search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Renames log subsystem to source (e.g. PRAGMA cipher_log_source)
[sqlcipher.git] / src / crypto_impl.c
blob6bd190319419ab6d4dd597ebf3c187e04ed79e55
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36
37 #ifdef SQLCIPHER_TEST
38 static volatile unsigned int cipher_test_flags = 0;
39 unsigned int sqlcipher_get_test_flags() {
40 return cipher_test_flags;
41 }
42 void sqlcipher_set_test_flags(unsigned int flags) {
43 cipher_test_flags = flags;
44 }
45
46 static volatile int cipher_test_rand = 0;
47 int sqlcipher_get_test_rand() {
48 return cipher_test_rand;
49 }
50 void sqlcipher_set_test_rand(int rand) {
51 cipher_test_rand = rand;
52 }
53 int sqlcipher_get_test_fail() {
54 int x;
55
56 /* if cipher_test_rand is not set to a non-zero value always fail (return true) */
57 if (cipher_test_rand == 0) return 1;
58
59 sqlite3_randomness(sizeof(x), &x);
60 return ((x % cipher_test_rand) == 0);
61 }
62 #endif
63
64 /* Generate code to return a string value */
65
66 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
67 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
68 static volatile int default_kdf_iter = PBKDF2_ITER;
69 static volatile int default_page_size = 4096;
70 static volatile int default_plaintext_header_sz = 0;
71 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
72 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
73 static volatile int sqlcipher_mem_security_on = 0;
74 static volatile int sqlcipher_mem_executed = 0;
75 static volatile int sqlcipher_mem_initialized = 0;
76 static volatile unsigned int sqlcipher_activate_count = 0;
77 static volatile sqlite3_mem_methods default_mem_methods;
78 static sqlcipher_provider *default_provider = NULL;
79
80 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
81 static FILE* sqlcipher_log_file = NULL;
82 static volatile int sqlcipher_log_device = 0;
83 static volatile unsigned int sqlcipher_log_level = SQLCIPHER_LOG_NONE;
84 static volatile unsigned int sqlcipher_log_source = SQLCIPHER_LOG_ALL;
85 static volatile int sqlcipher_log_set = 0;
86
87 sqlite3_mutex* sqlcipher_mutex(int mutex) {
88 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
89 return sqlcipher_static_mutex[mutex];
90 }
91
92 static int sqlcipher_mem_init(void *pAppData) {
93 return default_mem_methods.xInit(pAppData);
94 }
95 static void sqlcipher_mem_shutdown(void *pAppData) {
96 default_mem_methods.xShutdown(pAppData);
97 }
98 static void *sqlcipher_mem_malloc(int n) {
99 void *ptr = default_mem_methods.xMalloc(n);
100 if(!sqlcipher_mem_executed) sqlcipher_mem_executed = 1;
101 if(sqlcipher_mem_security_on) {
102 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)", ptr, n);
103 sqlcipher_mlock(ptr, n);
104 }
105 return ptr;
106 }
107 static int sqlcipher_mem_size(void *p) {
108 return default_mem_methods.xSize(p);
109 }
110 static void sqlcipher_mem_free(void *p) {
111 int sz;
112 if(!sqlcipher_mem_executed) sqlcipher_mem_executed = 1;
113 if(sqlcipher_mem_security_on) {
114 sz = sqlcipher_mem_size(p);
115 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d)", p, sz, p, sz);
116 sqlcipher_memset(p, 0, sz);
117 sqlcipher_munlock(p, sz);
118 }
119 default_mem_methods.xFree(p);
120 }
121 static void *sqlcipher_mem_realloc(void *p, int n) {
122 void *new = NULL;
123 int orig_sz = 0;
124 if(sqlcipher_mem_security_on) {
125 orig_sz = sqlcipher_mem_size(p);
126 if (n==0) {
127 sqlcipher_mem_free(p);
128 return NULL;
129 } else if (!p) {
130 return sqlcipher_mem_malloc(n);
131 } else if(n <= orig_sz) {
132 return p;
133 } else {
134 new = sqlcipher_mem_malloc(n);
135 if(new) {
136 memcpy(new, p, orig_sz);
137 sqlcipher_mem_free(p);
138 }
139 return new;
140 }
141 } else {
142 return default_mem_methods.xRealloc(p, n);
143 }
144 }
145
146 static int sqlcipher_mem_roundup(int n) {
147 return default_mem_methods.xRoundup(n);
148 }
149
150 static sqlite3_mem_methods sqlcipher_mem_methods = {
151 sqlcipher_mem_malloc,
152 sqlcipher_mem_free,
153 sqlcipher_mem_realloc,
154 sqlcipher_mem_size,
155 sqlcipher_mem_roundup,
156 sqlcipher_mem_init,
157 sqlcipher_mem_shutdown,
158 0
159 };
160
161 void sqlcipher_init_memmethods() {
162 if(sqlcipher_mem_initialized) return;
163 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
164 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
165 sqlcipher_mem_security_on = sqlcipher_mem_executed = sqlcipher_mem_initialized = 0;
166 } else {
167 sqlcipher_mem_initialized = 1;
168 }
169 }
170
171 int sqlcipher_register_provider(sqlcipher_provider *p) {
172 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER");
173 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
174 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER");
175
176 if(default_provider != NULL && default_provider != p) {
177 /* only free the current registerd provider if it has been initialized
178 and it isn't a pointer to the same provider passed to the function
179 (i.e. protect against a caller calling register twice for the same provider) */
180 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
181 }
182 default_provider = p;
183 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER");
184 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
185 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER");
186
187 return SQLITE_OK;
188 }
189
190 /* return a pointer to the currently registered provider. This will
191 allow an application to fetch the current registered provider and
192 make minor changes to it */
193 sqlcipher_provider* sqlcipher_get_provider() {
194 return default_provider;
195 }
196
197 void sqlcipher_activate() {
198 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_activate: entering static master mutex");
199 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
200 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_activate: entered static master mutex");
201
202 /* allocate new mutexes */
203 if(sqlcipher_activate_count == 0) {
204 int i;
205 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
206 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
207 }
208 #ifndef SQLCIPHER_OMIT_DEFAULT_LOGGING
209 /* when sqlcipher is first activated, set a default log target and level of WARN if the
210 logging settings have not yet been initialized. Use the "device log" for
211 android (logcat) or apple (console). Use stderr on all other platforms. */
212 if(!sqlcipher_log_set) {
213
214 /* set log level if it is different than the uninitalized default value of NONE */
215 if(sqlcipher_log_level == SQLCIPHER_LOG_NONE) {
216 sqlcipher_log_level = SQLCIPHER_LOG_WARN;
217 }
218
219 /* set the default file or device if neither is already set */
220 if(sqlcipher_log_device == 0 && sqlcipher_log_file == NULL) {
221 #if defined(__ANDROID__) || defined(__APPLE_)
222 sqlcipher_log_device = 1;
223 #else
224 sqlcipher_log_file = stderr;
225 #endif
226 }
227 sqlcipher_log_set = 1;
228 }
229 #endif
230 }
231
232 /* check to see if there is a provider registered at this point
233 if there no provider registered at this point, register the
234 default provider */
235 if(sqlcipher_get_provider() == NULL) {
236 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
237 #if defined (SQLCIPHER_CRYPTO_CC)
238 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
239 sqlcipher_cc_setup(p);
240 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
241 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
242 sqlcipher_ltc_setup(p);
243 #elif defined (SQLCIPHER_CRYPTO_NSS)
244 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
245 sqlcipher_nss_setup(p);
246 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
247 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
248 sqlcipher_openssl_setup(p);
249 #else
250 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
251 #endif
252 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_activate: calling sqlcipher_register_provider(%p)", p);
253 #ifdef SQLCIPHER_EXT
254 sqlcipher_ext_provider_setup(p);
255 #endif
256 sqlcipher_register_provider(p);
257 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_activate: called sqlcipher_register_provider(%p)",p);
258 }
259
260 sqlcipher_activate_count++; /* increment activation count */
261
262 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_activate: leaving static master mutex");
263 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
264 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_activate: left static master mutex");
265 }
266
267 void sqlcipher_deactivate() {
268 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: entering static master mutex");
269 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
270 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: entered static master mutex");
271
272 sqlcipher_activate_count--;
273 /* if no connections are using sqlcipher, cleanup globals */
274 if(sqlcipher_activate_count < 1) {
275 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER");
276 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
277 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER");
278
279 if(default_provider != NULL) {
280 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
281 default_provider = NULL;
282 }
283
284 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER");
285 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
286 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER");
287
288 #ifdef SQLCIPHER_EXT
289 sqlcipher_ext_provider_destroy();
290 #endif
291
292 /* last connection closed, free mutexes */
293 if(sqlcipher_activate_count == 0) {
294 int i;
295 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
296 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
297 }
298 }
299 sqlcipher_activate_count = 0; /* reset activation count */
300 }
301
302 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: leaving static master mutex");
303 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
304 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_deactivate: left static master mutex");
305 }
306
307 /* constant time memset using volitile to avoid having the memset
308 optimized out by the compiler.
309 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
310 */
311 void* sqlcipher_memset(void *v, unsigned char value, sqlite_uint64 len) {
312 volatile sqlite_uint64 i = 0;
313 volatile unsigned char *a = v;
314
315 if (v == NULL) return v;
316
317 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_memset: setting %p[0-%llu]=%d)", a, len, value);
318 for(i = 0; i < len; i++) {
319 a[i] = value;
320 }
321
322 return v;
323 }
324
325 /* constant time memory check tests every position of a memory segement
326 matches a single value (i.e. the memory is all zeros)
327 returns 0 if match, 1 of no match */
328 int sqlcipher_ismemset(const void *v, unsigned char value, sqlite_uint64 len) {
329 const volatile unsigned char *a = v;
330 volatile sqlite_uint64 i = 0, result = 0;
331
332 for(i = 0; i < len; i++) {
333 result |= a[i] ^ value;
334 }
335
336 return (result != 0);
337 }
338
339 /* constant time memory comparison routine.
340 returns 0 if match, 1 if no match */
341 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
342 const volatile unsigned char *a0 = v0, *a1 = v1;
343 volatile int i = 0, result = 0;
344
345 for(i = 0; i < len; i++) {
346 result |= a0[i] ^ a1[i];
347 }
348
349 return (result != 0);
350 }
351
352 void sqlcipher_mlock(void *ptr, sqlite_uint64 sz) {
353 #ifndef OMIT_MEMLOCK
354 #if defined(__unix__) || defined(__APPLE__)
355 int rc;
356 unsigned long pagesize = sysconf(_SC_PAGESIZE);
357 unsigned long offset = (unsigned long) ptr % pagesize;
358
359 if(ptr == NULL || sz == 0) return;
360
361 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_mlock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu", ptr - offset, sz + offset, pagesize);
362 rc = mlock(ptr - offset, sz + offset);
363 if(rc!=0) {
364 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_MEMORY, "sqlcipher_mlock: mlock() returned %d errno=%d", rc, errno);
365 sqlcipher_log(SQLCIPHER_LOG_INFO, SQLCIPHER_LOG_MEMORY, "sqlcipher_mlock: mlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
366 }
367 #elif defined(_WIN32)
368 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
369 int rc;
370 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_mlock: calling VirtualLock(%p,%d)", ptr, sz);
371 rc = VirtualLock(ptr, sz);
372 if(rc==0) {
373 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_MEMORY, "sqlcipher_mlock: VirtualLock() returned %d LastError=%d", rc, GetLastError());
374 sqlcipher_log(SQLCIPHER_LOG_INFO, SQLCIPHER_LOG_MEMORY, "sqlcipher_mlock: VirtualLock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
375 }
376 #endif
377 #endif
378 #endif
379 }
380
381 void sqlcipher_munlock(void *ptr, sqlite_uint64 sz) {
382 #ifndef OMIT_MEMLOCK
383 #if defined(__unix__) || defined(__APPLE__)
384 int rc;
385 unsigned long pagesize = sysconf(_SC_PAGESIZE);
386 unsigned long offset = (unsigned long) ptr % pagesize;
387
388 if(ptr == NULL || sz == 0) return;
389
390 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_munlock: calling munlock(%p,%lu)", ptr - offset, sz + offset);
391 rc = munlock(ptr - offset, sz + offset);
392 if(rc!=0) {
393 sqlcipher_log(SQLCIPHER_LOG_INFO, SQLCIPHER_LOG_MEMORY, "sqlcipher_munlock: munlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
394 }
395 #elif defined(_WIN32)
396 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
397 int rc;
398
399 if(ptr == NULL || sz == 0) return;
400
401 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_munlock: calling VirtualUnlock(%p,%d)", ptr, sz);
402 rc = VirtualUnlock(ptr, sz);
403
404 /* because memory allocations may be made from the same individual page, it is possible for VirtualUnlock to be called
405 * multiple times for the same page. Subsequent calls will return an error, but this can be safely ignored (i.e. because
406 * the previous call for that page unlocked the memory already). Log an info level event only in that case. */
407 if(!rc) {
408 sqlcipher_log(SQLCIPHER_LOG_INFO, SQLCIPHER_LOG_MEMORY, "sqlcipher_munlock: VirtualUnlock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
409 }
410 #endif
411 #endif
412 #endif
413 }
414
415 /**
416 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
417 * can be countend and memory leak detection works in the test suite.
418 * If ptr is not null memory will be freed.
419 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
420 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
421 * memory segment so it can be paged
422 */
423 void sqlcipher_free(void *ptr, sqlite_uint64 sz) {
424 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
425 sqlcipher_memset(ptr, 0, sz);
426 sqlcipher_munlock(ptr, sz);
427 sqlite3_free(ptr);
428 }
429
430 /**
431 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
432 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
433 * attempts to lock the memory pages so sensitive information won't be swapped
434 */
435 void* sqlcipher_malloc(sqlite_uint64 sz) {
436 void *ptr;
437 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_malloc: calling sqlite3Malloc(%llu)", sz);
438 ptr = sqlite3Malloc(sz);
439 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MEMORY, "sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
440 sqlcipher_memset(ptr, 0, sz);
441 sqlcipher_mlock(ptr, sz);
442 return ptr;
443 }
444
445 char* sqlcipher_version() {
446 #ifdef CIPHER_VERSION_QUALIFIER
447 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
448 #else
449 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
450 #endif
451 return version;
452 }
453
454 /**
455 * Initialize new cipher_ctx struct. This function will allocate memory
456 * for the cipher context and for the key
457 *
458 * returns SQLITE_OK if initialization was successful
459 * returns SQLITE_NOMEM if an error occured allocating memory
460 */
461 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
462 cipher_ctx *c_ctx;
463 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "sqlcipher_cipher_ctx_init: allocating context");
464 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
465 c_ctx = *iCtx;
466 if(c_ctx == NULL) return SQLITE_NOMEM;
467
468 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "sqlcipher_cipher_ctx_init: allocating key");
469 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
470
471 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "sqlcipher_cipher_ctx_init: allocating hmac_key");
472 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
473
474 if(c_ctx->key == NULL) return SQLITE_NOMEM;
475 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
476
477 return SQLITE_OK;
478 }
479
480 /**
481 * Free and wipe memory associated with a cipher_ctx
482 */
483 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
484 cipher_ctx *c_ctx = *iCtx;
485 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "cipher_ctx_free: iCtx=%p", iCtx);
486 if(c_ctx->key) sqlcipher_free(c_ctx->key, ctx->key_sz);
487 if(c_ctx->hmac_key) sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
488 if(c_ctx->pass) sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
489 if(c_ctx->keyspec) sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
490 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
491 }
492
493 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
494 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
495 int reserve = base_reserve;
496
497 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
498
499 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
500 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
501
502 /* calculate the amount of reserve needed in even increments of the cipher block size */
503 if(ctx->block_sz > 0) {
504 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
505 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
506 }
507
508 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d",
509 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
510
511 ctx->reserve_sz = reserve;
512
513 return SQLITE_OK;
514 }
515
516 /**
517 * Compare one cipher_ctx to another.
518 *
519 * returns 0 if all the parameters (except the derived key data) are the same
520 * returns 1 otherwise
521 */
522 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
523 int are_equal = (
524 c1->pass_sz == c2->pass_sz
525 && (
526 c1->pass == c2->pass
527 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
528 (const unsigned char*)c2->pass,
529 c1->pass_sz)
530 ));
531
532 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_cmp: c1=%p c2=%p sqlcipher_memcmp(c1->pass, c2_pass)=%d are_equal=%d",
533 c1, c2,
534 (c1->pass == NULL || c2->pass == NULL) ?
535 -1 :
536 sqlcipher_memcmp(
537 (const unsigned char*)c1->pass,
538 (const unsigned char*)c2->pass,
539 c1->pass_sz
540 ),
541 are_equal
542 );
543
544 return !are_equal; /* return 0 if they are the same, 1 otherwise */
545 }
546
547 /**
548 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
549 * fully initialized context, you could copy it to write_ctx and all yet data
550 * and pass information across
551 *
552 * returns SQLITE_OK if initialization was successful
553 * returns SQLITE_NOMEM if an error occured allocating memory
554 */
555 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
556 void *key = target->key;
557 void *hmac_key = target->hmac_key;
558
559 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_copy: target=%p, source=%p", target, source);
560 if(target->pass) sqlcipher_free(target->pass, target->pass_sz);
561 if(target->keyspec) sqlcipher_free(target->keyspec, ctx->keyspec_sz);
562 memcpy(target, source, sizeof(cipher_ctx));
563
564 target->key = key; /* restore pointer to previously allocated key data */
565 memcpy(target->key, source->key, ctx->key_sz);
566
567 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
568 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
569
570 if(source->pass && source->pass_sz) {
571 target->pass = sqlcipher_malloc(source->pass_sz);
572 if(target->pass == NULL) return SQLITE_NOMEM;
573 memcpy(target->pass, source->pass, source->pass_sz);
574 }
575 if(source->keyspec) {
576 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
577 if(target->keyspec == NULL) return SQLITE_NOMEM;
578 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
579 }
580 return SQLITE_OK;
581 }
582
583 /**
584 * Set the keyspec for the cipher_ctx
585 *
586 * returns SQLITE_OK if assignment was successfull
587 * returns SQLITE_NOMEM if an error occured allocating memory
588 */
589 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
590 /* free, zero existing pointers and size */
591 if(c_ctx->keyspec) sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
592 c_ctx->keyspec = NULL;
593
594 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
595 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
596
597 c_ctx->keyspec[0] = 'x';
598 c_ctx->keyspec[1] = '\'';
599 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
600 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
601 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
602 return SQLITE_OK;
603 }
604
605 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
606 return ctx->store_pass;
607 }
608
609 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
610 ctx->store_pass = value;
611 }
612
613 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
614 *zKey = ctx->read_ctx->pass;
615 *nKey = ctx->read_ctx->pass_sz;
616 }
617
618 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
619 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = derive;
620 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = derive;
621 }
622
623 /**
624 * Set the passphrase for the cipher_ctx
625 *
626 * returns SQLITE_OK if assignment was successfull
627 * returns SQLITE_NOMEM if an error occured allocating memory
628 */
629 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
630 /* free, zero existing pointers and size */
631 if(ctx->pass) sqlcipher_free(ctx->pass, ctx->pass_sz);
632 ctx->pass = NULL;
633 ctx->pass_sz = 0;
634
635 if(zKey && nKey) { /* if new password is provided, copy it */
636 ctx->pass_sz = nKey;
637 ctx->pass = sqlcipher_malloc(nKey);
638 if(ctx->pass == NULL) return SQLITE_NOMEM;
639 memcpy(ctx->pass, zKey, nKey);
640 }
641 return SQLITE_OK;
642 }
643
644 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
645 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
646 int rc;
647
648 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) {
649 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_set_pass: error %d from sqlcipher_cipher_ctx_set_pass", rc);
650 return rc;
651 }
652
653 c_ctx->derive_key = 1;
654
655 if(for_ctx == 2) {
656 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK) {
657 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_set_pass: error %d from sqlcipher_cipher_ctx_copy", rc);
658 return rc;
659 }
660 }
661
662 return SQLITE_OK;
663 }
664
665 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
666 return ctx->provider->get_cipher(ctx->provider_ctx);
667 }
668
669 /* set the global default KDF iteration */
670 void sqlcipher_set_default_kdf_iter(int iter) {
671 default_kdf_iter = iter;
672 }
673
674 int sqlcipher_get_default_kdf_iter() {
675 return default_kdf_iter;
676 }
677
678 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
679 ctx->kdf_iter = kdf_iter;
680 sqlcipher_set_derive_key(ctx, 1);
681 return SQLITE_OK;
682 }
683
684 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
685 return ctx->kdf_iter;
686 }
687
688 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
689 ctx->fast_kdf_iter = fast_kdf_iter;
690 sqlcipher_set_derive_key(ctx, 1);
691 return SQLITE_OK;
692 }
693
694 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
695 return ctx->fast_kdf_iter;
696 }
697
698 /* set the global default flag for HMAC */
699 void sqlcipher_set_default_use_hmac(int use) {
700 if(use) SQLCIPHER_FLAG_SET(default_flags, CIPHER_FLAG_HMAC);
701 else SQLCIPHER_FLAG_UNSET(default_flags,CIPHER_FLAG_HMAC);
702 }
703
704 int sqlcipher_get_default_use_hmac() {
705 return SQLCIPHER_FLAG_GET(default_flags, CIPHER_FLAG_HMAC);
706 }
707
708 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
709 hmac_salt_mask = mask;
710 }
711
712 unsigned char sqlcipher_get_hmac_salt_mask() {
713 return hmac_salt_mask;
714 }
715
716 /* set the codec flag for whether this individual database should be using hmac */
717 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
718 if(use) {
719 SQLCIPHER_FLAG_SET(ctx->flags, CIPHER_FLAG_HMAC);
720 } else {
721 SQLCIPHER_FLAG_UNSET(ctx->flags, CIPHER_FLAG_HMAC);
722 }
723
724 return sqlcipher_codec_ctx_reserve_setup(ctx);
725 }
726
727 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
728 return SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HMAC);
729 }
730
731 /* the length of plaintext header size must be:
732 * 1. greater than or equal to zero
733 * 2. a multiple of the cipher block size
734 * 3. less than the usable size of the first database page
735 */
736 int sqlcipher_set_default_plaintext_header_size(int size) {
737 default_plaintext_header_sz = size;
738 return SQLITE_OK;
739 }
740
741 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
742 if(size >= 0 && ctx->block_sz > 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
743 ctx->plaintext_header_sz = size;
744 return SQLITE_OK;
745 }
746 ctx->plaintext_header_sz = -1;
747 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_set_plaintext_header_size: attempt to set invalid plantext_header_size %d", size);
748 return SQLITE_ERROR;
749 }
750
751 int sqlcipher_get_default_plaintext_header_size() {
752 return default_plaintext_header_sz;
753 }
754
755 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
756 return ctx->plaintext_header_sz;
757 }
758
759 /* manipulate HMAC algorithm */
760 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
761 default_hmac_algorithm = algorithm;
762 return SQLITE_OK;
763 }
764
765 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
766 ctx->hmac_algorithm = algorithm;
767 return sqlcipher_codec_ctx_reserve_setup(ctx);
768 }
769
770 int sqlcipher_get_default_hmac_algorithm() {
771 return default_hmac_algorithm;
772 }
773
774 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
775 return ctx->hmac_algorithm;
776 }
777
778 /* manipulate KDF algorithm */
779 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
780 default_kdf_algorithm = algorithm;
781 return SQLITE_OK;
782 }
783
784 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
785 ctx->kdf_algorithm = algorithm;
786 return SQLITE_OK;
787 }
788
789 int sqlcipher_get_default_kdf_algorithm() {
790 return default_kdf_algorithm;
791 }
792
793 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
794 return ctx->kdf_algorithm;
795 }
796
797 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
798 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_set_error %d", error);
799 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
800 ctx->pBt->pBt->db->errCode = error;
801 }
802
803 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
804 return ctx->reserve_sz;
805 }
806
807 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
808 return ctx->buffer;
809 }
810
811 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
812 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
813
814 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT)) {
815 return SQLITE_OK; /* don't reload salt when not needed */
816 }
817
818 /* read salt from header, if present, otherwise generate a new random salt */
819 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init_kdf_salt: obtaining salt");
820 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
821 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random");
822 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) {
823 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init_kdf_salt: error retrieving random bytes from provider");
824 return SQLITE_ERROR;
825 }
826 }
827 SQLCIPHER_FLAG_SET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT);
828 return SQLITE_OK;
829 }
830
831 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
832 if(size >= ctx->kdf_salt_sz) {
833 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
834 SQLCIPHER_FLAG_SET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT);
835 return SQLITE_OK;
836 }
837 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_set_kdf_salt: attempt to set salt of incorrect size %d", size);
838 return SQLITE_ERROR;
839 }
840
841 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
842 int rc = SQLITE_OK;
843 if(!SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT)) {
844 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) {
845 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_get_kdf_salt: error %d from sqlcipher_codec_ctx_init_kdf_salt", rc);
846 }
847 }
848 *salt = ctx->kdf_salt;
849
850 return rc;
851 }
852
853 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
854 *zKey = ctx->read_ctx->keyspec;
855 *nKey = ctx->keyspec_sz;
856 }
857
858 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
859 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
860 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "cipher_page_size not a power of 2 and between 512 and 65536 inclusive");
861 return SQLITE_ERROR;
862 }
863 /* attempt to free the existing page buffer */
864 if(ctx->buffer) sqlcipher_free(ctx->buffer,ctx->page_sz);
865 ctx->page_sz = size;
866
867 /* pre-allocate a page buffer of PageSize bytes. This will
868 be used as a persistent buffer for encryption and decryption
869 operations to avoid overhead of multiple memory allocations*/
870 ctx->buffer = sqlcipher_malloc(size);
871 if(ctx->buffer == NULL) return SQLITE_NOMEM;
872
873 return SQLITE_OK;
874 }
875
876 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
877 return ctx->page_sz;
878 }
879
880 void sqlcipher_set_default_pagesize(int page_size) {
881 default_page_size = page_size;
882 }
883
884 int sqlcipher_get_default_pagesize() {
885 return default_page_size;
886 }
887
888 void sqlcipher_set_mem_security(int on) {
889 /* memory security can only be enabled, not disabled */
890 if(on) {
891 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_set_mem_security: on");
892 sqlcipher_mem_security_on = on;
893 }
894 }
895
896 int sqlcipher_get_mem_security() {
897 /* only report that memory security is enabled if pragma cipher_memory_security is ON and
898 SQLCipher's allocator/deallocator was run at least one timecurrently used */
899 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_get_mem_security: sqlcipher_mem_security_on = %d, sqlcipher_mem_executed = %d", sqlcipher_mem_security_on, sqlcipher_mem_executed);
900 return sqlcipher_mem_security_on && sqlcipher_mem_executed;
901 }
902
903
904 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
905 int rc;
906 codec_ctx *ctx;
907
908 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "sqlcipher_codec_ctx_init: allocating context");
909
910 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
911 ctx = *iCtx;
912
913 if(ctx == NULL) return SQLITE_NOMEM;
914
915 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
916
917 /* allocate space for salt data. Then read the first 16 bytes
918 directly off the database file. This is the salt for the
919 key derivation function. If we get a short read allocate
920 a new random salt value */
921 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "sqlcipher_codec_ctx_init: allocating kdf_salt");
922 ctx->kdf_salt_sz = FILE_HEADER_SZ;
923 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
924 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
925
926 /* allocate space for separate hmac salt data. We want the
927 HMAC derivation salt to be different than the encryption
928 key derivation salt */
929 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "sqlcipher_codec_ctx_init: allocating hmac_kdf_salt");
930 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
931 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
932
933 /* setup default flags */
934 ctx->flags = default_flags;
935
936 /* setup the crypto provider */
937 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "sqlcipher_codec_ctx_init: allocating provider");
938 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
939 if(ctx->provider == NULL) return SQLITE_NOMEM;
940
941 /* make a copy of the provider to be used for the duration of the context */
942 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER");
943 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
944 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER");
945
946 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
947
948 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER");
949 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
950 sqlcipher_log(SQLCIPHER_LOG_TRACE, SQLCIPHER_LOG_MUTEX, "sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER");
951
952 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) {
953 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d returned from ctx_init", rc);
954 return rc;
955 }
956
957 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
958 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
959 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
960
961 /* establic the size for a hex-formated key specification, containing the
962 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
963 so oversize by 3 bytes */
964 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
965
966 /*
967 Always overwrite page size and set to the default because the first page of the database
968 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
969 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
970 */
971 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) {
972 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d returned from sqlcipher_codec_ctx_set_pagesize with %d", rc, default_page_size);
973 return rc;
974 }
975
976 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
977 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) {
978 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d setting default_kdf_iter %d", rc, default_kdf_iter);
979 return rc;
980 }
981
982 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) {
983 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d setting fast_kdf_iter to %d", rc, FAST_PBKDF2_ITER);
984 return rc;
985 }
986
987 /* set the default HMAC and KDF algorithms which will determine the reserve size */
988 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) {
989 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_hmac_algorithm with %d", rc, default_hmac_algorithm);
990 return rc;
991 }
992
993 /* Note that use_hmac is a special case that requires recalculation of page size
994 so we call set_use_hmac to perform setup */
995 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, SQLCIPHER_FLAG_GET(default_flags, CIPHER_FLAG_HMAC))) != SQLITE_OK) {
996 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d setting use_hmac %d", rc, SQLCIPHER_FLAG_GET(default_flags, CIPHER_FLAG_HMAC));
997 return rc;
998 }
999
1000 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) {
1001 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_kdf_algorithm with %d", rc, default_kdf_algorithm);
1002 return rc;
1003 }
1004
1005 /* setup the default plaintext header size */
1006 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) {
1007 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d setting sqlcipher_codec_ctx_set_plaintext_header_size with %d", rc, default_plaintext_header_sz);
1008 return rc;
1009 }
1010
1011 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
1012 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) {
1013 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d initializing read_ctx", rc);
1014 return rc;
1015 }
1016
1017 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) {
1018 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d initializing write_ctx", rc);
1019 return rc;
1020 }
1021
1022 /* set the key material on one of the sub cipher contexts and sync them up */
1023 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) {
1024 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d setting pass key", rc);
1025 return rc;
1026 }
1027
1028 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) {
1029 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_init: error %d copying write_ctx to read_ctx", rc);
1030 return rc;
1031 }
1032
1033 return SQLITE_OK;
1034 }
1035
1036 /**
1037 * Free and wipe memory associated with a cipher_ctx, including the allocated
1038 * read_ctx and write_ctx.
1039 */
1040 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
1041 codec_ctx *ctx = *iCtx;
1042 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_MEMORY, "codec_ctx_free: iCtx=%p", iCtx);
1043 if(ctx->kdf_salt) sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
1044 if(ctx->hmac_kdf_salt) sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
1045 if(ctx->buffer) sqlcipher_free(ctx->buffer, ctx->page_sz);
1046
1047 if(ctx->provider) {
1048 ctx->provider->ctx_free(&ctx->provider_ctx);
1049 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
1050 }
1051
1052 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
1053 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
1054 sqlcipher_free(ctx, sizeof(codec_ctx));
1055 }
1056
1057 /** convert a 32bit unsigned integer to little endian byte ordering */
1058 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
1059 p[0] = (u8)v;
1060 p[1] = (u8)(v>>8);
1061 p[2] = (u8)(v>>16);
1062 p[3] = (u8)(v>>24);
1063 }
1064
1065 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
1066 unsigned char pgno_raw[sizeof(pgno)];
1067 /* we may convert page number to consistent representation before calculating MAC for
1068 compatibility across big-endian and little-endian platforms.
1069
1070 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
1071 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
1072 backwards compatibility on the most popular platforms, but can optionally be configured
1073 to use either big endian or native byte ordering via pragma. */
1074
1075 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_LE_PGNO)) { /* compute hmac using little endian pgno*/
1076 sqlcipher_put4byte_le(pgno_raw, pgno);
1077 } else if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_BE_PGNO)) { /* compute hmac using big endian pgno */
1078 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1079 } else { /* use native byte ordering */
1080 memcpy(pgno_raw, &pgno, sizeof(pgno));
1081 }
1082
1083 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1084 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1085 valid pages out of order in a database */
1086 return ctx->provider->hmac(
1087 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1088 ctx->key_sz, in,
1089 in_sz, (unsigned char*) &pgno_raw,
1090 sizeof(pgno), out);
1091 }
1092
1093 /*
1094 * ctx - codec context
1095 * pgno - page number in database
1096 * size - size in bytes of input and output buffers
1097 * mode - 1 to encrypt, 0 to decrypt
1098 * in - pointer to input bytes
1099 * out - pouter to output bytes
1100 */
1101 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1102 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1103 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1104 int size;
1105
1106 /* calculate some required positions into various buffers */
1107 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1108 iv_out = out + size;
1109 iv_in = in + size;
1110
1111 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1112 random bytes. note, these pointers are only valid when using hmac */
1113 hmac_in = in + size + ctx->iv_sz;
1114 hmac_out = out + size + ctx->iv_sz;
1115 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1116
1117 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: pgno=%d, mode=%d, size=%d", pgno, mode, size);
1118 CODEC_HEXDUMP("sqlcipher_page_cipher: input page data", in, page_sz);
1119
1120 /* the key size should never be zero. If it is, error out. */
1121 if(ctx->key_sz == 0) {
1122 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: error possible context corruption, key_sz is zero for pgno=%d", pgno);
1123 goto error;
1124 }
1125
1126 if(mode == CIPHER_ENCRYPT) {
1127 /* start at front of the reserve block, write random data to the end */
1128 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1129 } else { /* CIPHER_DECRYPT */
1130 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1131 }
1132
1133 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT)) {
1134 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1135 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: hmac operation on decrypt failed for pgno=%d", pgno);
1136 goto error;
1137 }
1138
1139 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: comparing hmac on in=%p out=%p hmac_sz=%d", hmac_in, hmac_out, ctx->hmac_sz);
1140 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1141 if(sqlite3BtreeGetAutoVacuum(ctx->pBt) != BTREE_AUTOVACUUM_NONE && sqlcipher_ismemset(in, 0, page_sz) == 0) {
1142 /* first check if the entire contents of the page is zeros. If so, this page
1143 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1144 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1145 and return SQLITE_OK to skip the decryption step. */
1146 sqlcipher_log(SQLCIPHER_LOG_INFO, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: zeroed page (short read) for pgno %d with autovacuum enabled", pgno);
1147 sqlcipher_memset(out, 0, page_sz);
1148 return SQLITE_OK;
1149 } else {
1150 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1151 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1152 and return SQLITE_ERROR to the caller */
1153 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: hmac check failed for pgno=%d", pgno);
1154 goto error;
1155 }
1156 }
1157 }
1158
1159 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1160 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: cipher operation mode=%d failed for pgno=%d", mode, pgno);
1161 goto error;
1162 };
1163
1164 if(SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1165 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1166 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_page_cipher: hmac operation on encrypt failed for pgno=%d", pgno);
1167 goto error;
1168 };
1169 }
1170
1171 CODEC_HEXDUMP("sqlcipher_page_cipher: output page data", out_start, page_sz);
1172
1173 return SQLITE_OK;
1174 error:
1175 sqlcipher_memset(out, 0, page_sz);
1176 return SQLITE_ERROR;
1177 }
1178
1179 /**
1180 * Derive an encryption key for a cipher contex key based on the raw password.
1181 *
1182 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1183 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1184
1185 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1186 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1187 * as the key followed by the salt.
1188 *
1189 * Otherwise, a key data will be derived using PBKDF2
1190 *
1191 * returns SQLITE_OK if initialization was successful
1192 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1193 */
1194 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1195 int rc;
1196 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: ctx->kdf_salt_sz=%d ctx->kdf_iter=%d ctx->fast_kdf_iter=%d ctx->key_sz=%d",
1197 ctx->kdf_salt_sz, ctx->kdf_iter, ctx->fast_kdf_iter, ctx->key_sz);
1198
1199 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1200
1201 /* if necessary, initialize the salt from the header or random source */
1202 if(!SQLCIPHER_FLAG_GET(ctx->flags, CIPHER_FLAG_HAS_KDF_SALT)) {
1203 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) {
1204 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: error %d from sqlcipher_codec_ctx_init_kdf_salt", rc);
1205 return rc;
1206 }
1207 }
1208
1209 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1210 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1211 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1212 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: using raw key from hex");
1213 cipher_hex2bin(z, n, c_ctx->key);
1214 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1215 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1216 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: using raw key from hex");
1217 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1218 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1219 } else {
1220 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations", ctx->kdf_iter);
1221 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1222 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1223 ctx->key_sz, c_ctx->key) != SQLITE_OK) {
1224 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: error occurred from provider kdf generating encryption key");
1225 return SQLITE_ERROR;
1226 }
1227 }
1228
1229 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1230 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) {
1231 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: error %d from sqlcipher_cipher_ctx_set_keyspec", rc);
1232 return rc;
1233 }
1234
1235 /* if this context is setup to use hmac checks, generate a seperate and different
1236 key for HMAC. In this case, we use the output of the previous KDF as the input to
1237 this KDF run. This ensures a distinct but predictable HMAC key. */
1238 if(ctx->flags & CIPHER_FLAG_HMAC) {
1239 int i;
1240
1241 /* start by copying the kdf key into the hmac salt slot
1242 then XOR it with the fixed hmac salt defined at compile time
1243 this ensures that the salt passed in to derive the hmac key, while
1244 easy to derive and publically known, is not the same as the salt used
1245 to generate the encryption key */
1246 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1247 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1248 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1249 }
1250
1251 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations",
1252 ctx->fast_kdf_iter);
1253
1254
1255 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1256 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1257 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) {
1258 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: error occurred from provider kdf generating HMAC key");
1259 return SQLITE_ERROR;
1260 }
1261 }
1262
1263 c_ctx->derive_key = 0;
1264 return SQLITE_OK;
1265 }
1266 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_cipher_ctx_key_derive: key material is not present on the context for key derivation");
1267 return SQLITE_ERROR;
1268 }
1269
1270 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1271 /* derive key on first use if necessary */
1272 if(ctx->read_ctx->derive_key) {
1273 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) {
1274 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_key_derive: error occurred deriving read_ctx key");
1275 return SQLITE_ERROR;
1276 }
1277 }
1278
1279 if(ctx->write_ctx->derive_key) {
1280 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1281 /* the relevant parameters are the same, just copy read key */
1282 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) {
1283 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_key_derive: error occurred copying read_ctx to write_ctx");
1284 return SQLITE_ERROR;
1285 }
1286 } else {
1287 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) {
1288 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_key_derive: error occurred deriving write_ctx key");
1289 return SQLITE_ERROR;
1290 }
1291 }
1292 }
1293
1294 /* TODO: wipe and free passphrase after key derivation */
1295 if(ctx->store_pass != 1) {
1296 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1297 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1298 }
1299
1300 return SQLITE_OK;
1301 }
1302
1303 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1304 if(source == CIPHER_READ_CTX) {
1305 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1306 } else {
1307 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1308 }
1309 }
1310
1311 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1312 return ctx->provider->get_provider_name(ctx->provider_ctx);
1313 }
1314
1315
1316 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1317 int rc;
1318 sqlite3 *db = NULL;
1319 sqlite3_stmt *statement = NULL;
1320 char *query_journal_mode = "PRAGMA journal_mode;";
1321 char *query_user_version = "PRAGMA user_version;";
1322
1323 rc = sqlite3_open(filename, &db);
1324 if(rc != SQLITE_OK) goto cleanup;
1325
1326 rc = sqlite3_key(db, key, key_sz);
1327 if(rc != SQLITE_OK) goto cleanup;
1328
1329 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1330 if(rc != SQLITE_OK) goto cleanup;
1331
1332 /* start by querying the user version.
1333 this will fail if the key is incorrect */
1334 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1335 if(rc != SQLITE_OK) goto cleanup;
1336
1337 rc = sqlite3_step(statement);
1338 if(rc == SQLITE_ROW) {
1339 *user_version = sqlite3_column_int(statement, 0);
1340 } else {
1341 goto cleanup;
1342 }
1343 sqlite3_finalize(statement);
1344
1345 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1346 if(rc != SQLITE_OK) goto cleanup;
1347
1348 rc = sqlite3_step(statement);
1349 if(rc == SQLITE_ROW) {
1350 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1351 } else {
1352 goto cleanup;
1353 }
1354 rc = SQLITE_OK;
1355 /* cleanup will finalize open statement */
1356
1357 cleanup:
1358 if(statement) sqlite3_finalize(statement);
1359 if(db) sqlite3_close(db);
1360 return rc;
1361 }
1362
1363 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1364 Pgno page = 1;
1365 int rc = 0;
1366 char *result;
1367 unsigned char *hmac_out = NULL;
1368 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1369 i64 file_sz;
1370
1371 Vdbe *v = sqlite3GetVdbe(pParse);
1372 sqlite3VdbeSetNumCols(v, 1);
1373 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1374
1375 if(fd == NULL || fd->pMethods == 0) {
1376 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1377 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1378 goto cleanup;
1379 }
1380
1381 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1382 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1383 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1384 goto cleanup;
1385 }
1386
1387 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1388 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1389 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1390 goto cleanup;
1391 }
1392
1393 sqlite3OsFileSize(fd, &file_sz);
1394 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1395
1396 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1397 i64 offset = (page - 1) * ctx->page_sz;
1398 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1399 int read_sz = ctx->page_sz;
1400
1401 /* skip integrity check on PAGER_SJ_PGNO since it will have no valid content */
1402 if(sqlite3pager_is_sj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1403
1404 if(page==1) {
1405 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1406 read_sz = read_sz - page1_offset;
1407 payload_sz = payload_sz - page1_offset;
1408 offset += page1_offset;
1409 }
1410
1411 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1412 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1413 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1414 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d", read_sz, page, offset);
1415 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1416 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1417 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1418 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1419 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1420 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1421 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1422 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1423 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1424 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1425 }
1426 }
1427
1428 if(file_sz % ctx->page_sz != 0) {
1429 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes (expected %d bytes)", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz), ctx->page_sz);
1430 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1431 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1432 }
1433
1434 cleanup:
1435 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1436 return SQLITE_OK;
1437 }
1438
1439 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1440 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1441 Db *pDb = 0;
1442 sqlite3 *db = ctx->pBt->db;
1443 const char *db_filename = sqlite3_db_filename(db, "main");
1444 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1445 Btree *pDest = NULL, *pSrc = NULL;
1446 sqlite3_file *srcfile, *destfile;
1447 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1448 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1449 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1450 #endif
1451 pass_sz = keyspec_sz = rc = user_version = 0;
1452
1453 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1454 goto cleanup; /* exit immediately if this is an in memory database */
1455
1456 /* pull the provided password / key material off the current codec context */
1457 pass_sz = ctx->read_ctx->pass_sz;
1458 pass = sqlcipher_malloc(pass_sz+1);
1459 memset(pass, 0, pass_sz+1);
1460 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1461
1462 /* Version 4 - current, no upgrade required, so exit immediately */
1463 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1464 if(rc == SQLITE_OK){
1465 sqlcipher_log(SQLCIPHER_LOG_INFO, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: no upgrade required - exiting");
1466 goto cleanup;
1467 }
1468
1469 for(i = 3; i > 0; i--) {
1470 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1471 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1472 if(rc == SQLITE_OK) {
1473 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: version %d format found", i);
1474 goto migrate;
1475 }
1476 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1477 pragma_compat = NULL;
1478 }
1479
1480 /* if we exit the loop normally we failed to determine the version, this is an error */
1481 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: unable to determine format version for upgrade: this may indicate custom settings were used ");
1482 goto handle_error;
1483
1484 migrate:
1485
1486 temp = sqlite3_mprintf("%s-migrated", db_filename);
1487 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1488 * to determine whether the filename was URI formatted */
1489 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1490 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1491 sqlcipher_free(temp, sqlite3Strlen30(temp));
1492
1493 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1494 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1495
1496 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1497 if(rc != SQLITE_OK){
1498 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: set compatibility mode failed, error code %d", rc);
1499 goto handle_error;
1500 }
1501
1502 /* force journal mode to DELETE, we will set it back later if different */
1503 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1504 if(rc != SQLITE_OK){
1505 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: force journal mode DELETE failed, error code %d", rc);
1506 goto handle_error;
1507 }
1508
1509 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1510 if(rc != SQLITE_OK){
1511 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: attach failed, error code %d", rc);
1512 goto handle_error;
1513 }
1514
1515 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1516 if(rc != SQLITE_OK){
1517 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: keying attached database failed, error code %d", rc);
1518 goto handle_error;
1519 }
1520
1521 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1522 if(rc != SQLITE_OK){
1523 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: sqlcipher_export failed, error code %d", rc);
1524 goto handle_error;
1525 }
1526
1527 #ifdef SQLCIPHER_TEST
1528 if((sqlcipher_get_test_flags() & TEST_FAIL_MIGRATE) > 0) {
1529 rc = SQLITE_ERROR;
1530 sqlcipher_log(SQLCIPHER_LOG_WARN, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: simulated migrate failure, error code %d", rc);
1531 goto handle_error;
1532 }
1533 #endif
1534
1535 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1536 if(rc != SQLITE_OK){
1537 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: set user version failed, error code %d", rc);
1538 goto handle_error;
1539 }
1540
1541 if( !db->autoCommit ){
1542 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: cannot migrate from within a transaction");
1543 goto handle_error;
1544 }
1545 if( db->nVdbeActive>1 ){
1546 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: cannot migrate - SQL statements in progress");
1547 goto handle_error;
1548 }
1549
1550 pDest = db->aDb[0].pBt;
1551 pDb = &(db->aDb[db->nDb-1]);
1552 pSrc = pDb->pBt;
1553
1554 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1555 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1556 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1557 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1558 if(rc != SQLITE_OK) {
1559 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: failed to set btree page size to %d res %d rc %d", default_page_size, nRes, rc);
1560 goto handle_error;
1561 }
1562
1563 sqlcipherCodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1564 SQLCIPHER_FLAG_UNSET(ctx->flags, CIPHER_FLAG_KEY_USED);
1565 sqlcipherCodecAttach(db, 0, keyspec, keyspec_sz);
1566
1567 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1568 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1569
1570 sqlite3OsClose(srcfile);
1571 sqlite3OsClose(destfile);
1572
1573 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1574 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: performing windows MoveFileExA");
1575
1576 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1577 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1578 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1579
1580 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1581 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1582 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1583
1584 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1585 rc = SQLITE_ERROR;
1586 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: error occurred while renaming migration files %d", rc);
1587 goto handle_error;
1588 }
1589 #else
1590 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: performing POSIX rename");
1591 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1592 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: error occurred while renaming migration files %s to %s: %d", migrated_db_filename, db_filename, rc);
1593 goto handle_error;
1594 }
1595 #endif
1596 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: renamed migration database %s to main database %s: %d", migrated_db_filename, db_filename, rc);
1597
1598 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1599 if(rc != SQLITE_OK) {
1600 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: failed to reopen migration database %s: %d", migrated_db_filename, rc);
1601 goto handle_error;
1602 }
1603
1604 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1605 if(rc != SQLITE_OK) {
1606 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: failed to reopen main database %s: %d", db_filename, rc);
1607 goto handle_error;
1608 }
1609
1610 sqlite3pager_reset(pDest->pBt->pPager);
1611 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: reset pager");
1612
1613 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1614 if(rc != SQLITE_OK) {
1615 sqlcipher_log(SQLCIPHER_LOG_WARN, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: DETACH DATABASE migrate failed: %d", rc);
1616 }
1617
1618 sqlite3ResetAllSchemasOfConnection(db);
1619 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: reset all schemas");
1620
1621 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1622 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1623 if(rc != SQLITE_OK) {
1624 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: failed to re-set journal mode via %s: %d", set_journal_mode, rc);
1625 goto handle_error;
1626 }
1627
1628 goto cleanup;
1629
1630 handle_error:
1631 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: an error occurred attempting to migrate the database - last error %d", rc);
1632
1633 cleanup:
1634 if(migrated_db_filename) {
1635 int del_rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1636 if(del_rc != SQLITE_OK) {
1637 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_ctx_migrate: failed to delete migration database %s: %d", migrated_db_filename, del_rc);
1638 }
1639 }
1640
1641 if(pass) sqlcipher_free(pass, pass_sz);
1642 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1643 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1644 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1645 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1646 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1647 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1648 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1649 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1650 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1651 #endif
1652 return rc;
1653 }
1654
1655 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1656 const char *suffix = &zRight[random_sz-1];
1657 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1658 if (n > 0 &&
1659 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1660 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1661 n % 2 == 0) {
1662 int rc = 0;
1663 int buffer_sz = n / 2;
1664 unsigned char *random;
1665 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1666 sqlcipher_log(SQLCIPHER_LOG_DEBUG, SQLCIPHER_LOG_CORE, "sqlcipher_codec_add_random: using raw random blob from hex");
1667 random = sqlcipher_malloc(buffer_sz);
1668 memset(random, 0, buffer_sz);
1669 cipher_hex2bin(z, n, random);
1670 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1671 sqlcipher_free(random, buffer_sz);
1672 return rc;
1673 }
1674 sqlcipher_log(SQLCIPHER_LOG_ERROR, SQLCIPHER_LOG_CORE, "sqlcipher_codec_add_random: attemt to add random with invalid format");
1675 return SQLITE_ERROR;
1676 }
1677
1678 #if !defined(SQLITE_OMIT_TRACE)
1679
1680 #define SQLCIPHER_PROFILE_FMT "Elapsed time:%.3f ms - %s\n"
1681 #define SQLCIPHER_PROFILE_FMT_OSLOG "Elapsed time:%{public}.3f ms - %{public}s\n"
1682
1683 static int sqlcipher_profile_callback(unsigned int trace, void *file, void *stmt, void *run_time){
1684 FILE *f = (FILE*) file;
1685 double elapsed = (*((sqlite3_uint64*)run_time))/1000000.0;
1686 if(f == NULL) {
1687 #if !defined(SQLCIPHER_OMIT_LOG_DEVICE)
1688 #if defined(__ANDROID__)
1689 __android_log_print(ANDROID_LOG_DEBUG, "sqlcipher", SQLCIPHER_PROFILE_FMT, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1690 #elif defined(__APPLE__)
1691 os_log(OS_LOG_DEFAULT, SQLCIPHER_PROFILE_FMT_OSLOG, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1692 #endif
1693 #endif
1694 } else {
1695 fprintf(f, SQLCIPHER_PROFILE_FMT, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1696 }
1697 return SQLITE_OK;
1698 }
1699 #endif
1700
1701 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1702 #if defined(SQLITE_OMIT_TRACE)
1703 return SQLITE_ERROR;
1704 #else
1705 FILE *f = NULL;
1706 if(sqlite3_stricmp(destination, "off") == 0){
1707 sqlite3_trace_v2(db, 0, NULL, NULL); /* disable tracing */
1708 } else {
1709 if(sqlite3_stricmp(destination, "stdout") == 0){
1710 f = stdout;
1711 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1712 f = stderr;
1713 }else if(sqlite3_stricmp(destination, "logcat") == 0 || sqlite3_stricmp(destination, "device") == 0){
1714 f = NULL; /* file pointer will be NULL indicating the device target (i.e. logcat or oslog). We will accept logcat for backwards compatibility */
1715 }else{
1716 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1717 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1718 #else
1719 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1720 #endif
1721 }
1722 sqlite3_trace_v2(db, SQLITE_TRACE_PROFILE, sqlcipher_profile_callback, f);
1723 }
1724 return SQLITE_OK;
1725 #endif
1726 }
1727
1728 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1729 return ctx->provider->fips_status(ctx->provider_ctx);
1730 }
1731
1732 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1733 return ctx->provider->get_provider_version(ctx->provider_ctx);
1734 }
1735
1736 char *sqlcipher_get_log_level_str(unsigned int level) {
1737 switch(level) {
1738 case SQLCIPHER_LOG_ERROR:
1739 return "ERROR";
1740 case SQLCIPHER_LOG_WARN:
1741 return "WARN";
1742 case SQLCIPHER_LOG_INFO:
1743 return "INFO";
1744 case SQLCIPHER_LOG_DEBUG:
1745 return "DEBUG";
1746 case SQLCIPHER_LOG_TRACE:
1747 return "TRACE";
1748 case SQLCIPHER_LOG_ALL:
1749 return "ALL";
1750 }
1751 return "NONE";
1752 }
1753
1754 char *sqlcipher_get_log_source_str(unsigned int source) {
1755 switch(source) {
1756 case SQLCIPHER_LOG_NONE:
1757 return "NONE";
1758 case SQLCIPHER_LOG_CORE:
1759 return "CORE";
1760 case SQLCIPHER_LOG_MEMORY:
1761 return "MEMORY";
1762 case SQLCIPHER_LOG_MUTEX:
1763 return "MUTEX";
1764 case SQLCIPHER_LOG_PROVIDER:
1765 return "PROVIDER";
1766 }
1767 return "ALL";
1768 }
1769
1770
1771 #ifndef SQLCIPHER_OMIT_LOG
1772 /* constants from https://github.com/Alexpux/mingw-w64/blob/master/mingw-w64-crt/misc/gettimeofday.c */
1773 #define FILETIME_1970 116444736000000000ull /* seconds between 1/1/1601 and 1/1/1970 */
1774 #define HECTONANOSEC_PER_SEC 10000000ull
1775 #define MAX_LOG_LEN 8192
1776 void sqlcipher_log(unsigned int level, unsigned int source, const char *message, ...) {
1777 va_list params;
1778 va_start(params, message);
1779 char formatted[MAX_LOG_LEN];
1780 char *out = NULL;
1781 int len = 0;
1782
1783 #ifdef CODEC_DEBUG
1784 #if defined(SQLCIPHER_OMIT_LOG_DEVICE)
1785 vfprintf(stderr, message, params);
1786 fprintf(stderr, "\n");
1787 goto end;
1788 #else
1789 #if defined(__ANDROID__)
1790 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1791 goto end;
1792 #elif defined(__APPLE__)
1793 formatted = sqlite3_vmprintf(message, params);
1794 os_log(OS_LOG_DEFAULT, "%s", formatted);
1795 sqlite3_free(formatted);
1796 goto end;
1797 #else
1798 vfprintf(stderr, message, params);
1799 fprintf(stderr, "\n");
1800 goto end;
1801 #endif
1802 #endif
1803 #endif
1804 if(
1805 level > sqlcipher_log_level /* log level is higher, e.g. level filter is at ERROR but this message is DEBUG */
1806 || (sqlcipher_log_source & source) == 0 /* source filter doesn't match this message source */
1807 || (sqlcipher_log_device == 0 && sqlcipher_log_file == NULL) /* no configured log target */
1808 ) {
1809 /* skip logging this message */
1810 goto end;
1811 }
1812
1813 sqlite3_snprintf(MAX_LOG_LEN, formatted, "%s %s ", sqlcipher_get_log_level_str(level), sqlcipher_get_log_source_str(source));
1814 len = strlen(formatted);
1815 sqlite3_vsnprintf(MAX_LOG_LEN - len, formatted + len, message, params);
1816
1817 #if !defined(SQLCIPHER_OMIT_LOG_DEVICE)
1818 if(sqlcipher_log_device) {
1819 #if defined(__ANDROID__)
1820 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", formatted);
1821 goto end;
1822 #elif defined(__APPLEformattes__)
1823 os_log(OS_LOG_DEFAULT, "%{public}s", formatted);
1824 goto end;
1825 #endif
1826 }
1827 #endif
1828
1829 if(sqlcipher_log_file != NULL){
1830 char buffer[24];
1831 struct tm tt;
1832 int ms;
1833 time_t sec;
1834 #ifdef _WIN32
1835 SYSTEMTIME st;
1836 FILETIME ft;
1837 GetSystemTime(&st);
1838 SystemTimeToFileTime(&st, &ft);
1839 sec = (time_t) ((*((sqlite_int64*)&ft) - FILETIME_1970) / HECTONANOSEC_PER_SEC);
1840 ms = st.wMilliseconds;
1841 localtime_s(&tt, &sec);
1842 #else
1843 struct timeval tv;
1844 gettimeofday(&tv, NULL);
1845 sec = tv.tv_sec;
1846 ms = tv.tv_usec/1000.0;
1847 localtime_r(&sec, &tt);
1848 #endif
1849 if(strftime(buffer, sizeof(buffer), "%Y-%m-%d %H:%M:%S", &tt)) {
1850 fprintf((FILE*)sqlcipher_log_file, "%s.%03d: %s\n", buffer, ms, formatted);
1851 goto end;
1852 }
1853 }
1854
1855 end:
1856 va_end(params);
1857 }
1858 #endif
1859
1860 void sqlcipher_set_log_level(unsigned int level) {
1861 sqlcipher_log_level = level;
1862 }
1863
1864 unsigned int sqlcipher_get_log_level() {
1865 return sqlcipher_log_level;
1866 }
1867
1868 void sqlcipher_set_log_source(unsigned int source) {
1869 sqlcipher_log_source = source;
1870 }
1871
1872 unsigned int sqlcipher_get_log_source() {
1873 return sqlcipher_log_source;
1874 }
1875
1876 int sqlcipher_set_log(const char *destination){
1877 #ifdef SQLCIPHER_OMIT_LOG
1878 return SQLITE_ERROR;
1879 #else
1880 /* close open trace file if it is not stdout or stderr, then
1881 reset trace settings */
1882 if(sqlcipher_log_file != NULL && sqlcipher_log_file != stdout && sqlcipher_log_file != stderr) {
1883 fclose((FILE*)sqlcipher_log_file);
1884 }
1885 sqlcipher_log_file = NULL;
1886 sqlcipher_log_device = 0;
1887
1888 if(sqlite3_stricmp(destination, "logcat") == 0 || sqlite3_stricmp(destination, "device") == 0){
1889 /* use the appropriate device log. accept logcat for backwards compatibility */
1890 sqlcipher_log_device = 1;
1891 } else if(sqlite3_stricmp(destination, "stdout") == 0){
1892 sqlcipher_log_file = stdout;
1893 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1894 sqlcipher_log_file = stderr;
1895 }else if(sqlite3_stricmp(destination, "off") != 0){
1896 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1897 if(fopen_s(&sqlcipher_log_file, destination, "a") != 0) return SQLITE_ERROR;
1898 #else
1899 if((sqlcipher_log_file = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1900 #endif
1901 }
1902 sqlcipher_log(SQLCIPHER_LOG_INFO, SQLCIPHER_LOG_CORE, "sqlcipher_set_log: set log to %s", destination);
1903 return SQLITE_OK;
1904 #endif
1905 }
1906
1907 #endif
1908 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.