search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge sqlite-release(3.43.1) into prerelease-integration
[sqlcipher.git] / src / crypto_impl.c
blob318c48b03d223b37cc832dee44e147f31e126239
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36
37 #ifdef SQLCIPHER_TEST
38 static volatile unsigned int cipher_test_flags = 0;
39 unsigned int sqlcipher_get_test_flags() {
40 return cipher_test_flags;
41 }
42 void sqlcipher_set_test_flags(unsigned int flags) {
43 cipher_test_flags = flags;
44 }
45
46 static volatile int cipher_test_rand = 0;
47 int sqlcipher_get_test_rand() {
48 return cipher_test_rand;
49 }
50 void sqlcipher_set_test_rand(int rand) {
51 cipher_test_rand = rand;
52 }
53 int sqlcipher_get_test_fail() {
54 int x;
55
56 /* if cipher_test_rand is not set to a non-zero value always fail (return true) */
57 if (cipher_test_rand == 0) return 1;
58
59 sqlite3_randomness(sizeof(x), &x);
60 return ((x % cipher_test_rand) == 0);
61 }
62 #endif
63
64 /* Generate code to return a string value */
65
66 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
67 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
68 static volatile int default_kdf_iter = PBKDF2_ITER;
69 static volatile int default_page_size = 4096;
70 static volatile int default_plaintext_header_sz = 0;
71 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
72 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
73 static volatile int sqlcipher_mem_security_on = 0;
74 static volatile int sqlcipher_mem_executed = 0;
75 static volatile int sqlcipher_mem_initialized = 0;
76 static volatile unsigned int sqlcipher_activate_count = 0;
77 static volatile sqlite3_mem_methods default_mem_methods;
78 static sqlcipher_provider *default_provider = NULL;
79
80 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
81 static FILE* sqlcipher_log_file = NULL;
82 static volatile int sqlcipher_log_logcat = 0;
83 static volatile unsigned int sqlcipher_log_level = SQLCIPHER_LOG_NONE;
84
85 sqlite3_mutex* sqlcipher_mutex(int mutex) {
86 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
87 return sqlcipher_static_mutex[mutex];
88 }
89
90 static int sqlcipher_mem_init(void *pAppData) {
91 return default_mem_methods.xInit(pAppData);
92 }
93 static void sqlcipher_mem_shutdown(void *pAppData) {
94 default_mem_methods.xShutdown(pAppData);
95 }
96 static void *sqlcipher_mem_malloc(int n) {
97 void *ptr = default_mem_methods.xMalloc(n);
98 if(!sqlcipher_mem_executed) sqlcipher_mem_executed = 1;
99 if(sqlcipher_mem_security_on) {
100 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)", ptr, n);
101 sqlcipher_mlock(ptr, n);
102 }
103 return ptr;
104 }
105 static int sqlcipher_mem_size(void *p) {
106 return default_mem_methods.xSize(p);
107 }
108 static void sqlcipher_mem_free(void *p) {
109 int sz;
110 if(!sqlcipher_mem_executed) sqlcipher_mem_executed = 1;
111 if(sqlcipher_mem_security_on) {
112 sz = sqlcipher_mem_size(p);
113 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d)", p, sz, p, sz);
114 sqlcipher_memset(p, 0, sz);
115 sqlcipher_munlock(p, sz);
116 }
117 default_mem_methods.xFree(p);
118 }
119 static void *sqlcipher_mem_realloc(void *p, int n) {
120 void *new = NULL;
121 int orig_sz = 0;
122 if(sqlcipher_mem_security_on) {
123 orig_sz = sqlcipher_mem_size(p);
124 if (n==0) {
125 sqlcipher_mem_free(p);
126 return NULL;
127 } else if (!p) {
128 return sqlcipher_mem_malloc(n);
129 } else if(n <= orig_sz) {
130 return p;
131 } else {
132 new = sqlcipher_mem_malloc(n);
133 if(new) {
134 memcpy(new, p, orig_sz);
135 sqlcipher_mem_free(p);
136 }
137 return new;
138 }
139 } else {
140 return default_mem_methods.xRealloc(p, n);
141 }
142 }
143
144 static int sqlcipher_mem_roundup(int n) {
145 return default_mem_methods.xRoundup(n);
146 }
147
148 static sqlite3_mem_methods sqlcipher_mem_methods = {
149 sqlcipher_mem_malloc,
150 sqlcipher_mem_free,
151 sqlcipher_mem_realloc,
152 sqlcipher_mem_size,
153 sqlcipher_mem_roundup,
154 sqlcipher_mem_init,
155 sqlcipher_mem_shutdown,
156 0
157 };
158
159 void sqlcipher_init_memmethods() {
160 if(sqlcipher_mem_initialized) return;
161 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
162 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
163 sqlcipher_mem_security_on = sqlcipher_mem_executed = sqlcipher_mem_initialized = 0;
164 } else {
165 sqlcipher_mem_initialized = 1;
166 }
167 }
168
169 int sqlcipher_register_provider(sqlcipher_provider *p) {
170 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER");
171 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
172 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER");
173
174 if(default_provider != NULL && default_provider != p) {
175 /* only free the current registerd provider if it has been initialized
176 and it isn't a pointer to the same provider passed to the function
177 (i.e. protect against a caller calling register twice for the same provider) */
178 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
179 }
180 default_provider = p;
181 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER");
182 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
183 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER");
184
185 return SQLITE_OK;
186 }
187
188 /* return a pointer to the currently registered provider. This will
189 allow an application to fetch the current registered provider and
190 make minor changes to it */
191 sqlcipher_provider* sqlcipher_get_provider() {
192 return default_provider;
193 }
194
195 void sqlcipher_activate() {
196 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: entering static master mutex");
197 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
198 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: entered static master mutex");
199
200 /* allocate new mutexes */
201 if(sqlcipher_activate_count == 0) {
202 int i;
203 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
204 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
205 }
206 }
207
208 /* check to see if there is a provider registered at this point
209 if there no provider registered at this point, register the
210 default provider */
211 if(sqlcipher_get_provider() == NULL) {
212 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
213 #if defined (SQLCIPHER_CRYPTO_CC)
214 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
215 sqlcipher_cc_setup(p);
216 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
217 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
218 sqlcipher_ltc_setup(p);
219 #elif defined (SQLCIPHER_CRYPTO_NSS)
220 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
221 sqlcipher_nss_setup(p);
222 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
223 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
224 sqlcipher_openssl_setup(p);
225 #else
226 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
227 #endif
228 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_activate: calling sqlcipher_register_provider(%p)", p);
229 #ifdef SQLCIPHER_EXT
230 sqlcipher_ext_provider_setup(p);
231 #endif
232 sqlcipher_register_provider(p);
233 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_activate: called sqlcipher_register_provider(%p)",p);
234 }
235
236 sqlcipher_activate_count++; /* increment activation count */
237
238 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: leaving static master mutex");
239 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
240 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: left static master mutex");
241 }
242
243 void sqlcipher_deactivate() {
244 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entering static master mutex");
245 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
246 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entered static master mutex");
247
248 sqlcipher_activate_count--;
249 /* if no connections are using sqlcipher, cleanup globals */
250 if(sqlcipher_activate_count < 1) {
251 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER");
252 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
253 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER");
254
255 if(default_provider != NULL) {
256 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
257 default_provider = NULL;
258 }
259
260 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER");
261 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
262 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER");
263
264 #ifdef SQLCIPHER_EXT
265 sqlcipher_ext_provider_destroy();
266 #endif
267
268 /* last connection closed, free mutexes */
269 if(sqlcipher_activate_count == 0) {
270 int i;
271 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
272 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
273 }
274 }
275 sqlcipher_activate_count = 0; /* reset activation count */
276 }
277
278 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: leaving static master mutex");
279 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
280 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: left static master mutex");
281 }
282
283 /* constant time memset using volitile to avoid having the memset
284 optimized out by the compiler.
285 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
286 */
287 void* sqlcipher_memset(void *v, unsigned char value, sqlite_uint64 len) {
288 volatile sqlite_uint64 i = 0;
289 volatile unsigned char *a = v;
290
291 if (v == NULL) return v;
292
293 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_memset: setting %p[0-%llu]=%d)", a, len, value);
294 for(i = 0; i < len; i++) {
295 a[i] = value;
296 }
297
298 return v;
299 }
300
301 /* constant time memory check tests every position of a memory segement
302 matches a single value (i.e. the memory is all zeros)
303 returns 0 if match, 1 of no match */
304 int sqlcipher_ismemset(const void *v, unsigned char value, sqlite_uint64 len) {
305 const volatile unsigned char *a = v;
306 volatile sqlite_uint64 i = 0, result = 0;
307
308 for(i = 0; i < len; i++) {
309 result |= a[i] ^ value;
310 }
311
312 return (result != 0);
313 }
314
315 /* constant time memory comparison routine.
316 returns 0 if match, 1 if no match */
317 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
318 const volatile unsigned char *a0 = v0, *a1 = v1;
319 volatile int i = 0, result = 0;
320
321 for(i = 0; i < len; i++) {
322 result |= a0[i] ^ a1[i];
323 }
324
325 return (result != 0);
326 }
327
328 void sqlcipher_mlock(void *ptr, sqlite_uint64 sz) {
329 #ifndef OMIT_MEMLOCK
330 #if defined(__unix__) || defined(__APPLE__)
331 int rc;
332 unsigned long pagesize = sysconf(_SC_PAGESIZE);
333 unsigned long offset = (unsigned long) ptr % pagesize;
334
335 if(ptr == NULL || sz == 0) return;
336
337 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu", ptr - offset, sz + offset, pagesize);
338 rc = mlock(ptr - offset, sz + offset);
339 if(rc!=0) {
340 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
341 }
342 #elif defined(_WIN32)
343 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
344 int rc;
345 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_lock: calling VirtualLock(%p,%d)", ptr, sz);
346 rc = VirtualLock(ptr, sz);
347 if(rc==0) {
348 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
349 }
350 #endif
351 #endif
352 #endif
353 }
354
355 void sqlcipher_munlock(void *ptr, sqlite_uint64 sz) {
356 #ifndef OMIT_MEMLOCK
357 #if defined(__unix__) || defined(__APPLE__)
358 int rc;
359 unsigned long pagesize = sysconf(_SC_PAGESIZE);
360 unsigned long offset = (unsigned long) ptr % pagesize;
361
362 if(ptr == NULL || sz == 0) return;
363
364 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_unlock: calling munlock(%p,%lu)", ptr - offset, sz + offset);
365 rc = munlock(ptr - offset, sz + offset);
366 if(rc!=0) {
367 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
368 }
369 #elif defined(_WIN32)
370 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
371 int rc;
372 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)", ptr, sz);
373 rc = VirtualUnlock(ptr, sz);
374 if(!rc) {
375 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
376 }
377 #endif
378 #endif
379 #endif
380 }
381
382 /**
383 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
384 * can be countend and memory leak detection works in the test suite.
385 * If ptr is not null memory will be freed.
386 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
387 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
388 * memory segment so it can be paged
389 */
390 void sqlcipher_free(void *ptr, sqlite_uint64 sz) {
391 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
392 sqlcipher_memset(ptr, 0, sz);
393 sqlcipher_munlock(ptr, sz);
394 sqlite3_free(ptr);
395 }
396
397 /**
398 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
399 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
400 * attempts to lock the memory pages so sensitive information won't be swapped
401 */
402 void* sqlcipher_malloc(sqlite_uint64 sz) {
403 void *ptr;
404 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_malloc: calling sqlite3Malloc(%llu)", sz);
405 ptr = sqlite3Malloc(sz);
406 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
407 sqlcipher_memset(ptr, 0, sz);
408 sqlcipher_mlock(ptr, sz);
409 return ptr;
410 }
411
412 char* sqlcipher_version() {
413 #ifdef CIPHER_VERSION_QUALIFIER
414 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
415 #else
416 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
417 #endif
418 return version;
419 }
420
421 /**
422 * Initialize new cipher_ctx struct. This function will allocate memory
423 * for the cipher context and for the key
424 *
425 * returns SQLITE_OK if initialization was successful
426 * returns SQLITE_NOMEM if an error occured allocating memory
427 */
428 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
429 cipher_ctx *c_ctx;
430 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating context");
431 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
432 c_ctx = *iCtx;
433 if(c_ctx == NULL) return SQLITE_NOMEM;
434
435 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating key");
436 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
437
438 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating hmac_key");
439 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
440
441 if(c_ctx->key == NULL) return SQLITE_NOMEM;
442 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
443
444 return SQLITE_OK;
445 }
446
447 /**
448 * Free and wipe memory associated with a cipher_ctx
449 */
450 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
451 cipher_ctx *c_ctx = *iCtx;
452 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_free: iCtx=%p", iCtx);
453 sqlcipher_free(c_ctx->key, ctx->key_sz);
454 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
455 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
456 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
457 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
458 }
459
460 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
461 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
462 int reserve = base_reserve;
463
464 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
465
466 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
467 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
468
469 /* calculate the amount of reserve needed in even increments of the cipher block size */
470 if(ctx->block_sz > 0) {
471 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
472 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
473 }
474
475 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d",
476 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
477
478 ctx->reserve_sz = reserve;
479
480 return SQLITE_OK;
481 }
482
483 /**
484 * Compare one cipher_ctx to another.
485 *
486 * returns 0 if all the parameters (except the derived key data) are the same
487 * returns 1 otherwise
488 */
489 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
490 int are_equal = (
491 c1->pass_sz == c2->pass_sz
492 && (
493 c1->pass == c2->pass
494 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
495 (const unsigned char*)c2->pass,
496 c1->pass_sz)
497 ));
498
499 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_cmp: c1=%p c2=%p sqlcipher_memcmp(c1->pass, c2_pass)=%d are_equal=%d",
500 c1, c2,
501 (c1->pass == NULL || c2->pass == NULL) ?
502 -1 :
503 sqlcipher_memcmp(
504 (const unsigned char*)c1->pass,
505 (const unsigned char*)c2->pass,
506 c1->pass_sz
507 ),
508 are_equal
509 );
510
511 return !are_equal; /* return 0 if they are the same, 1 otherwise */
512 }
513
514 /**
515 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
516 * fully initialized context, you could copy it to write_ctx and all yet data
517 * and pass information across
518 *
519 * returns SQLITE_OK if initialization was successful
520 * returns SQLITE_NOMEM if an error occured allocating memory
521 */
522 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
523 void *key = target->key;
524 void *hmac_key = target->hmac_key;
525
526 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_copy: target=%p, source=%p", target, source);
527 sqlcipher_free(target->pass, target->pass_sz);
528 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
529 memcpy(target, source, sizeof(cipher_ctx));
530
531 target->key = key; /* restore pointer to previously allocated key data */
532 memcpy(target->key, source->key, ctx->key_sz);
533
534 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
535 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
536
537 if(source->pass && source->pass_sz) {
538 target->pass = sqlcipher_malloc(source->pass_sz);
539 if(target->pass == NULL) return SQLITE_NOMEM;
540 memcpy(target->pass, source->pass, source->pass_sz);
541 }
542 if(source->keyspec) {
543 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
544 if(target->keyspec == NULL) return SQLITE_NOMEM;
545 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
546 }
547 return SQLITE_OK;
548 }
549
550 /**
551 * Set the keyspec for the cipher_ctx
552 *
553 * returns SQLITE_OK if assignment was successfull
554 * returns SQLITE_NOMEM if an error occured allocating memory
555 */
556 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
557 /* free, zero existing pointers and size */
558 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
559 c_ctx->keyspec = NULL;
560
561 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
562 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
563
564 c_ctx->keyspec[0] = 'x';
565 c_ctx->keyspec[1] = '\'';
566 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
567 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
568 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
569 return SQLITE_OK;
570 }
571
572 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
573 return ctx->store_pass;
574 }
575
576 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
577 ctx->store_pass = value;
578 }
579
580 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
581 *zKey = ctx->read_ctx->pass;
582 *nKey = ctx->read_ctx->pass_sz;
583 }
584
585 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
586 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = derive;
587 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = derive;
588 }
589
590 /**
591 * Set the passphrase for the cipher_ctx
592 *
593 * returns SQLITE_OK if assignment was successfull
594 * returns SQLITE_NOMEM if an error occured allocating memory
595 */
596 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
597 /* free, zero existing pointers and size */
598 sqlcipher_free(ctx->pass, ctx->pass_sz);
599 ctx->pass = NULL;
600 ctx->pass_sz = 0;
601
602 if(zKey && nKey) { /* if new password is provided, copy it */
603 ctx->pass_sz = nKey;
604 ctx->pass = sqlcipher_malloc(nKey);
605 if(ctx->pass == NULL) return SQLITE_NOMEM;
606 memcpy(ctx->pass, zKey, nKey);
607 }
608 return SQLITE_OK;
609 }
610
611 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
612 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
613 int rc;
614
615 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) {
616 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_pass: error %d from sqlcipher_cipher_ctx_set_pass", rc);
617 return rc;
618 }
619
620 c_ctx->derive_key = 1;
621
622 if(for_ctx == 2) {
623 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK) {
624 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_pass: error %d from sqlcipher_cipher_ctx_copy", rc);
625 return rc;
626 }
627 }
628
629 return SQLITE_OK;
630 }
631
632 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
633 return ctx->provider->get_cipher(ctx->provider_ctx);
634 }
635
636 /* set the global default KDF iteration */
637 void sqlcipher_set_default_kdf_iter(int iter) {
638 default_kdf_iter = iter;
639 }
640
641 int sqlcipher_get_default_kdf_iter() {
642 return default_kdf_iter;
643 }
644
645 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
646 ctx->kdf_iter = kdf_iter;
647 sqlcipher_set_derive_key(ctx, 1);
648 return SQLITE_OK;
649 }
650
651 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
652 return ctx->kdf_iter;
653 }
654
655 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
656 ctx->fast_kdf_iter = fast_kdf_iter;
657 sqlcipher_set_derive_key(ctx, 1);
658 return SQLITE_OK;
659 }
660
661 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
662 return ctx->fast_kdf_iter;
663 }
664
665 /* set the global default flag for HMAC */
666 void sqlcipher_set_default_use_hmac(int use) {
667 if(use) SQLCIPHER_FLAG_SET(default_flags, CIPHER_FLAG_HMAC);
668 else SQLCIPHER_FLAG_UNSET(default_flags,CIPHER_FLAG_HMAC);
669 }
670
671 int sqlcipher_get_default_use_hmac() {
672 return SQLCIPHER_FLAG_GET(default_flags, CIPHER_FLAG_HMAC);
673 }
674
675 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
676 hmac_salt_mask = mask;
677 }
678
679 unsigned char sqlcipher_get_hmac_salt_mask() {
680 return hmac_salt_mask;
681 }
682
683 /* set the codec flag for whether this individual database should be using hmac */
684 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
685 if(use) {
686 SQLCIPHER_FLAG_SET(ctx->flags, CIPHER_FLAG_HMAC);
687 } else {
688 SQLCIPHER_FLAG_UNSET(ctx->flags, CIPHER_FLAG_HMAC);
689 }
690
691 return sqlcipher_codec_ctx_reserve_setup(ctx);
692 }
693
694 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
695 return SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HMAC);
696 }
697
698 /* the length of plaintext header size must be:
699 * 1. greater than or equal to zero
700 * 2. a multiple of the cipher block size
701 * 3. less than the usable size of the first database page
702 */
703 int sqlcipher_set_default_plaintext_header_size(int size) {
704 default_plaintext_header_sz = size;
705 return SQLITE_OK;
706 }
707
708 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
709 if(size >= 0 && ctx->block_sz > 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
710 ctx->plaintext_header_sz = size;
711 return SQLITE_OK;
712 }
713 ctx->plaintext_header_sz = -1;
714 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_plaintext_header_size: attempt to set invalid plantext_header_size %d", size);
715 return SQLITE_ERROR;
716 }
717
718 int sqlcipher_get_default_plaintext_header_size() {
719 return default_plaintext_header_sz;
720 }
721
722 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
723 return ctx->plaintext_header_sz;
724 }
725
726 /* manipulate HMAC algorithm */
727 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
728 default_hmac_algorithm = algorithm;
729 return SQLITE_OK;
730 }
731
732 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
733 ctx->hmac_algorithm = algorithm;
734 return sqlcipher_codec_ctx_reserve_setup(ctx);
735 }
736
737 int sqlcipher_get_default_hmac_algorithm() {
738 return default_hmac_algorithm;
739 }
740
741 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
742 return ctx->hmac_algorithm;
743 }
744
745 /* manipulate KDF algorithm */
746 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
747 default_kdf_algorithm = algorithm;
748 return SQLITE_OK;
749 }
750
751 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
752 ctx->kdf_algorithm = algorithm;
753 return SQLITE_OK;
754 }
755
756 int sqlcipher_get_default_kdf_algorithm() {
757 return default_kdf_algorithm;
758 }
759
760 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
761 return ctx->kdf_algorithm;
762 }
763
764 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
765 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_error: ctx=%p, error=%d", ctx, error);
766 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
767 ctx->pBt->pBt->db->errCode = error;
768 }
769
770 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
771 return ctx->reserve_sz;
772 }
773
774 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
775 return ctx->buffer;
776 }
777
778 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
779 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
780
781 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT)) {
782 return SQLITE_OK; /* don't reload salt when not needed */
783 }
784
785 /* read salt from header, if present, otherwise generate a new random salt */
786 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init_kdf_salt: obtaining salt");
787 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
788 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random");
789 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) {
790 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init_kdf_salt: error retrieving random bytes from provider");
791 return SQLITE_ERROR;
792 }
793 }
794 SQLCIPHER_FLAG_SET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT);
795 return SQLITE_OK;
796 }
797
798 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
799 if(size >= ctx->kdf_salt_sz) {
800 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
801 SQLCIPHER_FLAG_SET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT);
802 return SQLITE_OK;
803 }
804 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_kdf_salt: attempt to set salt of incorrect size %d", size);
805 return SQLITE_ERROR;
806 }
807
808 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
809 int rc = SQLITE_OK;
810 if(!SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT)) {
811 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) {
812 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_get_kdf_salt: error %d from sqlcipher_codec_ctx_init_kdf_salt", rc);
813 }
814 }
815 *salt = ctx->kdf_salt;
816
817 return rc;
818 }
819
820 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
821 *zKey = ctx->read_ctx->keyspec;
822 *nKey = ctx->keyspec_sz;
823 }
824
825 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
826 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
827 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_page_size not a power of 2 and between 512 and 65536 inclusive");
828 return SQLITE_ERROR;
829 }
830 /* attempt to free the existing page buffer */
831 sqlcipher_free(ctx->buffer,ctx->page_sz);
832 ctx->page_sz = size;
833
834 /* pre-allocate a page buffer of PageSize bytes. This will
835 be used as a persistent buffer for encryption and decryption
836 operations to avoid overhead of multiple memory allocations*/
837 ctx->buffer = sqlcipher_malloc(size);
838 if(ctx->buffer == NULL) return SQLITE_NOMEM;
839
840 return SQLITE_OK;
841 }
842
843 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
844 return ctx->page_sz;
845 }
846
847 void sqlcipher_set_default_pagesize(int page_size) {
848 default_page_size = page_size;
849 }
850
851 int sqlcipher_get_default_pagesize() {
852 return default_page_size;
853 }
854
855 void sqlcipher_set_mem_security(int on) {
856 /* memory security can only be enabled, not disabled */
857 if(on) {
858 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_set_mem_security: on");
859 sqlcipher_mem_security_on = on;
860 }
861 }
862
863 int sqlcipher_get_mem_security() {
864 /* only report that memory security is enabled if pragma cipher_memory_security is ON and
865 SQLCipher's allocator/deallocator was run at least one timecurrently used */
866 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_get_mem_security: sqlcipher_mem_security_on = %d, sqlcipher_mem_executed = %d", sqlcipher_mem_security_on, sqlcipher_mem_executed);
867 return sqlcipher_mem_security_on && sqlcipher_mem_executed;
868 }
869
870
871 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
872 int rc;
873 codec_ctx *ctx;
874
875 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating context");
876
877 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
878 ctx = *iCtx;
879
880 if(ctx == NULL) return SQLITE_NOMEM;
881
882 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
883
884 /* allocate space for salt data. Then read the first 16 bytes
885 directly off the database file. This is the salt for the
886 key derivation function. If we get a short read allocate
887 a new random salt value */
888 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating kdf_salt");
889 ctx->kdf_salt_sz = FILE_HEADER_SZ;
890 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
891 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
892
893 /* allocate space for separate hmac salt data. We want the
894 HMAC derivation salt to be different than the encryption
895 key derivation salt */
896 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating hmac_kdf_salt");
897 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
898 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
899
900 /* setup default flags */
901 ctx->flags = default_flags;
902
903 /* setup the crypto provider */
904 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating provider");
905 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
906 if(ctx->provider == NULL) return SQLITE_NOMEM;
907
908 /* make a copy of the provider to be used for the duration of the context */
909 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER");
910 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
911 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER");
912
913 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
914
915 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER");
916 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
917 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER");
918
919 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) {
920 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d returned from ctx_init", rc);
921 return rc;
922 }
923
924 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
925 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
926 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
927
928 /* establic the size for a hex-formated key specification, containing the
929 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
930 so oversize by 3 bytes */
931 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
932
933 /*
934 Always overwrite page size and set to the default because the first page of the database
935 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
936 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
937 */
938 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) {
939 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d returned from sqlcipher_codec_ctx_set_pagesize with %d", rc, default_page_size);
940 return rc;
941 }
942
943 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
944 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) {
945 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting default_kdf_iter %d", rc, default_kdf_iter);
946 return rc;
947 }
948
949 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) {
950 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting fast_kdf_iter to %d", rc, FAST_PBKDF2_ITER);
951 return rc;
952 }
953
954 /* set the default HMAC and KDF algorithms which will determine the reserve size */
955 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) {
956 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_hmac_algorithm with %d", rc, default_hmac_algorithm);
957 return rc;
958 }
959
960 /* Note that use_hmac is a special case that requires recalculation of page size
961 so we call set_use_hmac to perform setup */
962 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, SQLCIPHER_FLAG_GET(default_flags, CIPHER_FLAG_HMAC))) != SQLITE_OK) {
963 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting use_hmac %d", rc, SQLCIPHER_FLAG_GET(default_flags, CIPHER_FLAG_HMAC));
964 return rc;
965 }
966
967 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) {
968 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_kdf_algorithm with %d", rc, default_kdf_algorithm);
969 return rc;
970 }
971
972 /* setup the default plaintext header size */
973 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) {
974 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_plaintext_header_size with %d", rc, default_plaintext_header_sz);
975 return rc;
976 }
977
978 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
979 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) {
980 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d initializing read_ctx", rc);
981 return rc;
982 }
983
984 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) {
985 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d initializing write_ctx", rc);
986 return rc;
987 }
988
989 /* set the key material on one of the sub cipher contexts and sync them up */
990 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) {
991 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d setting pass key", rc);
992 return rc;
993 }
994
995 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) {
996 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init: error %d copying write_ctx to read_ctx", rc);
997 return rc;
998 }
999
1000 return SQLITE_OK;
1001 }
1002
1003 /**
1004 * Free and wipe memory associated with a cipher_ctx, including the allocated
1005 * read_ctx and write_ctx.
1006 */
1007 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
1008 codec_ctx *ctx = *iCtx;
1009 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_ctx_free: iCtx=%p", iCtx);
1010 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
1011 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
1012 sqlcipher_free(ctx->buffer, ctx->page_sz);
1013
1014 ctx->provider->ctx_free(&ctx->provider_ctx);
1015 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
1016
1017 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
1018 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
1019 sqlcipher_free(ctx, sizeof(codec_ctx));
1020 }
1021
1022 /** convert a 32bit unsigned integer to little endian byte ordering */
1023 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
1024 p[0] = (u8)v;
1025 p[1] = (u8)(v>>8);
1026 p[2] = (u8)(v>>16);
1027 p[3] = (u8)(v>>24);
1028 }
1029
1030 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
1031 unsigned char pgno_raw[sizeof(pgno)];
1032 /* we may convert page number to consistent representation before calculating MAC for
1033 compatibility across big-endian and little-endian platforms.
1034
1035 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
1036 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
1037 backwards compatibility on the most popular platforms, but can optionally be configured
1038 to use either big endian or native byte ordering via pragma. */
1039
1040 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_LE_PGNO)) { /* compute hmac using little endian pgno*/
1041 sqlcipher_put4byte_le(pgno_raw, pgno);
1042 } else if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_BE_PGNO)) { /* compute hmac using big endian pgno */
1043 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1044 } else { /* use native byte ordering */
1045 memcpy(pgno_raw, &pgno, sizeof(pgno));
1046 }
1047
1048 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1049 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1050 valid pages out of order in a database */
1051 return ctx->provider->hmac(
1052 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1053 ctx->key_sz, in,
1054 in_sz, (unsigned char*) &pgno_raw,
1055 sizeof(pgno), out);
1056 }
1057
1058 /*
1059 * ctx - codec context
1060 * pgno - page number in database
1061 * size - size in bytes of input and output buffers
1062 * mode - 1 to encrypt, 0 to decrypt
1063 * in - pointer to input bytes
1064 * out - pouter to output bytes
1065 */
1066 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1067 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1068 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1069 int size;
1070
1071 /* calculate some required positions into various buffers */
1072 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1073 iv_out = out + size;
1074 iv_in = in + size;
1075
1076 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1077 random bytes. note, these pointers are only valid when using hmac */
1078 hmac_in = in + size + ctx->iv_sz;
1079 hmac_out = out + size + ctx->iv_sz;
1080 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1081
1082 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: pgno=%d, mode=%d, size=%d", pgno, mode, size);
1083 CODEC_HEXDUMP("sqlcipher_page_cipher: input page data", in, page_sz);
1084
1085 /* the key size should never be zero. If it is, error out. */
1086 if(ctx->key_sz == 0) {
1087 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: error possible context corruption, key_sz is zero for pgno=%d", pgno);
1088 goto error;
1089 }
1090
1091 if(mode == CIPHER_ENCRYPT) {
1092 /* start at front of the reserve block, write random data to the end */
1093 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1094 } else { /* CIPHER_DECRYPT */
1095 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1096 }
1097
1098 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT)) {
1099 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1100 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac operation on decrypt failed for pgno=%d", pgno);
1101 goto error;
1102 }
1103
1104 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: comparing hmac on in=%p out=%p hmac_sz=%d", hmac_in, hmac_out, ctx->hmac_sz);
1105 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1106 if(sqlite3BtreeGetAutoVacuum(ctx->pBt) != BTREE_AUTOVACUUM_NONE && sqlcipher_ismemset(in, 0, page_sz) == 0) {
1107 /* first check if the entire contents of the page is zeros. If so, this page
1108 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1109 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1110 and return SQLITE_OK to skip the decryption step. */
1111 sqlcipher_log(SQLCIPHER_LOG_WARN, "sqlcipher_page_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK", pgno);
1112 sqlcipher_memset(out, 0, page_sz);
1113 return SQLITE_OK;
1114 } else {
1115 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1116 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1117 and return SQLITE_ERROR to the caller */
1118 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR", pgno);
1119 goto error;
1120 }
1121 }
1122 }
1123
1124 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1125 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR", mode, pgno);
1126 goto error;
1127 };
1128
1129 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1130 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1131 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac operation on encrypt failed for pgno=%d", pgno);
1132 goto error;
1133 };
1134 }
1135
1136 CODEC_HEXDUMP("sqlcipher_page_cipher: output page data", out_start, page_sz);
1137
1138 return SQLITE_OK;
1139 error:
1140 sqlcipher_memset(out, 0, page_sz);
1141 return SQLITE_ERROR;
1142 }
1143
1144 /**
1145 * Derive an encryption key for a cipher contex key based on the raw password.
1146 *
1147 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1148 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1149
1150 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1151 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1152 * as the key followed by the salt.
1153 *
1154 * Otherwise, a key data will be derived using PBKDF2
1155 *
1156 * returns SQLITE_OK if initialization was successful
1157 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1158 */
1159 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1160 int rc;
1161 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_key_derive: ctx->kdf_salt_sz=%d ctx->kdf_iter=%d ctx->fast_kdf_iter=%d ctx->key_sz=%d",
1162 ctx->kdf_salt_sz, ctx->kdf_iter, ctx->fast_kdf_iter, ctx->key_sz);
1163
1164 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1165
1166 /* if necessary, initialize the salt from the header or random source */
1167 if(!SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT)) {
1168 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) {
1169 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_cipher_ctx_key_derive: error %d from sqlcipher_codec_ctx_init_kdf_salt", rc);
1170 return rc;
1171 }
1172 }
1173
1174 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1175 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1176 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1177 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: using raw key from hex");
1178 cipher_hex2bin(z, n, c_ctx->key);
1179 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1180 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1181 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: using raw key from hex");
1182 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1183 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1184 } else {
1185 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations", ctx->kdf_iter);
1186 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1187 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1188 ctx->key_sz, c_ctx->key) != SQLITE_OK) {
1189 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: error occurred from provider kdf generating encryption key");
1190 return SQLITE_ERROR;
1191 }
1192 }
1193
1194 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1195 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) {
1196 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_cipher_ctx_key_derive: error %d from sqlcipher_cipher_ctx_set_keyspec", rc);
1197 return rc;
1198 }
1199
1200 /* if this context is setup to use hmac checks, generate a seperate and different
1201 key for HMAC. In this case, we use the output of the previous KDF as the input to
1202 this KDF run. This ensures a distinct but predictable HMAC key. */
1203 if(ctx->flags & CIPHER_FLAG_HMAC) {
1204 int i;
1205
1206 /* start by copying the kdf key into the hmac salt slot
1207 then XOR it with the fixed hmac salt defined at compile time
1208 this ensures that the salt passed in to derive the hmac key, while
1209 easy to derive and publically known, is not the same as the salt used
1210 to generate the encryption key */
1211 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1212 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1213 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1214 }
1215
1216 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations",
1217 ctx->fast_kdf_iter);
1218
1219
1220 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1221 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1222 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) {
1223 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: error occurred from provider kdf generating HMAC key");
1224 return SQLITE_ERROR;
1225 }
1226 }
1227
1228 c_ctx->derive_key = 0;
1229 return SQLITE_OK;
1230 }
1231 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: key material is not present on the context for key derivation");
1232 return SQLITE_ERROR;
1233 }
1234
1235 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1236 /* derive key on first use if necessary */
1237 if(ctx->read_ctx->derive_key) {
1238 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) {
1239 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred deriving read_ctx key");
1240 return SQLITE_ERROR;
1241 }
1242 }
1243
1244 if(ctx->write_ctx->derive_key) {
1245 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1246 /* the relevant parameters are the same, just copy read key */
1247 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) {
1248 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred copying read_ctx to write_ctx");
1249 return SQLITE_ERROR;
1250 }
1251 } else {
1252 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) {
1253 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred deriving write_ctx key");
1254 return SQLITE_ERROR;
1255 }
1256 }
1257 }
1258
1259 /* TODO: wipe and free passphrase after key derivation */
1260 if(ctx->store_pass != 1) {
1261 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1262 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1263 }
1264
1265 return SQLITE_OK;
1266 }
1267
1268 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1269 if(source == CIPHER_READ_CTX) {
1270 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1271 } else {
1272 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1273 }
1274 }
1275
1276 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1277 return ctx->provider->get_provider_name(ctx->provider_ctx);
1278 }
1279
1280
1281 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1282 int rc;
1283 sqlite3 *db = NULL;
1284 sqlite3_stmt *statement = NULL;
1285 char *query_journal_mode = "PRAGMA journal_mode;";
1286 char *query_user_version = "PRAGMA user_version;";
1287
1288 rc = sqlite3_open(filename, &db);
1289 if(rc != SQLITE_OK) goto cleanup;
1290
1291 rc = sqlite3_key(db, key, key_sz);
1292 if(rc != SQLITE_OK) goto cleanup;
1293
1294 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1295 if(rc != SQLITE_OK) goto cleanup;
1296
1297 /* start by querying the user version.
1298 this will fail if the key is incorrect */
1299 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1300 if(rc != SQLITE_OK) goto cleanup;
1301
1302 rc = sqlite3_step(statement);
1303 if(rc == SQLITE_ROW) {
1304 *user_version = sqlite3_column_int(statement, 0);
1305 } else {
1306 goto cleanup;
1307 }
1308 sqlite3_finalize(statement);
1309
1310 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1311 if(rc != SQLITE_OK) goto cleanup;
1312
1313 rc = sqlite3_step(statement);
1314 if(rc == SQLITE_ROW) {
1315 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1316 } else {
1317 goto cleanup;
1318 }
1319 rc = SQLITE_OK;
1320 /* cleanup will finalize open statement */
1321
1322 cleanup:
1323 if(statement) sqlite3_finalize(statement);
1324 if(db) sqlite3_close(db);
1325 return rc;
1326 }
1327
1328 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1329 Pgno page = 1;
1330 int rc = 0;
1331 char *result;
1332 unsigned char *hmac_out = NULL;
1333 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1334 i64 file_sz;
1335
1336 Vdbe *v = sqlite3GetVdbe(pParse);
1337 sqlite3VdbeSetNumCols(v, 1);
1338 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1339
1340 if(fd == NULL || fd->pMethods == 0) {
1341 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1342 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1343 goto cleanup;
1344 }
1345
1346 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1347 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1348 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1349 goto cleanup;
1350 }
1351
1352 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1353 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1354 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1355 goto cleanup;
1356 }
1357
1358 sqlite3OsFileSize(fd, &file_sz);
1359 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1360
1361 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1362 i64 offset = (page - 1) * ctx->page_sz;
1363 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1364 int read_sz = ctx->page_sz;
1365
1366 /* skip integrity check on PAGER_SJ_PGNO since it will have no valid content */
1367 if(sqlite3pager_is_sj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1368
1369 if(page==1) {
1370 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1371 read_sz = read_sz - page1_offset;
1372 payload_sz = payload_sz - page1_offset;
1373 offset += page1_offset;
1374 }
1375
1376 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1377 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1378 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1379 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d", read_sz, page, offset);
1380 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1381 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1382 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1383 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1384 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1385 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1386 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1387 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1388 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1389 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1390 }
1391 }
1392
1393 if(file_sz % ctx->page_sz != 0) {
1394 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1395 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1396 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1397 }
1398
1399 cleanup:
1400 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1401 return SQLITE_OK;
1402 }
1403
1404 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1405 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1406 Db *pDb = 0;
1407 sqlite3 *db = ctx->pBt->db;
1408 const char *db_filename = sqlite3_db_filename(db, "main");
1409 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1410 Btree *pDest = NULL, *pSrc = NULL;
1411 sqlite3_file *srcfile, *destfile;
1412 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1413 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1414 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1415 #endif
1416 pass_sz = keyspec_sz = rc = user_version = 0;
1417
1418 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1419 goto cleanup; /* exit immediately if this is an in memory database */
1420
1421 /* pull the provided password / key material off the current codec context */
1422 pass_sz = ctx->read_ctx->pass_sz;
1423 pass = sqlcipher_malloc(pass_sz+1);
1424 memset(pass, 0, pass_sz+1);
1425 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1426
1427 /* Version 4 - current, no upgrade required, so exit immediately */
1428 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1429 if(rc == SQLITE_OK){
1430 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "No upgrade required - exiting");
1431 goto cleanup;
1432 }
1433
1434 for(i = 3; i > 0; i--) {
1435 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1436 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1437 if(rc == SQLITE_OK) {
1438 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "Version %d format found", i);
1439 goto migrate;
1440 }
1441 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1442 pragma_compat = NULL;
1443 }
1444
1445 /* if we exit the loop normally we failed to determine the version, this is an error */
1446 sqlcipher_log(SQLCIPHER_LOG_ERROR, "Upgrade format not determined");
1447 goto handle_error;
1448
1449 migrate:
1450
1451 temp = sqlite3_mprintf("%s-migrated", db_filename);
1452 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1453 * to determine whether the filename was URI formatted */
1454 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1455 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1456 sqlcipher_free(temp, sqlite3Strlen30(temp));
1457
1458 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1459 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1460
1461 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1462 if(rc != SQLITE_OK){
1463 sqlcipher_log(SQLCIPHER_LOG_ERROR, "set compatibility mode failed, error code %d", rc);
1464 goto handle_error;
1465 }
1466
1467 /* force journal mode to DELETE, we will set it back later if different */
1468 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1469 if(rc != SQLITE_OK){
1470 sqlcipher_log(SQLCIPHER_LOG_ERROR, "force journal mode DELETE failed, error code %d", rc);
1471 goto handle_error;
1472 }
1473
1474 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1475 if(rc != SQLITE_OK){
1476 sqlcipher_log(SQLCIPHER_LOG_ERROR, "attach failed, error code %d", rc);
1477 goto handle_error;
1478 }
1479
1480 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1481 if(rc != SQLITE_OK){
1482 sqlcipher_log(SQLCIPHER_LOG_ERROR, "keying attached database failed, error code %d", rc);
1483 goto handle_error;
1484 }
1485
1486 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1487 if(rc != SQLITE_OK){
1488 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_export failed, error code %d", rc);
1489 goto handle_error;
1490 }
1491
1492 #ifdef SQLCIPHER_TEST
1493 if((sqlcipher_get_test_flags() & TEST_FAIL_MIGRATE) > 0) {
1494 rc = SQLITE_ERROR;
1495 sqlcipher_log(SQLCIPHER_LOG_ERROR, "simulated migrate failure, error code %d", rc);
1496 goto handle_error;
1497 }
1498 #endif
1499
1500 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1501 if(rc != SQLITE_OK){
1502 sqlcipher_log(SQLCIPHER_LOG_ERROR, "set user version failed, error code %d", rc);
1503 goto handle_error;
1504 }
1505
1506 if( !db->autoCommit ){
1507 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cannot migrate from within a transaction");
1508 goto handle_error;
1509 }
1510 if( db->nVdbeActive>1 ){
1511 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cannot migrate - SQL statements in progress");
1512 goto handle_error;
1513 }
1514
1515 pDest = db->aDb[0].pBt;
1516 pDb = &(db->aDb[db->nDb-1]);
1517 pSrc = pDb->pBt;
1518
1519 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1520 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1521 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1522 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1523 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "set btree page size to %d res %d rc %d", default_page_size, nRes, rc);
1524 if( rc!=SQLITE_OK ) goto handle_error;
1525
1526 sqlcipherCodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1527 SQLCIPHER_FLAG_UNSET(ctx->flags, CIPHER_FLAG_KEY_USED);
1528 sqlcipherCodecAttach(db, 0, keyspec, keyspec_sz);
1529
1530 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1531 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1532
1533 sqlite3OsClose(srcfile);
1534 sqlite3OsClose(destfile);
1535
1536 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1537 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "performing windows MoveFileExA");
1538
1539 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1540 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1541 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1542
1543 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1544 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1545 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1546
1547 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1548 rc = SQLITE_ERROR;
1549 sqlcipher_log(SQLCIPHER_LOG_ERROR, "error occurred while renaming %d", rc);
1550 goto handle_error;
1551 }
1552 #else
1553 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "performing POSIX rename");
1554 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1555 sqlcipher_log(SQLCIPHER_LOG_ERROR, "error occurred while renaming %d", rc);
1556 goto handle_error;
1557 }
1558 #endif
1559 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "renamed migration database %s to main database %s: %d", migrated_db_filename, db_filename, rc);
1560
1561 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1562 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reopened migration database: %d", rc);
1563 if( rc!=SQLITE_OK ) goto handle_error;
1564
1565 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1566 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reopened main database: %d", rc);
1567 if( rc!=SQLITE_OK ) goto handle_error;
1568
1569 sqlite3pager_reset(pDest->pBt->pPager);
1570 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reset pager");
1571
1572 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1573 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "DETACH DATABASE called %d", rc);
1574 if(rc != SQLITE_OK) goto cleanup;
1575
1576 sqlite3ResetAllSchemasOfConnection(db);
1577 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reset all schemas");
1578
1579 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1580 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1581 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "%s: %d", set_journal_mode, rc);
1582 if( rc!=SQLITE_OK ) goto handle_error;
1583
1584 goto cleanup;
1585
1586 handle_error:
1587 sqlcipher_log(SQLCIPHER_LOG_ERROR, "An error occurred attempting to migrate the database - last error %d", rc);
1588
1589 cleanup:
1590 if(migrated_db_filename) {
1591 int del_rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1592 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "deleted migration database: %d", del_rc);
1593 }
1594
1595 if(pass) sqlcipher_free(pass, pass_sz);
1596 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1597 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1598 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1599 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1600 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1601 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1602 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1603 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1604 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1605 #endif
1606 return rc;
1607 }
1608
1609 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1610 const char *suffix = &zRight[random_sz-1];
1611 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1612 if (n > 0 &&
1613 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1614 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1615 n % 2 == 0) {
1616 int rc = 0;
1617 int buffer_sz = n / 2;
1618 unsigned char *random;
1619 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1620 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_add_random: using raw random blob from hex");
1621 random = sqlcipher_malloc(buffer_sz);
1622 memset(random, 0, buffer_sz);
1623 cipher_hex2bin(z, n, random);
1624 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1625 sqlcipher_free(random, buffer_sz);
1626 return rc;
1627 }
1628 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_add_random: attemt to add random with invalid format");
1629 return SQLITE_ERROR;
1630 }
1631
1632 #if !defined(SQLITE_OMIT_TRACE)
1633 static int sqlcipher_profile_callback(unsigned int trace, void *file, void *stmt, void *run_time){
1634 FILE *f = (FILE*) file;
1635 char *fmt = "Elapsed time:%.3f ms - %s\n";
1636 double elapsed = (*((sqlite3_uint64*)run_time))/1000000.0;
1637 #ifdef __ANDROID__
1638 if(f == NULL) {
1639 __android_log_print(ANDROID_LOG_DEBUG, "sqlcipher", fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1640 }
1641 #endif
1642 if(f) fprintf(f, fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1643 return SQLITE_OK;
1644 }
1645 #endif
1646
1647 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1648 #if defined(SQLITE_OMIT_TRACE)
1649 return SQLITE_ERROR;
1650 #else
1651 FILE *f = NULL;
1652 if(sqlite3_stricmp(destination, "off") == 0){
1653 sqlite3_trace_v2(db, 0, NULL, NULL); /* disable tracing */
1654 } else {
1655 if(sqlite3_stricmp(destination, "stdout") == 0){
1656 f = stdout;
1657 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1658 f = stderr;
1659 }else if(sqlite3_stricmp(destination, "logcat") == 0){
1660 f = NULL; /* file pointer will be NULL indicating logcat on android */
1661 }else{
1662 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1663 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1664 #else
1665 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1666 #endif
1667 }
1668 sqlite3_trace_v2(db, SQLITE_TRACE_PROFILE, sqlcipher_profile_callback, f);
1669 }
1670 return SQLITE_OK;
1671 #endif
1672 }
1673
1674 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1675 return ctx->provider->fips_status(ctx->provider_ctx);
1676 }
1677
1678 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1679 return ctx->provider->get_provider_version(ctx->provider_ctx);
1680 }
1681
1682 #ifndef SQLCIPHER_OMIT_LOG
1683 /* constants from https://github.com/Alexpux/mingw-w64/blob/master/mingw-w64-crt/misc/gettimeofday.c */
1684 #define FILETIME_1970 116444736000000000ull /* seconds between 1/1/1601 and 1/1/1970 */
1685 #define HECTONANOSEC_PER_SEC 10000000ull
1686 void sqlcipher_log(unsigned int level, const char *message, ...) {
1687 va_list params;
1688 va_start(params, message);
1689
1690 #ifdef CODEC_DEBUG
1691 #ifdef __ANDROID__
1692 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1693 #else
1694 vfprintf(stderr, message, params);
1695 fprintf(stderr, "\n");
1696 #endif
1697 #endif
1698
1699 if(level > sqlcipher_log_level || (sqlcipher_log_logcat == 0 && sqlcipher_log_file == NULL)) {
1700 /* no log target or tag not in included filters */
1701 goto end;
1702 }
1703 if(sqlcipher_log_file != NULL){
1704 char buffer[24];
1705 struct tm tt;
1706 int ms;
1707 time_t sec;
1708 #ifdef _WIN32
1709 SYSTEMTIME st;
1710 FILETIME ft;
1711 GetSystemTime(&st);
1712 SystemTimeToFileTime(&st, &ft);
1713 sec = (time_t) ((*((sqlite_int64*)&ft) - FILETIME_1970) / HECTONANOSEC_PER_SEC);
1714 ms = st.wMilliseconds;
1715 localtime_s(&tt, &sec);
1716 #else
1717 struct timeval tv;
1718 gettimeofday(&tv, NULL);
1719 sec = tv.tv_sec;
1720 ms = tv.tv_usec/1000.0;
1721 localtime_r(&sec, &tt);
1722 #endif
1723 if(strftime(buffer, sizeof(buffer), "%Y-%m-%d %H:%M:%S", &tt)) {
1724 fprintf((FILE*)sqlcipher_log_file, "%s.%03d: ", buffer, ms);
1725 vfprintf((FILE*)sqlcipher_log_file, message, params);
1726 fprintf((FILE*)sqlcipher_log_file, "\n");
1727 }
1728 }
1729 #ifdef __ANDROID__
1730 if(sqlcipher_log_logcat) {
1731 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1732 }
1733 #endif
1734 end:
1735 va_end(params);
1736 }
1737 #endif
1738
1739 void sqlcipher_set_log_level(unsigned int level) {
1740 sqlcipher_log_level = level;
1741 }
1742
1743 int sqlcipher_set_log(const char *destination){
1744 #ifdef SQLCIPHER_OMIT_LOG
1745 return SQLITE_ERROR;
1746 #else
1747 /* close open trace file if it is not stdout or stderr, then
1748 reset trace settings */
1749 if(sqlcipher_log_file != NULL && sqlcipher_log_file != stdout && sqlcipher_log_file != stderr) {
1750 fclose((FILE*)sqlcipher_log_file);
1751 }
1752 sqlcipher_log_file = NULL;
1753 sqlcipher_log_logcat = 0;
1754
1755 if(sqlite3_stricmp(destination, "logcat") == 0){
1756 sqlcipher_log_logcat = 1;
1757 } else if(sqlite3_stricmp(destination, "stdout") == 0){
1758 sqlcipher_log_file = stdout;
1759 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1760 sqlcipher_log_file = stderr;
1761 }else if(sqlite3_stricmp(destination, "off") != 0){
1762 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1763 if(fopen_s(&sqlcipher_log_file, destination, "a") != 0) return SQLITE_ERROR;
1764 #else
1765 if((sqlcipher_log_file = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1766 #endif
1767 }
1768 sqlcipher_log(SQLCIPHER_LOG_INFO, "sqlcipher_set_log: set log to %s", destination);
1769 return SQLITE_OK;
1770 #endif
1771 }
1772
1773 #endif
1774 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.