search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
set error state if cipher_migrate fails
[sqlcipher.git] / src / crypto.c
blob45cbdc898cf6816359a4266db6eacdbd54e03013
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include <assert.h>
35 #include "sqlcipher.h"
36 #include "crypto.h"
37
38 #ifdef SQLCIPHER_EXT
39 #include "sqlcipher_ext.h"
40 #endif
41
42 static void codec_vdbe_return_string(Parse *pParse, const char *zLabel, const char *value, int value_type){
43 Vdbe *v = sqlite3GetVdbe(pParse);
44 sqlite3VdbeSetNumCols(v, 1);
45 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, zLabel, SQLITE_STATIC);
46 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, value, value_type);
47 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
48 }
49
50 static int codec_set_btree_to_codec_pagesize(sqlite3 *db, Db *pDb, codec_ctx *ctx) {
51 int rc, page_sz, reserve_sz;
52
53 page_sz = sqlcipher_codec_ctx_get_pagesize(ctx);
54 reserve_sz = sqlcipher_codec_ctx_get_reservesize(ctx);
55
56 CODEC_TRACE("codec_set_btree_to_codec_pagesize: sqlite3BtreeSetPageSize() size=%d reserve=%d\n", page_sz, reserve_sz);
57
58 CODEC_TRACE_MUTEX("codec_set_btree_to_codec_pagesize: entering database mutex %p\n", db->mutex);
59 sqlite3_mutex_enter(db->mutex);
60 CODEC_TRACE_MUTEX("codec_set_btree_to_codec_pagesize: entered database mutex %p\n", db->mutex);
61 db->nextPagesize = page_sz;
62
63 /* before forcing the page size we need to unset the BTS_PAGESIZE_FIXED flag, else
64 sqliteBtreeSetPageSize will block the change */
65 pDb->pBt->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
66 rc = sqlite3BtreeSetPageSize(pDb->pBt, page_sz, reserve_sz, 0);
67
68 CODEC_TRACE("codec_set_btree_to_codec_pagesize: sqlite3BtreeSetPageSize returned %d\n", rc);
69
70 CODEC_TRACE_MUTEX("codec_set_btree_to_codec_pagesize: leaving database mutex %p\n", db->mutex);
71 sqlite3_mutex_leave(db->mutex);
72 CODEC_TRACE_MUTEX("codec_set_btree_to_codec_pagesize: left database mutex %p\n", db->mutex);
73
74 return rc;
75 }
76
77 static int codec_set_pass_key(sqlite3* db, int nDb, const void *zKey, int nKey, int for_ctx) {
78 struct Db *pDb = &db->aDb[nDb];
79 CODEC_TRACE("codec_set_pass_key: entered db=%p nDb=%d zKey=%p nKey=%d for_ctx=%d\n", db, nDb, zKey, nKey, for_ctx);
80 if(pDb->pBt) {
81 codec_ctx *ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
82
83 if(ctx) return sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, for_ctx);
84 }
85 return SQLITE_ERROR;
86 }
87
88 int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLeft, const char *zRight) {
89 struct Db *pDb = &db->aDb[iDb];
90 codec_ctx *ctx = NULL;
91 int rc;
92
93 if(pDb->pBt) {
94 ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
95 }
96
97 CODEC_TRACE("sqlcipher_codec_pragma: entered db=%p iDb=%d pParse=%p zLeft=%s zRight=%s ctx=%p\n", db, iDb, pParse, zLeft, zRight, ctx);
98
99 #ifdef SQLCIPHER_EXT
100 if( sqlite3StrICmp(zLeft, "cipher_license")==0 && zRight ){
101 char *license_result = sqlite3_mprintf("%d", sqlcipher_license_key(zRight));
102 codec_vdbe_return_string(pParse, "cipher_license", license_result, P4_DYNAMIC);
103 } else
104 if( sqlite3StrICmp(zLeft, "cipher_license")==0 && !zRight ){
105 if(ctx) {
106 char *license_result = sqlite3_mprintf("%d", ctx
107 ? sqlcipher_license_key_status(ctx->provider)
108 : SQLITE_ERROR);
109 codec_vdbe_return_string(pParse, "cipher_license", license_result, P4_DYNAMIC);
110 }
111 } else
112 #endif
113 #ifdef SQLCIPHER_TEST
114 if( sqlite3StrICmp(zLeft,"cipher_test_on")==0 ){
115 if( zRight ) {
116 unsigned int flags = sqlcipher_get_test_flags();
117 if(sqlite3StrICmp(zRight, "fail_encrypt")==0) {
118 flags |= TEST_FAIL_ENCRYPT;
119 } else
120 if(sqlite3StrICmp(zRight, "fail_decrypt")==0) {
121 flags |= TEST_FAIL_DECRYPT;
122 } else
123 if(sqlite3StrICmp(zRight, "fail_migrate")==0) {
124 flags |= TEST_FAIL_MIGRATE;
125 }
126 sqlcipher_set_test_flags(flags);
127 }
128 } else
129 if( sqlite3StrICmp(zLeft,"cipher_test_off")==0 ){
130 if( zRight ) {
131 unsigned int flags = sqlcipher_get_test_flags();
132 if(sqlite3StrICmp(zRight, "fail_encrypt")==0) {
133 flags &= ~TEST_FAIL_ENCRYPT;
134 } else
135 if(sqlite3StrICmp(zRight, "fail_decrypt")==0) {
136 flags &= ~TEST_FAIL_DECRYPT;
137 } else
138 if(sqlite3StrICmp(zRight, "fail_migrate")==0) {
139 flags &= ~TEST_FAIL_MIGRATE;
140 }
141 sqlcipher_set_test_flags(flags);
142 }
143 } else
144 if( sqlite3StrICmp(zLeft,"cipher_test")==0 ){
145 char *flags = sqlite3_mprintf("%i", sqlcipher_get_test_flags());
146 codec_vdbe_return_string(pParse, "cipher_test", flags, P4_DYNAMIC);
147 }else
148 #endif
149 if( sqlite3StrICmp(zLeft, "cipher_fips_status")== 0 && !zRight ){
150 if(ctx) {
151 char *fips_mode_status = sqlite3_mprintf("%d", sqlcipher_codec_fips_status(ctx));
152 codec_vdbe_return_string(pParse, "cipher_fips_status", fips_mode_status, P4_DYNAMIC);
153 }
154 } else
155 if( sqlite3StrICmp(zLeft, "cipher_store_pass")==0 && zRight ) {
156 if(ctx) {
157 char *deprecation = "PRAGMA cipher_store_pass is deprecated, please remove from use";
158 sqlcipher_codec_set_store_pass(ctx, sqlite3GetBoolean(zRight, 1));
159 codec_vdbe_return_string(pParse, "cipher_store_pass", deprecation, P4_TRANSIENT);
160 sqlite3_log(SQLITE_WARNING, deprecation);
161 }
162 } else
163 if( sqlite3StrICmp(zLeft, "cipher_store_pass")==0 && !zRight ) {
164 if(ctx){
165 char *store_pass_value = sqlite3_mprintf("%d", sqlcipher_codec_get_store_pass(ctx));
166 codec_vdbe_return_string(pParse, "cipher_store_pass", store_pass_value, P4_DYNAMIC);
167 }
168 }
169 if( sqlite3StrICmp(zLeft, "cipher_profile")== 0 && zRight ){
170 char *profile_status = sqlite3_mprintf("%d", sqlcipher_cipher_profile(db, zRight));
171 codec_vdbe_return_string(pParse, "cipher_profile", profile_status, P4_DYNAMIC);
172 } else
173 if( sqlite3StrICmp(zLeft, "cipher_add_random")==0 && zRight ){
174 if(ctx) {
175 char *add_random_status = sqlite3_mprintf("%d", sqlcipher_codec_add_random(ctx, zRight, sqlite3Strlen30(zRight)));
176 codec_vdbe_return_string(pParse, "cipher_add_random", add_random_status, P4_DYNAMIC);
177 }
178 } else
179 if( sqlite3StrICmp(zLeft, "cipher_migrate")==0 && !zRight ){
180 if(ctx){
181 int status = sqlcipher_codec_ctx_migrate(ctx);
182 char *migrate_status = sqlite3_mprintf("%d", status);
183 codec_vdbe_return_string(pParse, "cipher_migrate", migrate_status, P4_DYNAMIC);
184 if(status != SQLITE_OK) {
185 sqlcipher_codec_ctx_set_error(ctx, status);
186 }
187 }
188 } else
189 if( sqlite3StrICmp(zLeft, "cipher_provider")==0 && !zRight ){
190 if(ctx) { codec_vdbe_return_string(pParse, "cipher_provider",
191 sqlcipher_codec_get_cipher_provider(ctx), P4_TRANSIENT);
192 }
193 } else
194 if( sqlite3StrICmp(zLeft, "cipher_provider_version")==0 && !zRight){
195 if(ctx) { codec_vdbe_return_string(pParse, "cipher_provider_version",
196 sqlcipher_codec_get_provider_version(ctx), P4_TRANSIENT);
197 }
198 } else
199 if( sqlite3StrICmp(zLeft, "cipher_version")==0 && !zRight ){
200 codec_vdbe_return_string(pParse, "cipher_version", sqlcipher_version(), P4_DYNAMIC);
201 }else
202 if( sqlite3StrICmp(zLeft, "cipher")==0 ){
203 if(ctx) {
204 if( zRight ) {
205 const char* message = "PRAGMA cipher is no longer supported.";
206 codec_vdbe_return_string(pParse, "cipher", message, P4_TRANSIENT);
207 sqlite3_log(SQLITE_WARNING, message);
208 }else {
209 codec_vdbe_return_string(pParse, "cipher", sqlcipher_codec_ctx_get_cipher(ctx), P4_TRANSIENT);
210 }
211 }
212 }else
213 if( sqlite3StrICmp(zLeft, "rekey_cipher")==0 && zRight ){
214 const char* message = "PRAGMA rekey_cipher is no longer supported.";
215 codec_vdbe_return_string(pParse, "rekey_cipher", message, P4_TRANSIENT);
216 sqlite3_log(SQLITE_WARNING, message);
217 }else
218 if( sqlite3StrICmp(zLeft,"cipher_default_kdf_iter")==0 ){
219 if( zRight ) {
220 sqlcipher_set_default_kdf_iter(atoi(zRight)); /* change default KDF iterations */
221 } else {
222 char *kdf_iter = sqlite3_mprintf("%d", sqlcipher_get_default_kdf_iter());
223 codec_vdbe_return_string(pParse, "cipher_default_kdf_iter", kdf_iter, P4_DYNAMIC);
224 }
225 }else
226 if( sqlite3StrICmp(zLeft, "kdf_iter")==0 ){
227 if(ctx) {
228 if( zRight ) {
229 sqlcipher_codec_ctx_set_kdf_iter(ctx, atoi(zRight)); /* change of RW PBKDF2 iteration */
230 } else {
231 char *kdf_iter = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_kdf_iter(ctx));
232 codec_vdbe_return_string(pParse, "kdf_iter", kdf_iter, P4_DYNAMIC);
233 }
234 }
235 }else
236 if( sqlite3StrICmp(zLeft, "fast_kdf_iter")==0){
237 if(ctx) {
238 if( zRight ) {
239 char *deprecation = "PRAGMA fast_kdf_iter is deprecated, please remove from use";
240 sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, atoi(zRight)); /* change of RW PBKDF2 iteration */
241 codec_vdbe_return_string(pParse, "fast_kdf_iter", deprecation, P4_TRANSIENT);
242 sqlite3_log(SQLITE_WARNING, deprecation);
243 } else {
244 char *fast_kdf_iter = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_fast_kdf_iter(ctx));
245 codec_vdbe_return_string(pParse, "fast_kdf_iter", fast_kdf_iter, P4_DYNAMIC);
246 }
247 }
248 }else
249 if( sqlite3StrICmp(zLeft, "rekey_kdf_iter")==0 && zRight ){
250 const char* message = "PRAGMA rekey_kdf_iter is no longer supported.";
251 codec_vdbe_return_string(pParse, "rekey_kdf_iter", message, P4_TRANSIENT);
252 sqlite3_log(SQLITE_WARNING, message);
253 }else
254 if( sqlite3StrICmp(zLeft,"cipher_page_size")==0 ){
255 if(ctx) {
256 if( zRight ) {
257 int size = atoi(zRight);
258 rc = sqlcipher_codec_ctx_set_pagesize(ctx, size);
259 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
260 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
261 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
262 } else {
263 char * page_size = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_pagesize(ctx));
264 codec_vdbe_return_string(pParse, "cipher_page_size", page_size, P4_DYNAMIC);
265 }
266 }
267 }else
268 if( sqlite3StrICmp(zLeft,"cipher_default_page_size")==0 ){
269 if( zRight ) {
270 sqlcipher_set_default_pagesize(atoi(zRight));
271 } else {
272 char *default_page_size = sqlite3_mprintf("%d", sqlcipher_get_default_pagesize());
273 codec_vdbe_return_string(pParse, "cipher_default_page_size", default_page_size, P4_DYNAMIC);
274 }
275 }else
276 if( sqlite3StrICmp(zLeft,"cipher_default_use_hmac")==0 ){
277 if( zRight ) {
278 sqlcipher_set_default_use_hmac(sqlite3GetBoolean(zRight,1));
279 } else {
280 char *default_use_hmac = sqlite3_mprintf("%d", sqlcipher_get_default_use_hmac());
281 codec_vdbe_return_string(pParse, "cipher_default_use_hmac", default_use_hmac, P4_DYNAMIC);
282 }
283 }else
284 if( sqlite3StrICmp(zLeft,"cipher_use_hmac")==0 ){
285 if(ctx) {
286 if( zRight ) {
287 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, sqlite3GetBoolean(zRight,1));
288 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
289 /* since the use of hmac has changed, the page size may also change */
290 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
291 if(rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, rc);
292 } else {
293 char *hmac_flag = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_use_hmac(ctx));
294 codec_vdbe_return_string(pParse, "cipher_use_hmac", hmac_flag, P4_DYNAMIC);
295 }
296 }
297 }else
298 if( sqlite3StrICmp(zLeft,"cipher_hmac_pgno")==0 ){
299 if(ctx) {
300 if(zRight) {
301 char *deprecation = "PRAGMA cipher_hmac_pgno is deprecated, please remove from use";
302 /* clear both pgno endian flags */
303 if(sqlite3StrICmp(zRight, "le") == 0) {
304 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_BE_PGNO);
305 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_LE_PGNO);
306 } else if(sqlite3StrICmp(zRight, "be") == 0) {
307 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_LE_PGNO);
308 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_BE_PGNO);
309 } else if(sqlite3StrICmp(zRight, "native") == 0) {
310 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_LE_PGNO);
311 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_BE_PGNO);
312 }
313 codec_vdbe_return_string(pParse, "cipher_hmac_pgno", deprecation, P4_TRANSIENT);
314 sqlite3_log(SQLITE_WARNING, deprecation);
315
316 } else {
317 if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_LE_PGNO)) {
318 codec_vdbe_return_string(pParse, "cipher_hmac_pgno", "le", P4_TRANSIENT);
319 } else if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_BE_PGNO)) {
320 codec_vdbe_return_string(pParse, "cipher_hmac_pgno", "be", P4_TRANSIENT);
321 } else {
322 codec_vdbe_return_string(pParse, "cipher_hmac_pgno", "native", P4_TRANSIENT);
323 }
324 }
325 }
326 }else
327 if( sqlite3StrICmp(zLeft,"cipher_hmac_salt_mask")==0 ){
328 if(ctx) {
329 if(zRight) {
330 char *deprecation = "PRAGMA cipher_hmac_salt_mask is deprecated, please remove from use";
331 if (sqlite3StrNICmp(zRight ,"x'", 2) == 0 && sqlite3Strlen30(zRight) == 5) {
332 unsigned char mask = 0;
333 const unsigned char *hex = (const unsigned char *)zRight+2;
334 cipher_hex2bin(hex,2,&mask);
335 sqlcipher_set_hmac_salt_mask(mask);
336 }
337 codec_vdbe_return_string(pParse, "cipher_hmac_salt_mask", deprecation, P4_TRANSIENT);
338 sqlite3_log(SQLITE_WARNING, deprecation);
339 } else {
340 char *hmac_salt_mask = sqlite3_mprintf("%02x", sqlcipher_get_hmac_salt_mask());
341 codec_vdbe_return_string(pParse, "cipher_hmac_salt_mask", hmac_salt_mask, P4_DYNAMIC);
342 }
343 }
344 }else
345 if( sqlite3StrICmp(zLeft,"cipher_plaintext_header_size")==0 ){
346 if(ctx) {
347 if( zRight ) {
348 int size = atoi(zRight);
349 /* deliberately ignore result code, if size is invalid it will be set to -1
350 and trip the error later in the codec */
351 sqlcipher_codec_ctx_set_plaintext_header_size(ctx, size);
352 } else {
353 char *size = sqlite3_mprintf("%d", sqlcipher_codec_ctx_get_plaintext_header_size(ctx));
354 codec_vdbe_return_string(pParse, "cipher_plaintext_header_size", size, P4_DYNAMIC);
355 }
356 }
357 }else
358 if( sqlite3StrICmp(zLeft,"cipher_default_plaintext_header_size")==0 ){
359 if( zRight ) {
360 sqlcipher_set_default_plaintext_header_size(atoi(zRight));
361 } else {
362 char *size = sqlite3_mprintf("%d", sqlcipher_get_default_plaintext_header_size());
363 codec_vdbe_return_string(pParse, "cipher_default_plaintext_header_size", size, P4_DYNAMIC);
364 }
365 }else
366 if( sqlite3StrICmp(zLeft,"cipher_salt")==0 ){
367 if(ctx) {
368 if(zRight) {
369 if (sqlite3StrNICmp(zRight ,"x'", 2) == 0 && sqlite3Strlen30(zRight) == (FILE_HEADER_SZ*2)+3) {
370 unsigned char *salt = (unsigned char*) sqlite3_malloc(FILE_HEADER_SZ);
371 const unsigned char *hex = (const unsigned char *)zRight+2;
372 cipher_hex2bin(hex,FILE_HEADER_SZ*2,salt);
373 sqlcipher_codec_ctx_set_kdf_salt(ctx, salt, FILE_HEADER_SZ);
374 sqlite3_free(salt);
375 }
376 } else {
377 void *salt;
378 char *hexsalt = (char*) sqlite3_malloc((FILE_HEADER_SZ*2)+1);
379 if((rc = sqlcipher_codec_ctx_get_kdf_salt(ctx, &salt)) == SQLITE_OK) {
380 cipher_bin2hex(salt, FILE_HEADER_SZ, hexsalt);
381 codec_vdbe_return_string(pParse, "cipher_salt", hexsalt, P4_DYNAMIC);
382 } else {
383 sqlite3_free(hexsalt);
384 sqlcipher_codec_ctx_set_error(ctx, rc);
385 }
386 }
387 }
388 }else
389 if( sqlite3StrICmp(zLeft,"cipher_hmac_algorithm")==0 ){
390 if(ctx) {
391 if(zRight) {
392 rc = SQLITE_ERROR;
393 if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) {
394 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
395 } else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) {
396 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA256);
397 } else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA512_LABEL) == 0) {
398 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA512);
399 }
400 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
401 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
402 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
403 } else {
404 int algorithm = sqlcipher_codec_ctx_get_hmac_algorithm(ctx);
405 if(algorithm == SQLCIPHER_HMAC_SHA1) {
406 codec_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL, P4_TRANSIENT);
407 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
408 codec_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL, P4_TRANSIENT);
409 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
410 codec_vdbe_return_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL, P4_TRANSIENT);
411 }
412 }
413 }
414 }else
415 if( sqlite3StrICmp(zLeft,"cipher_default_hmac_algorithm")==0 ){
416 if(zRight) {
417 rc = SQLITE_ERROR;
418 if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) {
419 rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
420 } else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) {
421 rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA256);
422 } else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA512_LABEL) == 0) {
423 rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA512);
424 }
425 } else {
426 int algorithm = sqlcipher_get_default_hmac_algorithm();
427 if(algorithm == SQLCIPHER_HMAC_SHA1) {
428 codec_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL, P4_TRANSIENT);
429 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
430 codec_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL, P4_TRANSIENT);
431 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
432 codec_vdbe_return_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL, P4_TRANSIENT);
433 }
434 }
435 }else
436 if( sqlite3StrICmp(zLeft,"cipher_kdf_algorithm")==0 ){
437 if(ctx) {
438 if(zRight) {
439 rc = SQLITE_ERROR;
440 if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) {
441 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
442 } else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) {
443 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA256);
444 } else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL) == 0) {
445 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA512);
446 }
447 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
448 } else {
449 int algorithm = sqlcipher_codec_ctx_get_kdf_algorithm(ctx);
450 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
451 codec_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL, P4_TRANSIENT);
452 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
453 codec_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL, P4_TRANSIENT);
454 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
455 codec_vdbe_return_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL, P4_TRANSIENT);
456 }
457 }
458 }
459 }else
460 if( sqlite3StrICmp(zLeft,"cipher_default_kdf_algorithm")==0 ){
461 if(zRight) {
462 rc = SQLITE_ERROR;
463 if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) {
464 rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
465 } else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) {
466 rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA256);
467 } else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL) == 0) {
468 rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA512);
469 }
470 } else {
471 int algorithm = sqlcipher_get_default_kdf_algorithm();
472 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
473 codec_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL, P4_TRANSIENT);
474 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
475 codec_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL, P4_TRANSIENT);
476 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
477 codec_vdbe_return_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL, P4_TRANSIENT);
478 }
479 }
480 }else
481 if( sqlite3StrICmp(zLeft,"cipher_compatibility")==0 ){
482 if(ctx) {
483 if(zRight) {
484 int version = atoi(zRight);
485
486 switch(version) {
487 case 1:
488 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 1024);
489 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
490 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
491 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
492 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
493 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
494 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 4000);
495 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
496 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 0);
497 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
498 break;
499
500 case 2:
501 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 1024);
502 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
503 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
504 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
505 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
506 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
507 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 4000);
508 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
509 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 1);
510 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
511 break;
512
513 case 3:
514 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 1024);
515 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
516 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
517 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
518 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
519 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
520 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 64000);
521 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
522 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 1);
523 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
524 break;
525
526 default:
527 rc = sqlcipher_codec_ctx_set_pagesize(ctx, 4096);
528 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
529 rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA512);
530 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
531 rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA512);
532 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
533 rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, 256000);
534 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
535 rc = sqlcipher_codec_ctx_set_use_hmac(ctx, 1);
536 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
537 break;
538 }
539
540 rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
541 if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
542 }
543 }
544 }else
545 if( sqlite3StrICmp(zLeft,"cipher_default_compatibility")==0 ){
546 if(zRight) {
547 int version = atoi(zRight);
548 switch(version) {
549 case 1:
550 sqlcipher_set_default_pagesize(1024);
551 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
552 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
553 sqlcipher_set_default_kdf_iter(4000);
554 sqlcipher_set_default_use_hmac(0);
555 break;
556
557 case 2:
558 sqlcipher_set_default_pagesize(1024);
559 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
560 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
561 sqlcipher_set_default_kdf_iter(4000);
562 sqlcipher_set_default_use_hmac(1);
563 break;
564
565 case 3:
566 sqlcipher_set_default_pagesize(1024);
567 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
568 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
569 sqlcipher_set_default_kdf_iter(64000);
570 sqlcipher_set_default_use_hmac(1);
571 break;
572
573 default:
574 sqlcipher_set_default_pagesize(4096);
575 sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA512);
576 sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA512);
577 sqlcipher_set_default_kdf_iter(256000);
578 sqlcipher_set_default_use_hmac(1);
579 break;
580 }
581 }
582 }else
583 if( sqlite3StrICmp(zLeft,"cipher_memory_security")==0 ){
584 if( zRight ) {
585 sqlcipher_set_mem_security(sqlite3GetBoolean(zRight,1));
586 } else {
587 char *on = sqlite3_mprintf("%d", sqlcipher_get_mem_security());
588 codec_vdbe_return_string(pParse, "cipher_memory_security", on, P4_DYNAMIC);
589 }
590 }else
591 if( sqlite3StrICmp(zLeft,"cipher_settings")==0 ){
592 if(ctx) {
593 int algorithm;
594 char *pragma;
595
596 pragma = sqlite3_mprintf("PRAGMA kdf_iter = %d;", sqlcipher_codec_ctx_get_kdf_iter(ctx));
597 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
598
599 pragma = sqlite3_mprintf("PRAGMA cipher_page_size = %d;", sqlcipher_codec_ctx_get_pagesize(ctx));
600 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
601
602 pragma = sqlite3_mprintf("PRAGMA cipher_use_hmac = %d;", sqlcipher_codec_ctx_get_use_hmac(ctx));
603 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
604
605 pragma = sqlite3_mprintf("PRAGMA cipher_plaintext_header_size = %d;", sqlcipher_codec_ctx_get_plaintext_header_size(ctx));
606 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
607
608 algorithm = sqlcipher_codec_ctx_get_hmac_algorithm(ctx);
609 pragma = NULL;
610 if(algorithm == SQLCIPHER_HMAC_SHA1) {
611 pragma = sqlite3_mprintf("PRAGMA cipher_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA1_LABEL);
612 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
613 pragma = sqlite3_mprintf("PRAGMA cipher_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA256_LABEL);
614 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
615 pragma = sqlite3_mprintf("PRAGMA cipher_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA512_LABEL);
616 }
617 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
618
619 algorithm = sqlcipher_codec_ctx_get_kdf_algorithm(ctx);
620 pragma = NULL;
621 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
622 pragma = sqlite3_mprintf("PRAGMA cipher_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL);
623 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
624 pragma = sqlite3_mprintf("PRAGMA cipher_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL);
625 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
626 pragma = sqlite3_mprintf("PRAGMA cipher_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL);
627 }
628 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
629
630 }
631 }else
632 if( sqlite3StrICmp(zLeft,"cipher_default_settings")==0 ){
633 int algorithm;
634 char *pragma;
635
636 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_iter = %d;", sqlcipher_get_default_kdf_iter());
637 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
638
639 pragma = sqlite3_mprintf("PRAGMA cipher_default_page_size = %d;", sqlcipher_get_default_pagesize());
640 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
641
642 pragma = sqlite3_mprintf("PRAGMA cipher_default_use_hmac = %d;", sqlcipher_get_default_use_hmac());
643 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
644
645 pragma = sqlite3_mprintf("PRAGMA cipher_default_plaintext_header_size = %d;", sqlcipher_get_default_plaintext_header_size());
646 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
647
648 algorithm = sqlcipher_get_default_hmac_algorithm();
649 pragma = NULL;
650 if(algorithm == SQLCIPHER_HMAC_SHA1) {
651 pragma = sqlite3_mprintf("PRAGMA cipher_default_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA1_LABEL);
652 } else if(algorithm == SQLCIPHER_HMAC_SHA256) {
653 pragma = sqlite3_mprintf("PRAGMA cipher_default_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA256_LABEL);
654 } else if(algorithm == SQLCIPHER_HMAC_SHA512) {
655 pragma = sqlite3_mprintf("PRAGMA cipher_default_hmac_algorithm = %s;", SQLCIPHER_HMAC_SHA512_LABEL);
656 }
657 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
658
659 algorithm = sqlcipher_get_default_kdf_algorithm();
660 pragma = NULL;
661 if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
662 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL);
663 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
664 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL);
665 } else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
666 pragma = sqlite3_mprintf("PRAGMA cipher_default_kdf_algorithm = %s;", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL);
667 }
668 codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
669 }else
670 if( sqlite3StrICmp(zLeft,"cipher_integrity_check")==0 ){
671 if(ctx) {
672 sqlcipher_codec_ctx_integrity_check(ctx, pParse, "cipher_integrity_check");
673 }
674 }else {
675 return 0;
676 }
677 return 1;
678 }
679
680 /* these constants are used internally within SQLite's pager.c to differentiate between
681 operations on the main database or journal pages. This is important in the context
682 of a rekey operations, where the journal must be written using the original key
683 material (to allow a transactional rollback), while the new database pages are being
684 written with the new key material*/
685 #define CODEC_READ_OP 3
686 #define CODEC_WRITE_OP 6
687 #define CODEC_JOURNAL_OP 7
688
689 /*
690 * sqlite3Codec can be called in multiple modes.
691 * encrypt mode - expected to return a pointer to the
692 * encrypted data without altering pData.
693 * decrypt mode - expected to return a pointer to pData, with
694 * the data decrypted in the input buffer
695 */
696 static void* sqlite3Codec(void *iCtx, void *data, Pgno pgno, int mode) {
697 codec_ctx *ctx = (codec_ctx *) iCtx;
698 int offset = 0, rc = 0;
699 int page_sz = sqlcipher_codec_ctx_get_pagesize(ctx);
700 unsigned char *pData = (unsigned char *) data;
701 void *buffer = sqlcipher_codec_ctx_get_data(ctx);
702 int plaintext_header_sz = sqlcipher_codec_ctx_get_plaintext_header_size(ctx);
703 int cctx = CIPHER_READ_CTX;
704
705 CODEC_TRACE("sqlite3Codec: entered pgno=%d, mode=%d, page_sz=%d\n", pgno, mode, page_sz);
706
707 #ifdef SQLCIPHER_EXT
708 if(sqlcipher_license_check(ctx) != SQLITE_OK) return NULL;
709 #endif
710
711 /* call to derive keys if not present yet */
712 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
713 sqlcipher_codec_ctx_set_error(ctx, rc);
714 return NULL;
715 }
716
717 /* if the plaintext_header_size is negative that means an invalid size was set via
718 PRAGMA. We can't set the error state on the pager at that point because the pager
719 may not be open yet. However, this is a fatal error state, so abort the codec */
720 if(plaintext_header_sz < 0) {
721 sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
722 return NULL;
723 }
724
725 if(pgno == 1) /* adjust starting pointers in data page for header offset on first page*/
726 offset = plaintext_header_sz ? plaintext_header_sz : FILE_HEADER_SZ;
727
728
729 CODEC_TRACE("sqlite3Codec: switch mode=%d offset=%d\n", mode, offset);
730 switch(mode) {
731 case CODEC_READ_OP: /* decrypt */
732 if(pgno == 1) /* copy initial part of file header or SQLite magic to buffer */
733 memcpy(buffer, plaintext_header_sz ? pData : (void *) SQLITE_FILE_HEADER, offset);
734
735 rc = sqlcipher_page_cipher(ctx, cctx, pgno, CIPHER_DECRYPT, page_sz - offset, pData + offset, (unsigned char*)buffer + offset);
736 #ifdef SQLCIPHER_TEST
737 if((sqlcipher_get_test_flags() & TEST_FAIL_ENCRYPT) > 0) rc = SQLITE_ERROR;
738 #endif
739 if(rc != SQLITE_OK) { /* clear results of failed cipher operation and set error */
740 sqlcipher_memset((unsigned char*) buffer+offset, 0, page_sz-offset);
741 sqlcipher_codec_ctx_set_error(ctx, rc);
742 }
743 memcpy(pData, buffer, page_sz); /* copy buffer data back to pData and return */
744 return pData;
745 break;
746
747 case CODEC_WRITE_OP: /* encrypt database page, operate on write context and fall through to case 7, so the write context is used*/
748 cctx = CIPHER_WRITE_CTX;
749
750 case CODEC_JOURNAL_OP: /* encrypt journal page, operate on read context use to get the original page data from the database */
751 if(pgno == 1) { /* copy initial part of file header or salt to buffer */
752 void *kdf_salt = NULL;
753 /* retrieve the kdf salt */
754 if((rc = sqlcipher_codec_ctx_get_kdf_salt(ctx, &kdf_salt)) != SQLITE_OK) {
755 sqlcipher_codec_ctx_set_error(ctx, rc);
756 return NULL;
757 }
758 memcpy(buffer, plaintext_header_sz ? pData : kdf_salt, offset);
759 }
760 rc = sqlcipher_page_cipher(ctx, cctx, pgno, CIPHER_ENCRYPT, page_sz - offset, pData + offset, (unsigned char*)buffer + offset);
761 #ifdef SQLCIPHER_TEST
762 if((sqlcipher_get_test_flags() & TEST_FAIL_DECRYPT) > 0) rc = SQLITE_ERROR;
763 #endif
764 if(rc != SQLITE_OK) { /* clear results of failed cipher operation and set error */
765 sqlcipher_memset((unsigned char*)buffer+offset, 0, page_sz-offset);
766 sqlcipher_codec_ctx_set_error(ctx, rc);
767 return NULL;
768 }
769 return buffer; /* return persistent buffer data, pData remains intact */
770 break;
771
772 default:
773 sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR); /* unsupported mode, set error */
774 return pData;
775 break;
776 }
777 }
778
779 static void sqlite3FreeCodecArg(void *pCodecArg) {
780 codec_ctx *ctx = (codec_ctx *) pCodecArg;
781 if(pCodecArg == NULL) return;
782 sqlcipher_codec_ctx_free(&ctx); /* wipe and free allocated memory for the context */
783 sqlcipher_deactivate(); /* cleanup related structures, OpenSSL etc, when codec is detatched */
784 }
785
786 int sqlite3CodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) {
787 struct Db *pDb = &db->aDb[nDb];
788
789 CODEC_TRACE("sqlite3CodecAttach: entered db=%p, nDb=%d zKey=%p, nKey=%d\n", db, nDb, zKey, nKey);
790
791
792 if(nKey && zKey && pDb->pBt) {
793 int rc;
794 Pager *pPager = pDb->pBt->pBt->pPager;
795 sqlite3_file *fd;
796 codec_ctx *ctx;
797
798 /* check if the sqlite3_file is open, and if not force handle to NULL */
799 if((fd = sqlite3PagerFile(pPager))->pMethods == 0) fd = NULL;
800
801 CODEC_TRACE("sqlite3CodecAttach: calling sqlcipher_activate()\n");
802 sqlcipher_activate(); /* perform internal initialization for sqlcipher */
803
804 CODEC_TRACE_MUTEX("sqlite3CodecAttach: entering database mutex %p\n", db->mutex);
805 sqlite3_mutex_enter(db->mutex);
806 CODEC_TRACE_MUTEX("sqlite3CodecAttach: entered database mutex %p\n", db->mutex);
807
808 #ifdef SQLCIPHER_EXT
809 if((rc = sqlite3_set_authorizer(db, sqlcipher_license_authorizer, db)) != SQLITE_OK) {
810 sqlite3_mutex_leave(db->mutex);
811 return rc;
812 }
813 #endif
814
815 /* point the internal codec argument against the contet to be prepared */
816 CODEC_TRACE("sqlite3CodecAttach: calling sqlcipher_codec_ctx_init()\n");
817 rc = sqlcipher_codec_ctx_init(&ctx, pDb, pDb->pBt->pBt->pPager, zKey, nKey);
818
819 if(rc != SQLITE_OK) {
820 /* initialization failed, do not attach potentially corrupted context */
821 CODEC_TRACE("sqlite3CodecAttach: context initialization failed with rc=%d\n", rc);
822 /* force an error at the pager level, such that even the upstream caller ignores the return code
823 the pager will be in an error state and will process no further operations */
824 sqlite3pager_error(pPager, rc);
825 pDb->pBt->pBt->db->errCode = rc;
826 CODEC_TRACE_MUTEX("sqlite3CodecAttach: leaving database mutex %p (early return on rc=%d)\n", db->mutex, rc);
827 sqlite3_mutex_leave(db->mutex);
828 CODEC_TRACE_MUTEX("sqlite3CodecAttach: left database mutex %p (early return on rc=%d)\n", db->mutex, rc);
829 return rc;
830 }
831
832 CODEC_TRACE("sqlite3CodecAttach: calling sqlite3PagerSetCodec()\n");
833 sqlite3PagerSetCodec(sqlite3BtreePager(pDb->pBt), sqlite3Codec, NULL, sqlite3FreeCodecArg, (void *) ctx);
834
835 CODEC_TRACE("sqlite3CodecAttach: calling codec_set_btree_to_codec_pagesize()\n");
836 codec_set_btree_to_codec_pagesize(db, pDb, ctx);
837
838 /* force secure delete. This has the benefit of wiping internal data when deleted
839 and also ensures that all pages are written to disk (i.e. not skipped by
840 sqlite3PagerDontWrite optimizations) */
841 CODEC_TRACE("sqlite3CodecAttach: calling sqlite3BtreeSecureDelete()\n");
842 sqlite3BtreeSecureDelete(pDb->pBt, 1);
843
844 /* if fd is null, then this is an in-memory database and
845 we dont' want to overwrite the AutoVacuum settings
846 if not null, then set to the default */
847 if(fd != NULL) {
848 CODEC_TRACE("sqlite3CodecAttach: calling sqlite3BtreeSetAutoVacuum()\n");
849 sqlite3BtreeSetAutoVacuum(pDb->pBt, SQLITE_DEFAULT_AUTOVACUUM);
850 }
851 CODEC_TRACE_MUTEX("sqlite3CodecAttach: leaving database mutex %p\n", db->mutex);
852 sqlite3_mutex_leave(db->mutex);
853 CODEC_TRACE_MUTEX("sqlite3CodecAttach: left database mutex %p\n", db->mutex);
854 }
855 return SQLITE_OK;
856 }
857
858 int sqlcipher_find_db_index(sqlite3 *db, const char *zDb) {
859 int db_index;
860 if(zDb == NULL){
861 return 0;
862 }
863 for(db_index = 0; db_index < db->nDb; db_index++) {
864 struct Db *pDb = &db->aDb[db_index];
865 if(strcmp(pDb->zDbSName, zDb) == 0) {
866 return db_index;
867 }
868 }
869 return 0;
870 }
871
872 void sqlite3_activate_see(const char* in) {
873 /* do nothing, security enhancements are always active */
874 }
875
876 int sqlite3_key(sqlite3 *db, const void *pKey, int nKey) {
877 CODEC_TRACE("sqlite3_key entered: db=%p pKey=%p nKey=%d\n", db, pKey, nKey);
878 return sqlite3_key_v2(db, "main", pKey, nKey);
879 }
880
881 int sqlite3_key_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
882 CODEC_TRACE("sqlite3_key_v2: entered db=%p zDb=%s pKey=%p nKey=%d\n", db, zDb, pKey, nKey);
883 /* attach key if db and pKey are not null and nKey is > 0 */
884 if(db && pKey && nKey) {
885 int db_index = sqlcipher_find_db_index(db, zDb);
886 return sqlite3CodecAttach(db, db_index, pKey, nKey);
887 }
888 return SQLITE_ERROR;
889 }
890
891 int sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey) {
892 CODEC_TRACE("sqlite3_rekey entered: db=%p pKey=%p nKey=%d\n", db, pKey, nKey);
893 return sqlite3_rekey_v2(db, "main", pKey, nKey);
894 }
895
896 /* sqlite3_rekey_v2
897 ** Given a database, this will reencrypt the database using a new key.
898 ** There is only one possible modes of operation - to encrypt a database
899 ** that is already encrpyted. If the database is not already encrypted
900 ** this should do nothing
901 ** The proposed logic for this function follows:
902 ** 1. Determine if the database is already encryptped
903 ** 2. If there is NOT already a key present do nothing
904 ** 3. If there is a key present, re-encrypt the database with the new key
905 */
906 int sqlite3_rekey_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
907 CODEC_TRACE("sqlite3_rekey_v2: entered db=%p zDb=%s pKey=%p, nKey=%d\n", db, zDb, pKey, nKey);
908 if(db && pKey && nKey) {
909 int db_index = sqlcipher_find_db_index(db, zDb);
910 struct Db *pDb = &db->aDb[db_index];
911 CODEC_TRACE("sqlite3_rekey_v2: database pDb=%p db_index:%d\n", pDb, db_index);
912 if(pDb->pBt) {
913 codec_ctx *ctx;
914 int rc, page_count;
915 Pgno pgno;
916 PgHdr *page;
917 Pager *pPager = pDb->pBt->pBt->pPager;
918
919 ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
920
921 if(ctx == NULL) {
922 /* there was no codec attached to this database, so this should do nothing! */
923 CODEC_TRACE("sqlite3_rekey_v2: no codec attached to db, exiting\n");
924 return SQLITE_OK;
925 }
926
927 CODEC_TRACE_MUTEX("sqlite3_rekey_v2: entering database mutex %p\n", db->mutex);
928 sqlite3_mutex_enter(db->mutex);
929 CODEC_TRACE_MUTEX("sqlite3_rekey_v2: entered database mutex %p\n", db->mutex);
930
931 codec_set_pass_key(db, db_index, pKey, nKey, CIPHER_WRITE_CTX);
932
933 /* do stuff here to rewrite the database
934 ** 1. Create a transaction on the database
935 ** 2. Iterate through each page, reading it and then writing it.
936 ** 3. If that goes ok then commit and put ctx->rekey into ctx->key
937 ** note: don't deallocate rekey since it may be used in a subsequent iteration
938 */
939 rc = sqlite3BtreeBeginTrans(pDb->pBt, 1, 0); /* begin write transaction */
940 sqlite3PagerPagecount(pPager, &page_count);
941 for(pgno = 1; rc == SQLITE_OK && pgno <= (unsigned int)page_count; pgno++) { /* pgno's start at 1 see pager.c:pagerAcquire */
942 if(!sqlite3pager_is_mj_pgno(pPager, pgno)) { /* skip this page (see pager.c:pagerAcquire for reasoning) */
943 rc = sqlite3PagerGet(pPager, pgno, &page, 0);
944 if(rc == SQLITE_OK) { /* write page see pager_incr_changecounter for example */
945 rc = sqlite3PagerWrite(page);
946 if(rc == SQLITE_OK) {
947 sqlite3PagerUnref(page);
948 } else {
949 CODEC_TRACE("sqlite3_rekey_v2: error %d occurred writing page %d\n", rc, pgno);
950 }
951 } else {
952 CODEC_TRACE("sqlite3_rekey_v2: error %d occurred getting page %d\n", rc, pgno);
953 }
954 }
955 }
956
957 /* if commit was successful commit and copy the rekey data to current key, else rollback to release locks */
958 if(rc == SQLITE_OK) {
959 CODEC_TRACE("sqlite3_rekey_v2: committing\n");
960 rc = sqlite3BtreeCommit(pDb->pBt);
961 sqlcipher_codec_key_copy(ctx, CIPHER_WRITE_CTX);
962 } else {
963 CODEC_TRACE("sqlite3_rekey_v2: rollback\n");
964 sqlite3BtreeRollback(pDb->pBt, SQLITE_ABORT_ROLLBACK, 0);
965 }
966
967 CODEC_TRACE_MUTEX("sqlite3_rekey_v2: leaving database mutex %p\n", db->mutex);
968 sqlite3_mutex_leave(db->mutex);
969 CODEC_TRACE_MUTEX("sqlite3_rekey_v2: left database mutex %p\n", db->mutex);
970 }
971 return SQLITE_OK;
972 }
973 return SQLITE_ERROR;
974 }
975
976 void sqlite3CodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) {
977 struct Db *pDb = &db->aDb[nDb];
978 CODEC_TRACE("sqlite3CodecGetKey: entered db=%p, nDb=%d\n", db, nDb);
979 if( pDb->pBt ) {
980 codec_ctx *ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
981
982 if(ctx) {
983 /* pass back the keyspec from the codec, unless PRAGMA cipher_store_pass
984 is set or keyspec has not yet been derived, in which case pass
985 back the password key material */
986 sqlcipher_codec_get_keyspec(ctx, zKey, nKey);
987 if(sqlcipher_codec_get_store_pass(ctx) == 1 || *zKey == NULL) {
988 sqlcipher_codec_get_pass(ctx, zKey, nKey);
989 }
990 } else {
991 *zKey = NULL;
992 *nKey = 0;
993 }
994 }
995 }
996
997 /*
998 * Implementation of an "export" function that allows a caller
999 * to duplicate the main database to an attached database. This is intended
1000 * as a conveneince for users who need to:
1001 *
1002 * 1. migrate from an non-encrypted database to an encrypted database
1003 * 2. move from an encrypted database to a non-encrypted database
1004 * 3. convert beween the various flavors of encrypted databases.
1005 *
1006 * This implementation is based heavily on the procedure and code used
1007 * in vacuum.c, but is exposed as a function that allows export to any
1008 * named attached database.
1009 */
1010
1011 /*
1012 ** Finalize a prepared statement. If there was an error, store the
1013 ** text of the error message in *pzErrMsg. Return the result code.
1014 **
1015 ** Based on vacuumFinalize from vacuum.c
1016 */
1017 static int sqlcipher_finalize(sqlite3 *db, sqlite3_stmt *pStmt, char **pzErrMsg){
1018 int rc;
1019 rc = sqlite3VdbeFinalize((Vdbe*)pStmt);
1020 if( rc ){
1021 sqlite3SetString(pzErrMsg, db, sqlite3_errmsg(db));
1022 }
1023 return rc;
1024 }
1025
1026 /*
1027 ** Execute zSql on database db. Return an error code.
1028 **
1029 ** Based on execSql from vacuum.c
1030 */
1031 static int sqlcipher_execSql(sqlite3 *db, char **pzErrMsg, const char *zSql){
1032 sqlite3_stmt *pStmt;
1033 VVA_ONLY( int rc; )
1034 if( !zSql ){
1035 return SQLITE_NOMEM;
1036 }
1037 if( SQLITE_OK!=sqlite3_prepare(db, zSql, -1, &pStmt, 0) ){
1038 sqlite3SetString(pzErrMsg, db, sqlite3_errmsg(db));
1039 return sqlite3_errcode(db);
1040 }
1041 VVA_ONLY( rc = ) sqlite3_step(pStmt);
1042 assert( rc!=SQLITE_ROW );
1043 return sqlcipher_finalize(db, pStmt, pzErrMsg);
1044 }
1045
1046 /*
1047 ** Execute zSql on database db. The statement returns exactly
1048 ** one column. Execute this as SQL on the same database.
1049 **
1050 ** Based on execExecSql from vacuum.c
1051 */
1052 static int sqlcipher_execExecSql(sqlite3 *db, char **pzErrMsg, const char *zSql){
1053 sqlite3_stmt *pStmt;
1054 int rc;
1055
1056 rc = sqlite3_prepare(db, zSql, -1, &pStmt, 0);
1057 if( rc!=SQLITE_OK ) return rc;
1058
1059 while( SQLITE_ROW==sqlite3_step(pStmt) ){
1060 rc = sqlcipher_execSql(db, pzErrMsg, (char*)sqlite3_column_text(pStmt, 0));
1061 if( rc!=SQLITE_OK ){
1062 sqlcipher_finalize(db, pStmt, pzErrMsg);
1063 return rc;
1064 }
1065 }
1066
1067 return sqlcipher_finalize(db, pStmt, pzErrMsg);
1068 }
1069
1070 /*
1071 * copy database and schema from the main database to an attached database
1072 *
1073 * Based on sqlite3RunVacuum from vacuum.c
1074 */
1075 void sqlcipher_exportFunc(sqlite3_context *context, int argc, sqlite3_value **argv) {
1076 sqlite3 *db = sqlite3_context_db_handle(context);
1077 const char* targetDb, *sourceDb;
1078 int targetDb_idx = 0;
1079 u64 saved_flags = db->flags; /* Saved value of the db->flags */
1080 u32 saved_mDbFlags = db->mDbFlags; /* Saved value of the db->mDbFlags */
1081 int saved_nChange = db->nChange; /* Saved value of db->nChange */
1082 int saved_nTotalChange = db->nTotalChange; /* Saved value of db->nTotalChange */
1083 u8 saved_mTrace = db->mTrace; /* Saved value of db->mTrace */
1084 int rc = SQLITE_OK; /* Return code from service routines */
1085 char *zSql = NULL; /* SQL statements */
1086 char *pzErrMsg = NULL;
1087
1088 if(argc != 1 && argc != 2) {
1089 rc = SQLITE_ERROR;
1090 pzErrMsg = sqlite3_mprintf("invalid number of arguments (%d) passed to sqlcipher_export", argc);
1091 goto end_of_export;
1092 }
1093
1094 if(sqlite3_value_type(argv[0]) == SQLITE_NULL) {
1095 rc = SQLITE_ERROR;
1096 pzErrMsg = sqlite3_mprintf("target database can't be NULL");
1097 goto end_of_export;
1098 }
1099
1100 targetDb = (const char*) sqlite3_value_text(argv[0]);
1101 sourceDb = "main";
1102
1103 if(argc == 2) {
1104 if(sqlite3_value_type(argv[1]) == SQLITE_NULL) {
1105 rc = SQLITE_ERROR;
1106 pzErrMsg = sqlite3_mprintf("target database can't be NULL");
1107 goto end_of_export;
1108 }
1109 sourceDb = (char *) sqlite3_value_text(argv[1]);
1110 }
1111
1112
1113 /* if the name of the target is not main, but the index returned is zero
1114 there is a mismatch and we should not proceed */
1115 targetDb_idx = sqlcipher_find_db_index(db, targetDb);
1116 if(targetDb_idx == 0 && targetDb != NULL && sqlite3StrICmp("main", targetDb) != 0) {
1117 rc = SQLITE_ERROR;
1118 pzErrMsg = sqlite3_mprintf("unknown database %s", targetDb);
1119 goto end_of_export;
1120 }
1121 db->init.iDb = targetDb_idx;
1122
1123 db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks;
1124 db->mDbFlags |= DBFLAG_PreferBuiltin | DBFLAG_Vacuum;
1125 db->flags &= ~(u64)(SQLITE_ForeignKeys | SQLITE_ReverseOrder | SQLITE_Defensive | SQLITE_CountRows);
1126 db->mTrace = 0;
1127
1128 /* Query the schema of the main database. Create a mirror schema
1129 ** in the temporary database.
1130 */
1131 zSql = sqlite3_mprintf(
1132 "SELECT sql "
1133 " FROM %s.sqlite_schema WHERE type='table' AND name!='sqlite_sequence'"
1134 " AND rootpage>0"
1135 , sourceDb);
1136 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1137 if( rc!=SQLITE_OK ) goto end_of_export;
1138 sqlite3_free(zSql);
1139
1140 zSql = sqlite3_mprintf(
1141 "SELECT sql "
1142 " FROM %s.sqlite_schema WHERE sql LIKE 'CREATE INDEX %%' "
1143 , sourceDb);
1144 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1145 if( rc!=SQLITE_OK ) goto end_of_export;
1146 sqlite3_free(zSql);
1147
1148 zSql = sqlite3_mprintf(
1149 "SELECT sql "
1150 " FROM %s.sqlite_schema WHERE sql LIKE 'CREATE UNIQUE INDEX %%'"
1151 , sourceDb);
1152 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1153 if( rc!=SQLITE_OK ) goto end_of_export;
1154 sqlite3_free(zSql);
1155
1156 /* Loop through the tables in the main database. For each, do
1157 ** an "INSERT INTO rekey_db.xxx SELECT * FROM main.xxx;" to copy
1158 ** the contents to the temporary database.
1159 */
1160 zSql = sqlite3_mprintf(
1161 "SELECT 'INSERT INTO %s.' || quote(name) "
1162 "|| ' SELECT * FROM %s.' || quote(name) || ';'"
1163 "FROM %s.sqlite_schema "
1164 "WHERE type = 'table' AND name!='sqlite_sequence' "
1165 " AND rootpage>0"
1166 , targetDb, sourceDb, sourceDb);
1167 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1168 if( rc!=SQLITE_OK ) goto end_of_export;
1169 sqlite3_free(zSql);
1170
1171 /* Copy over the contents of the sequence table
1172 */
1173 zSql = sqlite3_mprintf(
1174 "SELECT 'INSERT INTO %s.' || quote(name) "
1175 "|| ' SELECT * FROM %s.' || quote(name) || ';' "
1176 "FROM %s.sqlite_schema WHERE name=='sqlite_sequence';"
1177 , targetDb, sourceDb, targetDb);
1178 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execExecSql(db, &pzErrMsg, zSql);
1179 if( rc!=SQLITE_OK ) goto end_of_export;
1180 sqlite3_free(zSql);
1181
1182 /* Copy the triggers, views, and virtual tables from the main database
1183 ** over to the temporary database. None of these objects has any
1184 ** associated storage, so all we have to do is copy their entries
1185 ** from the SQLITE_MASTER table.
1186 */
1187 zSql = sqlite3_mprintf(
1188 "INSERT INTO %s.sqlite_schema "
1189 " SELECT type, name, tbl_name, rootpage, sql"
1190 " FROM %s.sqlite_schema"
1191 " WHERE type='view' OR type='trigger'"
1192 " OR (type='table' AND rootpage=0)"
1193 , targetDb, sourceDb);
1194 rc = (zSql == NULL) ? SQLITE_NOMEM : sqlcipher_execSql(db, &pzErrMsg, zSql);
1195 if( rc!=SQLITE_OK ) goto end_of_export;
1196 sqlite3_free(zSql);
1197
1198 zSql = NULL;
1199 end_of_export:
1200 db->init.iDb = 0;
1201 db->flags = saved_flags;
1202 db->mDbFlags = saved_mDbFlags;
1203 db->nChange = saved_nChange;
1204 db->nTotalChange = saved_nTotalChange;
1205 db->mTrace = saved_mTrace;
1206
1207 if(zSql) sqlite3_free(zSql);
1208
1209 if(rc) {
1210 if(pzErrMsg != NULL) {
1211 sqlite3_result_error(context, pzErrMsg, -1);
1212 sqlite3DbFree(db, pzErrMsg);
1213 } else {
1214 sqlite3_result_error(context, sqlite3ErrStr(rc), -1);
1215 }
1216 }
1217 }
1218 #endif
1219 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.