search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cipher_trace pragma to allow logging of sqlcipher trace information
[sqlcipher.git] / src / crypto_impl.c
blob195e4b2072ed8aa0c68727f769c62f4de2262286
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36 #ifndef OMIT_MEMLOCK
37 #if defined(__unix__) || defined(__APPLE__) || defined(_AIX)
38 #include <errno.h> /* amalgamator: dontcache */
39 #include <unistd.h> /* amalgamator: dontcache */
40 #include <sys/resource.h> /* amalgamator: dontcache */
41 #include <sys/mman.h> /* amalgamator: dontcache */
42 #elif defined(_WIN32)
43 #include <windows.h>
44 #endif
45 #endif
46
47 #ifdef SQLCIPHER_TEST
48 static volatile unsigned int cipher_test_flags = 0;
49 unsigned int sqlcipher_get_test_flags() {
50 return cipher_test_flags;
51 }
52 void sqlcipher_set_test_flags(unsigned int flags) {
53 cipher_test_flags = flags;
54 }
55
56 static volatile int cipher_test_rand = 0;
57 int sqlcipher_get_test_rand() {
58 return cipher_test_rand;
59 }
60 void sqlcipher_set_test_rand(int rand) {
61 cipher_test_rand = rand;
62 }
63 int sqlcipher_get_test_fail() {
64 int x;
65
66 /* if cipher_test_rand is not set to a non-zero value always fail (return true) */
67 if (cipher_test_rand == 0) return 1;
68
69 sqlite3_randomness(sizeof(x), &x);
70 return ((x % cipher_test_rand) == 0);
71 }
72 #endif
73
74 /* Generate code to return a string value */
75
76 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
77 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
78 static volatile int default_kdf_iter = PBKDF2_ITER;
79 static volatile int default_page_size = 4096;
80 static volatile int default_plaintext_header_sz = 0;
81 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
82 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
83 static volatile int mem_security_on = 0;
84 static volatile int mem_security_initialized = 0;
85 static volatile int mem_security_activated = 0;
86 static volatile unsigned int sqlcipher_activate_count = 0;
87 static volatile sqlite3_mem_methods default_mem_methods;
88 static sqlcipher_provider *default_provider = NULL;
89
90 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
91 static volatile FILE* sqlcipher_trace_file = NULL;
92 static volatile int sqlcipher_trace_logcat = 0;
93
94 sqlite3_mutex* sqlcipher_mutex(int mutex) {
95 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
96 return sqlcipher_static_mutex[mutex];
97 }
98
99 static int sqlcipher_mem_init(void *pAppData) {
100 return default_mem_methods.xInit(pAppData);
101 }
102 static void sqlcipher_mem_shutdown(void *pAppData) {
103 default_mem_methods.xShutdown(pAppData);
104 }
105 static void *sqlcipher_mem_malloc(int n) {
106 void *ptr = default_mem_methods.xMalloc(n);
107 if(mem_security_on) {
108 CODEC_TRACE_MEMORY("sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)\n", ptr, n);
109 sqlcipher_mlock(ptr, n);
110 if(!mem_security_activated) mem_security_activated = 1;
111 }
112 return ptr;
113 }
114 static int sqlcipher_mem_size(void *p) {
115 return default_mem_methods.xSize(p);
116 }
117 static void sqlcipher_mem_free(void *p) {
118 int sz;
119 if(mem_security_on) {
120 sz = sqlcipher_mem_size(p);
121 CODEC_TRACE_MEMORY("sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d) \n", p, sz, p, sz);
122 sqlcipher_memset(p, 0, sz);
123 sqlcipher_munlock(p, sz);
124 if(!mem_security_activated) mem_security_activated = 1;
125 }
126 default_mem_methods.xFree(p);
127 }
128 static void *sqlcipher_mem_realloc(void *p, int n) {
129 void *new = NULL;
130 int orig_sz = 0;
131 if(mem_security_on) {
132 orig_sz = sqlcipher_mem_size(p);
133 if (n==0) {
134 sqlcipher_mem_free(p);
135 return NULL;
136 } else if (!p) {
137 return sqlcipher_mem_malloc(n);
138 } else if(n <= orig_sz) {
139 return p;
140 } else {
141 new = sqlcipher_mem_malloc(n);
142 if(new) {
143 memcpy(new, p, orig_sz);
144 sqlcipher_mem_free(p);
145 }
146 return new;
147 }
148 } else {
149 return default_mem_methods.xRealloc(p, n);
150 }
151 }
152
153 static int sqlcipher_mem_roundup(int n) {
154 return default_mem_methods.xRoundup(n);
155 }
156
157 static sqlite3_mem_methods sqlcipher_mem_methods = {
158 sqlcipher_mem_malloc,
159 sqlcipher_mem_free,
160 sqlcipher_mem_realloc,
161 sqlcipher_mem_size,
162 sqlcipher_mem_roundup,
163 sqlcipher_mem_init,
164 sqlcipher_mem_shutdown,
165 0
166 };
167
168 void sqlcipher_init_memmethods() {
169 if(mem_security_initialized) return;
170 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
171 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
172 mem_security_on = mem_security_activated = 0;
173 }
174 mem_security_initialized = 1;
175 }
176
177 int sqlcipher_register_provider(sqlcipher_provider *p) {
178 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER\n");
179 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
180 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER\n");
181
182 if(default_provider != NULL && default_provider != p) {
183 /* only free the current registerd provider if it has been initialized
184 and it isn't a pointer to the same provider passed to the function
185 (i.e. protect against a caller calling register twice for the same provider) */
186 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
187 }
188 default_provider = p;
189 CODEC_TRACE_MUTEX("sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER\n");
190 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
191 CODEC_TRACE_MUTEX("sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER\n");
192
193 return SQLITE_OK;
194 }
195
196 /* return a pointer to the currently registered provider. This will
197 allow an application to fetch the current registered provider and
198 make minor changes to it */
199 sqlcipher_provider* sqlcipher_get_provider() {
200 return default_provider;
201 }
202
203 void sqlcipher_activate() {
204 CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
205 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
206 CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
207
208 /* allocate new mutexes */
209 if(sqlcipher_activate_count == 0) {
210 int i;
211 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
212 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
213 }
214 }
215
216 /* check to see if there is a provider registered at this point
217 if there no provider registered at this point, register the
218 default provider */
219 if(sqlcipher_get_provider() == NULL) {
220 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
221 #if defined (SQLCIPHER_CRYPTO_CC)
222 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
223 sqlcipher_cc_setup(p);
224 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
225 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
226 sqlcipher_ltc_setup(p);
227 #elif defined (SQLCIPHER_CRYPTO_NSS)
228 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
229 sqlcipher_nss_setup(p);
230 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
231 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
232 sqlcipher_openssl_setup(p);
233 #else
234 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
235 #endif
236 CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
237 #ifdef SQLCIPHER_EXT
238 sqlcipher_ext_provider_setup(p);
239 #endif
240 sqlcipher_register_provider(p);
241 CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
242 }
243
244 sqlcipher_activate_count++; /* increment activation count */
245
246 CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
247 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
248 CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
249 }
250
251 void sqlcipher_deactivate() {
252 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n");
253 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
254 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered static master mutex\n");
255
256 sqlcipher_activate_count--;
257 /* if no connections are using sqlcipher, cleanup globals */
258 if(sqlcipher_activate_count < 1) {
259
260 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER\n");
261 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
262 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER\n");
263
264 if(default_provider != NULL) {
265 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
266 default_provider = NULL;
267 }
268
269 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER\n");
270 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
271 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER\n");
272
273 #ifdef SQLCIPHER_EXT
274 sqlcipher_ext_provider_destroy();
275 #endif
276
277 /* last connection closed, free mutexes */
278 if(sqlcipher_activate_count == 0) {
279 int i;
280 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
281 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
282 }
283 }
284 sqlcipher_activate_count = 0; /* reset activation count */
285 }
286
287 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving static master mutex\n");
288 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
289 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left static master mutex\n");
290 }
291
292 /* constant time memset using volitile to avoid having the memset
293 optimized out by the compiler.
294 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
295 */
296 void* sqlcipher_memset(void *v, unsigned char value, u64 len) {
297 u64 i = 0;
298 volatile unsigned char *a = v;
299
300 if (v == NULL) return v;
301
302 CODEC_TRACE_MEMORY("sqlcipher_memset: setting %p[0-%llu]=%d)\n", a, len, value);
303 for(i = 0; i < len; i++) {
304 a[i] = value;
305 }
306
307 return v;
308 }
309
310 /* constant time memory check tests every position of a memory segement
311 matches a single value (i.e. the memory is all zeros)
312 returns 0 if match, 1 of no match */
313 int sqlcipher_ismemset(const void *v, unsigned char value, u64 len) {
314 const unsigned char *a = v;
315 u64 i = 0, result = 0;
316
317 for(i = 0; i < len; i++) {
318 result |= a[i] ^ value;
319 }
320
321 return (result != 0);
322 }
323
324 /* constant time memory comparison routine.
325 returns 0 if match, 1 if no match */
326 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
327 const unsigned char *a0 = v0, *a1 = v1;
328 int i = 0, result = 0;
329
330 for(i = 0; i < len; i++) {
331 result |= a0[i] ^ a1[i];
332 }
333
334 return (result != 0);
335 }
336
337 void sqlcipher_mlock(void *ptr, u64 sz) {
338 #ifndef OMIT_MEMLOCK
339 #if defined(__unix__) || defined(__APPLE__)
340 int rc;
341 unsigned long pagesize = sysconf(_SC_PAGESIZE);
342 unsigned long offset = (unsigned long) ptr % pagesize;
343
344 if(ptr == NULL || sz == 0) return;
345
346 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu\n", ptr - offset, sz + offset, pagesize);
347 rc = mlock(ptr - offset, sz + offset);
348 if(rc!=0) {
349 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
350 }
351 #elif defined(_WIN32)
352 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
353 int rc;
354 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualLock(%p,%d)\n", ptr, sz);
355 rc = VirtualLock(ptr, sz);
356 if(rc==0) {
357 CODEC_TRACE("sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
358 }
359 #endif
360 #endif
361 #endif
362 }
363
364 void sqlcipher_munlock(void *ptr, u64 sz) {
365 #ifndef OMIT_MEMLOCK
366 #if defined(__unix__) || defined(__APPLE__)
367 int rc;
368 unsigned long pagesize = sysconf(_SC_PAGESIZE);
369 unsigned long offset = (unsigned long) ptr % pagesize;
370
371 if(ptr == NULL || sz == 0) return;
372
373 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: calling munlock(%p,%lu)\n", ptr - offset, sz + offset);
374 rc = munlock(ptr - offset, sz + offset);
375 if(rc!=0) {
376 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
377 }
378 #elif defined(_WIN32)
379 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
380 int rc;
381 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)\n", ptr, sz);
382 rc = VirtualUnlock(ptr, sz);
383 if(!rc) {
384 CODEC_TRACE("sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
385 }
386 #endif
387 #endif
388 #endif
389 }
390
391 /**
392 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
393 * can be countend and memory leak detection works in the test suite.
394 * If ptr is not null memory will be freed.
395 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
396 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
397 * memory segment so it can be paged
398 */
399 void sqlcipher_free(void *ptr, u64 sz) {
400 CODEC_TRACE_MEMORY("sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
401 sqlcipher_memset(ptr, 0, sz);
402 sqlcipher_munlock(ptr, sz);
403 sqlite3_free(ptr);
404 }
405
406 /**
407 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
408 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
409 * attempts to lock the memory pages so sensitive information won't be swapped
410 */
411 void* sqlcipher_malloc(u64 sz) {
412 void *ptr;
413 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlite3Malloc(%llu)\n", sz);
414 ptr = sqlite3Malloc(sz);
415 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
416 sqlcipher_memset(ptr, 0, sz);
417 sqlcipher_mlock(ptr, sz);
418 return ptr;
419 }
420
421 char* sqlcipher_version() {
422 #ifdef CIPHER_VERSION_QUALIFIER
423 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
424 #else
425 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
426 #endif
427 return version;
428 }
429
430 /**
431 * Initialize new cipher_ctx struct. This function will allocate memory
432 * for the cipher context and for the key
433 *
434 * returns SQLITE_OK if initialization was successful
435 * returns SQLITE_NOMEM if an error occured allocating memory
436 */
437 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
438 cipher_ctx *c_ctx;
439 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating context\n");
440 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
441 c_ctx = *iCtx;
442 if(c_ctx == NULL) return SQLITE_NOMEM;
443
444 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating key\n");
445 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
446
447 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating hmac_key\n");
448 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
449
450 if(c_ctx->key == NULL) return SQLITE_NOMEM;
451 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
452
453 return SQLITE_OK;
454 }
455
456 /**
457 * Free and wipe memory associated with a cipher_ctx
458 */
459 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
460 cipher_ctx *c_ctx = *iCtx;
461 CODEC_TRACE("cipher_ctx_free: entered iCtx=%p\n", iCtx);
462 sqlcipher_free(c_ctx->key, ctx->key_sz);
463 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
464 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
465 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
466 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
467 }
468
469 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
470 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
471 int reserve = base_reserve;
472
473 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
474
475 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
476 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
477
478 /* calculate the amount of reserve needed in even increments of the cipher block size */
479 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
480 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
481
482 CODEC_TRACE("sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d\n",
483 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
484
485 ctx->reserve_sz = reserve;
486
487 return SQLITE_OK;
488 }
489
490 /**
491 * Compare one cipher_ctx to another.
492 *
493 * returns 0 if all the parameters (except the derived key data) are the same
494 * returns 1 otherwise
495 */
496 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
497 int are_equal = (
498 c1->pass_sz == c2->pass_sz
499 && (
500 c1->pass == c2->pass
501 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
502 (const unsigned char*)c2->pass,
503 c1->pass_sz)
504 ));
505
506 CODEC_TRACE("sqlcipher_cipher_ctx_cmp: entered \
507 c1=%p c2=%p \
508 c1->pass_sz=%d c2->pass_sz=%d \
509 c1->pass=%p c2->pass=%p \
510 c1->pass=%s c2->pass=%s \
511 sqlcipher_memcmp=%d \
512 are_equal=%d \
513 \n",
514 c1, c2,
515 c1->pass_sz, c2->pass_sz,
516 c1->pass, c2->pass,
517 c1->pass, c2->pass,
518 (c1->pass == NULL || c2->pass == NULL)
519 ? -1 : sqlcipher_memcmp(
520 (const unsigned char*)c1->pass,
521 (const unsigned char*)c2->pass,
522 c1->pass_sz),
523 are_equal
524 );
525
526 return !are_equal; /* return 0 if they are the same, 1 otherwise */
527 }
528
529 /**
530 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
531 * fully initialized context, you could copy it to write_ctx and all yet data
532 * and pass information across
533 *
534 * returns SQLITE_OK if initialization was successful
535 * returns SQLITE_NOMEM if an error occured allocating memory
536 */
537 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
538 void *key = target->key;
539 void *hmac_key = target->hmac_key;
540
541 CODEC_TRACE("sqlcipher_cipher_ctx_copy: entered target=%p, source=%p\n", target, source);
542 sqlcipher_free(target->pass, target->pass_sz);
543 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
544 memcpy(target, source, sizeof(cipher_ctx));
545
546 target->key = key; /* restore pointer to previously allocated key data */
547 memcpy(target->key, source->key, ctx->key_sz);
548
549 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
550 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
551
552 if(source->pass && source->pass_sz) {
553 target->pass = sqlcipher_malloc(source->pass_sz);
554 if(target->pass == NULL) return SQLITE_NOMEM;
555 memcpy(target->pass, source->pass, source->pass_sz);
556 }
557 if(source->keyspec) {
558 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
559 if(target->keyspec == NULL) return SQLITE_NOMEM;
560 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
561 }
562 return SQLITE_OK;
563 }
564
565 /**
566 * Set the keyspec for the cipher_ctx
567 *
568 * returns SQLITE_OK if assignment was successfull
569 * returns SQLITE_NOMEM if an error occured allocating memory
570 */
571 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
572 /* free, zero existing pointers and size */
573 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
574 c_ctx->keyspec = NULL;
575
576 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
577 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
578
579 c_ctx->keyspec[0] = 'x';
580 c_ctx->keyspec[1] = '\'';
581 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
582 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
583 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
584 return SQLITE_OK;
585 }
586
587 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
588 return ctx->store_pass;
589 }
590
591 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
592 ctx->store_pass = value;
593 }
594
595 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
596 *zKey = ctx->read_ctx->pass;
597 *nKey = ctx->read_ctx->pass_sz;
598 }
599
600 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
601 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = 1;
602 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = 1;
603 }
604
605 /**
606 * Set the passphrase for the cipher_ctx
607 *
608 * returns SQLITE_OK if assignment was successfull
609 * returns SQLITE_NOMEM if an error occured allocating memory
610 */
611 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
612 /* free, zero existing pointers and size */
613 sqlcipher_free(ctx->pass, ctx->pass_sz);
614 ctx->pass = NULL;
615 ctx->pass_sz = 0;
616
617 if(zKey && nKey) { /* if new password is provided, copy it */
618 ctx->pass_sz = nKey;
619 ctx->pass = sqlcipher_malloc(nKey);
620 if(ctx->pass == NULL) return SQLITE_NOMEM;
621 memcpy(ctx->pass, zKey, nKey);
622 }
623 return SQLITE_OK;
624 }
625
626 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
627 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
628 int rc;
629
630 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) return rc;
631 c_ctx->derive_key = 1;
632
633 if(for_ctx == 2)
634 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK)
635 return rc;
636
637 return SQLITE_OK;
638 }
639
640 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
641 return ctx->provider->get_cipher(ctx->provider_ctx);
642 }
643
644 /* set the global default KDF iteration */
645 void sqlcipher_set_default_kdf_iter(int iter) {
646 default_kdf_iter = iter;
647 }
648
649 int sqlcipher_get_default_kdf_iter() {
650 return default_kdf_iter;
651 }
652
653 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
654 ctx->kdf_iter = kdf_iter;
655 sqlcipher_set_derive_key(ctx, 1);
656 return SQLITE_OK;
657 }
658
659 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
660 return ctx->kdf_iter;
661 }
662
663 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
664 ctx->fast_kdf_iter = fast_kdf_iter;
665 sqlcipher_set_derive_key(ctx, 1);
666 return SQLITE_OK;
667 }
668
669 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
670 return ctx->fast_kdf_iter;
671 }
672
673 /* set the global default flag for HMAC */
674 void sqlcipher_set_default_use_hmac(int use) {
675 if(use) default_flags |= CIPHER_FLAG_HMAC;
676 else default_flags &= ~CIPHER_FLAG_HMAC;
677 }
678
679 int sqlcipher_get_default_use_hmac() {
680 return (default_flags & CIPHER_FLAG_HMAC) != 0;
681 }
682
683 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
684 hmac_salt_mask = mask;
685 }
686
687 unsigned char sqlcipher_get_hmac_salt_mask() {
688 return hmac_salt_mask;
689 }
690
691 /* set the codec flag for whether this individual database should be using hmac */
692 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
693 if(use) {
694 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_HMAC);
695 } else {
696 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_HMAC);
697 }
698
699 return sqlcipher_codec_ctx_reserve_setup(ctx);
700 }
701
702 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
703 return (ctx->flags & CIPHER_FLAG_HMAC) != 0;
704 }
705
706 /* the length of plaintext header size must be:
707 * 1. greater than or equal to zero
708 * 2. a multiple of the cipher block size
709 * 3. less than the usable size of the first database page
710 */
711 int sqlcipher_set_default_plaintext_header_size(int size) {
712 default_plaintext_header_sz = size;
713 return SQLITE_OK;
714 }
715
716 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
717 if(size >= 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
718 ctx->plaintext_header_sz = size;
719 return SQLITE_OK;
720 }
721 ctx->plaintext_header_sz = -1;
722 return SQLITE_ERROR;
723 }
724
725 int sqlcipher_get_default_plaintext_header_size() {
726 return default_plaintext_header_sz;
727 }
728
729 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
730 return ctx->plaintext_header_sz;
731 }
732
733 /* manipulate HMAC algorithm */
734 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
735 default_hmac_algorithm = algorithm;
736 return SQLITE_OK;
737 }
738
739 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
740 ctx->hmac_algorithm = algorithm;
741 return sqlcipher_codec_ctx_reserve_setup(ctx);
742 }
743
744 int sqlcipher_get_default_hmac_algorithm() {
745 return default_hmac_algorithm;
746 }
747
748 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
749 return ctx->hmac_algorithm;
750 }
751
752 /* manipulate KDF algorithm */
753 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
754 default_kdf_algorithm = algorithm;
755 return SQLITE_OK;
756 }
757
758 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
759 ctx->kdf_algorithm = algorithm;
760 return SQLITE_OK;
761 }
762
763 int sqlcipher_get_default_kdf_algorithm() {
764 return default_kdf_algorithm;
765 }
766
767 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
768 return ctx->kdf_algorithm;
769 }
770
771 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag) {
772 ctx->flags |= flag;
773 return SQLITE_OK;
774 }
775
776 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag) {
777 ctx->flags &= ~flag;
778 return SQLITE_OK;
779 }
780
781 int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag) {
782 return (ctx->flags & flag) != 0;
783 }
784
785 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
786 CODEC_TRACE("sqlcipher_codec_ctx_set_error: ctx=%p, error=%d\n", ctx, error);
787 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
788 ctx->pBt->pBt->db->errCode = error;
789 }
790
791 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
792 return ctx->reserve_sz;
793 }
794
795 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
796 return ctx->buffer;
797 }
798
799 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
800 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
801
802 if(!ctx->need_kdf_salt) {
803 return SQLITE_OK; /* don't reload salt when not needed */
804 }
805
806 /* read salt from header, if present, otherwise generate a new random salt */
807 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: obtaining salt\n");
808 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
809 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random\n");
810 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) return SQLITE_ERROR;
811 }
812 ctx->need_kdf_salt = 0;
813 return SQLITE_OK;
814 }
815
816 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
817 if(size >= ctx->kdf_salt_sz) {
818 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
819 ctx->need_kdf_salt = 0;
820 return SQLITE_OK;
821 }
822 return SQLITE_ERROR;
823 }
824
825 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
826 int rc = SQLITE_OK;
827 if(ctx->need_kdf_salt) {
828 rc = sqlcipher_codec_ctx_init_kdf_salt(ctx);
829 }
830 *salt = ctx->kdf_salt;
831 return rc;
832 }
833
834 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
835 *zKey = ctx->read_ctx->keyspec;
836 *nKey = ctx->keyspec_sz;
837 }
838
839 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
840 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
841 CODEC_TRACE(("cipher_page_size not a power of 2 and between 512 and 65536 inclusive\n"));
842 return SQLITE_ERROR;
843 }
844 /* attempt to free the existing page buffer */
845 sqlcipher_free(ctx->buffer,ctx->page_sz);
846 ctx->page_sz = size;
847
848 /* pre-allocate a page buffer of PageSize bytes. This will
849 be used as a persistent buffer for encryption and decryption
850 operations to avoid overhead of multiple memory allocations*/
851 ctx->buffer = sqlcipher_malloc(size);
852 if(ctx->buffer == NULL) return SQLITE_NOMEM;
853
854 return SQLITE_OK;
855 }
856
857 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
858 return ctx->page_sz;
859 }
860
861 void sqlcipher_set_default_pagesize(int page_size) {
862 default_page_size = page_size;
863 }
864
865 int sqlcipher_get_default_pagesize() {
866 return default_page_size;
867 }
868
869 void sqlcipher_set_mem_security(int on) {
870 /* memory security can only be enabled, not disabled */
871 if(on) {
872 mem_security_on = on;
873 mem_security_activated = 0;
874 }
875 }
876
877 int sqlcipher_get_mem_security() {
878 return mem_security_on && mem_security_activated;
879 }
880
881
882 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
883 int rc;
884 codec_ctx *ctx;
885
886 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating context\n");
887
888 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
889 ctx = *iCtx;
890
891 if(ctx == NULL) return SQLITE_NOMEM;
892
893 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
894
895 /* allocate space for salt data. Then read the first 16 bytes
896 directly off the database file. This is the salt for the
897 key derivation function. If we get a short read allocate
898 a new random salt value */
899 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating kdf_salt\n");
900 ctx->kdf_salt_sz = FILE_HEADER_SZ;
901 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
902 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
903
904 /* allocate space for separate hmac salt data. We want the
905 HMAC derivation salt to be different than the encryption
906 key derivation salt */
907 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating hmac_kdf_salt\n");
908 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
909 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
910
911 /* setup default flags */
912 ctx->flags = default_flags;
913
914 /* defer attempt to read KDF salt until first use */
915 ctx->need_kdf_salt = 1;
916
917 /* setup the crypto provider */
918 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating provider\n");
919 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
920 if(ctx->provider == NULL) return SQLITE_NOMEM;
921
922 /* make a copy of the provider to be used for the duration of the context */
923 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER\n");
924 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
925 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER\n");
926
927 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
928
929 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER\n");
930 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
931 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER\n");
932
933 CODEC_TRACE("sqlcipher_codec_ctx_init: calling provider ctx_init\n");
934 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) return rc;
935
936 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
937 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
938 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
939
940 /* establic the size for a hex-formated key specification, containing the
941 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
942 so oversize by 3 bytes */
943 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
944
945 /*
946 Always overwrite page size and set to the default because the first page of the database
947 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
948 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
949 */
950 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_pagesize with %d\n", default_page_size);
951 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) return rc;
952
953 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
954 CODEC_TRACE("sqlcipher_codec_ctx_init: setting default_kdf_iter\n");
955 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) return rc;
956
957 CODEC_TRACE("sqlcipher_codec_ctx_init: setting fast_kdf_iter\n");
958 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) return rc;
959
960 /* set the default HMAC and KDF algorithms which will determine the reserve size */
961 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_hmac_algorithm with %d\n", default_hmac_algorithm);
962 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) return rc;
963
964 /* Note that use_hmac is a special case that requires recalculation of page size
965 so we call set_use_hmac to perform setup */
966 CODEC_TRACE("sqlcipher_codec_ctx_init: setting use_hmac\n");
967 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, default_flags & CIPHER_FLAG_HMAC)) != SQLITE_OK) return rc;
968
969 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_kdf_algorithm with %d\n", default_kdf_algorithm);
970 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) return rc;
971
972 /* setup the default plaintext header size */
973 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_plaintext_header_size with %d\n", default_plaintext_header_sz);
974 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) return rc;
975
976 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
977 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing read_ctx\n");
978 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) return rc;
979
980 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing write_ctx\n");
981 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) return rc;
982
983 /* set the key material on one of the sub cipher contexts and sync them up */
984 CODEC_TRACE("sqlcipher_codec_ctx_init: setting pass key\n");
985 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) return rc;
986
987 CODEC_TRACE("sqlcipher_codec_ctx_init: copying write_ctx to read_ctx\n");
988 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) return rc;
989
990 return SQLITE_OK;
991 }
992
993 /**
994 * Free and wipe memory associated with a cipher_ctx, including the allocated
995 * read_ctx and write_ctx.
996 */
997 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
998 codec_ctx *ctx = *iCtx;
999 CODEC_TRACE("codec_ctx_free: entered iCtx=%p\n", iCtx);
1000 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
1001 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
1002 sqlcipher_free(ctx->buffer, ctx->page_sz);
1003
1004 ctx->provider->ctx_free(&ctx->provider_ctx);
1005 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
1006
1007 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
1008 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
1009 sqlcipher_free(ctx, sizeof(codec_ctx));
1010 }
1011
1012 /** convert a 32bit unsigned integer to little endian byte ordering */
1013 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
1014 p[0] = (u8)v;
1015 p[1] = (u8)(v>>8);
1016 p[2] = (u8)(v>>16);
1017 p[3] = (u8)(v>>24);
1018 }
1019
1020 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
1021 unsigned char pgno_raw[sizeof(pgno)];
1022 /* we may convert page number to consistent representation before calculating MAC for
1023 compatibility across big-endian and little-endian platforms.
1024
1025 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
1026 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
1027 backwards compatibility on the most popular platforms, but can optionally be configured
1028 to use either big endian or native byte ordering via pragma. */
1029
1030 if(ctx->flags & CIPHER_FLAG_LE_PGNO) { /* compute hmac using little endian pgno*/
1031 sqlcipher_put4byte_le(pgno_raw, pgno);
1032 } else if(ctx->flags & CIPHER_FLAG_BE_PGNO) { /* compute hmac using big endian pgno */
1033 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1034 } else { /* use native byte ordering */
1035 memcpy(pgno_raw, &pgno, sizeof(pgno));
1036 }
1037
1038 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1039 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1040 valid pages out of order in a database */
1041 return ctx->provider->hmac(
1042 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1043 ctx->key_sz, in,
1044 in_sz, (unsigned char*) &pgno_raw,
1045 sizeof(pgno), out);
1046 }
1047
1048 /*
1049 * ctx - codec context
1050 * pgno - page number in database
1051 * size - size in bytes of input and output buffers
1052 * mode - 1 to encrypt, 0 to decrypt
1053 * in - pointer to input bytes
1054 * out - pouter to output bytes
1055 */
1056 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1057 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1058 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1059 int size;
1060
1061 /* calculate some required positions into various buffers */
1062 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1063 iv_out = out + size;
1064 iv_in = in + size;
1065
1066 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1067 random bytes. note, these pointers are only valid when using hmac */
1068 hmac_in = in + size + ctx->iv_sz;
1069 hmac_out = out + size + ctx->iv_sz;
1070 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1071
1072 CODEC_TRACE("codec_cipher:entered pgno=%d, mode=%d, size=%d\n", pgno, mode, size);
1073 CODEC_HEXDUMP("codec_cipher: input page data", in, page_sz);
1074
1075 /* the key size should never be zero. If it is, error out. */
1076 if(ctx->key_sz == 0) {
1077 CODEC_TRACE("codec_cipher: error possible context corruption, key_sz is zero for pgno=%d\n", pgno);
1078 goto error;
1079 }
1080
1081 if(mode == CIPHER_ENCRYPT) {
1082 /* start at front of the reserve block, write random data to the end */
1083 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1084 } else { /* CIPHER_DECRYPT */
1085 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1086 }
1087
1088 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT) && !ctx->skip_read_hmac) {
1089 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1090 CODEC_TRACE("codec_cipher: hmac operation on decrypt failed for pgno=%d\n", pgno);
1091 goto error;
1092 }
1093
1094 CODEC_TRACE("codec_cipher: comparing hmac on in=%p out=%p hmac_sz=%d\n", hmac_in, hmac_out, ctx->hmac_sz);
1095 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1096 if(sqlcipher_ismemset(in, 0, page_sz) == 0) {
1097 /* first check if the entire contents of the page is zeros. If so, this page
1098 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1099 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1100 and return SQLITE_OK to skip the decryption step. */
1101 CODEC_TRACE("codec_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK\n", pgno);
1102 sqlcipher_memset(out, 0, page_sz);
1103 return SQLITE_OK;
1104 } else {
1105 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1106 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1107 and return SQLITE_ERROR to the caller */
1108 CODEC_TRACE("codec_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR\n", pgno);
1109 goto error;
1110 }
1111 }
1112 }
1113
1114 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1115 CODEC_TRACE("codec_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR\n", mode, pgno);
1116 goto error;
1117 };
1118
1119 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1120 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1121 CODEC_TRACE("codec_cipher: hmac operation on encrypt failed for pgno=%d\n", pgno);
1122 goto error;
1123 };
1124 }
1125
1126 CODEC_HEXDUMP("codec_cipher: output page data", out_start, page_sz);
1127
1128 return SQLITE_OK;
1129 error:
1130 sqlcipher_memset(out, 0, page_sz);
1131 return SQLITE_ERROR;
1132 }
1133
1134 /**
1135 * Derive an encryption key for a cipher contex key based on the raw password.
1136 *
1137 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1138 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1139
1140 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1141 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1142 * as the key followed by the salt.
1143 *
1144 * Otherwise, a key data will be derived using PBKDF2
1145 *
1146 * returns SQLITE_OK if initialization was successful
1147 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1148 */
1149 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1150 int rc;
1151 CODEC_TRACE("cipher_ctx_key_derive: entered c_ctx->pass=%p, c_ctx->pass_sz=%d \
1152 ctx->kdf_salt=%p ctx->kdf_salt_sz=%d ctx->kdf_iter=%d \
1153 ctx->hmac_kdf_salt=%p, ctx->fast_kdf_iter=%d ctx->key_sz=%d\n",
1154 c_ctx->pass, c_ctx->pass_sz, ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1155 ctx->hmac_kdf_salt, ctx->fast_kdf_iter, ctx->key_sz);
1156
1157
1158 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1159
1160 /* if necessary, initialize the salt from the header or random source */
1161 if(ctx->need_kdf_salt) {
1162 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) return rc;
1163 }
1164
1165 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1166 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1167 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1168 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1169 cipher_hex2bin(z, n, c_ctx->key);
1170 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1171 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1172 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1173 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1174 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1175 } else {
1176 CODEC_TRACE("cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations\n", ctx->kdf_iter);
1177 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1178 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1179 ctx->key_sz, c_ctx->key) != SQLITE_OK) return SQLITE_ERROR;
1180 }
1181
1182 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1183 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) return rc;
1184
1185 /* if this context is setup to use hmac checks, generate a seperate and different
1186 key for HMAC. In this case, we use the output of the previous KDF as the input to
1187 this KDF run. This ensures a distinct but predictable HMAC key. */
1188 if(ctx->flags & CIPHER_FLAG_HMAC) {
1189 int i;
1190
1191 /* start by copying the kdf key into the hmac salt slot
1192 then XOR it with the fixed hmac salt defined at compile time
1193 this ensures that the salt passed in to derive the hmac key, while
1194 easy to derive and publically known, is not the same as the salt used
1195 to generate the encryption key */
1196 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1197 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1198 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1199 }
1200
1201 CODEC_TRACE("cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations\n",
1202 ctx->fast_kdf_iter);
1203
1204
1205 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1206 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1207 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) return SQLITE_ERROR;
1208 }
1209
1210 c_ctx->derive_key = 0;
1211 return SQLITE_OK;
1212 };
1213 return SQLITE_ERROR;
1214 }
1215
1216 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1217 /* derive key on first use if necessary */
1218 if(ctx->read_ctx->derive_key) {
1219 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1220 }
1221
1222 if(ctx->write_ctx->derive_key) {
1223 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1224 /* the relevant parameters are the same, just copy read key */
1225 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1226 } else {
1227 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) return SQLITE_ERROR;
1228 }
1229 }
1230
1231 /* TODO: wipe and free passphrase after key derivation */
1232 if(ctx->store_pass != 1) {
1233 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1234 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1235 }
1236
1237 return SQLITE_OK;
1238 }
1239
1240 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1241 if(source == CIPHER_READ_CTX) {
1242 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1243 } else {
1244 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1245 }
1246 }
1247
1248 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1249 return ctx->provider->get_provider_name(ctx->provider_ctx);
1250 }
1251
1252
1253 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1254 int rc;
1255 sqlite3 *db = NULL;
1256 sqlite3_stmt *statement = NULL;
1257 char *query_journal_mode = "PRAGMA journal_mode;";
1258 char *query_user_version = "PRAGMA user_version;";
1259
1260 rc = sqlite3_open(filename, &db);
1261 if(rc != SQLITE_OK) goto cleanup;
1262
1263 rc = sqlite3_key(db, key, key_sz);
1264 if(rc != SQLITE_OK) goto cleanup;
1265
1266 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1267 if(rc != SQLITE_OK) goto cleanup;
1268
1269 /* start by querying the user version.
1270 this will fail if the key is incorrect */
1271 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1272 if(rc != SQLITE_OK) goto cleanup;
1273
1274 rc = sqlite3_step(statement);
1275 if(rc == SQLITE_ROW) {
1276 *user_version = sqlite3_column_int(statement, 0);
1277 } else {
1278 goto cleanup;
1279 }
1280 sqlite3_finalize(statement);
1281
1282 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1283 if(rc != SQLITE_OK) goto cleanup;
1284
1285 rc = sqlite3_step(statement);
1286 if(rc == SQLITE_ROW) {
1287 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1288 } else {
1289 goto cleanup;
1290 }
1291 rc = SQLITE_OK;
1292 /* cleanup will finalize open statement */
1293
1294 cleanup:
1295 if(statement) sqlite3_finalize(statement);
1296 if(db) sqlite3_close(db);
1297 return rc;
1298 }
1299
1300 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1301 Pgno page = 1;
1302 int rc = 0;
1303 char *result;
1304 unsigned char *hmac_out = NULL;
1305 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1306 i64 file_sz;
1307
1308 Vdbe *v = sqlite3GetVdbe(pParse);
1309 sqlite3VdbeSetNumCols(v, 1);
1310 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1311
1312 if(fd == NULL || fd->pMethods == 0) {
1313 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1314 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1315 goto cleanup;
1316 }
1317
1318 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1319 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1320 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1321 goto cleanup;
1322 }
1323
1324 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1325 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1326 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1327 goto cleanup;
1328 }
1329
1330 sqlite3OsFileSize(fd, &file_sz);
1331 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1332
1333 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1334 i64 offset = (page - 1) * ctx->page_sz;
1335 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1336 int read_sz = ctx->page_sz;
1337
1338 /* skip integrity check on PAGER_MJ_PGNO since it will have no valid content */
1339 if(sqlite3pager_is_mj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1340
1341 if(page==1) {
1342 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1343 read_sz = read_sz - page1_offset;
1344 payload_sz = payload_sz - page1_offset;
1345 offset += page1_offset;
1346 }
1347
1348 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1349 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1350 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1351 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d\n", read_sz, page, offset);
1352 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1353 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1354 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1355 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1356 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1357 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1358 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1359 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1360 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1361 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1362 }
1363 }
1364
1365 if(file_sz % ctx->page_sz != 0) {
1366 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1367 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1368 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1369 }
1370
1371 cleanup:
1372 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1373 return SQLITE_OK;
1374 }
1375
1376 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1377 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1378 Db *pDb = 0;
1379 sqlite3 *db = ctx->pBt->db;
1380 const char *db_filename = sqlite3_db_filename(db, "main");
1381 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1382 Btree *pDest = NULL, *pSrc = NULL;
1383 sqlite3_file *srcfile, *destfile;
1384 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1385 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1386 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1387 #endif
1388 pass_sz = keyspec_sz = rc = user_version = 0;
1389
1390 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1391 goto cleanup; /* exit immediately if this is an in memory database */
1392
1393 /* pull the provided password / key material off the current codec context */
1394 pass_sz = ctx->read_ctx->pass_sz;
1395 pass = sqlcipher_malloc(pass_sz+1);
1396 memset(pass, 0, pass_sz+1);
1397 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1398
1399 /* Version 4 - current, no upgrade required, so exit immediately */
1400 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1401 if(rc == SQLITE_OK){
1402 CODEC_TRACE("No upgrade required - exiting\n");
1403 goto cleanup;
1404 }
1405
1406 for(i = 3; i > 0; i--) {
1407 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1408 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1409 if(rc == SQLITE_OK) {
1410 CODEC_TRACE("Version %d format found\n", i);
1411 goto migrate;
1412 }
1413 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1414 pragma_compat = NULL;
1415 }
1416
1417 /* if we exit the loop normally we failed to determine the version, this is an error */
1418 CODEC_TRACE("Upgrade format not determined\n");
1419 goto handle_error;
1420
1421 migrate:
1422
1423 temp = sqlite3_mprintf("%s-migrated", db_filename);
1424 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1425 * to determine whether the filename was URI formatted */
1426 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1427 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1428 sqlcipher_free(temp, sqlite3Strlen30(temp));
1429
1430 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1431 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1432
1433 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1434 if(rc != SQLITE_OK){
1435 CODEC_TRACE("set compatibility mode failed, error code %d\n", rc);
1436 goto handle_error;
1437 }
1438
1439 /* force journal mode to DELETE, we will set it back later if different */
1440 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1441 if(rc != SQLITE_OK){
1442 CODEC_TRACE("force journal mode DELETE failed, error code %d\n", rc);
1443 goto handle_error;
1444 }
1445
1446 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1447 if(rc != SQLITE_OK){
1448 CODEC_TRACE("attach failed, error code %d\n", rc);
1449 goto handle_error;
1450 }
1451
1452 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1453 if(rc != SQLITE_OK){
1454 CODEC_TRACE("keying attached database failed, error code %d\n", rc);
1455 goto handle_error;
1456 }
1457
1458 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1459 if(rc != SQLITE_OK){
1460 CODEC_TRACE("sqlcipher_export failed, error code %d\n", rc);
1461 goto handle_error;
1462 }
1463
1464 #ifdef SQLCIPHER_TEST
1465 if((sqlcipher_get_test_flags() & TEST_FAIL_MIGRATE) > 0) {
1466 rc = SQLITE_ERROR;
1467 CODEC_TRACE("simulated migrate failure, error code %d\n", rc);
1468 goto handle_error;
1469 }
1470 #endif
1471
1472 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1473 if(rc != SQLITE_OK){
1474 CODEC_TRACE("set user version failed, error code %d\n", rc);
1475 goto handle_error;
1476 }
1477
1478 if( !db->autoCommit ){
1479 CODEC_TRACE("cannot migrate from within a transaction");
1480 goto handle_error;
1481 }
1482 if( db->nVdbeActive>1 ){
1483 CODEC_TRACE("cannot migrate - SQL statements in progress");
1484 goto handle_error;
1485 }
1486
1487 pDest = db->aDb[0].pBt;
1488 pDb = &(db->aDb[db->nDb-1]);
1489 pSrc = pDb->pBt;
1490
1491 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1492 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1493 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1494 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1495 CODEC_TRACE("set btree page size to %d res %d rc %d\n", default_page_size, nRes, rc);
1496 if( rc!=SQLITE_OK ) goto handle_error;
1497
1498 sqlite3CodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1499 sqlite3CodecAttach(db, 0, keyspec, keyspec_sz);
1500
1501 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1502 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1503
1504 sqlite3OsClose(srcfile);
1505 sqlite3OsClose(destfile);
1506
1507 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1508 CODEC_TRACE("performing windows MoveFileExA\n");
1509
1510 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1511 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1512 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1513
1514 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1515 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1516 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1517
1518 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1519 CODEC_TRACE("move error");
1520 rc = SQLITE_ERROR;
1521 CODEC_TRACE("error occurred while renaming %d\n", rc);
1522 goto handle_error;
1523 }
1524 #else
1525 CODEC_TRACE("performing POSIX rename\n");
1526 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1527 CODEC_TRACE("error occurred while renaming %d\n", rc);
1528 goto handle_error;
1529 }
1530 #endif
1531 CODEC_TRACE("renamed migration database %s to main database %s: %d\n", migrated_db_filename, db_filename, rc);
1532
1533 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1534 CODEC_TRACE("reopened migration database: %d\n", rc);
1535 if( rc!=SQLITE_OK ) goto handle_error;
1536
1537 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1538 CODEC_TRACE("reopened main database: %d\n", rc);
1539 if( rc!=SQLITE_OK ) goto handle_error;
1540
1541 sqlite3pager_reset(pDest->pBt->pPager);
1542 CODEC_TRACE("reset pager\n");
1543
1544 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1545 CODEC_TRACE("DETACH DATABASE called %d\n", rc);
1546 if(rc != SQLITE_OK) goto cleanup;
1547
1548 sqlite3ResetAllSchemasOfConnection(db);
1549 CODEC_TRACE("reset all schemas\n");
1550
1551 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1552 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1553 CODEC_TRACE("%s: %d\n", set_journal_mode, rc);
1554 if( rc!=SQLITE_OK ) goto handle_error;
1555
1556 goto cleanup;
1557
1558 handle_error:
1559 CODEC_TRACE("An error occurred attempting to migrate the database - last error %d\n", rc);
1560
1561 cleanup:
1562 if(migrated_db_filename) {
1563 int del_rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1564 CODEC_TRACE("deleted migration database: %d\n", del_rc);
1565 }
1566
1567 if(pass) sqlcipher_free(pass, pass_sz);
1568 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1569 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1570 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1571 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1572 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1573 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1574 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1575 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1576 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1577 #endif
1578 return rc;
1579 }
1580
1581 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1582 const char *suffix = &zRight[random_sz-1];
1583 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1584 if (n > 0 &&
1585 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1586 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1587 n % 2 == 0) {
1588 int rc = 0;
1589 int buffer_sz = n / 2;
1590 unsigned char *random;
1591 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1592 CODEC_TRACE("sqlcipher_codec_add_random: using raw random blob from hex\n");
1593 random = sqlcipher_malloc(buffer_sz);
1594 memset(random, 0, buffer_sz);
1595 cipher_hex2bin(z, n, random);
1596 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1597 sqlcipher_free(random, buffer_sz);
1598 return rc;
1599 }
1600 return SQLITE_ERROR;
1601 }
1602
1603 #if !defined(SQLITE_OMIT_TRACE)
1604 static int sqlcipher_profile_callback(unsigned int trace, void *file, void *stmt, void *run_time){
1605 FILE *f = (FILE*) file;
1606 double elapsed = (*((sqlite3_uint64*)run_time))/1000000.0;
1607 if(f) fprintf(f, "Elapsed time:%.3f ms - %s\n", elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1608 return SQLITE_OK;
1609 }
1610 #endif
1611
1612 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1613 #if defined(SQLITE_OMIT_TRACE)
1614 return SQLITE_ERROR;
1615 #else
1616 FILE *f;
1617 if(sqlite3StrICmp(destination, "stdout") == 0){
1618 f = stdout;
1619 }else if(sqlite3StrICmp(destination, "stderr") == 0){
1620 f = stderr;
1621 }else if(sqlite3StrICmp(destination, "off") == 0){
1622 f = 0;
1623 }else{
1624 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1625 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1626 #else
1627 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1628 #endif
1629 }
1630 sqlite3_trace_v2(db, SQLITE_TRACE_PROFILE, sqlcipher_profile_callback, f);
1631 return SQLITE_OK;
1632 #endif
1633 }
1634
1635 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1636 return ctx->provider->fips_status(ctx->provider_ctx);
1637 }
1638
1639 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1640 return ctx->provider->get_provider_version(ctx->provider_ctx);
1641 }
1642
1643 #ifndef SQLCIPHER_OMIT_TRACE
1644 void sqlcipher_trace(const char *message, ...) {
1645 va_list params;
1646 va_start(params, message);
1647 if(sqlcipher_trace_file != NULL){
1648 vfprintf((FILE*)sqlcipher_trace_file, message, params);
1649 }
1650 #ifdef __ANDROID__
1651 if(sqlcipher_trace_logcat) {
1652 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1653 }
1654 #endif
1655 va_end(params);
1656 }
1657 #endif
1658
1659 int sqlcipher_set_trace(const char *destination){
1660 #ifdef SQLCIPHER_OMIT_TRACE
1661 return SQLITE_ERROR;
1662 #else
1663 /* close open trace file if it is not stdout or stderr, then
1664 reset trace settings */
1665 if(sqlcipher_trace_file != NULL && sqlcipher_trace_file != stdout && sqlcipher_trace_file != stderr) {
1666 fclose((FILE*)sqlcipher_trace_file);
1667 }
1668 sqlcipher_trace_file = NULL;
1669 sqlcipher_trace_logcat = 0;
1670
1671 if(sqlite3StrICmp(destination, "logcat") == 0){
1672 sqlcipher_trace_logcat = 1;
1673 } else if(sqlite3StrICmp(destination, "stdout") == 0){
1674 sqlcipher_trace_file = stdout;
1675 }else if(sqlite3StrICmp(destination, "stderr") == 0){
1676 sqlcipher_trace_file = stderr;
1677 }else if(sqlite3StrICmp(destination, "off") != 0){
1678 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1679 if(fopen_s(&sqlcipher_trace_file, destination, "a") != 0) return SQLITE_ERROR;
1680 #else
1681 if((sqlcipher_trace_file = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1682 #endif
1683 }
1684 sqlcipher_trace("sqlcipher_set_trace: set trace to %s\n", destination);
1685 return SQLITE_OK;
1686 #endif
1687 }
1688
1689 #endif
1690 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.