search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
disable memory security feature by default; once it is turned on it can't be turned off
[sqlcipher.git] / src / crypto_impl.c
blobe798b65dbdf5ff1e42368ac4b6aed86532cdfdc0
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36 #ifndef OMIT_MEMLOCK
37 #if defined(__unix__) || defined(__APPLE__) || defined(_AIX)
38 #include <errno.h> /* amalgamator: dontcache */
39 #include <unistd.h> /* amalgamator: dontcache */
40 #include <sys/resource.h> /* amalgamator: dontcache */
41 #include <sys/mman.h> /* amalgamator: dontcache */
42 #elif defined(_WIN32)
43 #include <windows.h>
44 #endif
45 #endif
46
47 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
48 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
49 static volatile int default_kdf_iter = PBKDF2_ITER;
50 static volatile int default_page_size = 4096;
51 static volatile int default_plaintext_header_sz = 0;
52 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
53 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
54 static volatile int mem_security_on = 0;
55 static volatile int mem_security_initialized = 0;
56 static volatile int mem_security_activated = 0;
57 static volatile unsigned int sqlcipher_activate_count = 0;
58 static volatile sqlite3_mem_methods default_mem_methods;
59 static sqlcipher_provider *default_provider = NULL;
60
61 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
62
63 sqlite3_mutex* sqlcipher_mutex(int mutex) {
64 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
65 return sqlcipher_static_mutex[mutex];
66 }
67
68 static int sqlcipher_mem_init(void *pAppData) {
69 return default_mem_methods.xInit(pAppData);
70 }
71 static void sqlcipher_mem_shutdown(void *pAppData) {
72 default_mem_methods.xShutdown(pAppData);
73 }
74 static void *sqlcipher_mem_malloc(int n) {
75 void *ptr = default_mem_methods.xMalloc(n);
76 if(mem_security_on) {
77 CODEC_TRACE_MEMORY("sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)\n", ptr, n);
78 sqlcipher_mlock(ptr, n);
79 if(!mem_security_activated) mem_security_activated = 1;
80 }
81 return ptr;
82 }
83 static int sqlcipher_mem_size(void *p) {
84 return default_mem_methods.xSize(p);
85 }
86 static void sqlcipher_mem_free(void *p) {
87 int sz;
88 if(mem_security_on) {
89 sz = sqlcipher_mem_size(p);
90 CODEC_TRACE_MEMORY("sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d) \n", p, sz, p, sz);
91 sqlcipher_memset(p, 0, sz);
92 sqlcipher_munlock(p, sz);
93 if(!mem_security_activated) mem_security_activated = 1;
94 }
95 default_mem_methods.xFree(p);
96 }
97 static void *sqlcipher_mem_realloc(void *p, int n) {
98 void *new = NULL;
99 int orig_sz = 0;
100 if(mem_security_on) {
101 orig_sz = sqlcipher_mem_size(p);
102 if (n==0) {
103 sqlcipher_mem_free(p);
104 return NULL;
105 } else if (!p) {
106 return sqlcipher_mem_malloc(n);
107 } else if(n <= orig_sz) {
108 return p;
109 } else {
110 new = sqlcipher_mem_malloc(n);
111 if(new) {
112 memcpy(new, p, orig_sz);
113 sqlcipher_mem_free(p);
114 }
115 return new;
116 }
117 } else {
118 return default_mem_methods.xRealloc(p, n);
119 }
120 }
121
122 static int sqlcipher_mem_roundup(int n) {
123 return default_mem_methods.xRoundup(n);
124 }
125
126 static sqlite3_mem_methods sqlcipher_mem_methods = {
127 sqlcipher_mem_malloc,
128 sqlcipher_mem_free,
129 sqlcipher_mem_realloc,
130 sqlcipher_mem_size,
131 sqlcipher_mem_roundup,
132 sqlcipher_mem_init,
133 sqlcipher_mem_shutdown,
134 0
135 };
136
137 void sqlcipher_init_memmethods() {
138 if(mem_security_initialized) return;
139 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
140 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
141 mem_security_on = mem_security_activated = 0;
142 }
143 mem_security_initialized = 1;
144 }
145
146 int sqlcipher_register_provider(sqlcipher_provider *p) {
147 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER\n");
148 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
149 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER\n");
150
151 if(default_provider != NULL && default_provider != p) {
152 /* only free the current registerd provider if it has been initialized
153 and it isn't a pointer to the same provider passed to the function
154 (i.e. protect against a caller calling register twice for the same provider) */
155 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
156 }
157 default_provider = p;
158 CODEC_TRACE_MUTEX("sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER\n");
159 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
160 CODEC_TRACE_MUTEX("sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER\n");
161
162 return SQLITE_OK;
163 }
164
165 /* return a pointer to the currently registered provider. This will
166 allow an application to fetch the current registered provider and
167 make minor changes to it */
168 sqlcipher_provider* sqlcipher_get_provider() {
169 return default_provider;
170 }
171
172 void sqlcipher_activate() {
173 CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
174 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
175 CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
176
177 /* allocate new mutexes */
178 if(sqlcipher_activate_count == 0) {
179 int i;
180 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
181 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
182 }
183 }
184
185 /* check to see if there is a provider registered at this point
186 if there no provider registered at this point, register the
187 default provider */
188 if(sqlcipher_get_provider() == NULL) {
189 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
190 #if defined (SQLCIPHER_CRYPTO_CC)
191 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
192 sqlcipher_cc_setup(p);
193 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
194 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
195 sqlcipher_ltc_setup(p);
196 #elif defined (SQLCIPHER_CRYPTO_NSS)
197 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
198 sqlcipher_nss_setup(p);
199 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
200 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
201 sqlcipher_openssl_setup(p);
202 #else
203 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
204 #endif
205 CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
206 #ifdef SQLCIPHER_EXT
207 sqlcipher_ext_provider_setup(p);
208 #endif
209 sqlcipher_register_provider(p);
210 CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
211 }
212
213 sqlcipher_activate_count++; /* increment activation count */
214
215 CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
216 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
217 CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
218 }
219
220 void sqlcipher_deactivate() {
221 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n");
222 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
223 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered static master mutex\n");
224
225 sqlcipher_activate_count--;
226 /* if no connections are using sqlcipher, cleanup globals */
227 if(sqlcipher_activate_count < 1) {
228
229 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER\n");
230 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
231 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER\n");
232
233 if(default_provider != NULL) {
234 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
235 default_provider = NULL;
236 }
237
238 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER\n");
239 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
240 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER\n");
241
242 #ifdef SQLCIPHER_EXT
243 sqlcipher_ext_provider_destroy();
244 #endif
245
246 /* last connection closed, free mutexes */
247 if(sqlcipher_activate_count == 0) {
248 int i;
249 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
250 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
251 }
252 }
253 sqlcipher_activate_count = 0; /* reset activation count */
254 }
255
256 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving static master mutex\n");
257 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
258 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left static master mutex\n");
259 }
260
261 /* constant time memset using volitile to avoid having the memset
262 optimized out by the compiler.
263 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
264 */
265 void* sqlcipher_memset(void *v, unsigned char value, u64 len) {
266 u64 i = 0;
267 volatile unsigned char *a = v;
268
269 if (v == NULL) return v;
270
271 CODEC_TRACE_MEMORY("sqlcipher_memset: setting %p[0-%llu]=%d)\n", a, len, value);
272 for(i = 0; i < len; i++) {
273 a[i] = value;
274 }
275
276 return v;
277 }
278
279 /* constant time memory check tests every position of a memory segement
280 matches a single value (i.e. the memory is all zeros)
281 returns 0 if match, 1 of no match */
282 int sqlcipher_ismemset(const void *v, unsigned char value, u64 len) {
283 const unsigned char *a = v;
284 u64 i = 0, result = 0;
285
286 for(i = 0; i < len; i++) {
287 result |= a[i] ^ value;
288 }
289
290 return (result != 0);
291 }
292
293 /* constant time memory comparison routine.
294 returns 0 if match, 1 if no match */
295 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
296 const unsigned char *a0 = v0, *a1 = v1;
297 int i = 0, result = 0;
298
299 for(i = 0; i < len; i++) {
300 result |= a0[i] ^ a1[i];
301 }
302
303 return (result != 0);
304 }
305
306 void sqlcipher_mlock(void *ptr, u64 sz) {
307 #ifndef OMIT_MEMLOCK
308 #if defined(__unix__) || defined(__APPLE__)
309 int rc;
310 unsigned long pagesize = sysconf(_SC_PAGESIZE);
311 unsigned long offset = (unsigned long) ptr % pagesize;
312
313 if(ptr == NULL || sz == 0) return;
314
315 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu\n", ptr - offset, sz + offset, pagesize);
316 rc = mlock(ptr - offset, sz + offset);
317 if(rc!=0) {
318 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
319 }
320 #elif defined(_WIN32)
321 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
322 int rc;
323 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualLock(%p,%d)\n", ptr, sz);
324 rc = VirtualLock(ptr, sz);
325 if(rc==0) {
326 CODEC_TRACE("sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
327 }
328 #endif
329 #endif
330 #endif
331 }
332
333 void sqlcipher_munlock(void *ptr, u64 sz) {
334 #ifndef OMIT_MEMLOCK
335 #if defined(__unix__) || defined(__APPLE__)
336 int rc;
337 unsigned long pagesize = sysconf(_SC_PAGESIZE);
338 unsigned long offset = (unsigned long) ptr % pagesize;
339
340 if(ptr == NULL || sz == 0) return;
341
342 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: calling munlock(%p,%lu)\n", ptr - offset, sz + offset);
343 rc = munlock(ptr - offset, sz + offset);
344 if(rc!=0) {
345 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
346 }
347 #elif defined(_WIN32)
348 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
349 int rc;
350 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)\n", ptr, sz);
351 rc = VirtualUnlock(ptr, sz);
352 if(!rc) {
353 CODEC_TRACE("sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
354 }
355 #endif
356 #endif
357 #endif
358 }
359
360 /**
361 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
362 * can be countend and memory leak detection works in the test suite.
363 * If ptr is not null memory will be freed.
364 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
365 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
366 * memory segment so it can be paged
367 */
368 void sqlcipher_free(void *ptr, u64 sz) {
369 CODEC_TRACE_MEMORY("sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
370 sqlcipher_memset(ptr, 0, sz);
371 sqlcipher_munlock(ptr, sz);
372 sqlite3_free(ptr);
373 }
374
375 /**
376 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
377 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
378 * attempts to lock the memory pages so sensitive information won't be swapped
379 */
380 void* sqlcipher_malloc(u64 sz) {
381 void *ptr;
382 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlite3Malloc(%llu)\n", sz);
383 ptr = sqlite3Malloc(sz);
384 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
385 sqlcipher_memset(ptr, 0, sz);
386 sqlcipher_mlock(ptr, sz);
387 return ptr;
388 }
389
390 char* sqlcipher_version() {
391 #ifdef CIPHER_VERSION_QUALIFIER
392 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
393 #else
394 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
395 #endif
396 return version;
397 }
398
399 /**
400 * Initialize new cipher_ctx struct. This function will allocate memory
401 * for the cipher context and for the key
402 *
403 * returns SQLITE_OK if initialization was successful
404 * returns SQLITE_NOMEM if an error occured allocating memory
405 */
406 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
407 cipher_ctx *c_ctx;
408 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating context\n");
409 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
410 c_ctx = *iCtx;
411 if(c_ctx == NULL) return SQLITE_NOMEM;
412
413 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating key\n");
414 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
415
416 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating hmac_key\n");
417 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
418
419 if(c_ctx->key == NULL) return SQLITE_NOMEM;
420 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
421
422 return SQLITE_OK;
423 }
424
425 /**
426 * Free and wipe memory associated with a cipher_ctx
427 */
428 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
429 cipher_ctx *c_ctx = *iCtx;
430 CODEC_TRACE("cipher_ctx_free: entered iCtx=%p\n", iCtx);
431 sqlcipher_free(c_ctx->key, ctx->key_sz);
432 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
433 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
434 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
435 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
436 }
437
438 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
439 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
440 int reserve = base_reserve;
441
442 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
443
444 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
445 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
446
447 /* calculate the amount of reserve needed in even increments of the cipher block size */
448 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
449 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
450
451 CODEC_TRACE("sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d\n",
452 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
453
454 ctx->reserve_sz = reserve;
455
456 return SQLITE_OK;
457 }
458
459 /**
460 * Compare one cipher_ctx to another.
461 *
462 * returns 0 if all the parameters (except the derived key data) are the same
463 * returns 1 otherwise
464 */
465 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
466 int are_equal = (
467 c1->pass_sz == c2->pass_sz
468 && (
469 c1->pass == c2->pass
470 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
471 (const unsigned char*)c2->pass,
472 c1->pass_sz)
473 ));
474
475 CODEC_TRACE("sqlcipher_cipher_ctx_cmp: entered \
476 c1=%p c2=%p \
477 c1->pass_sz=%d c2->pass_sz=%d \
478 c1->pass=%p c2->pass=%p \
479 c1->pass=%s c2->pass=%s \
480 sqlcipher_memcmp=%d \
481 are_equal=%d \
482 \n",
483 c1, c2,
484 c1->pass_sz, c2->pass_sz,
485 c1->pass, c2->pass,
486 c1->pass, c2->pass,
487 (c1->pass == NULL || c2->pass == NULL)
488 ? -1 : sqlcipher_memcmp(
489 (const unsigned char*)c1->pass,
490 (const unsigned char*)c2->pass,
491 c1->pass_sz),
492 are_equal
493 );
494
495 return !are_equal; /* return 0 if they are the same, 1 otherwise */
496 }
497
498 /**
499 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
500 * fully initialized context, you could copy it to write_ctx and all yet data
501 * and pass information across
502 *
503 * returns SQLITE_OK if initialization was successful
504 * returns SQLITE_NOMEM if an error occured allocating memory
505 */
506 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
507 void *key = target->key;
508 void *hmac_key = target->hmac_key;
509
510 CODEC_TRACE("sqlcipher_cipher_ctx_copy: entered target=%p, source=%p\n", target, source);
511 sqlcipher_free(target->pass, target->pass_sz);
512 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
513 memcpy(target, source, sizeof(cipher_ctx));
514
515 target->key = key; /* restore pointer to previously allocated key data */
516 memcpy(target->key, source->key, ctx->key_sz);
517
518 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
519 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
520
521 if(source->pass && source->pass_sz) {
522 target->pass = sqlcipher_malloc(source->pass_sz);
523 if(target->pass == NULL) return SQLITE_NOMEM;
524 memcpy(target->pass, source->pass, source->pass_sz);
525 }
526 if(source->keyspec) {
527 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
528 if(target->keyspec == NULL) return SQLITE_NOMEM;
529 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
530 }
531 return SQLITE_OK;
532 }
533
534 /**
535 * Set the keyspec for the cipher_ctx
536 *
537 * returns SQLITE_OK if assignment was successfull
538 * returns SQLITE_NOMEM if an error occured allocating memory
539 */
540 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
541 /* free, zero existing pointers and size */
542 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
543 c_ctx->keyspec = NULL;
544
545 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
546 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
547
548 c_ctx->keyspec[0] = 'x';
549 c_ctx->keyspec[1] = '\'';
550 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
551 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
552 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
553 return SQLITE_OK;
554 }
555
556 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
557 return ctx->store_pass;
558 }
559
560 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
561 ctx->store_pass = value;
562 }
563
564 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
565 *zKey = ctx->read_ctx->pass;
566 *nKey = ctx->read_ctx->pass_sz;
567 }
568
569 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
570 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = 1;
571 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = 1;
572 }
573
574 /**
575 * Set the passphrase for the cipher_ctx
576 *
577 * returns SQLITE_OK if assignment was successfull
578 * returns SQLITE_NOMEM if an error occured allocating memory
579 */
580 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
581 /* free, zero existing pointers and size */
582 sqlcipher_free(ctx->pass, ctx->pass_sz);
583 ctx->pass = NULL;
584 ctx->pass_sz = 0;
585
586 if(zKey && nKey) { /* if new password is provided, copy it */
587 ctx->pass_sz = nKey;
588 ctx->pass = sqlcipher_malloc(nKey);
589 if(ctx->pass == NULL) return SQLITE_NOMEM;
590 memcpy(ctx->pass, zKey, nKey);
591 }
592 return SQLITE_OK;
593 }
594
595 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
596 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
597 int rc;
598
599 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) return rc;
600 c_ctx->derive_key = 1;
601
602 if(for_ctx == 2)
603 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK)
604 return rc;
605
606 return SQLITE_OK;
607 }
608
609 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
610 return ctx->provider->get_cipher(ctx->provider_ctx);
611 }
612
613 /* set the global default KDF iteration */
614 void sqlcipher_set_default_kdf_iter(int iter) {
615 default_kdf_iter = iter;
616 }
617
618 int sqlcipher_get_default_kdf_iter() {
619 return default_kdf_iter;
620 }
621
622 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
623 ctx->kdf_iter = kdf_iter;
624 sqlcipher_set_derive_key(ctx, 1);
625 return SQLITE_OK;
626 }
627
628 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
629 return ctx->kdf_iter;
630 }
631
632 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
633 ctx->fast_kdf_iter = fast_kdf_iter;
634 sqlcipher_set_derive_key(ctx, 1);
635 return SQLITE_OK;
636 }
637
638 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
639 return ctx->fast_kdf_iter;
640 }
641
642 /* set the global default flag for HMAC */
643 void sqlcipher_set_default_use_hmac(int use) {
644 if(use) default_flags |= CIPHER_FLAG_HMAC;
645 else default_flags &= ~CIPHER_FLAG_HMAC;
646 }
647
648 int sqlcipher_get_default_use_hmac() {
649 return (default_flags & CIPHER_FLAG_HMAC) != 0;
650 }
651
652 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
653 hmac_salt_mask = mask;
654 }
655
656 unsigned char sqlcipher_get_hmac_salt_mask() {
657 return hmac_salt_mask;
658 }
659
660 /* set the codec flag for whether this individual database should be using hmac */
661 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
662 if(use) {
663 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_HMAC);
664 } else {
665 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_HMAC);
666 }
667
668 return sqlcipher_codec_ctx_reserve_setup(ctx);
669 }
670
671 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
672 return (ctx->flags & CIPHER_FLAG_HMAC) != 0;
673 }
674
675 /* the length of plaintext header size must be:
676 * 1. greater than or equal to zero
677 * 2. a multiple of the cipher block size
678 * 3. less than the usable size of the first database page
679 */
680 int sqlcipher_set_default_plaintext_header_size(int size) {
681 default_plaintext_header_sz = size;
682 return SQLITE_OK;
683 }
684
685 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
686 if(size >= 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
687 ctx->plaintext_header_sz = size;
688 return SQLITE_OK;
689 }
690 ctx->plaintext_header_sz = -1;
691 return SQLITE_ERROR;
692 }
693
694 int sqlcipher_get_default_plaintext_header_size() {
695 return default_plaintext_header_sz;
696 }
697
698 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
699 return ctx->plaintext_header_sz;
700 }
701
702 /* manipulate HMAC algorithm */
703 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
704 default_hmac_algorithm = algorithm;
705 return SQLITE_OK;
706 }
707
708 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
709 ctx->hmac_algorithm = algorithm;
710 return sqlcipher_codec_ctx_reserve_setup(ctx);
711 }
712
713 int sqlcipher_get_default_hmac_algorithm() {
714 return default_hmac_algorithm;
715 }
716
717 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
718 return ctx->hmac_algorithm;
719 }
720
721 /* manipulate KDF algorithm */
722 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
723 default_kdf_algorithm = algorithm;
724 return SQLITE_OK;
725 }
726
727 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
728 ctx->kdf_algorithm = algorithm;
729 return SQLITE_OK;
730 }
731
732 int sqlcipher_get_default_kdf_algorithm() {
733 return default_kdf_algorithm;
734 }
735
736 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
737 return ctx->kdf_algorithm;
738 }
739
740 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag) {
741 ctx->flags |= flag;
742 return SQLITE_OK;
743 }
744
745 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag) {
746 ctx->flags &= ~flag;
747 return SQLITE_OK;
748 }
749
750 int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag) {
751 return (ctx->flags & flag) != 0;
752 }
753
754 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
755 CODEC_TRACE("sqlcipher_codec_ctx_set_error: ctx=%p, error=%d\n", ctx, error);
756 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
757 ctx->pBt->pBt->db->errCode = error;
758 }
759
760 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
761 return ctx->reserve_sz;
762 }
763
764 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
765 return ctx->buffer;
766 }
767
768 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
769 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
770
771 if(!ctx->need_kdf_salt) {
772 return SQLITE_OK; /* don't reload salt when not needed */
773 }
774
775 /* read salt from header, if present, otherwise generate a new random salt */
776 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: obtaining salt\n");
777 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
778 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random\n");
779 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) return SQLITE_ERROR;
780 }
781 ctx->need_kdf_salt = 0;
782 return SQLITE_OK;
783 }
784
785 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
786 if(size >= ctx->kdf_salt_sz) {
787 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
788 ctx->need_kdf_salt = 0;
789 return SQLITE_OK;
790 }
791 return SQLITE_ERROR;
792 }
793
794 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
795 int rc = SQLITE_OK;
796 if(ctx->need_kdf_salt) {
797 rc = sqlcipher_codec_ctx_init_kdf_salt(ctx);
798 }
799 *salt = ctx->kdf_salt;
800 return rc;
801 }
802
803 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
804 *zKey = ctx->read_ctx->keyspec;
805 *nKey = ctx->keyspec_sz;
806 }
807
808 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
809 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
810 CODEC_TRACE(("cipher_page_size not a power of 2 and between 512 and 65536 inclusive\n"));
811 return SQLITE_ERROR;
812 }
813 /* attempt to free the existing page buffer */
814 sqlcipher_free(ctx->buffer,ctx->page_sz);
815 ctx->page_sz = size;
816
817 /* pre-allocate a page buffer of PageSize bytes. This will
818 be used as a persistent buffer for encryption and decryption
819 operations to avoid overhead of multiple memory allocations*/
820 ctx->buffer = sqlcipher_malloc(size);
821 if(ctx->buffer == NULL) return SQLITE_NOMEM;
822
823 return SQLITE_OK;
824 }
825
826 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
827 return ctx->page_sz;
828 }
829
830 void sqlcipher_set_default_pagesize(int page_size) {
831 default_page_size = page_size;
832 }
833
834 int sqlcipher_get_default_pagesize() {
835 return default_page_size;
836 }
837
838 void sqlcipher_set_mem_security(int on) {
839 /* memory security can only be enabled, not disabled */
840 if(on) {
841 mem_security_on = on;
842 mem_security_activated = 0;
843 }
844 }
845
846 int sqlcipher_get_mem_security() {
847 return mem_security_on && mem_security_activated;
848 }
849
850
851 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
852 int rc;
853 codec_ctx *ctx;
854
855 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating context\n");
856
857 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
858 ctx = *iCtx;
859
860 if(ctx == NULL) return SQLITE_NOMEM;
861
862 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
863
864 /* allocate space for salt data. Then read the first 16 bytes
865 directly off the database file. This is the salt for the
866 key derivation function. If we get a short read allocate
867 a new random salt value */
868 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating kdf_salt\n");
869 ctx->kdf_salt_sz = FILE_HEADER_SZ;
870 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
871 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
872
873 /* allocate space for separate hmac salt data. We want the
874 HMAC derivation salt to be different than the encryption
875 key derivation salt */
876 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating hmac_kdf_salt\n");
877 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
878 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
879
880 /* setup default flags */
881 ctx->flags = default_flags;
882
883 /* defer attempt to read KDF salt until first use */
884 ctx->need_kdf_salt = 1;
885
886 /* setup the crypto provider */
887 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating provider\n");
888 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
889 if(ctx->provider == NULL) return SQLITE_NOMEM;
890
891 /* make a copy of the provider to be used for the duration of the context */
892 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER\n");
893 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
894 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER\n");
895
896 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
897
898 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER\n");
899 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
900 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER\n");
901
902 CODEC_TRACE("sqlcipher_codec_ctx_init: calling provider ctx_init\n");
903 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) return rc;
904
905 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
906 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
907 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
908
909 /* establic the size for a hex-formated key specification, containing the
910 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
911 so oversize by 3 bytes */
912 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
913
914 /*
915 Always overwrite page size and set to the default because the first page of the database
916 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
917 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
918 */
919 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_pagesize with %d\n", default_page_size);
920 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) return rc;
921
922 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
923 CODEC_TRACE("sqlcipher_codec_ctx_init: setting default_kdf_iter\n");
924 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) return rc;
925
926 CODEC_TRACE("sqlcipher_codec_ctx_init: setting fast_kdf_iter\n");
927 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) return rc;
928
929 /* set the default HMAC and KDF algorithms which will determine the reserve size */
930 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_hmac_algorithm with %d\n", default_hmac_algorithm);
931 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) return rc;
932
933 /* Note that use_hmac is a special case that requires recalculation of page size
934 so we call set_use_hmac to perform setup */
935 CODEC_TRACE("sqlcipher_codec_ctx_init: setting use_hmac\n");
936 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, default_flags & CIPHER_FLAG_HMAC)) != SQLITE_OK) return rc;
937
938 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_kdf_algorithm with %d\n", default_kdf_algorithm);
939 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) return rc;
940
941 /* setup the default plaintext header size */
942 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_plaintext_header_size with %d\n", default_plaintext_header_sz);
943 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) return rc;
944
945 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
946 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing read_ctx\n");
947 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) return rc;
948
949 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing write_ctx\n");
950 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) return rc;
951
952 /* set the key material on one of the sub cipher contexts and sync them up */
953 CODEC_TRACE("sqlcipher_codec_ctx_init: setting pass key\n");
954 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) return rc;
955
956 CODEC_TRACE("sqlcipher_codec_ctx_init: copying write_ctx to read_ctx\n");
957 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) return rc;
958
959 return SQLITE_OK;
960 }
961
962 /**
963 * Free and wipe memory associated with a cipher_ctx, including the allocated
964 * read_ctx and write_ctx.
965 */
966 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
967 codec_ctx *ctx = *iCtx;
968 CODEC_TRACE("codec_ctx_free: entered iCtx=%p\n", iCtx);
969 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
970 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
971 sqlcipher_free(ctx->buffer, 0);
972
973 ctx->provider->ctx_free(&ctx->provider_ctx);
974 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
975
976 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
977 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
978 sqlcipher_free(ctx, sizeof(codec_ctx));
979 }
980
981 /** convert a 32bit unsigned integer to little endian byte ordering */
982 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
983 p[0] = (u8)v;
984 p[1] = (u8)(v>>8);
985 p[2] = (u8)(v>>16);
986 p[3] = (u8)(v>>24);
987 }
988
989 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
990 unsigned char pgno_raw[sizeof(pgno)];
991 /* we may convert page number to consistent representation before calculating MAC for
992 compatibility across big-endian and little-endian platforms.
993
994 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
995 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
996 backwards compatibility on the most popular platforms, but can optionally be configured
997 to use either big endian or native byte ordering via pragma. */
998
999 if(ctx->flags & CIPHER_FLAG_LE_PGNO) { /* compute hmac using little endian pgno*/
1000 sqlcipher_put4byte_le(pgno_raw, pgno);
1001 } else if(ctx->flags & CIPHER_FLAG_BE_PGNO) { /* compute hmac using big endian pgno */
1002 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1003 } else { /* use native byte ordering */
1004 memcpy(pgno_raw, &pgno, sizeof(pgno));
1005 }
1006
1007 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1008 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1009 valid pages out of order in a database */
1010 return ctx->provider->hmac(
1011 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1012 ctx->key_sz, in,
1013 in_sz, (unsigned char*) &pgno_raw,
1014 sizeof(pgno), out);
1015 }
1016
1017 /*
1018 * ctx - codec context
1019 * pgno - page number in database
1020 * size - size in bytes of input and output buffers
1021 * mode - 1 to encrypt, 0 to decrypt
1022 * in - pointer to input bytes
1023 * out - pouter to output bytes
1024 */
1025 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1026 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1027 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1028 int size;
1029
1030 /* calculate some required positions into various buffers */
1031 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1032 iv_out = out + size;
1033 iv_in = in + size;
1034
1035 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1036 random bytes. note, these pointers are only valid when using hmac */
1037 hmac_in = in + size + ctx->iv_sz;
1038 hmac_out = out + size + ctx->iv_sz;
1039 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1040
1041 CODEC_TRACE("codec_cipher:entered pgno=%d, mode=%d, size=%d\n", pgno, mode, size);
1042 CODEC_HEXDUMP("codec_cipher: input page data", in, page_sz);
1043
1044 /* the key size should never be zero. If it is, error out. */
1045 if(ctx->key_sz == 0) {
1046 CODEC_TRACE("codec_cipher: error possible context corruption, key_sz is zero for pgno=%d\n", pgno);
1047 goto error;
1048 }
1049
1050 if(mode == CIPHER_ENCRYPT) {
1051 /* start at front of the reserve block, write random data to the end */
1052 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1053 } else { /* CIPHER_DECRYPT */
1054 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1055 }
1056
1057 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT) && !ctx->skip_read_hmac) {
1058 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1059 CODEC_TRACE("codec_cipher: hmac operation on decrypt failed for pgno=%d\n", pgno);
1060 goto error;
1061 }
1062
1063 CODEC_TRACE("codec_cipher: comparing hmac on in=%p out=%p hmac_sz=%d\n", hmac_in, hmac_out, ctx->hmac_sz);
1064 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1065 if(sqlcipher_ismemset(in, 0, page_sz) == 0) {
1066 /* first check if the entire contents of the page is zeros. If so, this page
1067 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1068 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1069 and return SQLITE_OK to skip the decryption step. */
1070 CODEC_TRACE("codec_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK\n", pgno);
1071 sqlcipher_memset(out, 0, page_sz);
1072 return SQLITE_OK;
1073 } else {
1074 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1075 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1076 and return SQLITE_ERROR to the caller */
1077 CODEC_TRACE("codec_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR\n", pgno);
1078 goto error;
1079 }
1080 }
1081 }
1082
1083 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1084 CODEC_TRACE("codec_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR\n", mode, pgno);
1085 goto error;
1086 };
1087
1088 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1089 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1090 CODEC_TRACE("codec_cipher: hmac operation on encrypt failed for pgno=%d\n", pgno);
1091 goto error;
1092 };
1093 }
1094
1095 CODEC_HEXDUMP("codec_cipher: output page data", out_start, page_sz);
1096
1097 return SQLITE_OK;
1098 error:
1099 sqlcipher_memset(out, 0, page_sz);
1100 return SQLITE_ERROR;
1101 }
1102
1103 /**
1104 * Derive an encryption key for a cipher contex key based on the raw password.
1105 *
1106 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1107 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1108
1109 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1110 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1111 * as the key followed by the salt.
1112 *
1113 * Otherwise, a key data will be derived using PBKDF2
1114 *
1115 * returns SQLITE_OK if initialization was successful
1116 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1117 */
1118 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1119 int rc;
1120 CODEC_TRACE("cipher_ctx_key_derive: entered c_ctx->pass=%s, c_ctx->pass_sz=%d \
1121 ctx->kdf_salt=%p ctx->kdf_salt_sz=%d ctx->kdf_iter=%d \
1122 ctx->hmac_kdf_salt=%p, ctx->fast_kdf_iter=%d ctx->key_sz=%d\n",
1123 c_ctx->pass, c_ctx->pass_sz, ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1124 ctx->hmac_kdf_salt, ctx->fast_kdf_iter, ctx->key_sz);
1125
1126
1127 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1128
1129 /* if necessary, initialize the salt from the header or random source */
1130 if(ctx->need_kdf_salt) {
1131 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) return rc;
1132 }
1133
1134 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1135 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1136 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1137 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1138 cipher_hex2bin(z, n, c_ctx->key);
1139 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1140 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1141 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1142 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1143 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1144 } else {
1145 CODEC_TRACE("cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations\n", ctx->kdf_iter);
1146 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1147 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1148 ctx->key_sz, c_ctx->key) != SQLITE_OK) return SQLITE_ERROR;
1149 }
1150
1151 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1152 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) return rc;
1153
1154 /* if this context is setup to use hmac checks, generate a seperate and different
1155 key for HMAC. In this case, we use the output of the previous KDF as the input to
1156 this KDF run. This ensures a distinct but predictable HMAC key. */
1157 if(ctx->flags & CIPHER_FLAG_HMAC) {
1158 int i;
1159
1160 /* start by copying the kdf key into the hmac salt slot
1161 then XOR it with the fixed hmac salt defined at compile time
1162 this ensures that the salt passed in to derive the hmac key, while
1163 easy to derive and publically known, is not the same as the salt used
1164 to generate the encryption key */
1165 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1166 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1167 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1168 }
1169
1170 CODEC_TRACE("cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations\n",
1171 ctx->fast_kdf_iter);
1172
1173
1174 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1175 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1176 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) return SQLITE_ERROR;
1177 }
1178
1179 c_ctx->derive_key = 0;
1180 return SQLITE_OK;
1181 };
1182 return SQLITE_ERROR;
1183 }
1184
1185 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1186 /* derive key on first use if necessary */
1187 if(ctx->read_ctx->derive_key) {
1188 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1189 }
1190
1191 if(ctx->write_ctx->derive_key) {
1192 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1193 /* the relevant parameters are the same, just copy read key */
1194 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1195 } else {
1196 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) return SQLITE_ERROR;
1197 }
1198 }
1199
1200 /* TODO: wipe and free passphrase after key derivation */
1201 if(ctx->store_pass != 1) {
1202 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1203 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1204 }
1205
1206 return SQLITE_OK;
1207 }
1208
1209 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1210 if(source == CIPHER_READ_CTX) {
1211 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1212 } else {
1213 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1214 }
1215 }
1216
1217 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1218 return ctx->provider->get_provider_name(ctx->provider_ctx);
1219 }
1220
1221
1222 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1223 int rc;
1224 sqlite3 *db = NULL;
1225 sqlite3_stmt *statement = NULL;
1226 char *query_journal_mode = "PRAGMA journal_mode;";
1227 char *query_user_version = "PRAGMA user_version;";
1228
1229 rc = sqlite3_open(filename, &db);
1230 if(rc != SQLITE_OK) goto cleanup;
1231
1232 rc = sqlite3_key(db, key, key_sz);
1233 if(rc != SQLITE_OK) goto cleanup;
1234
1235 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1236 if(rc != SQLITE_OK) goto cleanup;
1237
1238 /* start by querying the user version.
1239 this will fail if the key is incorrect */
1240 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1241 if(rc != SQLITE_OK) goto cleanup;
1242
1243 rc = sqlite3_step(statement);
1244 if(rc == SQLITE_ROW) {
1245 *user_version = sqlite3_column_int(statement, 0);
1246 } else {
1247 goto cleanup;
1248 }
1249 sqlite3_finalize(statement);
1250
1251 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1252 if(rc != SQLITE_OK) goto cleanup;
1253
1254 rc = sqlite3_step(statement);
1255 if(rc == SQLITE_ROW) {
1256 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1257 } else {
1258 goto cleanup;
1259 }
1260 rc = SQLITE_OK;
1261 /* cleanup will finalize open statement */
1262
1263 cleanup:
1264 if(statement) sqlite3_finalize(statement);
1265 if(db) sqlite3_close(db);
1266 return rc;
1267 }
1268
1269 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1270 Pgno page = 1;
1271 int rc = 0;
1272 char *result;
1273 unsigned char *hmac_out = NULL;
1274 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1275 i64 file_sz;
1276
1277 Vdbe *v = sqlite3GetVdbe(pParse);
1278 sqlite3VdbeSetNumCols(v, 1);
1279 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1280
1281 if(fd == NULL || fd->pMethods == 0) {
1282 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1283 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1284 goto cleanup;
1285 }
1286
1287 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1288 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1289 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1290 goto cleanup;
1291 }
1292
1293 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1294 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1295 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1296 goto cleanup;
1297 }
1298
1299 sqlite3OsFileSize(fd, &file_sz);
1300 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1301
1302 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1303 int offset = (page - 1) * ctx->page_sz;
1304 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1305 int read_sz = ctx->page_sz;
1306
1307 /* skip integrity check on PAGER_MJ_PGNO since it will have no valid content */
1308 if(sqlite3pager_is_mj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1309
1310 if(page==1) {
1311 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1312 read_sz = read_sz - page1_offset;
1313 payload_sz = payload_sz - page1_offset;
1314 offset += page1_offset;
1315 }
1316
1317 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1318 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1319 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1320 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d\n", read_sz, page, offset);
1321 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1322 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1323 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1324 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1325 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1326 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1327 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1328 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1329 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1330 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1331 }
1332 }
1333
1334 if(file_sz % ctx->page_sz != 0) {
1335 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1336 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1337 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1338 }
1339
1340 cleanup:
1341 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1342 return SQLITE_OK;
1343 }
1344
1345 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1346 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1347 Db *pDb = 0;
1348 sqlite3 *db = ctx->pBt->db;
1349 const char *db_filename = sqlite3_db_filename(db, "main");
1350 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1351 Btree *pDest = NULL, *pSrc = NULL;
1352 sqlite3_file *srcfile, *destfile;
1353 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1354 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1355 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1356 #endif
1357 pass_sz = keyspec_sz = rc = user_version = 0;
1358
1359 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1360 goto cleanup; /* exit immediately if this is an in memory database */
1361
1362 /* pull the provided password / key material off the current codec context */
1363 pass_sz = ctx->read_ctx->pass_sz;
1364 pass = sqlcipher_malloc(pass_sz+1);
1365 memset(pass, 0, pass_sz+1);
1366 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1367
1368 /* Version 4 - current, no upgrade required, so exit immediately */
1369 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1370 if(rc == SQLITE_OK){
1371 CODEC_TRACE("No upgrade required - exiting\n");
1372 goto cleanup;
1373 }
1374
1375 for(i = 3; i > 0; i--) {
1376 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1377 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1378 if(rc == SQLITE_OK) {
1379 CODEC_TRACE("Version %d format found\n", i);
1380 goto migrate;
1381 }
1382 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1383 pragma_compat = NULL;
1384 }
1385 /* if we exit the loop normally we failed to determine the version, this is an error */
1386 CODEC_TRACE("Upgrade format not determined\n");
1387 goto handle_error;
1388
1389 migrate:
1390
1391 temp = sqlite3_mprintf("%s-migrated", db_filename);
1392 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1393 * to determine whether the filename was URI formatted */
1394 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1395 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1396 sqlcipher_free(temp, sqlite3Strlen30(temp));
1397
1398 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1399 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1400
1401 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1402 if(rc != SQLITE_OK){
1403 CODEC_TRACE("set compatibility mode failed, error code %d\n", rc);
1404 goto handle_error;
1405 }
1406
1407 /* force journal mode to DELETE, we will set it back later if different */
1408 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1409 if(rc != SQLITE_OK){
1410 CODEC_TRACE("force journal mode DELETE failed, error code %d\n", rc);
1411 goto handle_error;
1412 }
1413
1414 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1415 if(rc != SQLITE_OK){
1416 CODEC_TRACE("attach failed, error code %d\n", rc);
1417 goto handle_error;
1418 }
1419
1420 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1421 if(rc != SQLITE_OK){
1422 CODEC_TRACE("keying attached database failed, error code %d\n", rc);
1423 goto handle_error;
1424 }
1425
1426 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1427 if(rc != SQLITE_OK){
1428 CODEC_TRACE("sqlcipher_export failed, error code %d\n", rc);
1429 goto handle_error;
1430 }
1431
1432 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1433 if(rc != SQLITE_OK){
1434 CODEC_TRACE("set user version failed, error code %d\n", rc);
1435 goto handle_error;
1436 }
1437
1438 if( !db->autoCommit ){
1439 CODEC_TRACE("cannot migrate from within a transaction");
1440 goto handle_error;
1441 }
1442 if( db->nVdbeActive>1 ){
1443 CODEC_TRACE("cannot migrate - SQL statements in progress");
1444 goto handle_error;
1445 }
1446
1447 pDest = db->aDb[0].pBt;
1448 pDb = &(db->aDb[db->nDb-1]);
1449 pSrc = pDb->pBt;
1450
1451 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1452 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1453 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1454 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1455 CODEC_TRACE("set btree page size to %d res %d rc %d\n", default_page_size, nRes, rc);
1456 if( rc!=SQLITE_OK ) goto handle_error;
1457
1458 sqlite3CodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1459 sqlite3CodecAttach(db, 0, keyspec, keyspec_sz);
1460
1461 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1462 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1463
1464 sqlite3OsClose(srcfile);
1465 sqlite3OsClose(destfile);
1466
1467 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1468 CODEC_TRACE("performing windows MoveFileExA\n");
1469
1470 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1471 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1472 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1473
1474 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1475 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1476 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1477
1478 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1479 CODEC_TRACE("move error");
1480 rc = SQLITE_ERROR;
1481 CODEC_TRACE("error occurred while renaming %d\n", rc);
1482 goto handle_error;
1483 }
1484 #else
1485 CODEC_TRACE("performing POSIX rename\n");
1486 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1487 CODEC_TRACE("error occurred while renaming %d\n", rc);
1488 goto handle_error;
1489 }
1490 #endif
1491 CODEC_TRACE("renamed migration database %s to main database %s: %d\n", migrated_db_filename, db_filename, rc);
1492
1493 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1494 CODEC_TRACE("reopened migration database: %d\n", rc);
1495 if( rc!=SQLITE_OK ) goto handle_error;
1496
1497 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1498 CODEC_TRACE("reopened main database: %d\n", rc);
1499 if( rc!=SQLITE_OK ) goto handle_error;
1500
1501 sqlite3pager_reset(pDest->pBt->pPager);
1502 CODEC_TRACE("reset pager\n");
1503
1504 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1505 CODEC_TRACE("DETACH DATABASE called %d\n", rc);
1506 if(rc != SQLITE_OK) goto cleanup;
1507
1508 rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1509 CODEC_TRACE("deleted migration database: %d\n", rc);
1510 if( rc!=SQLITE_OK ) goto handle_error;
1511
1512 sqlite3ResetAllSchemasOfConnection(db);
1513 CODEC_TRACE("reset all schemas\n");
1514
1515 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1516 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1517 CODEC_TRACE("%s: %d\n", set_journal_mode, rc);
1518 if( rc!=SQLITE_OK ) goto handle_error;
1519
1520 goto cleanup;
1521
1522 handle_error:
1523 CODEC_TRACE("An error occurred attempting to migrate the database - last error %d\n", rc);
1524 rc = SQLITE_ERROR;
1525
1526 cleanup:
1527 if(pass) sqlcipher_free(pass, pass_sz);
1528 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1529 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1530 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1531 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1532 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1533 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1534 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1535 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1536 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1537 #endif
1538 return rc;
1539 }
1540
1541 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1542 const char *suffix = &zRight[random_sz-1];
1543 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1544 if (n > 0 &&
1545 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1546 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1547 n % 2 == 0) {
1548 int rc = 0;
1549 int buffer_sz = n / 2;
1550 unsigned char *random;
1551 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1552 CODEC_TRACE("sqlcipher_codec_add_random: using raw random blob from hex\n");
1553 random = sqlcipher_malloc(buffer_sz);
1554 memset(random, 0, buffer_sz);
1555 cipher_hex2bin(z, n, random);
1556 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1557 sqlcipher_free(random, buffer_sz);
1558 return rc;
1559 }
1560 return SQLITE_ERROR;
1561 }
1562
1563 #if !defined(SQLITE_OMIT_TRACE) && !defined(SQLITE_OMIT_DEPRECATED)
1564 static void sqlcipher_profile_callback(void *file, const char *sql, sqlite3_uint64 run_time){
1565 FILE *f = (FILE*)file;
1566 double elapsed = run_time/1000000.0;
1567 if(f) fprintf(f, "Elapsed time:%.3f ms - %s\n", elapsed, sql);
1568 }
1569 #endif
1570
1571 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1572 #if defined(SQLITE_OMIT_TRACE) || defined(SQLITE_OMIT_DEPRECATED)
1573 return SQLITE_ERROR;
1574 #else
1575 FILE *f;
1576 if(sqlite3StrICmp(destination, "stdout") == 0){
1577 f = stdout;
1578 }else if(sqlite3StrICmp(destination, "stderr") == 0){
1579 f = stderr;
1580 }else if(sqlite3StrICmp(destination, "off") == 0){
1581 f = 0;
1582 }else{
1583 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1584 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1585 #else
1586 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1587 #endif
1588 }
1589 sqlite3_profile(db, sqlcipher_profile_callback, f);
1590 return SQLITE_OK;
1591 #endif
1592 }
1593
1594 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1595 return ctx->provider->fips_status(ctx->provider_ctx);
1596 }
1597
1598 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1599 return ctx->provider->get_provider_version(ctx->provider_ctx);
1600 }
1601
1602 #endif
1603 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.