search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix cipher_integrity_check on databases > 2gb
[sqlcipher.git] / src / crypto_impl.c
blob801a6b94bbc175c80d09cde4abdef74c0efd4521
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36 #ifndef OMIT_MEMLOCK
37 #if defined(__unix__) || defined(__APPLE__) || defined(_AIX)
38 #include <errno.h> /* amalgamator: dontcache */
39 #include <unistd.h> /* amalgamator: dontcache */
40 #include <sys/resource.h> /* amalgamator: dontcache */
41 #include <sys/mman.h> /* amalgamator: dontcache */
42 #elif defined(_WIN32)
43 #include <windows.h>
44 #endif
45 #endif
46
47 #ifdef SQLCIPHER_TEST
48 static volatile unsigned int cipher_test_flags = 0;
49 unsigned int sqlcipher_get_test_flags() {
50 return cipher_test_flags;
51 }
52 void sqlcipher_set_test_flags(unsigned int flags) {
53 cipher_test_flags = flags;
54 }
55
56 static volatile int cipher_test_rand = 0;
57 int sqlcipher_get_test_rand() {
58 return cipher_test_rand;
59 }
60 void sqlcipher_set_test_rand(int rand) {
61 cipher_test_rand = rand;
62 }
63 int sqlcipher_get_test_fail() {
64 int x;
65
66 /* if cipher_test_rand is not set to a non-zero value always fail (return true) */
67 if (cipher_test_rand == 0) return 1;
68
69 sqlite3_randomness(sizeof(x), &x);
70 return ((x % cipher_test_rand) == 0);
71 }
72 #endif
73
74 /* Generate code to return a string value */
75
76 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
77 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
78 static volatile int default_kdf_iter = PBKDF2_ITER;
79 static volatile int default_page_size = 4096;
80 static volatile int default_plaintext_header_sz = 0;
81 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
82 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
83 static volatile int mem_security_on = 0;
84 static volatile int mem_security_initialized = 0;
85 static volatile int mem_security_activated = 0;
86 static volatile unsigned int sqlcipher_activate_count = 0;
87 static volatile sqlite3_mem_methods default_mem_methods;
88 static sqlcipher_provider *default_provider = NULL;
89
90 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
91
92 sqlite3_mutex* sqlcipher_mutex(int mutex) {
93 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
94 return sqlcipher_static_mutex[mutex];
95 }
96
97 static int sqlcipher_mem_init(void *pAppData) {
98 return default_mem_methods.xInit(pAppData);
99 }
100 static void sqlcipher_mem_shutdown(void *pAppData) {
101 default_mem_methods.xShutdown(pAppData);
102 }
103 static void *sqlcipher_mem_malloc(int n) {
104 void *ptr = default_mem_methods.xMalloc(n);
105 if(mem_security_on) {
106 CODEC_TRACE_MEMORY("sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)\n", ptr, n);
107 sqlcipher_mlock(ptr, n);
108 if(!mem_security_activated) mem_security_activated = 1;
109 }
110 return ptr;
111 }
112 static int sqlcipher_mem_size(void *p) {
113 return default_mem_methods.xSize(p);
114 }
115 static void sqlcipher_mem_free(void *p) {
116 int sz;
117 if(mem_security_on) {
118 sz = sqlcipher_mem_size(p);
119 CODEC_TRACE_MEMORY("sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d) \n", p, sz, p, sz);
120 sqlcipher_memset(p, 0, sz);
121 sqlcipher_munlock(p, sz);
122 if(!mem_security_activated) mem_security_activated = 1;
123 }
124 default_mem_methods.xFree(p);
125 }
126 static void *sqlcipher_mem_realloc(void *p, int n) {
127 void *new = NULL;
128 int orig_sz = 0;
129 if(mem_security_on) {
130 orig_sz = sqlcipher_mem_size(p);
131 if (n==0) {
132 sqlcipher_mem_free(p);
133 return NULL;
134 } else if (!p) {
135 return sqlcipher_mem_malloc(n);
136 } else if(n <= orig_sz) {
137 return p;
138 } else {
139 new = sqlcipher_mem_malloc(n);
140 if(new) {
141 memcpy(new, p, orig_sz);
142 sqlcipher_mem_free(p);
143 }
144 return new;
145 }
146 } else {
147 return default_mem_methods.xRealloc(p, n);
148 }
149 }
150
151 static int sqlcipher_mem_roundup(int n) {
152 return default_mem_methods.xRoundup(n);
153 }
154
155 static sqlite3_mem_methods sqlcipher_mem_methods = {
156 sqlcipher_mem_malloc,
157 sqlcipher_mem_free,
158 sqlcipher_mem_realloc,
159 sqlcipher_mem_size,
160 sqlcipher_mem_roundup,
161 sqlcipher_mem_init,
162 sqlcipher_mem_shutdown,
163 0
164 };
165
166 void sqlcipher_init_memmethods() {
167 if(mem_security_initialized) return;
168 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
169 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
170 mem_security_on = mem_security_activated = 0;
171 }
172 mem_security_initialized = 1;
173 }
174
175 int sqlcipher_register_provider(sqlcipher_provider *p) {
176 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER\n");
177 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
178 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER\n");
179
180 if(default_provider != NULL && default_provider != p) {
181 /* only free the current registerd provider if it has been initialized
182 and it isn't a pointer to the same provider passed to the function
183 (i.e. protect against a caller calling register twice for the same provider) */
184 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
185 }
186 default_provider = p;
187 CODEC_TRACE_MUTEX("sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER\n");
188 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
189 CODEC_TRACE_MUTEX("sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER\n");
190
191 return SQLITE_OK;
192 }
193
194 /* return a pointer to the currently registered provider. This will
195 allow an application to fetch the current registered provider and
196 make minor changes to it */
197 sqlcipher_provider* sqlcipher_get_provider() {
198 return default_provider;
199 }
200
201 void sqlcipher_activate() {
202 CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
203 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
204 CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
205
206 /* allocate new mutexes */
207 if(sqlcipher_activate_count == 0) {
208 int i;
209 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
210 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
211 }
212 }
213
214 /* check to see if there is a provider registered at this point
215 if there no provider registered at this point, register the
216 default provider */
217 if(sqlcipher_get_provider() == NULL) {
218 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
219 #if defined (SQLCIPHER_CRYPTO_CC)
220 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
221 sqlcipher_cc_setup(p);
222 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
223 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
224 sqlcipher_ltc_setup(p);
225 #elif defined (SQLCIPHER_CRYPTO_NSS)
226 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
227 sqlcipher_nss_setup(p);
228 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
229 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
230 sqlcipher_openssl_setup(p);
231 #else
232 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
233 #endif
234 CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
235 #ifdef SQLCIPHER_EXT
236 sqlcipher_ext_provider_setup(p);
237 #endif
238 sqlcipher_register_provider(p);
239 CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
240 }
241
242 sqlcipher_activate_count++; /* increment activation count */
243
244 CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
245 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
246 CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
247 }
248
249 void sqlcipher_deactivate() {
250 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n");
251 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
252 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered static master mutex\n");
253
254 sqlcipher_activate_count--;
255 /* if no connections are using sqlcipher, cleanup globals */
256 if(sqlcipher_activate_count < 1) {
257
258 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER\n");
259 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
260 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER\n");
261
262 if(default_provider != NULL) {
263 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
264 default_provider = NULL;
265 }
266
267 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER\n");
268 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
269 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER\n");
270
271 #ifdef SQLCIPHER_EXT
272 sqlcipher_ext_provider_destroy();
273 #endif
274
275 /* last connection closed, free mutexes */
276 if(sqlcipher_activate_count == 0) {
277 int i;
278 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
279 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
280 }
281 }
282 sqlcipher_activate_count = 0; /* reset activation count */
283 }
284
285 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving static master mutex\n");
286 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
287 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left static master mutex\n");
288 }
289
290 /* constant time memset using volitile to avoid having the memset
291 optimized out by the compiler.
292 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
293 */
294 void* sqlcipher_memset(void *v, unsigned char value, u64 len) {
295 u64 i = 0;
296 volatile unsigned char *a = v;
297
298 if (v == NULL) return v;
299
300 CODEC_TRACE_MEMORY("sqlcipher_memset: setting %p[0-%llu]=%d)\n", a, len, value);
301 for(i = 0; i < len; i++) {
302 a[i] = value;
303 }
304
305 return v;
306 }
307
308 /* constant time memory check tests every position of a memory segement
309 matches a single value (i.e. the memory is all zeros)
310 returns 0 if match, 1 of no match */
311 int sqlcipher_ismemset(const void *v, unsigned char value, u64 len) {
312 const unsigned char *a = v;
313 u64 i = 0, result = 0;
314
315 for(i = 0; i < len; i++) {
316 result |= a[i] ^ value;
317 }
318
319 return (result != 0);
320 }
321
322 /* constant time memory comparison routine.
323 returns 0 if match, 1 if no match */
324 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
325 const unsigned char *a0 = v0, *a1 = v1;
326 int i = 0, result = 0;
327
328 for(i = 0; i < len; i++) {
329 result |= a0[i] ^ a1[i];
330 }
331
332 return (result != 0);
333 }
334
335 void sqlcipher_mlock(void *ptr, u64 sz) {
336 #ifndef OMIT_MEMLOCK
337 #if defined(__unix__) || defined(__APPLE__)
338 int rc;
339 unsigned long pagesize = sysconf(_SC_PAGESIZE);
340 unsigned long offset = (unsigned long) ptr % pagesize;
341
342 if(ptr == NULL || sz == 0) return;
343
344 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu\n", ptr - offset, sz + offset, pagesize);
345 rc = mlock(ptr - offset, sz + offset);
346 if(rc!=0) {
347 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
348 }
349 #elif defined(_WIN32)
350 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
351 int rc;
352 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualLock(%p,%d)\n", ptr, sz);
353 rc = VirtualLock(ptr, sz);
354 if(rc==0) {
355 CODEC_TRACE("sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
356 }
357 #endif
358 #endif
359 #endif
360 }
361
362 void sqlcipher_munlock(void *ptr, u64 sz) {
363 #ifndef OMIT_MEMLOCK
364 #if defined(__unix__) || defined(__APPLE__)
365 int rc;
366 unsigned long pagesize = sysconf(_SC_PAGESIZE);
367 unsigned long offset = (unsigned long) ptr % pagesize;
368
369 if(ptr == NULL || sz == 0) return;
370
371 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: calling munlock(%p,%lu)\n", ptr - offset, sz + offset);
372 rc = munlock(ptr - offset, sz + offset);
373 if(rc!=0) {
374 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
375 }
376 #elif defined(_WIN32)
377 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
378 int rc;
379 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)\n", ptr, sz);
380 rc = VirtualUnlock(ptr, sz);
381 if(!rc) {
382 CODEC_TRACE("sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
383 }
384 #endif
385 #endif
386 #endif
387 }
388
389 /**
390 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
391 * can be countend and memory leak detection works in the test suite.
392 * If ptr is not null memory will be freed.
393 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
394 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
395 * memory segment so it can be paged
396 */
397 void sqlcipher_free(void *ptr, u64 sz) {
398 CODEC_TRACE_MEMORY("sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
399 sqlcipher_memset(ptr, 0, sz);
400 sqlcipher_munlock(ptr, sz);
401 sqlite3_free(ptr);
402 }
403
404 /**
405 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
406 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
407 * attempts to lock the memory pages so sensitive information won't be swapped
408 */
409 void* sqlcipher_malloc(u64 sz) {
410 void *ptr;
411 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlite3Malloc(%llu)\n", sz);
412 ptr = sqlite3Malloc(sz);
413 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
414 sqlcipher_memset(ptr, 0, sz);
415 sqlcipher_mlock(ptr, sz);
416 return ptr;
417 }
418
419 char* sqlcipher_version() {
420 #ifdef CIPHER_VERSION_QUALIFIER
421 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
422 #else
423 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
424 #endif
425 return version;
426 }
427
428 /**
429 * Initialize new cipher_ctx struct. This function will allocate memory
430 * for the cipher context and for the key
431 *
432 * returns SQLITE_OK if initialization was successful
433 * returns SQLITE_NOMEM if an error occured allocating memory
434 */
435 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
436 cipher_ctx *c_ctx;
437 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating context\n");
438 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
439 c_ctx = *iCtx;
440 if(c_ctx == NULL) return SQLITE_NOMEM;
441
442 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating key\n");
443 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
444
445 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating hmac_key\n");
446 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
447
448 if(c_ctx->key == NULL) return SQLITE_NOMEM;
449 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
450
451 return SQLITE_OK;
452 }
453
454 /**
455 * Free and wipe memory associated with a cipher_ctx
456 */
457 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
458 cipher_ctx *c_ctx = *iCtx;
459 CODEC_TRACE("cipher_ctx_free: entered iCtx=%p\n", iCtx);
460 sqlcipher_free(c_ctx->key, ctx->key_sz);
461 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
462 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
463 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
464 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
465 }
466
467 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
468 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
469 int reserve = base_reserve;
470
471 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
472
473 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
474 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
475
476 /* calculate the amount of reserve needed in even increments of the cipher block size */
477 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
478 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
479
480 CODEC_TRACE("sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d\n",
481 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
482
483 ctx->reserve_sz = reserve;
484
485 return SQLITE_OK;
486 }
487
488 /**
489 * Compare one cipher_ctx to another.
490 *
491 * returns 0 if all the parameters (except the derived key data) are the same
492 * returns 1 otherwise
493 */
494 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
495 int are_equal = (
496 c1->pass_sz == c2->pass_sz
497 && (
498 c1->pass == c2->pass
499 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
500 (const unsigned char*)c2->pass,
501 c1->pass_sz)
502 ));
503
504 CODEC_TRACE("sqlcipher_cipher_ctx_cmp: entered \
505 c1=%p c2=%p \
506 c1->pass_sz=%d c2->pass_sz=%d \
507 c1->pass=%p c2->pass=%p \
508 c1->pass=%s c2->pass=%s \
509 sqlcipher_memcmp=%d \
510 are_equal=%d \
511 \n",
512 c1, c2,
513 c1->pass_sz, c2->pass_sz,
514 c1->pass, c2->pass,
515 c1->pass, c2->pass,
516 (c1->pass == NULL || c2->pass == NULL)
517 ? -1 : sqlcipher_memcmp(
518 (const unsigned char*)c1->pass,
519 (const unsigned char*)c2->pass,
520 c1->pass_sz),
521 are_equal
522 );
523
524 return !are_equal; /* return 0 if they are the same, 1 otherwise */
525 }
526
527 /**
528 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
529 * fully initialized context, you could copy it to write_ctx and all yet data
530 * and pass information across
531 *
532 * returns SQLITE_OK if initialization was successful
533 * returns SQLITE_NOMEM if an error occured allocating memory
534 */
535 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
536 void *key = target->key;
537 void *hmac_key = target->hmac_key;
538
539 CODEC_TRACE("sqlcipher_cipher_ctx_copy: entered target=%p, source=%p\n", target, source);
540 sqlcipher_free(target->pass, target->pass_sz);
541 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
542 memcpy(target, source, sizeof(cipher_ctx));
543
544 target->key = key; /* restore pointer to previously allocated key data */
545 memcpy(target->key, source->key, ctx->key_sz);
546
547 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
548 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
549
550 if(source->pass && source->pass_sz) {
551 target->pass = sqlcipher_malloc(source->pass_sz);
552 if(target->pass == NULL) return SQLITE_NOMEM;
553 memcpy(target->pass, source->pass, source->pass_sz);
554 }
555 if(source->keyspec) {
556 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
557 if(target->keyspec == NULL) return SQLITE_NOMEM;
558 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
559 }
560 return SQLITE_OK;
561 }
562
563 /**
564 * Set the keyspec for the cipher_ctx
565 *
566 * returns SQLITE_OK if assignment was successfull
567 * returns SQLITE_NOMEM if an error occured allocating memory
568 */
569 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
570 /* free, zero existing pointers and size */
571 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
572 c_ctx->keyspec = NULL;
573
574 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
575 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
576
577 c_ctx->keyspec[0] = 'x';
578 c_ctx->keyspec[1] = '\'';
579 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
580 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
581 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
582 return SQLITE_OK;
583 }
584
585 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
586 return ctx->store_pass;
587 }
588
589 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
590 ctx->store_pass = value;
591 }
592
593 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
594 *zKey = ctx->read_ctx->pass;
595 *nKey = ctx->read_ctx->pass_sz;
596 }
597
598 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
599 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = 1;
600 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = 1;
601 }
602
603 /**
604 * Set the passphrase for the cipher_ctx
605 *
606 * returns SQLITE_OK if assignment was successfull
607 * returns SQLITE_NOMEM if an error occured allocating memory
608 */
609 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
610 /* free, zero existing pointers and size */
611 sqlcipher_free(ctx->pass, ctx->pass_sz);
612 ctx->pass = NULL;
613 ctx->pass_sz = 0;
614
615 if(zKey && nKey) { /* if new password is provided, copy it */
616 ctx->pass_sz = nKey;
617 ctx->pass = sqlcipher_malloc(nKey);
618 if(ctx->pass == NULL) return SQLITE_NOMEM;
619 memcpy(ctx->pass, zKey, nKey);
620 }
621 return SQLITE_OK;
622 }
623
624 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
625 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
626 int rc;
627
628 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) return rc;
629 c_ctx->derive_key = 1;
630
631 if(for_ctx == 2)
632 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK)
633 return rc;
634
635 return SQLITE_OK;
636 }
637
638 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
639 return ctx->provider->get_cipher(ctx->provider_ctx);
640 }
641
642 /* set the global default KDF iteration */
643 void sqlcipher_set_default_kdf_iter(int iter) {
644 default_kdf_iter = iter;
645 }
646
647 int sqlcipher_get_default_kdf_iter() {
648 return default_kdf_iter;
649 }
650
651 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
652 ctx->kdf_iter = kdf_iter;
653 sqlcipher_set_derive_key(ctx, 1);
654 return SQLITE_OK;
655 }
656
657 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
658 return ctx->kdf_iter;
659 }
660
661 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
662 ctx->fast_kdf_iter = fast_kdf_iter;
663 sqlcipher_set_derive_key(ctx, 1);
664 return SQLITE_OK;
665 }
666
667 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
668 return ctx->fast_kdf_iter;
669 }
670
671 /* set the global default flag for HMAC */
672 void sqlcipher_set_default_use_hmac(int use) {
673 if(use) default_flags |= CIPHER_FLAG_HMAC;
674 else default_flags &= ~CIPHER_FLAG_HMAC;
675 }
676
677 int sqlcipher_get_default_use_hmac() {
678 return (default_flags & CIPHER_FLAG_HMAC) != 0;
679 }
680
681 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
682 hmac_salt_mask = mask;
683 }
684
685 unsigned char sqlcipher_get_hmac_salt_mask() {
686 return hmac_salt_mask;
687 }
688
689 /* set the codec flag for whether this individual database should be using hmac */
690 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
691 if(use) {
692 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_HMAC);
693 } else {
694 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_HMAC);
695 }
696
697 return sqlcipher_codec_ctx_reserve_setup(ctx);
698 }
699
700 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
701 return (ctx->flags & CIPHER_FLAG_HMAC) != 0;
702 }
703
704 /* the length of plaintext header size must be:
705 * 1. greater than or equal to zero
706 * 2. a multiple of the cipher block size
707 * 3. less than the usable size of the first database page
708 */
709 int sqlcipher_set_default_plaintext_header_size(int size) {
710 default_plaintext_header_sz = size;
711 return SQLITE_OK;
712 }
713
714 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
715 if(size >= 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
716 ctx->plaintext_header_sz = size;
717 return SQLITE_OK;
718 }
719 ctx->plaintext_header_sz = -1;
720 return SQLITE_ERROR;
721 }
722
723 int sqlcipher_get_default_plaintext_header_size() {
724 return default_plaintext_header_sz;
725 }
726
727 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
728 return ctx->plaintext_header_sz;
729 }
730
731 /* manipulate HMAC algorithm */
732 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
733 default_hmac_algorithm = algorithm;
734 return SQLITE_OK;
735 }
736
737 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
738 ctx->hmac_algorithm = algorithm;
739 return sqlcipher_codec_ctx_reserve_setup(ctx);
740 }
741
742 int sqlcipher_get_default_hmac_algorithm() {
743 return default_hmac_algorithm;
744 }
745
746 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
747 return ctx->hmac_algorithm;
748 }
749
750 /* manipulate KDF algorithm */
751 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
752 default_kdf_algorithm = algorithm;
753 return SQLITE_OK;
754 }
755
756 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
757 ctx->kdf_algorithm = algorithm;
758 return SQLITE_OK;
759 }
760
761 int sqlcipher_get_default_kdf_algorithm() {
762 return default_kdf_algorithm;
763 }
764
765 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
766 return ctx->kdf_algorithm;
767 }
768
769 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag) {
770 ctx->flags |= flag;
771 return SQLITE_OK;
772 }
773
774 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag) {
775 ctx->flags &= ~flag;
776 return SQLITE_OK;
777 }
778
779 int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag) {
780 return (ctx->flags & flag) != 0;
781 }
782
783 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
784 CODEC_TRACE("sqlcipher_codec_ctx_set_error: ctx=%p, error=%d\n", ctx, error);
785 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
786 ctx->pBt->pBt->db->errCode = error;
787 }
788
789 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
790 return ctx->reserve_sz;
791 }
792
793 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
794 return ctx->buffer;
795 }
796
797 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
798 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
799
800 if(!ctx->need_kdf_salt) {
801 return SQLITE_OK; /* don't reload salt when not needed */
802 }
803
804 /* read salt from header, if present, otherwise generate a new random salt */
805 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: obtaining salt\n");
806 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
807 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random\n");
808 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) return SQLITE_ERROR;
809 }
810 ctx->need_kdf_salt = 0;
811 return SQLITE_OK;
812 }
813
814 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
815 if(size >= ctx->kdf_salt_sz) {
816 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
817 ctx->need_kdf_salt = 0;
818 return SQLITE_OK;
819 }
820 return SQLITE_ERROR;
821 }
822
823 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
824 int rc = SQLITE_OK;
825 if(ctx->need_kdf_salt) {
826 rc = sqlcipher_codec_ctx_init_kdf_salt(ctx);
827 }
828 *salt = ctx->kdf_salt;
829 return rc;
830 }
831
832 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
833 *zKey = ctx->read_ctx->keyspec;
834 *nKey = ctx->keyspec_sz;
835 }
836
837 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
838 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
839 CODEC_TRACE(("cipher_page_size not a power of 2 and between 512 and 65536 inclusive\n"));
840 return SQLITE_ERROR;
841 }
842 /* attempt to free the existing page buffer */
843 sqlcipher_free(ctx->buffer,ctx->page_sz);
844 ctx->page_sz = size;
845
846 /* pre-allocate a page buffer of PageSize bytes. This will
847 be used as a persistent buffer for encryption and decryption
848 operations to avoid overhead of multiple memory allocations*/
849 ctx->buffer = sqlcipher_malloc(size);
850 if(ctx->buffer == NULL) return SQLITE_NOMEM;
851
852 return SQLITE_OK;
853 }
854
855 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
856 return ctx->page_sz;
857 }
858
859 void sqlcipher_set_default_pagesize(int page_size) {
860 default_page_size = page_size;
861 }
862
863 int sqlcipher_get_default_pagesize() {
864 return default_page_size;
865 }
866
867 void sqlcipher_set_mem_security(int on) {
868 /* memory security can only be enabled, not disabled */
869 if(on) {
870 mem_security_on = on;
871 mem_security_activated = 0;
872 }
873 }
874
875 int sqlcipher_get_mem_security() {
876 return mem_security_on && mem_security_activated;
877 }
878
879
880 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
881 int rc;
882 codec_ctx *ctx;
883
884 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating context\n");
885
886 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
887 ctx = *iCtx;
888
889 if(ctx == NULL) return SQLITE_NOMEM;
890
891 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
892
893 /* allocate space for salt data. Then read the first 16 bytes
894 directly off the database file. This is the salt for the
895 key derivation function. If we get a short read allocate
896 a new random salt value */
897 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating kdf_salt\n");
898 ctx->kdf_salt_sz = FILE_HEADER_SZ;
899 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
900 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
901
902 /* allocate space for separate hmac salt data. We want the
903 HMAC derivation salt to be different than the encryption
904 key derivation salt */
905 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating hmac_kdf_salt\n");
906 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
907 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
908
909 /* setup default flags */
910 ctx->flags = default_flags;
911
912 /* defer attempt to read KDF salt until first use */
913 ctx->need_kdf_salt = 1;
914
915 /* setup the crypto provider */
916 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating provider\n");
917 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
918 if(ctx->provider == NULL) return SQLITE_NOMEM;
919
920 /* make a copy of the provider to be used for the duration of the context */
921 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER\n");
922 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
923 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER\n");
924
925 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
926
927 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER\n");
928 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
929 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER\n");
930
931 CODEC_TRACE("sqlcipher_codec_ctx_init: calling provider ctx_init\n");
932 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) return rc;
933
934 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
935 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
936 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
937
938 /* establic the size for a hex-formated key specification, containing the
939 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
940 so oversize by 3 bytes */
941 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
942
943 /*
944 Always overwrite page size and set to the default because the first page of the database
945 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
946 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
947 */
948 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_pagesize with %d\n", default_page_size);
949 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) return rc;
950
951 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
952 CODEC_TRACE("sqlcipher_codec_ctx_init: setting default_kdf_iter\n");
953 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) return rc;
954
955 CODEC_TRACE("sqlcipher_codec_ctx_init: setting fast_kdf_iter\n");
956 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) return rc;
957
958 /* set the default HMAC and KDF algorithms which will determine the reserve size */
959 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_hmac_algorithm with %d\n", default_hmac_algorithm);
960 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) return rc;
961
962 /* Note that use_hmac is a special case that requires recalculation of page size
963 so we call set_use_hmac to perform setup */
964 CODEC_TRACE("sqlcipher_codec_ctx_init: setting use_hmac\n");
965 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, default_flags & CIPHER_FLAG_HMAC)) != SQLITE_OK) return rc;
966
967 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_kdf_algorithm with %d\n", default_kdf_algorithm);
968 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) return rc;
969
970 /* setup the default plaintext header size */
971 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_plaintext_header_size with %d\n", default_plaintext_header_sz);
972 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) return rc;
973
974 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
975 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing read_ctx\n");
976 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) return rc;
977
978 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing write_ctx\n");
979 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) return rc;
980
981 /* set the key material on one of the sub cipher contexts and sync them up */
982 CODEC_TRACE("sqlcipher_codec_ctx_init: setting pass key\n");
983 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) return rc;
984
985 CODEC_TRACE("sqlcipher_codec_ctx_init: copying write_ctx to read_ctx\n");
986 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) return rc;
987
988 return SQLITE_OK;
989 }
990
991 /**
992 * Free and wipe memory associated with a cipher_ctx, including the allocated
993 * read_ctx and write_ctx.
994 */
995 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
996 codec_ctx *ctx = *iCtx;
997 CODEC_TRACE("codec_ctx_free: entered iCtx=%p\n", iCtx);
998 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
999 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
1000 sqlcipher_free(ctx->buffer, ctx->page_sz);
1001
1002 ctx->provider->ctx_free(&ctx->provider_ctx);
1003 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
1004
1005 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
1006 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
1007 sqlcipher_free(ctx, sizeof(codec_ctx));
1008 }
1009
1010 /** convert a 32bit unsigned integer to little endian byte ordering */
1011 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
1012 p[0] = (u8)v;
1013 p[1] = (u8)(v>>8);
1014 p[2] = (u8)(v>>16);
1015 p[3] = (u8)(v>>24);
1016 }
1017
1018 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
1019 unsigned char pgno_raw[sizeof(pgno)];
1020 /* we may convert page number to consistent representation before calculating MAC for
1021 compatibility across big-endian and little-endian platforms.
1022
1023 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
1024 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
1025 backwards compatibility on the most popular platforms, but can optionally be configured
1026 to use either big endian or native byte ordering via pragma. */
1027
1028 if(ctx->flags & CIPHER_FLAG_LE_PGNO) { /* compute hmac using little endian pgno*/
1029 sqlcipher_put4byte_le(pgno_raw, pgno);
1030 } else if(ctx->flags & CIPHER_FLAG_BE_PGNO) { /* compute hmac using big endian pgno */
1031 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1032 } else { /* use native byte ordering */
1033 memcpy(pgno_raw, &pgno, sizeof(pgno));
1034 }
1035
1036 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1037 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1038 valid pages out of order in a database */
1039 return ctx->provider->hmac(
1040 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1041 ctx->key_sz, in,
1042 in_sz, (unsigned char*) &pgno_raw,
1043 sizeof(pgno), out);
1044 }
1045
1046 /*
1047 * ctx - codec context
1048 * pgno - page number in database
1049 * size - size in bytes of input and output buffers
1050 * mode - 1 to encrypt, 0 to decrypt
1051 * in - pointer to input bytes
1052 * out - pouter to output bytes
1053 */
1054 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1055 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1056 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1057 int size;
1058
1059 /* calculate some required positions into various buffers */
1060 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1061 iv_out = out + size;
1062 iv_in = in + size;
1063
1064 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1065 random bytes. note, these pointers are only valid when using hmac */
1066 hmac_in = in + size + ctx->iv_sz;
1067 hmac_out = out + size + ctx->iv_sz;
1068 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1069
1070 CODEC_TRACE("codec_cipher:entered pgno=%d, mode=%d, size=%d\n", pgno, mode, size);
1071 CODEC_HEXDUMP("codec_cipher: input page data", in, page_sz);
1072
1073 /* the key size should never be zero. If it is, error out. */
1074 if(ctx->key_sz == 0) {
1075 CODEC_TRACE("codec_cipher: error possible context corruption, key_sz is zero for pgno=%d\n", pgno);
1076 goto error;
1077 }
1078
1079 if(mode == CIPHER_ENCRYPT) {
1080 /* start at front of the reserve block, write random data to the end */
1081 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1082 } else { /* CIPHER_DECRYPT */
1083 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1084 }
1085
1086 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT) && !ctx->skip_read_hmac) {
1087 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1088 CODEC_TRACE("codec_cipher: hmac operation on decrypt failed for pgno=%d\n", pgno);
1089 goto error;
1090 }
1091
1092 CODEC_TRACE("codec_cipher: comparing hmac on in=%p out=%p hmac_sz=%d\n", hmac_in, hmac_out, ctx->hmac_sz);
1093 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1094 if(sqlcipher_ismemset(in, 0, page_sz) == 0) {
1095 /* first check if the entire contents of the page is zeros. If so, this page
1096 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1097 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1098 and return SQLITE_OK to skip the decryption step. */
1099 CODEC_TRACE("codec_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK\n", pgno);
1100 sqlcipher_memset(out, 0, page_sz);
1101 return SQLITE_OK;
1102 } else {
1103 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1104 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1105 and return SQLITE_ERROR to the caller */
1106 CODEC_TRACE("codec_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR\n", pgno);
1107 goto error;
1108 }
1109 }
1110 }
1111
1112 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1113 CODEC_TRACE("codec_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR\n", mode, pgno);
1114 goto error;
1115 };
1116
1117 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1118 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1119 CODEC_TRACE("codec_cipher: hmac operation on encrypt failed for pgno=%d\n", pgno);
1120 goto error;
1121 };
1122 }
1123
1124 CODEC_HEXDUMP("codec_cipher: output page data", out_start, page_sz);
1125
1126 return SQLITE_OK;
1127 error:
1128 sqlcipher_memset(out, 0, page_sz);
1129 return SQLITE_ERROR;
1130 }
1131
1132 /**
1133 * Derive an encryption key for a cipher contex key based on the raw password.
1134 *
1135 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1136 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1137
1138 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1139 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1140 * as the key followed by the salt.
1141 *
1142 * Otherwise, a key data will be derived using PBKDF2
1143 *
1144 * returns SQLITE_OK if initialization was successful
1145 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1146 */
1147 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1148 int rc;
1149 CODEC_TRACE("cipher_ctx_key_derive: entered c_ctx->pass=%p, c_ctx->pass_sz=%d \
1150 ctx->kdf_salt=%p ctx->kdf_salt_sz=%d ctx->kdf_iter=%d \
1151 ctx->hmac_kdf_salt=%p, ctx->fast_kdf_iter=%d ctx->key_sz=%d\n",
1152 c_ctx->pass, c_ctx->pass_sz, ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1153 ctx->hmac_kdf_salt, ctx->fast_kdf_iter, ctx->key_sz);
1154
1155
1156 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1157
1158 /* if necessary, initialize the salt from the header or random source */
1159 if(ctx->need_kdf_salt) {
1160 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) return rc;
1161 }
1162
1163 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1164 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1165 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1166 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1167 cipher_hex2bin(z, n, c_ctx->key);
1168 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1169 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1170 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1171 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1172 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1173 } else {
1174 CODEC_TRACE("cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations\n", ctx->kdf_iter);
1175 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1176 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1177 ctx->key_sz, c_ctx->key) != SQLITE_OK) return SQLITE_ERROR;
1178 }
1179
1180 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1181 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) return rc;
1182
1183 /* if this context is setup to use hmac checks, generate a seperate and different
1184 key for HMAC. In this case, we use the output of the previous KDF as the input to
1185 this KDF run. This ensures a distinct but predictable HMAC key. */
1186 if(ctx->flags & CIPHER_FLAG_HMAC) {
1187 int i;
1188
1189 /* start by copying the kdf key into the hmac salt slot
1190 then XOR it with the fixed hmac salt defined at compile time
1191 this ensures that the salt passed in to derive the hmac key, while
1192 easy to derive and publically known, is not the same as the salt used
1193 to generate the encryption key */
1194 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1195 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1196 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1197 }
1198
1199 CODEC_TRACE("cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations\n",
1200 ctx->fast_kdf_iter);
1201
1202
1203 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1204 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1205 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) return SQLITE_ERROR;
1206 }
1207
1208 c_ctx->derive_key = 0;
1209 return SQLITE_OK;
1210 };
1211 return SQLITE_ERROR;
1212 }
1213
1214 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1215 /* derive key on first use if necessary */
1216 if(ctx->read_ctx->derive_key) {
1217 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1218 }
1219
1220 if(ctx->write_ctx->derive_key) {
1221 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1222 /* the relevant parameters are the same, just copy read key */
1223 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1224 } else {
1225 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) return SQLITE_ERROR;
1226 }
1227 }
1228
1229 /* TODO: wipe and free passphrase after key derivation */
1230 if(ctx->store_pass != 1) {
1231 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1232 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1233 }
1234
1235 return SQLITE_OK;
1236 }
1237
1238 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1239 if(source == CIPHER_READ_CTX) {
1240 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1241 } else {
1242 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1243 }
1244 }
1245
1246 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1247 return ctx->provider->get_provider_name(ctx->provider_ctx);
1248 }
1249
1250
1251 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1252 int rc;
1253 sqlite3 *db = NULL;
1254 sqlite3_stmt *statement = NULL;
1255 char *query_journal_mode = "PRAGMA journal_mode;";
1256 char *query_user_version = "PRAGMA user_version;";
1257
1258 rc = sqlite3_open(filename, &db);
1259 if(rc != SQLITE_OK) goto cleanup;
1260
1261 rc = sqlite3_key(db, key, key_sz);
1262 if(rc != SQLITE_OK) goto cleanup;
1263
1264 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1265 if(rc != SQLITE_OK) goto cleanup;
1266
1267 /* start by querying the user version.
1268 this will fail if the key is incorrect */
1269 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1270 if(rc != SQLITE_OK) goto cleanup;
1271
1272 rc = sqlite3_step(statement);
1273 if(rc == SQLITE_ROW) {
1274 *user_version = sqlite3_column_int(statement, 0);
1275 } else {
1276 goto cleanup;
1277 }
1278 sqlite3_finalize(statement);
1279
1280 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1281 if(rc != SQLITE_OK) goto cleanup;
1282
1283 rc = sqlite3_step(statement);
1284 if(rc == SQLITE_ROW) {
1285 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1286 } else {
1287 goto cleanup;
1288 }
1289 rc = SQLITE_OK;
1290 /* cleanup will finalize open statement */
1291
1292 cleanup:
1293 if(statement) sqlite3_finalize(statement);
1294 if(db) sqlite3_close(db);
1295 return rc;
1296 }
1297
1298 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1299 Pgno page = 1;
1300 int rc = 0;
1301 char *result;
1302 unsigned char *hmac_out = NULL;
1303 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1304 i64 file_sz;
1305
1306 Vdbe *v = sqlite3GetVdbe(pParse);
1307 sqlite3VdbeSetNumCols(v, 1);
1308 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1309
1310 if(fd == NULL || fd->pMethods == 0) {
1311 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1312 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1313 goto cleanup;
1314 }
1315
1316 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1317 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1318 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1319 goto cleanup;
1320 }
1321
1322 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1323 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1324 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1325 goto cleanup;
1326 }
1327
1328 sqlite3OsFileSize(fd, &file_sz);
1329 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1330
1331 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1332 i64 offset = (page - 1) * ctx->page_sz;
1333 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1334 int read_sz = ctx->page_sz;
1335
1336 /* skip integrity check on PAGER_MJ_PGNO since it will have no valid content */
1337 if(sqlite3pager_is_mj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1338
1339 if(page==1) {
1340 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1341 read_sz = read_sz - page1_offset;
1342 payload_sz = payload_sz - page1_offset;
1343 offset += page1_offset;
1344 }
1345
1346 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1347 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1348 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1349 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d\n", read_sz, page, offset);
1350 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1351 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1352 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1353 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1354 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1355 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1356 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1357 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1358 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1359 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1360 }
1361 }
1362
1363 if(file_sz % ctx->page_sz != 0) {
1364 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1365 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1366 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1367 }
1368
1369 cleanup:
1370 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1371 return SQLITE_OK;
1372 }
1373
1374 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1375 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1376 Db *pDb = 0;
1377 sqlite3 *db = ctx->pBt->db;
1378 const char *db_filename = sqlite3_db_filename(db, "main");
1379 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1380 Btree *pDest = NULL, *pSrc = NULL;
1381 sqlite3_file *srcfile, *destfile;
1382 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1383 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1384 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1385 #endif
1386 pass_sz = keyspec_sz = rc = user_version = 0;
1387
1388 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1389 goto cleanup; /* exit immediately if this is an in memory database */
1390
1391 /* pull the provided password / key material off the current codec context */
1392 pass_sz = ctx->read_ctx->pass_sz;
1393 pass = sqlcipher_malloc(pass_sz+1);
1394 memset(pass, 0, pass_sz+1);
1395 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1396
1397 /* Version 4 - current, no upgrade required, so exit immediately */
1398 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1399 if(rc == SQLITE_OK){
1400 CODEC_TRACE("No upgrade required - exiting\n");
1401 goto cleanup;
1402 }
1403
1404 for(i = 3; i > 0; i--) {
1405 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1406 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1407 if(rc == SQLITE_OK) {
1408 CODEC_TRACE("Version %d format found\n", i);
1409 goto migrate;
1410 }
1411 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1412 pragma_compat = NULL;
1413 }
1414
1415 /* if we exit the loop normally we failed to determine the version, this is an error */
1416 CODEC_TRACE("Upgrade format not determined\n");
1417 goto handle_error;
1418
1419 migrate:
1420
1421 temp = sqlite3_mprintf("%s-migrated", db_filename);
1422 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1423 * to determine whether the filename was URI formatted */
1424 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1425 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1426 sqlcipher_free(temp, sqlite3Strlen30(temp));
1427
1428 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1429 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1430
1431 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1432 if(rc != SQLITE_OK){
1433 CODEC_TRACE("set compatibility mode failed, error code %d\n", rc);
1434 goto handle_error;
1435 }
1436
1437 /* force journal mode to DELETE, we will set it back later if different */
1438 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1439 if(rc != SQLITE_OK){
1440 CODEC_TRACE("force journal mode DELETE failed, error code %d\n", rc);
1441 goto handle_error;
1442 }
1443
1444 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1445 if(rc != SQLITE_OK){
1446 CODEC_TRACE("attach failed, error code %d\n", rc);
1447 goto handle_error;
1448 }
1449
1450 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1451 if(rc != SQLITE_OK){
1452 CODEC_TRACE("keying attached database failed, error code %d\n", rc);
1453 goto handle_error;
1454 }
1455
1456 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1457 if(rc != SQLITE_OK){
1458 CODEC_TRACE("sqlcipher_export failed, error code %d\n", rc);
1459 goto handle_error;
1460 }
1461
1462 #ifdef SQLCIPHER_TEST
1463 if((sqlcipher_get_test_flags() & TEST_FAIL_MIGRATE) > 0) {
1464 rc = SQLITE_ERROR;
1465 CODEC_TRACE("simulated migrate failure, error code %d\n", rc);
1466 goto handle_error;
1467 }
1468 #endif
1469
1470 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1471 if(rc != SQLITE_OK){
1472 CODEC_TRACE("set user version failed, error code %d\n", rc);
1473 goto handle_error;
1474 }
1475
1476 if( !db->autoCommit ){
1477 CODEC_TRACE("cannot migrate from within a transaction");
1478 goto handle_error;
1479 }
1480 if( db->nVdbeActive>1 ){
1481 CODEC_TRACE("cannot migrate - SQL statements in progress");
1482 goto handle_error;
1483 }
1484
1485 pDest = db->aDb[0].pBt;
1486 pDb = &(db->aDb[db->nDb-1]);
1487 pSrc = pDb->pBt;
1488
1489 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1490 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1491 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1492 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1493 CODEC_TRACE("set btree page size to %d res %d rc %d\n", default_page_size, nRes, rc);
1494 if( rc!=SQLITE_OK ) goto handle_error;
1495
1496 sqlite3CodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1497 sqlite3CodecAttach(db, 0, keyspec, keyspec_sz);
1498
1499 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1500 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1501
1502 sqlite3OsClose(srcfile);
1503 sqlite3OsClose(destfile);
1504
1505 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1506 CODEC_TRACE("performing windows MoveFileExA\n");
1507
1508 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1509 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1510 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1511
1512 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1513 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1514 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1515
1516 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1517 CODEC_TRACE("move error");
1518 rc = SQLITE_ERROR;
1519 CODEC_TRACE("error occurred while renaming %d\n", rc);
1520 goto handle_error;
1521 }
1522 #else
1523 CODEC_TRACE("performing POSIX rename\n");
1524 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1525 CODEC_TRACE("error occurred while renaming %d\n", rc);
1526 goto handle_error;
1527 }
1528 #endif
1529 CODEC_TRACE("renamed migration database %s to main database %s: %d\n", migrated_db_filename, db_filename, rc);
1530
1531 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1532 CODEC_TRACE("reopened migration database: %d\n", rc);
1533 if( rc!=SQLITE_OK ) goto handle_error;
1534
1535 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1536 CODEC_TRACE("reopened main database: %d\n", rc);
1537 if( rc!=SQLITE_OK ) goto handle_error;
1538
1539 sqlite3pager_reset(pDest->pBt->pPager);
1540 CODEC_TRACE("reset pager\n");
1541
1542 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1543 CODEC_TRACE("DETACH DATABASE called %d\n", rc);
1544 if(rc != SQLITE_OK) goto cleanup;
1545
1546 sqlite3ResetAllSchemasOfConnection(db);
1547 CODEC_TRACE("reset all schemas\n");
1548
1549 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1550 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1551 CODEC_TRACE("%s: %d\n", set_journal_mode, rc);
1552 if( rc!=SQLITE_OK ) goto handle_error;
1553
1554 goto cleanup;
1555
1556 handle_error:
1557 CODEC_TRACE("An error occurred attempting to migrate the database - last error %d\n", rc);
1558
1559 cleanup:
1560 if(migrated_db_filename) {
1561 int del_rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1562 CODEC_TRACE("deleted migration database: %d\n", del_rc);
1563 }
1564
1565 if(pass) sqlcipher_free(pass, pass_sz);
1566 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1567 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1568 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1569 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1570 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1571 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1572 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1573 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1574 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1575 #endif
1576 return rc;
1577 }
1578
1579 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1580 const char *suffix = &zRight[random_sz-1];
1581 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1582 if (n > 0 &&
1583 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1584 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1585 n % 2 == 0) {
1586 int rc = 0;
1587 int buffer_sz = n / 2;
1588 unsigned char *random;
1589 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1590 CODEC_TRACE("sqlcipher_codec_add_random: using raw random blob from hex\n");
1591 random = sqlcipher_malloc(buffer_sz);
1592 memset(random, 0, buffer_sz);
1593 cipher_hex2bin(z, n, random);
1594 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1595 sqlcipher_free(random, buffer_sz);
1596 return rc;
1597 }
1598 return SQLITE_ERROR;
1599 }
1600
1601 #if !defined(SQLITE_OMIT_TRACE) && !defined(SQLITE_OMIT_DEPRECATED)
1602 static void sqlcipher_profile_callback(void *file, const char *sql, sqlite3_uint64 run_time){
1603 FILE *f = (FILE*)file;
1604 double elapsed = run_time/1000000.0;
1605 if(f) fprintf(f, "Elapsed time:%.3f ms - %s\n", elapsed, sql);
1606 }
1607 #endif
1608
1609 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1610 #if defined(SQLITE_OMIT_TRACE) || defined(SQLITE_OMIT_DEPRECATED)
1611 return SQLITE_ERROR;
1612 #else
1613 FILE *f;
1614 if(sqlite3StrICmp(destination, "stdout") == 0){
1615 f = stdout;
1616 }else if(sqlite3StrICmp(destination, "stderr") == 0){
1617 f = stderr;
1618 }else if(sqlite3StrICmp(destination, "off") == 0){
1619 f = 0;
1620 }else{
1621 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1622 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1623 #else
1624 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1625 #endif
1626 }
1627 sqlite3_profile(db, sqlcipher_profile_callback, f);
1628 return SQLITE_OK;
1629 #endif
1630 }
1631
1632 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1633 return ctx->provider->fips_status(ctx->provider_ctx);
1634 }
1635
1636 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1637 return ctx->provider->get_provider_version(ctx->provider_ctx);
1638 }
1639
1640 #endif
1641 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.