK if initialization was successful
1172 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1173 */
1174 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1175 int rc;
1176 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_key_derive: ctx->kdf_salt_sz=%d ctx->kdf_iter=%d ctx->fast_kdf_iter=%d ctx->key_sz=%d",
1177 ctx->kdf_salt_sz, ctx->kdf_iter, ctx->fast_kdf_iter, ctx->key_sz);
1178
1179 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1180
1181 /* if necessary, initialize the salt from the header or random source */
1182 if(ctx->need_kdf_salt) {
1183 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) {
1184 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_cipher_ctx_key_derive: error %d from sqlcipher_codec_ctx_init_kdf_salt", rc);
1185 return rc;
1186 }
1187 }
1188
1189 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1190 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1191 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1192 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: using raw key from hex");
1193 cipher_hex2bin(z, n, c_ctx->key);
1194 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1195 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1196 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: using raw key from hex");
1197 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1198 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1199 } else {
1200 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations", ctx->kdf_iter);
1201 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1202 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1203 ctx->key_sz, c_ctx->key) != SQLITE_OK) {
1204 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: error occurred from provider kdf generating encryption key");
1205 return SQLITE_ERROR;
1206 }
1207 }
1208
1209 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1210 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) {
1211 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_cipher_ctx_key_derive: error %d from sqlcipher_cipher_ctx_set_keyspec", rc);
1212 return rc;
1213 }
1214
1215 /* if this context is setup to use hmac checks, generate a seperate and different
1216 key for HMAC. In this case, we use the output of the previous KDF as the input to
1217 this KDF run. This ensures a distinct but predictable HMAC key. */
1218 if(ctx->flags & CIPHER_FLAG_HMAC) {
1219 int i;
1220
1221 /* start by copying the kdf key into the hmac salt slot
1222 then XOR it with the fixed hmac salt defined at compile time
1223 this ensures that the salt passed in to derive the hmac key, while
1224 easy to derive and publically known, is not the same as the salt used
1225 to generate the encryption key */
1226 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1227 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1228 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1229 }
1230
1231 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations",
1232 ctx->fast_kdf_iter);
1233
1234
1235 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1236 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1237 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) {
1238 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: error occurred from provider kdf generating HMAC key");
1239 return SQLITE_ERROR;
1240 }
1241 }
1242
1243 c_ctx->derive_key = 0;
1244 return SQLITE_OK;
1245 }
1246 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: key material is not present on the context for key derivation");
1247 return SQLITE_ERROR;
1248 }
1249
1250 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1251 /* derive key on first use if necessary */
1252 if(ctx->read_ctx->derive_key) {
1253 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) {
1254 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred deriving read_ctx key");
1255 return SQLITE_ERROR;
1256 }
1257 }
1258
1259 if(ctx->write_ctx->derive_key) {
1260 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1261 /* the relevant parameters are the same, just copy read key */
1262 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) {
1263 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred copying read_ctx to write_ctx");
1264 return SQLITE_ERROR;
1265 }
1266 } else {
1267 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) {
1268 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred deriving write_ctx key");
1269 return SQLITE_ERROR;
1270 }
1271 }
1272 }
1273
1274 /* TODO: wipe and free passphrase after key derivation */
1275 if(ctx->store_pass != 1) {
1276 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1277 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1278 }
1279
1280 return SQLITE_OK;
1281 }
1282
1283 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1284 if(source == CIPHER_READ_CTX) {
1285 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1286 } else {
1287 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1288 }
1289 }
1290
1291 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1292 return ctx->provider->get_provider_name(ctx->provider_ctx);
1293 }
1294
1295
1296 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1297 int rc;
1298 sqlite3 *db = NULL;
1299 sqlite3_stmt *statement = NULL;
1300 char *query_journal_mode = "PRAGMA journal_mode;";
1301 char *query_user_version = "PRAGMA user_version;";
1302
1303 rc = sqlite3_open(filename, &db);
1304 if(rc != SQLITE_OK) goto cleanup;
1305
1306 rc = sqlite3_key(db, key, key_sz);
1307 if(rc != SQLITE_OK) goto cleanup;
1308
1309 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1310 if(rc != SQLITE_OK) goto cleanup;
1311
1312 /* start by querying the user version.
1313 this will fail if the key is incorrect */
1314 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1315 if(rc != SQLITE_OK) goto cleanup;
1316
1317 rc = sqlite3_step(statement);
1318 if(rc == SQLITE_ROW) {
1319 *user_version = sqlite3_column_int(statement, 0);
1320 } else {
1321 goto cleanup;
1322 }
1323 sqlite3_finalize(statement);
1324
1325 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1326 if(rc != SQLITE_OK) goto cleanup;
1327
1328 rc = sqlite3_step(statement);
1329 if(rc == SQLITE_ROW) {
1330 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1331 } else {
1332 goto cleanup;
1333 }
1334 rc = SQLITE_OK;
1335 /* cleanup will finalize open statement */
1336
1337 cleanup:
1338 if(statement) sqlite3_finalize(statement);
1339 if(db) sqlite3_close(db);
1340 return rc;
1341 }
1342
1343 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1344 Pgno page = 1;
1345 int rc = 0;
1346 char *result;
1347 unsigned char *hmac_out = NULL;
1348 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1349 i64 file_sz;
1350
1351 Vdbe *v = sqlite3GetVdbe(pParse);
1352 sqlite3VdbeSetNumCols(v, 1);
1353 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1354
1355 if(fd == NULL || fd->pMethods == 0) {
1356 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1357 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1358 goto cleanup;
1359 }
1360
1361 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1362 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1363 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1364 goto cleanup;
1365 }
1366
1367 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1368 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1369 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1370 goto cleanup;
1371 }
1372
1373 sqlite3OsFileSize(fd, &file_sz);
1374 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1375
1376 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1377 i64 offset = (page - 1) * ctx->page_sz;
1378 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1379 int read_sz = ctx->page_sz;
1380
1381 /* skip integrity check on PAGER_SJ_PGNO since it will have no valid content */
1382 if(sqlite3pager_is_sj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1383
1384 if(page==1) {
1385 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1386 read_sz = read_sz - page1_offset;
1387 payload_sz = payload_sz - page1_offset;
1388 offset += page1_offset;
1389 }
1390
1391 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1392 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1393 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1394 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d", read_sz, page, offset);
1395 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1396 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1397 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1398 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1399 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1400 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1401 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1402 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1403 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1404 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1405 }
1406 }
1407
1408 if(file_sz % ctx->page_sz != 0) {
1409 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1410 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1411 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1412 }
1413
1414 cleanup:
1415 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1416 return SQLITE_OK;
1417 }
1418
1419 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1420 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1421 Db *pDb = 0;
1422 sqlite3 *db = ctx->pBt->db;
1423 const char *db_filename = sqlite3_db_filename(db, "main");
1424 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1425 Btree *pDest = NULL, *pSrc = NULL;
1426 sqlite3_file *srcfile, *destfile;
1427 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1428 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1429 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1430 #endif
1431 pass_sz = keyspec_sz = rc = user_version = 0;
1432
1433 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1434 goto cleanup; /* exit immediately if this is an in memory database */
1435
1436 /* pull the provided password / key material off the current codec context */
1437 pass_sz = ctx->read_ctx->pass_sz;
1438 pass = sqlcipher_malloc(pass_sz+1);
1439 memset(pass, 0, pass_sz+1);
1440 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1441
1442 /* Version 4 - current, no upgrade required, so exit immediately */
1443 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1444 if(rc == SQLITE_OK){
1445 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "No upgrade required - exiting");
1446 goto cleanup;
1447 }
1448
1449 for(i = 3; i > 0; i--) {
1450 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1451 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1452 if(rc == SQLITE_OK) {
1453 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "Version %d format found", i);
1454 goto migrate;
1455 }
1456 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1457 pragma_compat = NULL;
1458 }
1459
1460 /* if we exit the loop normally we failed to determine the version, this is an error */
1461 sqlcipher_log(SQLCIPHER_LOG_ERROR, "Upgrade format not determined");
1462 goto handle_error;
1463
1464 migrate:
1465
1466 temp = sqlite3_mprintf("%s-migrated", db_filename);
1467 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1468 * to determine whether the filename was URI formatted */
1469 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1470 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1471 sqlcipher_free(temp, sqlite3Strlen30(temp));
1472
1473 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1474 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1475
1476 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1477 if(rc != SQLITE_OK){
1478 sqlcipher_log(SQLCIPHER_LOG_ERROR, "set compatibility mode failed, error code %d", rc);
1479 goto handle_error;
1480 }
1481
1482 /* force journal mode to DELETE, we will set it back later if different */
1483 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1484 if(rc != SQLITE_OK){
1485 sqlcipher_log(SQLCIPHER_LOG_ERROR, "force journal mode DELETE failed, error code %d", rc);
1486 goto handle_error;
1487 }
1488
1489 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1490 if(rc != SQLITE_OK){
1491 sqlcipher_log(SQLCIPHER_LOG_ERROR, "attach failed, error code %d", rc);
1492 goto handle_error;
1493 }
1494
1495 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1496 if(rc != SQLITE_OK){
1497 sqlcipher_log(SQLCIPHER_LOG_ERROR, "keying attached database failed, error code %d", rc);
1498 goto handle_error;
1499 }
1500
1501 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1502 if(rc != SQLITE_OK){
1503 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_export failed, error code %d", rc);
1504 goto handle_error;
1505 }
1506
1507 #ifdef SQLCIPHER_TEST
1508 if((sqlcipher_get_test_flags() & TEST_FAIL_MIGRATE) > 0) {
1509 rc = SQLITE_ERROR;
1510 sqlcipher_log(SQLCIPHER_LOG_ERROR, "simulated migrate failure, error code %d", rc);
1511 goto handle_error;
1512 }
1513 #endif
1514
1515 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1516 if(rc != SQLITE_OK){
1517 sqlcipher_log(SQLCIPHER_LOG_ERROR, "set user version failed, error code %d", rc);
1518 goto handle_error;
1519 }
1520
1521 if( !db->autoCommit ){
1522 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cannot migrate from within a transaction");
1523 goto handle_error;
1524 }
1525 if( db->nVdbeActive>1 ){
1526 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cannot migrate - SQL statements in progress");
1527 goto handle_error;
1528 }
1529
1530 pDest = db->aDb[0].pBt;
1531 pDb = &(db->aDb[db->nDb-1]);
1532 pSrc = pDb->pBt;
1533
1534 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1535 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1536 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1537 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1538 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "set btree page size to %d res %d rc %d", default_page_size, nRes, rc);
1539 if( rc!=SQLITE_OK ) goto handle_error;
1540
1541 sqlcipherCodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1542 sqlcipherCodecAttach(db, 0, keyspec, keyspec_sz);
1543
1544 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1545 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1546
1547 sqlite3OsClose(srcfile);
1548 sqlite3OsClose(destfile);
1549
1550 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1551 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "performing windows MoveFileExA");
1552
1553 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1554 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1555 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1556
1557 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1558 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1559 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1560
1561 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1562 rc = SQLITE_ERROR;
1563 sqlcipher_log(SQLCIPHER_LOG_ERROR, "error occurred while renaming %d", rc);
1564 goto handle_error;
1565 }
1566 #else
1567 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "performing POSIX rename");
1568 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1569 sqlcipher_log(SQLCIPHER_LOG_ERROR, "error occurred while renaming %d", rc);
1570 goto handle_error;
1571 }
1572 #endif
1573 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "renamed migration database %s to main database %s: %d", migrated_db_filename, db_filename, rc);
1574
1575 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1576 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reopened migration database: %d", rc);
1577 if( rc!=SQLITE_OK ) goto handle_error;
1578
1579 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1580 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reopened main database: %d", rc);
1581 if( rc!=SQLITE_OK ) goto handle_error;
1582
1583 sqlite3pager_reset(pDest->pBt->pPager);
1584 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reset pager");
1585
1586 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1587 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "DETACH DATABASE called %d", rc);
1588 if(rc != SQLITE_OK) goto cleanup;
1589
1590 sqlite3ResetAllSchemasOfConnection(db);
1591 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reset all schemas");
1592
1593 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1594 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1595 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "%s: %d", set_journal_mode, rc);
1596 if( rc!=SQLITE_OK ) goto handle_error;
1597
1598 goto cleanup;
1599
1600 handle_error:
1601 sqlcipher_log(SQLCIPHER_LOG_ERROR, "An error occurred attempting to migrate the database - last error %d", rc);
1602
1603 cleanup:
1604 if(migrated_db_filename) {
1605 int del_rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1606 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "deleted migration database: %d", del_rc);
1607 }
1608
1609 if(pass) sqlcipher_free(pass, pass_sz);
1610 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1611 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1612 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1613 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1614 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1615 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1616 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1617 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1618 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1619 #endif
1620 return rc;
1621 }
1622
1623 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1624 const char *suffix = &zRight[random_sz-1];
1625 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1626 if (n > 0 &&
1627 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1628 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1629 n % 2 == 0) {
1630 int rc = 0;
1631 int buffer_sz = n / 2;
1632 unsigned char *random;
1633 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1634 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_add_random: using raw random blob from hex");
1635 random = sqlcipher_malloc(buffer_sz);
1636 memset(random, 0, buffer_sz);
1637 cipher_hex2bin(z, n, random);
1638 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1639 sqlcipher_free(random, buffer_sz);
1640 return rc;
1641 }
1642 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_add_random: attemt to add random with invalid format");
1643 return SQLITE_ERROR;
1644 }
1645
1646 #if !defined(SQLITE_OMIT_TRACE)
1647 static int sqlcipher_profile_callback(unsigned int trace, void *file, void *stmt, void *run_time){
1648 FILE *f = (FILE*) file;
1649 char *fmt = "Elapsed time:%.3f ms - %s\n";
1650 double elapsed = (*((sqlite3_uint64*)run_time))/1000000.0;
1651 #ifdef __ANDROID__
1652 if(f == NULL) {
1653 __android_log_print(ANDROID_LOG_DEBUG, "sqlcipher", fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1654 }
1655 #endif
1656 if(f) fprintf(f, fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1657 return SQLITE_OK;
1658 }
1659 #endif
1660
1661 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1662 #if defined(SQLITE_OMIT_TRACE)
1663 return SQLITE_ERROR;
1664 #else
1665 FILE *f = NULL;
1666 if(sqlite3_stricmp(destination, "off") == 0){
1667 sqlite3_trace_v2(db, 0, NULL, NULL); /* disable tracing */
1668 } else {
1669 if(sqlite3_stricmp(destination, "stdout") == 0){
1670 f = stdout;
1671 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1672 f = stderr;
1673 }else if(sqlite3_stricmp(destination, "logcat") == 0){
1674 f = NULL; /* file pointer will be NULL indicating logcat on android */
1675 }else{
1676 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1677 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1678 #else
1679 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1680 #endif
1681 }
1682 sqlite3_trace_v2(db, SQLITE_TRACE_PROFILE, sqlcipher_profile_callback, f);
1683 }
1684 return SQLITE_OK;
1685 #endif
1686 }
1687
1688 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1689 return ctx->provider->fips_status(ctx->provider_ctx);
1690 }
1691
1692 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1693 return ctx->provider->get_provider_version(ctx->provider_ctx);
1694 }
1695
1696 #ifndef SQLCIPHER_OMIT_LOG
1697 /* constants from https://github.com/Alexpux/mingw-w64/blob/master/mingw-w64-crt/misc/gettimeofday.c */
1698 #define FILETIME_1970 116444736000000000ull /* seconds between 1/1/1601 and 1/1/1970 */
1699 #define HECTONANOSEC_PER_SEC 10000000ull
1700 void sqlcipher_log(unsigned int level, const char *message, ...) {
1701 va_list params;
1702 va_start(params, message);
1703
1704 #ifdef CODEC_DEBUG
1705 #ifdef __ANDROID__
1706 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1707 #else
1708 vfprintf(stderr, message, params);
1709 fprintf(stderr, "\n");
1710 #endif
1711 #endif
1712
1713 if(level > sqlcipher_log_level || (sqlcipher_log_logcat == 0 && sqlcipher_log_file == NULL)) {
1714 /* no log target or tag not in included filters */
1715 goto end;
1716 }
1717 if(sqlcipher_log_file != NULL){
1718 char buffer[24];
1719 struct tm tt;
1720 int ms;
1721 time_t sec;
1722 #ifdef _WIN32
1723 SYSTEMTIME st;
1724 FILETIME ft;
1725 GetSystemTime(&st);
1726 SystemTimeToFileTime(&st, &ft);
1727 sec = (time_t) ((*((sqlite_int64*)&ft) - FILETIME_1970) / HECTONANOSEC_PER_SEC);
1728 ms = st.wMilliseconds;
1729 localtime_s(&tt, &sec);
1730 #else
1731 struct timeval tv;
1732 gettimeofday(&tv, NULL);
1733 sec = tv.tv_sec;
1734 ms = tv.tv_usec/1000.0;
1735 localtime_r(&sec, &tt);
1736 #endif
1737 if(strftime(buffer, sizeof(buffer), "%Y-%m-%d %H:%M:%S", &tt)) {
1738 fprintf((FILE*)sqlcipher_log_file, "%s.%03d: ", buffer, ms);
1739 vfprintf((FILE*)sqlcipher_log_file, message, params);
1740 fprintf((FILE*)sqlcipher_log_file, "\n");
1741 }
1742 }
1743 #ifdef __ANDROID__
1744 if(sqlcipher_log_logcat) {
1745 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1746 }
1747 #endif
1748 end:
1749 va_end(params);
1750 }
1751 #endif
1752
1753 void sqlcipher_set_log_level(unsigned int level) {
1754 sqlcipher_log_level = level;
1755 }
1756
1757 int sqlcipher_set_log(const char *destination){
1758 #ifdef SQLCIPHER_OMIT_LOG
1759 return SQLITE_ERROR;
1760 #else
1761 /* close open trace file if it is not stdout or stderr, then
1762 reset trace settings */
1763 if(sqlcipher_log_file != NULL && sqlcipher_log_file != stdout && sqlcipher_log_file != stderr) {
1764 fclose((FILE*)sqlcipher_log_file);
1765 }
1766 sqlcipher_log_file = NULL;
1767 sqlcipher_log_logcat = 0;
1768
1769 if(sqlite3_stricmp(destination, "logcat") == 0){
1770 sqlcipher_log_logcat = 1;
1771 } else if(sqlite3_stricmp(destination, "stdout") == 0){
1772 sqlcipher_log_file = stdout;
1773 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1774 sqlcipher_log_file = stderr;
1775 }else if(sqlite3_stricmp(destination, "off") != 0){
1776 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1777 if(fopen_s(&sqlcipher_log_file, destination, "a") != 0) return SQLITE_ERROR;
1778 #else
1779 if((sqlcipher_log_file = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1780 #endif
1781 }
1782 sqlcipher_log(SQLCIPHER_LOG_INFO, "sqlcipher_set_log: set log to %s", destination);
1783 return SQLITE_OK;
1784 #endif
1785 }
1786
1787 #endif
1788 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.