search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update tags for podspec
[sqlcipher.git] / src / crypto.c
blob5dcda8492eddf1b99d879ac23f12685e101e1f70
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include <assert.h>
35 #include "sqlcipher.h"
36 #include "crypto.h"
37
38 #ifdef SQLCIPHER_EXT
39 #include "sqlcipher_ext.h"
40 #endif
41
42 void sqlcipher_vdbe_return_string(Parse *pParse, const char *zLabel, const char *value, int value_type){
43 Vdbe *v = sqlite3GetVdbe(pParse);
44 sqlite3VdbeSetNumCols(v, 1);
45 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, zLabel, SQLITE_STATIC);
46 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, value, value_type);
47 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
48 }
49
50 static int codec_set_btree_to_codec_pagesize(sqlite3 *db, Db *pDb, codec_ctx *ctx) {
51 int rc, page_sz, reserve_sz;
52
53 page_sz = sqlcipher_codec_ctx_get_pagesize(ctx);
54 reserve_sz = sqlcipher_codec_ctx_get_reservesize(ctx);
55
56 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_set_btree_to_codec_pagesize: sqlite3BtreeSetPageSize() size=%d reserve=%d", page_sz, reserve_sz);
57
58 sqlcipher_log(SQLCIPHER_LOG_TRACE, "codec_set_btree_to_codec_pagesize: entering database mutex %p", db->mutex);
59 sqlite3_mutex_enter(db->mutex);
60 sqlcipher_log(SQLCIPHER_LOG_TRACE, "codec_set_btree_to_codec_pagesize: entered database mutex %p", db->mutex);
61 db->nextPagesize = page_sz;
62
63 /* before forcing the page size we need to unset the BTS_PAGESIZE_FIXED flag, else
64 sqliteBtreeSetPageSize will block the change */
65 pDb->pBt->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
66 rc = sqlite3BtreeSetPageSize(pDb->pBt, page_sz, reserve_sz, 0);
67
68 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_set_btree_to_codec_pagesize: sqlite3BtreeSetPageSize returned %d", rc);
69
70 sqlcipher_log(SQLCIPHER_LOG_TRACE, "codec_set_btree_to_codec_pagesize: leaving database mutex %p", db->mutex);
71 sqlite3_mutex_leave(db->mutex);
72 sqlcipher_log(SQLCIPHER_LOG_TRACE, "codec_set_btree_to_codec_pagesize: left database mutex %p", db->mutex);
73
74 return rc;
75 }
76
77 static int codec_set_pass_key(sqlite3* db, int nDb, const void *zKey, int nKey, int for_ctx) {
78 struct Db *pDb = &db->aDb[nDb];
79 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_set_pass_key: db=%p nDb=%d for_ctx=%d", db, nDb, for_ctx);
80 if(pDb->pBt) {
81 codec_ctx *ctx = (codec_ctx*) sqlcipherPagerGetCodec(pDb->pBt->pBt->pPager);
82
83 if(ctx) {
84 return sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, for_ctx);
85 } else {
86 sqlcipher_log(SQLCIPHER_LOG_ERROR, "codec_set_pass_key: error ocurred fetching codec from pager on db %d", nDb);
87 return SQLITE_ERROR;
88 }
89 }
90 sqlcipher_log(SQLCIPHER_LOG_ERROR, "codec_set_pass_key: no btree present on db %d", nDb);
91 return SQLITE_ERROR;
92 }
93
94 int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLeft, const char *zRight) {
95 struct Db *pDb = &db->aDb[iDb];
96 codec_ctx *ctx = NULL;
97 int rc;
98
99 if(pDb->pBt) {
100 ctx = (codec_ctx*) sqlcipherPagerGetCodec(pDb->pBt->pBt->pPager);
101 }
102
103 if(sqlite3_stricmp(zLeft, "key") !=0 && sqlite3_stricmp(zLeft, "rekey") != 0) {
104 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_pragma: db=%p iDb=%d pParse=%p zLeft=%s zRight=%s ctx=%p", db, iDb, pParse, zLeft, zRight, ctx);
105 }
106
107 #ifdef SQLCIPHER_EXT
108 if(sqlcipher_ext_pragma(db, iDb, pParse, zLeft, zRight)) {
109 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_pragma: PRAGMA handled by sqlcipher_ext_pragma");
110 } else
111 #endif
112 #ifdef SQLCIPHER_TEST
113 if( sqlite3_stricmp(zLeft,"cipher_test_on")==0 ){
114 if( zRight ) {
115 unsigned int flags = sqlcipher_get_test_flags();
116 if(sqlite3_stricmp(zRight, "fail_encrypt")==0) {
117 flags |= TEST_FAIL_ENCRYPT;
118 } else
119 if(sqlite3_stricmp(zRight, "fail_decrypt")==0) {
120 flags |= TEST_FAIL_DECRYPT;
121 } else
122 if(sqlite3_stricmp(zRight, "fail_migrate")==0) {
123 flags |= TEST_FAIL_MIGRATE;
124 }
125 sqlcipher_set_test_flags(flags);
126 }
127 } else
128 if( sqlite3_stricmp(zLeft,"cipher_test_off")==0 ){
129 if( zRight ) {
130 unsigned int flags = sqlcipher_get_test_flags();
131 if(sqlite3_stricmp(zRight, "fail_encrypt")==0) {
132 flags &= ~TEST_FAIL_ENCRYPT;
133 } else
134 if(sqlite3_stricmp(zRight, "fail_decrypt")==0) {
135 flags &= ~TEST_FAIL_DECRYPT;
136 } else
137 if(sqlite3_stricmp(zRight, "fail_migrate")==0) {
138 flags &= ~TEST_FAIL_MIGRATE;
139 }
140 sqlcipher_set_test_flags(flags);
141 }
142 } else
143 if( sqlite3_stricmp(zLeft,"cipher_test")==0 ){
144 char *flags = sqlite3_mprintf("%u", sqlcipher_get_test_flags());
145 sqlcipher_vdbe_return_string(pParse, "cipher_test", flags, P4_DYNAMIC);
146 }else
147 if( sqlite3_stricmp(zLeft,"cipher_test_rand")==0 ){
148 if( zRight ) {
149 int rand = atoi(zRight);
150 sqlcipher_set_test_rand(rand);
151 } else {
152 char *rand = sqlite3_mprintf("%d", sqlcipher_get_test_rand());
153 sqlcipher_vdbe_return_string(pParse, "cipher_test_rand", rand, P4_DYNAMIC);
154 }
155 } else
156 #endif
157 if( sqlite3_stricmp(zLeft, "cipher_fips_status")== 0 && !zRight ){
158 if(ctx) {
159 char *fips_mode_status = sqlite3_mprintf("%d", sqlcipher_codec_fips_status(ctx));
160 sqlcipher_vdbe_return_string(pParse, "cipher_fips_status", fips_mode_status, P4_DYNAMIC);
161 }
162 } else
163 if( sqlite3_stricmp(zLeft, "cipher_store_pass")==0 && zRight ) {
164 if(ctx) {
165 char *deprecation = "PRAGMA cipher_store_pass is deprecated, please remove from use";
166 sqlcipher_codec_set_store_pass(ctx, sqlite3GetBoolean(zRight, 1));
167 sqlcipher_vdbe_return_string(pParse, "cipher_store_pass", deprecation, P4_TRANSIENT);
168 sqlite3_log(SQLITE_WARNING, deprecation);
169 }
170 } else
171 if( sqlite3_stricmp(zLeft, "cipher_store_pass")==0 && !zRight ) {
172 if(ctx){
173 char *store_pass_value = sqlite3_mprintf("%d", sqlcipher_codec_get_store_pass(ctx));
174 sqlcipher_vdbe_return_string(pParse, "cipher_store_pass", store_pass_value, P4_DYNAMIC);
175 }
176 }
177 if( sqlite3_stricmp(zLeft, "cipher_profile")== 0 && zRight ){
178 char *profile_status = sqlite3_mprintf("%d", sqlcipher_cipher_profile(db, zRight));
179 sqlcipher_vdbe_return_string(pParse, "cipher_profile", profile_status, P4_DYNAMIC);
180 } else
181 if( sqlite3_stricmp(zLeft, "cipher_add_random")==0 && zRight ){
182 if(ctx) {
183 char *add_random_status = sqlite3_mprintf("%d", sqlcipher_codec_add_random(ctx, zRight, sqlite3Strlen30(zRight)));
184 sqlcipher_vdbe_return_string(pParse, "cipher_add_random", add_random_status, P4_DYNAMIC);
185 }
186 } else
187 if( sqlite3_stricmp(zLeft, "cipher_migrate")==0 && !zRight ){
188 if(ctx){
189 int status = sqlcipher_codec_ctx_migrate(ctx);
190 char *migrate_status = sqlite3_mprintf("%d", status);
191 sqlcipher_vdbe_return_string(pParse, "cipher_migrate", migrate_status, P4_DYNAMIC);
192 if(status != SQLITE_OK) {
193 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_pragma: error occurred during cipher_migrate: %d", status);
194 sqlcipher_codec_ctx_set_error(ctx, status);
195 }
196 }
197 } else
198 if( sqlite3_stricmp(zLeft, "cipher_provider")==0 && !zRight ){
199 if(ctx) { sqlcipher_vdbe_return_string(pParse, "cipher_provider",
200 sqlcipher_codec_get_cipher_provider(ctx), P4_TRANSIENT);
201 }
202 } else
203 if( sqlite3_stricmp(zLeft, "cipher_provider_version")==0 && !zRight){
204 if(ctx) { sqlcipher_vdbe_return_string(pParse, "cipher_provider_version",
205 sqlcipher_codec_get_provider_version(ctx), P4_TRANSIENT);
206 }
207 } else
208 if( sqlite3_stricmp(zLeft, "cipher_version")==0 && !zRight ){
209 sqlcipher_vdbe_return_string(pParse, "cipher_version", sqlcipher_version(), P4_DYNAMIC);
210 }else
211 if( sqlite3_stricmp(zLeft, "cipher")==0 ){
212 if(ctx) {
213 if( zRight ) {
214 const char* message = "PRAGMA cipher is no longer supported.";
215 sqlcipher_vdbe_return_string(pParse, "cipher", message, P4_TRANSIENT);
216 sqlite3_log(SQLITE_WARNING, message);
217 }else {
218 sqlcipher_vdbe_return_string(pParse, "cipher", sqlcipher_codec_ctx_get_cipher(ctx), P4_TRANSIENT);
219 }
220 }
221 }else
222 if( sqlite3_stricmp(zLeft, "rekey_cipher")==0 && zRight ){
223 const char* message = "PRAGMA rekey_cipher is no longer supported.";
224 sqlcipher_vdbe_return_string(pParse, "rekey_cipher", message, P4_TRANSIENT);
225 sqlite3_log(SQLITE_WARNING, message);
226 }else
227 if( sqlite3_stricmp(zLeft,"cipher_default_kdf_iter")==0 ){
228 if( zRight ) {
229 sqlcipher_set_default_kdf_iter(atoi(zRight)); /* change default KDF iterations */
230 } else {
231 char *kdf_iter = sqlite3_mprintf("%d", sqlcipher_get_default_kdf_iter());
232 sqlcipher_vdbe_return_string(pParse, "cipher_default_kdf_iter", kdf_iter, P4_DYNAMIC);
233 }
234 }else
235 if( sqlite3_stricmp(zLeft, "kdf_iter")==0 ){
236 if(ctx) {
237 if( zRight ) {
238 sqlcipher_codec_ctx_set_kdf_iter(ctx, atoi(zRight)); /* change of RW PBKDF2 iteration */
239 } else {
240 char *kdf_iter = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_kdf_iter(ctx));
241 sqlcipher_vdbe_return_string(pParse, "kdf_iter", kdf_iter, P4_DYNAMIC);
242 }
243 }
244 }else
245 if( sqlite3_stricmp(zLeft, "fast_kdf_iter")==0){
246 if(ctx) {
247 if( zRight ) {
248 char *deprecation = "PRAGMA fast_kdf_iter is deprecated, please remove from use";
249 sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, atoi(zRight)); /* change of RW PBKDF2 iteration */
250 sqlcipher_vdbe_return_string(pParse, "fast_kdf_iter", deprecation, P4_TRANSIENT);
251 sqlite3_log(SQLITE_WARNING, deprecation);
252 } else {
253 char *fast_kdf_iter = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_fast_kdf_iter(ctx));
254 sqlcipher_vdbe_return_string(pParse, "fast_kdf_iter", fast_kdf_iter, P4_DYNAMIC);
255 }
256 }
257 }else
258 if( sqlite3_stricmp(zLeft, "rekey_kdf_iter")==0 && zRight ){
259 const char* message = "PRAGMA rekey_kdf_iter is no longer supported.";
260 sqlcipher_vdbe_return_string(pParse, "rekey_kdf_iter", message, P4_TRANSIENT);
261 sqlite3_log(SQLITE_WARNING, message);
262 }else
263 if( sqlite3_stricmp(zLeft,"cipher_page_size")==0 ){
264 if(ctx) {
265 if( zRight ) {
266 int size = atoi(zRight);
267 rc = sqlcipher_codec_ctx_set_pagesize(ctx, size);
268 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
269 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
270 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
271 } else {
272 char * page_size = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_pagesize(ctx));
273 sqlcipher_vdbe_return_string(pParse, "cipher_page_size", page_size, P4_DYNAMIC);
274 }
275 }
276 }else
277 if( sqlite3_stricmp(zLeft,"cipher_default_page_size")==0 ){
278 if( zRight ) {
279 sqlcipher_set_default_pagesize(atoi(zRight));
280 } else {
281 char *default_page_size = sqlite3_mprintf("%d", sqlcipher_get_default_pagesize());
282 sqlcipher_vdbe_return_string(pParse, "cipher_default_page_size", default_page_size, P4_DYNAMIC);
283 }
284 }else
285 if( sqlite3_stricmp(zLeft,"cipher_default_use_hmac")==0 ){
286 if( zRight ) {
287 sqlcipher_set_default_use_hmac(sqlite3GetBoolean(zRight,1));
288 } else {
289 char *default_use_hmac = sqlite3_mprintf("%d", sqlcipher_get_default_use_hmac());
290 sqlcipher_vdbe_return_string(pParse, "cipher_default_use_hmac", default_use_hmac, P4_DYNAMIC);
291 }
292 }else
293 if( sqlite3_stricmp(zLeft,"cipher_use_hmac")==0 ){
294 if(ctx) {
295 if( zRight ) {
296 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, sqlite3GetBoolean(zRight,1));
297 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
298 /* since the use of hmac has changed, the page size may also change */
299 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
300 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
301 } else {
302 char *hmac_flag = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_use_hmac(ctx));
303 sqlcipher_vdbe_return_string(pParse, "cipher_use_hmac", hmac_flag, P4_DYNAMIC);
304 }
305 }
306 }else
307 if( sqlite3_stricmp(zLeft,"cipher_hmac_pgno")==0 ){
308 if(ctx) {
309 if(zRight) {
310 char *deprecation = "PRAGMA cipher_hmac_pgno is deprecated, please remove from use";
311 /* clear both pgno endian flags */
312 if(sqlite3_stricmp(zRight, "le") == 0) {
313 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_BE_PGNO);
314 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_LE_PGNO);
315 } else if(sqlite3_stricmp(zRight, "be") == 0) {
316 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_LE_PGNO);
317 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_BE_PGNO);
318 } else if(sqlite3_stricmp(zRight, "native") == 0) {
319 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_LE_PGNO);
320 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_BE_PGNO);
321 }
322 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_pgno", deprecation, P4_TRANSIENT);
323 sqlite3_log(SQLITE_WARNING, deprecation);
324
325 } else {
326 if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_LE_PGNO)) {
327 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_pgno", "le", P4_TRANSIENT);
328 } else if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_BE_PGNO)) {
329 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_pgno", "be", P4_TRANSIENT);
330 } else {
331 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_pgno", "native", P4_TRANSIENT);
332 }
333 }
334 }
335 }else
336 if( sqlite3_stricmp(zLeft,"cipher_hmac_salt_mask")==0 ){
337 if(ctx) {
338 if(zRight) {
339 char *deprecation = "PRAGMA cipher_hmac_salt_mask is deprecated, please remove from use";
340 if (sqlite3StrNICmp(zRight ,"x'", 2) == 0 && sqlite3Strlen30(zRight) == 5) {
341 unsigned char mask = 0;
342 const unsigned char *hex = (const unsigned char *)zRight+2;
343 cipher_hex2bin(hex,2,&mask);
344 sqlcipher_set_hmac_salt_mask(mask);
345 }
346 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_salt_mask", deprecation, P4_TRANSIENT);
347 sqlite3_log(SQLITE_WARNING, deprecation);
348 } else {
349 char *hmac_salt_mask = sqlite3_mprintf("%02x", sqlcipher_get_hmac_salt_mask());
350 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_salt_mask", hmac_salt_mask, P4_DYNAMIC);
351 }
352 }
353 }else
354 if( sqlite3_stricmp(zLeft,"cipher_plaintext_header_size")==0 ){
355 if(ctx) {
356 if( zRight ) {
357 int size = atoi(zRight);
358 /* deliberately ignore result code, if size is invalid it will be set to -1
359 and trip the error later in the codec */
360 sqlcipher_codec_ctx_set_plaintext_header_size(ctx, size);
361 } else {
362 char *size = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_plaintext_header_size(ctx));
363 sqlcipher_vdbe_return_string(pParse, "cipher_plaintext_header_size", size, P4_DYNAMIC);
364 }
365 }
366 }else
367 if( sqlite3_stricmp(zLeft,"cipher_default_plaintext_header_size")==0 ){
368 if( zRight ) {
369 sqlcipher_set_default_plaintext_header_size(atoi(zRight));
370 } else {
371 char *size = sqlite3_mprintf("%d", sqlcipher_get_default_plaintext_header_size());
372 sqlcipher_vdbe_return_string(pParse, "cipher_default_plaintext_header_size", size, P4_DYNAMIC);
373 }
374 }else
375 if( sqlite3_stricmp(zLeft,"cipher_salt")==0 ){
376 if(ctx) {
377 if(zRight) {
378 if (sqlite3StrNICmp(zRight ,"x'", 2) == 0 && sqlite3Strlen30(zRight) == (FILE_HEADER_SZ*2)+3) {
379 unsigned char *salt = (unsigned char*) sqlite3_malloc(FILE_HEADER_SZ);
380 const unsigned char *hex = (const unsigned char *)zRight+2;
381 cipher_hex2bin(hex,FILE_HEADER_SZ*2,salt);
382 sqlcipher_codec_ctx_set_kdf_salt(ctx, salt, FILE_HEADER_SZ);
383 sqlite3_free(salt);
384 }
385 } else {
386 void *salt;
387 char *hexsalt = (char*) sqlite3_malloc((FILE_HEADER_SZ*2)+1);
388 if((rc = sqlcipher_codec_ctx_get_kdf_salt(ctx, &salt)) == SQLITE_OK) {
389 cipher_bin2hex(salt, FILE_HEADER_SZ, hexsalt);
390 sqlcipher_vdbe_return_string(pParse, "cipher_salt", hexsalt, P4_DYNAMIC);
391 } else {
392 sqlite3_free(hexsalt);
393 sqlcipher_codec_ctx_set_error(ctx, rc);
394 }
395 }
396 }
397 }else
398 if( sqlite3_stricmp(zLeft,"cipher_hmac_algorithm")==0 ){
399 if(ctx) {
400 if(zRight) {
401 rc = SQLITE_ERROR;
402 if(sqlite3_stricmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) {
403 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
404 } else if(sqlite3_stricmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) {
405 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA256);
406 } else if(sqlite3_stricmp(zRight, SQLCIPHER_HMAC_SHA512_LABEL) == 0) {
407 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA512);
408 }
409 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
410 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
411 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
412 } else {
413 int algorithm = sqlcipher_codec_ctx_get_hmac_algorithm(ctx);
414 if(algorithm == SQLCIPHER_HMAC_SHA1) {
415 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL, P4_TRANSIENT);
416 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
417 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL, P4_TRANSIENT);
418 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
419 sqlcipher_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL, P4_TRANSIENT);
420 }
421 }
422 }
423 }else
424 if( sqlite3_stricmp(zLeft,"cipher_default_hmac_algorithm")==0 ){
425 if(zRight) {
426 rc = SQLITE_ERROR;
427 if(sqlite3_stricmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) {
428 rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
429 } else if(sqlite3_stricmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) {
430 rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA256);
431 } else if(sqlite3_stricmp(zRight, SQLCIPHER_HMAC_SHA512_LABEL) == 0) {
432 rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA512);
433 }
434 } else {
435 int algorithm = sqlcipher_get_default_hmac_algorithm();
436 if(algorithm == SQLCIPHER_HMAC_SHA1) {
437 sqlcipher_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL, P4_TRANSIENT);
438 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
439 sqlcipher_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL, P4_TRANSIENT);
440 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
441 sqlcipher_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL, P4_TRANSIENT);
442 }
443 }
444 }else
445 if( sqlite3_stricmp(zLeft,"cipher_kdf_algorithm")==0 ){
446 if(ctx) {
447 if(zRight) {
448 rc = SQLITE_ERROR;
449 if(sqlite3_stricmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) {
450 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
451 } else if(sqlite3_stricmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) {
452 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA256);
453 } else if(sqlite3_stricmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL) == 0) {
454 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA512);
455 }
456 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
457 } else {
458 int algorithm = sqlcipher_codec_ctx_get_kdf_algorithm(ctx);
459 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
460 sqlcipher_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL, P4_TRANSIENT);
461 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
462 sqlcipher_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL, P4_TRANSIENT);
463 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
464 sqlcipher_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL, P4_TRANSIENT);
465 }
466 }
467 }
468 }else
469 if( sqlite3_stricmp(zLeft,"cipher_default_kdf_algorithm")==0 ){
470 if(zRight) {
471 rc = SQLITE_ERROR;
472 if(sqlite3_stricmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) {
473 rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
474 } else if(sqlite3_stricmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) {
475 rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA256);
476 } else if(sqlite3_stricmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL) == 0) {
477 rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA512);
478 }
479 } else {
480 int algorithm = sqlcipher_get_default_kdf_algorithm();
481 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
482 sqlcipher_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL, P4_TRANSIENT);
483 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
484 sqlcipher_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL, P4_TRANSIENT);
485 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
486 sqlcipher_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL, P4_TRANSIENT);
487 }
488 }
489 }else
490 if( sqlite3_stricmp(zLeft,"cipher_compatibility")==0 ){
491 if(ctx) {
492 if(zRight) {
493 int version = atoi(zRight);
494
495 switch(version) {
496 case 1:
497 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 1024);
498 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
499 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
500 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
501 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
502 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
503 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 4000);
504 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
505 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 0);
506 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
507 break;
508
509 case 2:
510 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 1024);
511 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
512 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
513 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
514 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
515 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
516 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 4000);
517 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
518 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 1);
519 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
520 break;
521
522 case 3:
523 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 1024);
524 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
525 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
526 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
527 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
528 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
529 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 64000);
530 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
531 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 1);
532 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
533 break;
534
535 default:
536 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 4096);
537 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
538 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA512);
539 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
540 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA512);
541 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
542 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 256000);
543 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
544 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 1);
545 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
546 break;
547 }
548
549 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
550 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
551 }
552 }
553 }else
554 if( sqlite3_stricmp(zLeft,"cipher_default_compatibility")==0 ){
555 if(zRight) {
556 int version = atoi(zRight);
557 switch(version) {
558 case 1:
559 sqlcipher_set_default_pagesize(1024);
560 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
561 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
562 sqlcipher_set_default_kdf_iter(4000);
563 sqlcipher_set_default_use_hmac(0);
564 break;
565
566 case 2:
567 sqlcipher_set_default_pagesize(1024);
568 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
569 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
570 sqlcipher_set_default_kdf_iter(4000);
571 sqlcipher_set_default_use_hmac(1);
572 break;
573
574 case 3:
575 sqlcipher_set_default_pagesize(1024);
576 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
577 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
578 sqlcipher_set_default_kdf_iter(64000);
579 sqlcipher_set_default_use_hmac(1);
580 break;
581
582 default:
583 sqlcipher_set_default_pagesize(4096);
584 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA512);
585 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA512);
586 sqlcipher_set_default_kdf_iter(256000);
587 sqlcipher_set_default_use_hmac(1);
588 break;
589 }
590 }
591 }else
592 if( sqlite3_stricmp(zLeft,"cipher_memory_security")==0 ){
593 if( zRight ) {
594 sqlcipher_set_mem_security(sqlite3GetBoolean(zRight,1));
595 } else {
596 char *on = sqlite3_mprintf("%d", sqlcipher_get_mem_security());
597 sqlcipher_vdbe_return_string(pParse, "cipher_memory_security", on, P4_DYNAMIC);
598 }
599 }else
600 if( sqlite3_stricmp(zLeft,"cipher_settings")==0 ){
601 if(ctx) {
602 int algorithm;
603 char *pragma;
604
605 pragma = sqlite3_mprintf("PRAGMA kdf_iter = %d;", sqlcipher_codec_ctx_get_kdf_iter(ctx));
606 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
607
608 pragma = sqlite3_mprintf("PRAGMA cipher_page_size = %d;", sqlcipher_codec_ctx_get_pagesize(ctx));
609 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
610
611 pragma = sqlite3_mprintf("PRAGMA cipher_use_hmac = %d;", sqlcipher_codec_ctx_get_use_hmac(ctx));
612 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
613
614 pragma = sqlite3_mprintf("PRAGMA cipher_plaintext_header_size = %d;", sqlcipher_codec_ctx_get_plaintext_header_size(ctx));
615 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
616
617 algorithm = sqlcipher_codec_ctx_get_hmac_algorithm(ctx);
618 pragma = NULL;
619 if(algorithm == SQLCIPHER_HMAC_SHA1) {
620 pragma = sqlite3_mprintf("PRAGMA cipher_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA1_LABEL);
621 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
622 pragma = sqlite3_mprintf("PRAGMA cipher_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA256_LABEL);
623 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
624 pragma = sqlite3_mprintf("PRAGMA cipher_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA512_LABEL);
625 }
626 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
627
628 algorithm = sqlcipher_codec_ctx_get_kdf_algorithm(ctx);
629 pragma = NULL;
630 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
631 pragma = sqlite3_mprintf("PRAGMA cipher_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL);
632 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
633 pragma = sqlite3_mprintf("PRAGMA cipher_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL);
634 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
635 pragma = sqlite3_mprintf("PRAGMA cipher_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL);
636 }
637 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
638
639 }
640 }else
641 if( sqlite3_stricmp(zLeft,"cipher_default_settings")==0 ){
642 int algorithm;
643 char *pragma;
644
645 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_iter = %d;", sqlcipher_get_default_kdf_iter());
646 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
647
648 pragma = sqlite3_mprintf("PRAGMA cipher_default_page_size = %d;", sqlcipher_get_default_pagesize());
649 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
650
651 pragma = sqlite3_mprintf("PRAGMA cipher_default_use_hmac = %d;", sqlcipher_get_default_use_hmac());
652 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
653
654 pragma = sqlite3_mprintf("PRAGMA cipher_default_plaintext_header_size = %d;", sqlcipher_get_default_plaintext_header_size());
655 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
656
657 algorithm = sqlcipher_get_default_hmac_algorithm();
658 pragma = NULL;
659 if(algorithm == SQLCIPHER_HMAC_SHA1) {
660 pragma = sqlite3_mprintf("PRAGMA cipher_default_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA1_LABEL);
661 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
662 pragma = sqlite3_mprintf("PRAGMA cipher_default_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA256_LABEL);
663 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
664 pragma = sqlite3_mprintf("PRAGMA cipher_default_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA512_LABEL);
665 }
666 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
667
668 algorithm = sqlcipher_get_default_kdf_algorithm();
669 pragma = NULL;
670 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
671 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL);
672 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
673 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL);
674 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
675 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL);
676 }
677 sqlcipher_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
678 }else
679 if( sqlite3_stricmp(zLeft,"cipher_integrity_check")==0 ){
680 if(ctx) {
681 sqlcipher_codec_ctx_integrity_check(ctx, pParse, "cipher_integrity_check");
682 }
683 } else
684 if( sqlite3_stricmp(zLeft, "cipher_log_level")==0 && zRight){
685 unsigned int level = SQLCIPHER_LOG_NONE;
686 if(sqlite3_stricmp(zRight, "ERROR")==0) level = SQLCIPHER_LOG_ERROR;
687 else if(sqlite3_stricmp(zRight, "WARN" )==0) level = SQLCIPHER_LOG_WARN;
688 else if(sqlite3_stricmp(zRight, "INFO" )==0) level = SQLCIPHER_LOG_INFO;
689 else if(sqlite3_stricmp(zRight, "DEBUG")==0) level = SQLCIPHER_LOG_DEBUG;
690 else if(sqlite3_stricmp(zRight, "TRACE")==0) level = SQLCIPHER_LOG_TRACE;
691 sqlcipher_set_log_level(level);
692 sqlcipher_vdbe_return_string(pParse, "cipher_log_level", sqlite3_mprintf("%u", level), P4_DYNAMIC);
693 } else
694 if( sqlite3_stricmp(zLeft, "cipher_log")== 0 && zRight ){
695 char *status = sqlite3_mprintf("%d", sqlcipher_set_log(zRight));
696 sqlcipher_vdbe_return_string(pParse, "cipher_log", status, P4_DYNAMIC);
697 }else {
698 return 0;
699 }
700 return 1;
701 }
702
703 /* these constants are used internally within SQLite's pager.c to differentiate between
704 operations on the main database or journal pages. This is important in the context
705 of a rekey operations, where the journal must be written using the original key
706 material (to allow a transactional rollback), while the new database pages are being
707 written with the new key material*/
708 #define CODEC_READ_OP 3
709 #define CODEC_WRITE_OP 6
710 #define CODEC_JOURNAL_OP 7
711
712 /*
713 * sqlite3Codec can be called in multiple modes.
714 * encrypt mode - expected to return a pointer to the
715 * encrypted data without altering pData.
716 * decrypt mode - expected to return a pointer to pData, with
717 * the data decrypted in the input buffer
718 */
719 static void* sqlite3Codec(void *iCtx, void *data, Pgno pgno, int mode) {
720 codec_ctx *ctx = (codec_ctx *) iCtx;
721 int offset = 0, rc = 0;
722 int page_sz = sqlcipher_codec_ctx_get_pagesize(ctx);
723 unsigned char *pData = (unsigned char *) data;
724 void *buffer = sqlcipher_codec_ctx_get_data(ctx);
725 int plaintext_header_sz = sqlcipher_codec_ctx_get_plaintext_header_size(ctx);
726 int cctx = CIPHER_READ_CTX;
727
728 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3Codec: pgno=%d, mode=%d, page_sz=%d", pgno, mode, page_sz);
729
730 #ifdef SQLCIPHER_EXT
731 if(sqlcipher_license_check(ctx) != SQLITE_OK) return NULL;
732 #endif
733
734 /* call to derive keys if not present yet */
735 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
736 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3Codec: error occurred during key derivation: %d", rc);
737 sqlcipher_codec_ctx_set_error(ctx, rc);
738 return NULL;
739 }
740
741 /* if the plaintext_header_size is negative that means an invalid size was set via
742 PRAGMA. We can't set the error state on the pager at that point because the pager
743 may not be open yet. However, this is a fatal error state, so abort the codec */
744 if(plaintext_header_sz < 0) {
745 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3Codec: error invalid plaintext_header_sz: %d", plaintext_header_sz);
746 sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
747 return NULL;
748 }
749
750 if(pgno == 1) /* adjust starting pointers in data page for header offset on first page*/
751 offset = plaintext_header_sz ? plaintext_header_sz : FILE_HEADER_SZ;
752
753
754 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3Codec: switch mode=%d offset=%d", mode, offset);
755 switch(mode) {
756 case CODEC_READ_OP: /* decrypt */
757 if(pgno == 1) /* copy initial part of file header or SQLite magic to buffer */
758 memcpy(buffer, plaintext_header_sz ? pData : (void *) SQLITE_FILE_HEADER, offset);
759
760 rc = sqlcipher_page_cipher(ctx, cctx, pgno, CIPHER_DECRYPT, page_sz - offset, pData + offset, (unsigned char*)buffer + offset);
761 #ifdef SQLCIPHER_TEST
762 if((sqlcipher_get_test_flags() & TEST_FAIL_DECRYPT) > 0 && sqlcipher_get_test_fail()) {
763 rc = SQLITE_ERROR;
764 sqlcipher_log(SQLCIPHER_LOG_ERROR, "simulating decryption failure for pgno=%d, mode=%d, page_sz=%d\n", pgno, mode, page_sz);
765 }
766 #endif
767 if(rc != SQLITE_OK) {
768 /* failure to decrypt a page is considered a permanent error and will render the pager unusable
769 in order to prevent inconsistent data being loaded into page cache */
770 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3Codec: error decrypting page %d data: %d", pgno, rc);
771 sqlcipher_memset((unsigned char*) buffer+offset, 0, page_sz-offset);
772 sqlcipher_codec_ctx_set_error(ctx, rc);
773 }
774 memcpy(pData, buffer, page_sz); /* copy buffer data back to pData and return */
775 return pData;
776 break;
777
778 case CODEC_WRITE_OP: /* encrypt database page, operate on write context and fall through to case 7, so the write context is used*/
779 cctx = CIPHER_WRITE_CTX;
780
781 case CODEC_JOURNAL_OP: /* encrypt journal page, operate on read context use to get the original page data from the database */
782 if(pgno == 1) { /* copy initial part of file header or salt to buffer */
783 void *kdf_salt = NULL;
784 /* retrieve the kdf salt */
785 if((rc = sqlcipher_codec_ctx_get_kdf_salt(ctx, &kdf_salt)) != SQLITE_OK) {
786 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3Codec: error retrieving salt: %d", rc);
787 sqlcipher_codec_ctx_set_error(ctx, rc);
788 return NULL;
789 }
790 memcpy(buffer, plaintext_header_sz ? pData : kdf_salt, offset);
791 }
792 rc = sqlcipher_page_cipher(ctx, cctx, pgno, CIPHER_ENCRYPT, page_sz - offset, pData + offset, (unsigned char*)buffer + offset);
793 #ifdef SQLCIPHER_TEST
794 if((sqlcipher_get_test_flags() & TEST_FAIL_ENCRYPT) > 0 && sqlcipher_get_test_fail()) {
795 rc = SQLITE_ERROR;
796 sqlcipher_log(SQLCIPHER_LOG_ERROR, "simulating encryption failure for pgno=%d, mode=%d, page_sz=%d\n", pgno, mode, page_sz);
797 }
798 #endif
799 if(rc != SQLITE_OK) {
800 /* failure to encrypt a page is considered a permanent error and will render the pager unusable
801 in order to prevent corrupted pages from being written to the main databased when using WAL */
802 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3Codec: error encrypting page %d data: %d", pgno, rc);
803 sqlcipher_memset((unsigned char*)buffer+offset, 0, page_sz-offset);
804 sqlcipher_codec_ctx_set_error(ctx, rc);
805 return NULL;
806 }
807 return buffer; /* return persistent buffer data, pData remains intact */
808 break;
809
810 default:
811 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3Codec: error unsupported codec mode %d", mode);
812 sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR); /* unsupported mode, set error */
813 return pData;
814 break;
815 }
816 }
817
818 static void sqlite3FreeCodecArg(void *pCodecArg) {
819 codec_ctx *ctx = (codec_ctx *) pCodecArg;
820 if(pCodecArg == NULL) return;
821 sqlcipher_codec_ctx_free(&ctx); /* wipe and free allocated memory for the context */
822 sqlcipher_deactivate(); /* cleanup related structures, OpenSSL etc, when codec is detatched */
823 }
824
825 int sqlcipherCodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) {
826 struct Db *pDb = &db->aDb[nDb];
827
828 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecAttach: db=%p, nDb=%d", db, nDb);
829
830 if(nKey && zKey && pDb->pBt) {
831 int rc;
832 Pager *pPager = pDb->pBt->pBt->pPager;
833 sqlite3_file *fd;
834 codec_ctx *ctx;
835
836 /* check if the sqlite3_file is open, and if not force handle to NULL */
837 if((fd = sqlite3PagerFile(pPager))->pMethods == 0) fd = NULL;
838
839 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecAttach: calling sqlcipher_activate()");
840 sqlcipher_activate(); /* perform internal initialization for sqlcipher */
841
842 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipherCodecAttach: entering database mutex %p", db->mutex);
843 sqlite3_mutex_enter(db->mutex);
844 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipherCodecAttach: entered database mutex %p", db->mutex);
845
846 #ifdef SQLCIPHER_EXT
847 if((rc = sqlite3_set_authorizer(db, sqlcipher_license_authorizer, db)) != SQLITE_OK) {
848 sqlite3_mutex_leave(db->mutex);
849 return rc;
850 }
851 #endif
852
853 /* point the internal codec argument against the contet to be prepared */
854 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecAttach: calling sqlcipher_codec_ctx_init()");
855 rc = sqlcipher_codec_ctx_init(&ctx, pDb, pDb->pBt->pBt->pPager, zKey, nKey);
856
857 if(rc != SQLITE_OK) {
858 /* initialization failed, do not attach potentially corrupted context */
859 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipherCodecAttach: context initialization failed forcing error state with rc=%d", rc);
860 /* force an error at the pager level, such that even the upstream caller ignores the return code
861 the pager will be in an error state and will process no further operations */
862 sqlite3pager_error(pPager, rc);
863 pDb->pBt->pBt->db->errCode = rc;
864 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipherCodecAttach: leaving database mutex %p (early return on rc=%d)", db->mutex, rc);
865 sqlite3_mutex_leave(db->mutex);
866 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipherCodecAttach: left database mutex %p (early return on rc=%d)", db->mutex, rc);
867 return rc;
868 }
869
870 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecAttach: calling sqlcipherPagerSetCodec()");
871 sqlcipherPagerSetCodec(sqlite3BtreePager(pDb->pBt), sqlite3Codec, NULL, sqlite3FreeCodecArg, (void *) ctx);
872
873 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecAttach: calling codec_set_btree_to_codec_pagesize()");
874 codec_set_btree_to_codec_pagesize(db, pDb, ctx);
875
876 /* force secure delete. This has the benefit of wiping internal data when deleted
877 and also ensures that all pages are written to disk (i.e. not skipped by
878 sqlite3PagerDontWrite optimizations) */
879 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecAttach: calling sqlite3BtreeSecureDelete()");
880 sqlite3BtreeSecureDelete(pDb->pBt, 1);
881
882 /* if fd is null, then this is an in-memory database and
883 we dont' want to overwrite the AutoVacuum settings
884 if not null, then set to the default */
885 if(fd != NULL) {
886 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecAttach: calling sqlite3BtreeSetAutoVacuum()");
887 sqlite3BtreeSetAutoVacuum(pDb->pBt, SQLITE_DEFAULT_AUTOVACUUM);
888 }
889 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipherCodecAttach: leaving database mutex %p", db->mutex);
890 sqlite3_mutex_leave(db->mutex);
891 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipherCodecAttach: left database mutex %p", db->mutex);
892 }
893 return SQLITE_OK;
894 }
895
896 int sqlcipher_find_db_index(sqlite3 *db, const char *zDb) {
897 int db_index;
898 if(zDb == NULL){
899 return 0;
900 }
901 for(db_index = 0; db_index < db->nDb; db_index++) {
902 struct Db *pDb = &db->aDb[db_index];
903 if(strcmp(pDb->zDbSName, zDb) == 0) {
904 return db_index;
905 }
906 }
907 return 0;
908 }
909
910 void sqlite3_activate_see(const char* in) {
911 /* do nothing, security enhancements are always active */
912 }
913
914 int sqlite3_key(sqlite3 *db, const void *pKey, int nKey) {
915 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_key: db=%p", db);
916 return sqlite3_key_v2(db, "main", pKey, nKey);
917 }
918
919 int sqlite3_key_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
920 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_key_v2: db=%p zDb=%s", db, zDb);
921 /* attach key if db and pKey are not null and nKey is > 0 */
922 if(db && pKey && nKey) {
923 int db_index = sqlcipher_find_db_index(db, zDb);
924 return sqlcipherCodecAttach(db, db_index, pKey, nKey);
925 }
926 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3_key_v2: no key provided");
927 return SQLITE_ERROR;
928 }
929
930 int sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey) {
931 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey: db=%p", db);
932 return sqlite3_rekey_v2(db, "main", pKey, nKey);
933 }
934
935 /* sqlite3_rekey_v2
936 ** Given a database, this will reencrypt the database using a new key.
937 ** There is only one possible modes of operation - to encrypt a database
938 ** that is already encrpyted. If the database is not already encrypted
939 ** this should do nothing
940 ** The proposed logic for this function follows:
941 ** 1. Determine if the database is already encryptped
942 ** 2. If there is NOT already a key present do nothing
943 ** 3. If there is a key present, re-encrypt the database with the new key
944 */
945 int sqlite3_rekey_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
946 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey_v2: db=%p zDb=%s", db, zDb);
947 if(db && pKey && nKey) {
948 int db_index = sqlcipher_find_db_index(db, zDb);
949 struct Db *pDb = &db->aDb[db_index];
950 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey_v2: database zDb=%p db_index:%d", zDb, db_index);
951 if(pDb->pBt) {
952 codec_ctx *ctx;
953 int rc, page_count;
954 Pgno pgno;
955 PgHdr *page;
956 Pager *pPager = pDb->pBt->pBt->pPager;
957
958 ctx = (codec_ctx*) sqlcipherPagerGetCodec(pDb->pBt->pBt->pPager);
959
960 if(ctx == NULL) {
961 /* there was no codec attached to this database, so this should do nothing! */
962 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3_rekey_v2: no codec attached to db, exiting");
963 return SQLITE_OK;
964 }
965
966 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlite3_rekey_v2: entering database mutex %p", db->mutex);
967 sqlite3_mutex_enter(db->mutex);
968 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlite3_rekey_v2: entered database mutex %p", db->mutex);
969
970 codec_set_pass_key(db, db_index, pKey, nKey, CIPHER_WRITE_CTX);
971
972 /* do stuff here to rewrite the database
973 ** 1. Create a transaction on the database
974 ** 2. Iterate through each page, reading it and then writing it.
975 ** 3. If that goes ok then commit and put ctx->rekey into ctx->key
976 ** note: don't deallocate rekey since it may be used in a subsequent iteration
977 */
978 rc = sqlite3BtreeBeginTrans(pDb->pBt, 1, 0); /* begin write transaction */
979 sqlite3PagerPagecount(pPager, &page_count);
980 for(pgno = 1; rc == SQLITE_OK && pgno <= (unsigned int)page_count; pgno++) { /* pgno's start at 1 see pager.c:pagerAcquire */
981 if(!sqlite3pager_is_sj_pgno(pPager, pgno)) { /* skip this page (see pager.c:pagerAcquire for reasoning) */
982 rc = sqlite3PagerGet(pPager, pgno, &page, 0);
983 if(rc == SQLITE_OK) { /* write page see pager_incr_changecounter for example */
984 rc = sqlite3PagerWrite(page);
985 if(rc == SQLITE_OK) {
986 sqlite3PagerUnref(page);
987 } else {
988 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3_rekey_v2: error %d occurred writing page %d", rc, pgno);
989 }
990 } else {
991 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3_rekey_v2: error %d occurred getting page %d", rc, pgno);
992 }
993 }
994 }
995
996 /* if commit was successful commit and copy the rekey data to current key, else rollback to release locks */
997 if(rc == SQLITE_OK) {
998 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey_v2: committing");
999 rc = sqlite3BtreeCommit(pDb->pBt);
1000 sqlcipher_codec_key_copy(ctx, CIPHER_WRITE_CTX);
1001 } else {
1002 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlite3_rekey_v2: rollback");
1003 sqlite3BtreeRollback(pDb->pBt, SQLITE_ABORT_ROLLBACK, 0);
1004 }
1005
1006 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlite3_rekey_v2: leaving database mutex %p", db->mutex);
1007 sqlite3_mutex_leave(db->mutex);
1008 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlite3_rekey_v2: left database mutex %p", db->mutex);
1009 }
1010 return SQLITE_OK;
1011 }
1012 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3_rekey_v2: no key provided");
1013 return SQLITE_ERROR;
1014 }
1015
1016 void sqlcipherCodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) {
1017 struct Db *pDb = &db->aDb[nDb];
1018 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipherCodecGetKey:db=%p, nDb=%d", db, nDb);
1019 if( pDb->pBt ) {
1020 codec_ctx *ctx = (codec_ctx*) sqlcipherPagerGetCodec(pDb->pBt->pBt->pPager);
1021
1022 if(ctx) {
1023 /* pass back the keyspec from the codec, unless PRAGMA cipher_store_pass
1024 is set or keyspec has not yet been derived, in which case pass
1025 back the password key material */
1026 sqlcipher_codec_get_keyspec(ctx, zKey, nKey);
1027 if(sqlcipher_codec_get_store_pass(ctx) == 1 || *zKey == NULL) {
1028 sqlcipher_codec_get_pass(ctx, zKey, nKey);
1029 }
1030 } else {
1031 *zKey = NULL;
1032 *nKey = 0;
1033 }
1034 }
1035 }
1036
1037 /*
1038 * Implementation of an "export" function that allows a caller
1039 * to duplicate the main database to an attached database. This is intended
1040 * as a conveneince for users who need to:
1041 *
1042 * 1. migrate from an non-encrypted database to an encrypted database
1043 * 2. move from an encrypted database to a non-encrypted database
1044 * 3. convert beween the various flavors of encrypted databases.
1045 *
1046 * This implementation is based heavily on the procedure and code used
1047 * in vacuum.c, but is exposed as a function that allows export to any
1048 * named attached database.
1049 */
1050
1051 /*
1052 ** Finalize a prepared statement. If there was an error, store the
1053 ** text of the error message in *pzErrMsg. Return the result code.
1054 **
1055 ** Based on vacuumFinalize from vacuum.c
1056 */
1057 static int sqlcipher_finalize(sqlite3 *db, sqlite3_stmt *pStmt, char **pzErrMsg){
1058 int rc;
1059 rc = sqlite3VdbeFinalize((Vdbe*)pStmt);
1060 if( rc ){
1061 sqlite3SetString(pzErrMsg, db, sqlite3_errmsg(db));
1062 }
1063 return rc;
1064 }
1065
1066 /*
1067 ** Execute zSql on database db. Return an error code.
1068 **
1069 ** Based on execSql from vacuum.c
1070 */
1071 static int sqlcipher_execSql(sqlite3 *db, char **pzErrMsg, const char *zSql){
1072 sqlite3_stmt *pStmt;
1073 VVA_ONLY( int rc; )
1074 if( !zSql ){
1075 return SQLITE_NOMEM;
1076 }
1077 if( SQLITE_OK!=sqlite3_prepare(db, zSql, -1, &pStmt, 0) ){
1078 sqlite3SetString(pzErrMsg, db, sqlite3_errmsg(db));
1079 return sqlite3_errcode(db);
1080 }
1081 VVA_ONLY( rc = ) sqlite3_step(pStmt);
1082 assert( rc!=SQLITE_ROW );
1083 return sqlcipher_finalize(db, pStmt, pzErrMsg);
1084 }
1085
1086 /*
1087 ** Execute zSql on database db. The statement returns exactly
1088 ** one column. Execute this as SQL on the same database.
1089 **
1090 ** Based on execExecSql from vacuum.c
1091 */
1092 static int sqlcipher_execExecSql(sqlite3 *db, char **pzErrMsg, const char *zSql){
1093 sqlite3_stmt *pStmt;
1094 int rc;
1095
1096 rc = sqlite3_prepare(db, zSql, -1, &pStmt, 0);
1097 if( rc!=SQLITE_OK ) return rc;
1098
1099 while( SQLITE_ROW==sqlite3_step(pStmt) ){
1100 rc = sqlcipher_execSql(db, pzErrMsg, (char*)sqlite3_column_text(pStmt, 0));
1101 if( rc!=SQLITE_OK ){
1102 sqlcipher_finalize(db, pStmt, pzErrMsg);
1103 return rc;
1104 }
1105 }
1106
1107 return sqlcipher_finalize(db, pStmt, pzErrMsg);
1108 }
1109
1110 /*
1111 * copy database and schema from the main database to an attached database
1112 *
1113 * Based on sqlite3RunVacuum from vacuum.c
1114 */
1115 void sqlcipher_exportFunc(sqlite3_context *context, int argc, sqlite3_value **argv) {
1116 sqlite3 *db = sqlite3_context_db_handle(context);
1117 const char* targetDb, *sourceDb;
1118 int targetDb_idx = 0;
1119 u64 saved_flags = db->flags; /* Saved value of the db->flags */
1120 u32 saved_mDbFlags = db->mDbFlags; /* Saved value of the db->mDbFlags */
1121 int saved_nChange = db->nChange; /* Saved value of db->nChange */
1122 int saved_nTotalChange = db->nTotalChange; /* Saved value of db->nTotalChange */
1123 u8 saved_mTrace = db->mTrace; /* Saved value of db->mTrace */
1124 int rc = SQLITE_OK; /* Return code from service routines */
1125 char *zSql = NULL; /* SQL statements */
1126 char *pzErrMsg = NULL;
1127
1128 if(argc != 1 && argc != 2) {
1129 rc = SQLITE_ERROR;
1130 pzErrMsg = sqlite3_mprintf("invalid number of arguments (%d) passed to sqlcipher_export", argc);
1131 goto end_of_export;
1132 }
1133
1134 if(sqlite3_value_type(argv[0]) == SQLITE_NULL) {
1135 rc = SQLITE_ERROR;
1136 pzErrMsg = sqlite3_mprintf("target database can't be NULL");
1137 goto end_of_export;
1138 }
1139
1140 targetDb = (const char*) sqlite3_value_text(argv[0]);
1141 sourceDb = "main";
1142
1143 if(argc == 2) {
1144 if(sqlite3_value_type(argv[1]) == SQLITE_NULL) {
1145 rc = SQLITE_ERROR;
1146 pzErrMsg = sqlite3_mprintf("target database can't be NULL");
1147 goto end_of_export;
1148 }
1149 sourceDb = (char *) sqlite3_value_text(argv[1]);
1150 }
1151
1152
1153 /* if the name of the target is not main, but the index returned is zero
1154 there is a mismatch and we should not proceed */
1155 targetDb_idx = sqlcipher_find_db_index(db, targetDb);
1156 if(targetDb_idx == 0 && targetDb != NULL && sqlite3_stricmp("main", targetDb) != 0) {
1157 rc = SQLITE_ERROR;
1158 pzErrMsg = sqlite3_mprintf("unknown database %s", targetDb);
1159 goto end_of_export;
1160 }
1161 db->init.iDb = targetDb_idx;
1162
1163 db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks;
1164 db->mDbFlags |= DBFLAG_PreferBuiltin | DBFLAG_Vacuum;
1165 db->flags &= ~(u64)(SQLITE_ForeignKeys | SQLITE_ReverseOrder | SQLITE_Defensive | SQLITE_CountRows);
1166 db->mTrace = 0;
1167
1168 /* Query the schema of the main database. Create a mirror schema
1169 ** in the temporary database.
1170 */
1171 zSql = sqlite3_mprintf(
1172 "SELECT sql "
1173 " FROM %s.sqlite_schema WHERE type='table' AND name!='sqlite_sequence'"
1174 " AND rootpage>0"
1175 , sourceDb);
1176 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1177 if( rc!=SQLITE_OK ) goto end_of_export;
1178 sqlite3_free(zSql);
1179
1180 zSql = sqlite3_mprintf(
1181 "SELECT sql "
1182 " FROM %s.sqlite_schema WHERE sql LIKE 'CREATE INDEX %%' "
1183 , sourceDb);
1184 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1185 if( rc!=SQLITE_OK ) goto end_of_export;
1186 sqlite3_free(zSql);
1187
1188 zSql = sqlite3_mprintf(
1189 "SELECT sql "
1190 " FROM %s.sqlite_schema WHERE sql LIKE 'CREATE UNIQUE INDEX %%'"
1191 , sourceDb);
1192 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1193 if( rc!=SQLITE_OK ) goto end_of_export;
1194 sqlite3_free(zSql);
1195
1196 /* Loop through the tables in the main database. For each, do
1197 ** an "INSERT INTO rekey_db.xxx SELECT * FROM main.xxx;" to copy
1198 ** the contents to the temporary database.
1199 */
1200 zSql = sqlite3_mprintf(
1201 "SELECT 'INSERT INTO %s.' || quote(name) "
1202 "|| ' SELECT * FROM %s.' || quote(name) || ';'"
1203 "FROM %s.sqlite_schema "
1204 "WHERE type = 'table' AND name!='sqlite_sequence' "
1205 " AND rootpage>0"
1206 , targetDb, sourceDb, sourceDb);
1207 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1208 if( rc!=SQLITE_OK ) goto end_of_export;
1209 sqlite3_free(zSql);
1210
1211 /* Copy over the contents of the sequence table
1212 */
1213 zSql = sqlite3_mprintf(
1214 "SELECT 'INSERT INTO %s.' || quote(name) "
1215 "|| ' SELECT * FROM %s.' || quote(name) || ';' "
1216 "FROM %s.sqlite_schema WHERE name=='sqlite_sequence';"
1217 , targetDb, sourceDb, targetDb);
1218 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1219 if( rc!=SQLITE_OK ) goto end_of_export;
1220 sqlite3_free(zSql);
1221
1222 /* Copy the triggers, views, and virtual tables from the main database
1223 ** over to the temporary database. None of these objects has any
1224 ** associated storage, so all we have to do is copy their entries
1225 ** from the SQLITE_MASTER table.
1226 */
1227 zSql = sqlite3_mprintf(
1228 "INSERT INTO %s.sqlite_schema "
1229 " SELECT type, name, tbl_name, rootpage, sql"
1230 " FROM %s.sqlite_schema"
1231 " WHERE type='view' OR type='trigger'"
1232 " OR (type='table' AND rootpage=0)"
1233 , targetDb, sourceDb);
1234 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execSql(db, &pzErrMsg, zSql);
1235 if( rc!=SQLITE_OK ) goto end_of_export;
1236 sqlite3_free(zSql);
1237
1238 zSql = NULL;
1239 end_of_export:
1240 db->init.iDb = 0;
1241 db->flags = saved_flags;
1242 db->mDbFlags = saved_mDbFlags;
1243 db->nChange = saved_nChange;
1244 db->nTotalChange = saved_nTotalChange;
1245 db->mTrace = saved_mTrace;
1246
1247 if(zSql) sqlite3_free(zSql);
1248
1249 if(rc) {
1250 if(pzErrMsg != NULL) {
1251 sqlite3_result_error(context, pzErrMsg, -1);
1252 sqlite3DbFree(db, pzErrMsg);
1253 } else {
1254 sqlite3_result_error(context, sqlite3ErrStr(rc), -1);
1255 }
1256 }
1257 }
1258 #endif
1259 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.