search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
significantly expand logging of error conditions
[sqlcipher.git] / src / crypto_impl.c
blob759a6203cdf25dbe31b77e381071b79990a38d02
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36 #include <time.h>
37
38 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
39 #include <windows.h> /* amalgamator: dontcache */
40 #else
41 #include <sys/time.h> /* amalgamator: dontcache */
42 #endif
43
44 #ifndef OMIT_MEMLOCK
45 #if defined(__unix__) || defined(__APPLE__) || defined(_AIX)
46 #include <errno.h> /* amalgamator: dontcache */
47 #include <unistd.h> /* amalgamator: dontcache */
48 #include <sys/resource.h> /* amalgamator: dontcache */
49 #include <sys/mman.h> /* amalgamator: dontcache */
50 #endif
51 #endif
52
53 #ifdef SQLCIPHER_TEST
54 static volatile unsigned int cipher_test_flags = 0;
55 unsigned int sqlcipher_get_test_flags() {
56 return cipher_test_flags;
57 }
58 void sqlcipher_set_test_flags(unsigned int flags) {
59 cipher_test_flags = flags;
60 }
61
62 static volatile int cipher_test_rand = 0;
63 int sqlcipher_get_test_rand() {
64 return cipher_test_rand;
65 }
66 void sqlcipher_set_test_rand(int rand) {
67 cipher_test_rand = rand;
68 }
69 int sqlcipher_get_test_fail() {
70 int x;
71
72 /* if cipher_test_rand is not set to a non-zero value always fail (return true) */
73 if (cipher_test_rand == 0) return 1;
74
75 sqlite3_randomness(sizeof(x), &x);
76 return ((x % cipher_test_rand) == 0);
77 }
78 #endif
79
80 /* Generate code to return a string value */
81
82 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
83 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
84 static volatile int default_kdf_iter = PBKDF2_ITER;
85 static volatile int default_page_size = 4096;
86 static volatile int default_plaintext_header_sz = 0;
87 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
88 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
89 static volatile int mem_security_on = 0;
90 static volatile int mem_security_initialized = 0;
91 static volatile int mem_security_activated = 0;
92 static volatile unsigned int sqlcipher_activate_count = 0;
93 static volatile sqlite3_mem_methods default_mem_methods;
94 static sqlcipher_provider *default_provider = NULL;
95
96 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
97 static volatile FILE* sqlcipher_log_file = NULL;
98 static volatile int sqlcipher_log_logcat = 0;
99 static volatile int sqlcipher_log_level = SQLCIPHER_LOG_NONE;
100
101 sqlite3_mutex* sqlcipher_mutex(int mutex) {
102 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
103 return sqlcipher_static_mutex[mutex];
104 }
105
106 static int sqlcipher_mem_init(void *pAppData) {
107 return default_mem_methods.xInit(pAppData);
108 }
109 static void sqlcipher_mem_shutdown(void *pAppData) {
110 default_mem_methods.xShutdown(pAppData);
111 }
112 static void *sqlcipher_mem_malloc(int n) {
113 void *ptr = default_mem_methods.xMalloc(n);
114 if(mem_security_on) {
115 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)", ptr, n);
116 sqlcipher_mlock(ptr, n);
117 if(!mem_security_activated) mem_security_activated = 1;
118 }
119 return ptr;
120 }
121 static int sqlcipher_mem_size(void *p) {
122 return default_mem_methods.xSize(p);
123 }
124 static void sqlcipher_mem_free(void *p) {
125 int sz;
126 if(mem_security_on) {
127 sz = sqlcipher_mem_size(p);
128 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d)", p, sz, p, sz);
129 sqlcipher_memset(p, 0, sz);
130 sqlcipher_munlock(p, sz);
131 if(!mem_security_activated) mem_security_activated = 1;
132 }
133 default_mem_methods.xFree(p);
134 }
135 static void *sqlcipher_mem_realloc(void *p, int n) {
136 void *new = NULL;
137 int orig_sz = 0;
138 if(mem_security_on) {
139 orig_sz = sqlcipher_mem_size(p);
140 if (n==0) {
141 sqlcipher_mem_free(p);
142 return NULL;
143 } else if (!p) {
144 return sqlcipher_mem_malloc(n);
145 } else if(n <= orig_sz) {
146 return p;
147 } else {
148 new = sqlcipher_mem_malloc(n);
149 if(new) {
150 memcpy(new, p, orig_sz);
151 sqlcipher_mem_free(p);
152 }
153 return new;
154 }
155 } else {
156 return default_mem_methods.xRealloc(p, n);
157 }
158 }
159
160 static int sqlcipher_mem_roundup(int n) {
161 return default_mem_methods.xRoundup(n);
162 }
163
164 static sqlite3_mem_methods sqlcipher_mem_methods = {
165 sqlcipher_mem_malloc,
166 sqlcipher_mem_free,
167 sqlcipher_mem_realloc,
168 sqlcipher_mem_size,
169 sqlcipher_mem_roundup,
170 sqlcipher_mem_init,
171 sqlcipher_mem_shutdown,
172 0
173 };
174
175 void sqlcipher_init_memmethods() {
176 if(mem_security_initialized) return;
177 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
178 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
179 mem_security_on = mem_security_activated = 0;
180 }
181 mem_security_initialized = 1;
182 }
183
184 int sqlcipher_register_provider(sqlcipher_provider *p) {
185 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER");
186 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
187 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER");
188
189 if(default_provider != NULL && default_provider != p) {
190 /* only free the current registerd provider if it has been initialized
191 and it isn't a pointer to the same provider passed to the function
192 (i.e. protect against a caller calling register twice for the same provider) */
193 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
194 }
195 default_provider = p;
196 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER");
197 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
198 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER");
199
200 return SQLITE_OK;
201 }
202
203 /* return a pointer to the currently registered provider. This will
204 allow an application to fetch the current registered provider and
205 make minor changes to it */
206 sqlcipher_provider* sqlcipher_get_provider() {
207 return default_provider;
208 }
209
210 void sqlcipher_activate() {
211 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: entering static master mutex");
212 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
213 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: entered static master mutex");
214
215 /* allocate new mutexes */
216 if(sqlcipher_activate_count == 0) {
217 int i;
218 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
219 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
220 }
221 }
222
223 /* check to see if there is a provider registered at this point
224 if there no provider registered at this point, register the
225 default provider */
226 if(sqlcipher_get_provider() == NULL) {
227 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
228 #if defined (SQLCIPHER_CRYPTO_CC)
229 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
230 sqlcipher_cc_setup(p);
231 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
232 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
233 sqlcipher_ltc_setup(p);
234 #elif defined (SQLCIPHER_CRYPTO_NSS)
235 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
236 sqlcipher_nss_setup(p);
237 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
238 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
239 sqlcipher_openssl_setup(p);
240 #else
241 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
242 #endif
243 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_activate: calling sqlcipher_register_provider(%p)", p);
244 #ifdef SQLCIPHER_EXT
245 sqlcipher_ext_provider_setup(p);
246 #endif
247 sqlcipher_register_provider(p);
248 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_activate: called sqlcipher_register_provider(%p)",p);
249 }
250
251 sqlcipher_activate_count++; /* increment activation count */
252
253 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: leaving static master mutex");
254 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
255 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_activate: left static master mutex");
256 }
257
258 void sqlcipher_deactivate() {
259 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entering static master mutex");
260 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
261 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entered static master mutex");
262
263 sqlcipher_activate_count--;
264 /* if no connections are using sqlcipher, cleanup globals */
265 if(sqlcipher_activate_count < 1) {
266 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER");
267 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
268 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER");
269
270 if(default_provider != NULL) {
271 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
272 default_provider = NULL;
273 }
274
275 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER");
276 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
277 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER");
278
279 #ifdef SQLCIPHER_EXT
280 sqlcipher_ext_provider_destroy();
281 #endif
282
283 /* last connection closed, free mutexes */
284 if(sqlcipher_activate_count == 0) {
285 int i;
286 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
287 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
288 }
289 }
290 sqlcipher_activate_count = 0; /* reset activation count */
291 }
292
293 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: leaving static master mutex");
294 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
295 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_deactivate: left static master mutex");
296 }
297
298 /* constant time memset using volitile to avoid having the memset
299 optimized out by the compiler.
300 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
301 */
302 void* sqlcipher_memset(void *v, unsigned char value, u64 len) {
303 u64 i = 0;
304 volatile unsigned char *a = v;
305
306 if (v == NULL) return v;
307
308 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_memset: setting %p[0-%llu]=%d)", a, len, value);
309 for(i = 0; i < len; i++) {
310 a[i] = value;
311 }
312
313 return v;
314 }
315
316 /* constant time memory check tests every position of a memory segement
317 matches a single value (i.e. the memory is all zeros)
318 returns 0 if match, 1 of no match */
319 int sqlcipher_ismemset(const void *v, unsigned char value, u64 len) {
320 const unsigned char *a = v;
321 u64 i = 0, result = 0;
322
323 for(i = 0; i < len; i++) {
324 result |= a[i] ^ value;
325 }
326
327 return (result != 0);
328 }
329
330 /* constant time memory comparison routine.
331 returns 0 if match, 1 if no match */
332 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
333 const unsigned char *a0 = v0, *a1 = v1;
334 int i = 0, result = 0;
335
336 for(i = 0; i < len; i++) {
337 result |= a0[i] ^ a1[i];
338 }
339
340 return (result != 0);
341 }
342
343 void sqlcipher_mlock(void *ptr, u64 sz) {
344 #ifndef OMIT_MEMLOCK
345 #if defined(__unix__) || defined(__APPLE__)
346 int rc;
347 unsigned long pagesize = sysconf(_SC_PAGESIZE);
348 unsigned long offset = (unsigned long) ptr % pagesize;
349
350 if(ptr == NULL || sz == 0) return;
351
352 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu", ptr - offset, sz + offset, pagesize);
353 rc = mlock(ptr - offset, sz + offset);
354 if(rc!=0) {
355 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
356 }
357 #elif defined(_WIN32)
358 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
359 int rc;
360 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_mem_lock: calling VirtualLock(%p,%d)", ptr, sz);
361 rc = VirtualLock(ptr, sz);
362 if(rc==0) {
363 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
364 }
365 #endif
366 #endif
367 #endif
368 }
369
370 void sqlcipher_munlock(void *ptr, u64 sz) {
371 #ifndef OMIT_MEMLOCK
372 #if defined(__unix__) || defined(__APPLE__)
373 int rc;
374 unsigned long pagesize = sysconf(_SC_PAGESIZE);
375 unsigned long offset = (unsigned long) ptr % pagesize;
376
377 if(ptr == NULL || sz == 0) return;
378
379 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_mem_unlock: calling munlock(%p,%lu)", ptr - offset, sz + offset);
380 rc = munlock(ptr - offset, sz + offset);
381 if(rc!=0) {
382 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d", ptr - offset, sz + offset, rc, errno);
383 }
384 #elif defined(_WIN32)
385 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
386 int rc;
387 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)", ptr, sz);
388 rc = VirtualUnlock(ptr, sz);
389 if(!rc) {
390 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d", ptr, sz, rc, GetLastError());
391 }
392 #endif
393 #endif
394 #endif
395 }
396
397 /**
398 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
399 * can be countend and memory leak detection works in the test suite.
400 * If ptr is not null memory will be freed.
401 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
402 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
403 * memory segment so it can be paged
404 */
405 void sqlcipher_free(void *ptr, u64 sz) {
406 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
407 sqlcipher_memset(ptr, 0, sz);
408 sqlcipher_munlock(ptr, sz);
409 sqlite3_free(ptr);
410 }
411
412 /**
413 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
414 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
415 * attempts to lock the memory pages so sensitive information won't be swapped
416 */
417 void* sqlcipher_malloc(u64 sz) {
418 void *ptr;
419 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_malloc: calling sqlite3Malloc(%llu)", sz);
420 ptr = sqlite3Malloc(sz);
421 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)", ptr, sz);
422 sqlcipher_memset(ptr, 0, sz);
423 sqlcipher_mlock(ptr, sz);
424 return ptr;
425 }
426
427 char* sqlcipher_version() {
428 #ifdef CIPHER_VERSION_QUALIFIER
429 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
430 #else
431 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
432 #endif
433 return version;
434 }
435
436 /**
437 * Initialize new cipher_ctx struct. This function will allocate memory
438 * for the cipher context and for the key
439 *
440 * returns SQLITE_OK if initialization was successful
441 * returns SQLITE_NOMEM if an error occured allocating memory
442 */
443 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
444 cipher_ctx *c_ctx;
445 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating context");
446 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
447 c_ctx = *iCtx;
448 if(c_ctx == NULL) return SQLITE_NOMEM;
449
450 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating key");
451 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
452
453 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_init: allocating hmac_key");
454 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
455
456 if(c_ctx->key == NULL) return SQLITE_NOMEM;
457 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
458
459 return SQLITE_OK;
460 }
461
462 /**
463 * Free and wipe memory associated with a cipher_ctx
464 */
465 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
466 cipher_ctx *c_ctx = *iCtx;
467 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_free: entered iCtx=%p", iCtx);
468 sqlcipher_free(c_ctx->key, ctx->key_sz);
469 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
470 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
471 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
472 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
473 }
474
475 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
476 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
477 int reserve = base_reserve;
478
479 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
480
481 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
482 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
483
484 /* calculate the amount of reserve needed in even increments of the cipher block size */
485 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
486 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
487
488 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d",
489 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
490
491 ctx->reserve_sz = reserve;
492
493 return SQLITE_OK;
494 }
495
496 /**
497 * Compare one cipher_ctx to another.
498 *
499 * returns 0 if all the parameters (except the derived key data) are the same
500 * returns 1 otherwise
501 */
502 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
503 int are_equal = (
504 c1->pass_sz == c2->pass_sz
505 && (
506 c1->pass == c2->pass
507 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
508 (const unsigned char*)c2->pass,
509 c1->pass_sz)
510 ));
511
512 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_cmp: entered \
513 c1=%p c2=%p \
514 sqlcipher_memcmp(c1->pass, c2_pass)=%d \
515 are_equal=%d",
516 c1, c2,
517 (c1->pass == NULL || c2->pass == NULL)
518 ? -1 : sqlcipher_memcmp(
519 (const unsigned char*)c1->pass,
520 (const unsigned char*)c2->pass,
521 c1->pass_sz),
522 are_equal
523 );
524
525 return !are_equal; /* return 0 if they are the same, 1 otherwise */
526 }
527
528 /**
529 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
530 * fully initialized context, you could copy it to write_ctx and all yet data
531 * and pass information across
532 *
533 * returns SQLITE_OK if initialization was successful
534 * returns SQLITE_NOMEM if an error occured allocating memory
535 */
536 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
537 void *key = target->key;
538 void *hmac_key = target->hmac_key;
539
540 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_cipher_ctx_copy: entered target=%p, source=%p", target, source);
541 sqlcipher_free(target->pass, target->pass_sz);
542 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
543 memcpy(target, source, sizeof(cipher_ctx));
544
545 target->key = key; /* restore pointer to previously allocated key data */
546 memcpy(target->key, source->key, ctx->key_sz);
547
548 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
549 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
550
551 if(source->pass && source->pass_sz) {
552 target->pass = sqlcipher_malloc(source->pass_sz);
553 if(target->pass == NULL) return SQLITE_NOMEM;
554 memcpy(target->pass, source->pass, source->pass_sz);
555 }
556 if(source->keyspec) {
557 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
558 if(target->keyspec == NULL) return SQLITE_NOMEM;
559 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
560 }
561 return SQLITE_OK;
562 }
563
564 /**
565 * Set the keyspec for the cipher_ctx
566 *
567 * returns SQLITE_OK if assignment was successfull
568 * returns SQLITE_NOMEM if an error occured allocating memory
569 */
570 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
571 /* free, zero existing pointers and size */
572 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
573 c_ctx->keyspec = NULL;
574
575 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
576 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
577
578 c_ctx->keyspec[0] = 'x';
579 c_ctx->keyspec[1] = '\'';
580 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
581 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
582 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
583 return SQLITE_OK;
584 }
585
586 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
587 return ctx->store_pass;
588 }
589
590 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
591 ctx->store_pass = value;
592 }
593
594 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
595 *zKey = ctx->read_ctx->pass;
596 *nKey = ctx->read_ctx->pass_sz;
597 }
598
599 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
600 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = 1;
601 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = 1;
602 }
603
604 /**
605 * Set the passphrase for the cipher_ctx
606 *
607 * returns SQLITE_OK if assignment was successfull
608 * returns SQLITE_NOMEM if an error occured allocating memory
609 */
610 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
611 /* free, zero existing pointers and size */
612 sqlcipher_free(ctx->pass, ctx->pass_sz);
613 ctx->pass = NULL;
614 ctx->pass_sz = 0;
615
616 if(zKey && nKey) { /* if new password is provided, copy it */
617 ctx->pass_sz = nKey;
618 ctx->pass = sqlcipher_malloc(nKey);
619 if(ctx->pass == NULL) return SQLITE_NOMEM;
620 memcpy(ctx->pass, zKey, nKey);
621 }
622 return SQLITE_OK;
623 }
624
625 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
626 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
627 int rc;
628
629 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) return rc;
630 c_ctx->derive_key = 1;
631
632 if(for_ctx == 2)
633 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK)
634 return rc;
635
636 return SQLITE_OK;
637 }
638
639 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
640 return ctx->provider->get_cipher(ctx->provider_ctx);
641 }
642
643 /* set the global default KDF iteration */
644 void sqlcipher_set_default_kdf_iter(int iter) {
645 default_kdf_iter = iter;
646 }
647
648 int sqlcipher_get_default_kdf_iter() {
649 return default_kdf_iter;
650 }
651
652 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
653 ctx->kdf_iter = kdf_iter;
654 sqlcipher_set_derive_key(ctx, 1);
655 return SQLITE_OK;
656 }
657
658 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
659 return ctx->kdf_iter;
660 }
661
662 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
663 ctx->fast_kdf_iter = fast_kdf_iter;
664 sqlcipher_set_derive_key(ctx, 1);
665 return SQLITE_OK;
666 }
667
668 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
669 return ctx->fast_kdf_iter;
670 }
671
672 /* set the global default flag for HMAC */
673 void sqlcipher_set_default_use_hmac(int use) {
674 if(use) default_flags |= CIPHER_FLAG_HMAC;
675 else default_flags &= ~CIPHER_FLAG_HMAC;
676 }
677
678 int sqlcipher_get_default_use_hmac() {
679 return (default_flags & CIPHER_FLAG_HMAC) != 0;
680 }
681
682 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
683 hmac_salt_mask = mask;
684 }
685
686 unsigned char sqlcipher_get_hmac_salt_mask() {
687 return hmac_salt_mask;
688 }
689
690 /* set the codec flag for whether this individual database should be using hmac */
691 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
692 if(use) {
693 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_HMAC);
694 } else {
695 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_HMAC);
696 }
697
698 return sqlcipher_codec_ctx_reserve_setup(ctx);
699 }
700
701 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
702 return (ctx->flags & CIPHER_FLAG_HMAC) != 0;
703 }
704
705 /* the length of plaintext header size must be:
706 * 1. greater than or equal to zero
707 * 2. a multiple of the cipher block size
708 * 3. less than the usable size of the first database page
709 */
710 int sqlcipher_set_default_plaintext_header_size(int size) {
711 default_plaintext_header_sz = size;
712 return SQLITE_OK;
713 }
714
715 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
716 if(size >= 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
717 ctx->plaintext_header_sz = size;
718 return SQLITE_OK;
719 }
720 ctx->plaintext_header_sz = -1;
721 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_plaintext_header_size: attempt to set invalid plantext_header_size %d", size);
722 return SQLITE_ERROR;
723 }
724
725 int sqlcipher_get_default_plaintext_header_size() {
726 return default_plaintext_header_sz;
727 }
728
729 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
730 return ctx->plaintext_header_sz;
731 }
732
733 /* manipulate HMAC algorithm */
734 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
735 default_hmac_algorithm = algorithm;
736 return SQLITE_OK;
737 }
738
739 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
740 ctx->hmac_algorithm = algorithm;
741 return sqlcipher_codec_ctx_reserve_setup(ctx);
742 }
743
744 int sqlcipher_get_default_hmac_algorithm() {
745 return default_hmac_algorithm;
746 }
747
748 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
749 return ctx->hmac_algorithm;
750 }
751
752 /* manipulate KDF algorithm */
753 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
754 default_kdf_algorithm = algorithm;
755 return SQLITE_OK;
756 }
757
758 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
759 ctx->kdf_algorithm = algorithm;
760 return SQLITE_OK;
761 }
762
763 int sqlcipher_get_default_kdf_algorithm() {
764 return default_kdf_algorithm;
765 }
766
767 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
768 return ctx->kdf_algorithm;
769 }
770
771 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag) {
772 ctx->flags |= flag;
773 return SQLITE_OK;
774 }
775
776 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag) {
777 ctx->flags &= ~flag;
778 return SQLITE_OK;
779 }
780
781 int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag) {
782 return (ctx->flags & flag) != 0;
783 }
784
785 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
786 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_error: ctx=%p, error=%d", ctx, error);
787 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
788 ctx->pBt->pBt->db->errCode = error;
789 }
790
791 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
792 return ctx->reserve_sz;
793 }
794
795 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
796 return ctx->buffer;
797 }
798
799 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
800 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
801
802 if(!ctx->need_kdf_salt) {
803 return SQLITE_OK; /* don't reload salt when not needed */
804 }
805
806 /* read salt from header, if present, otherwise generate a new random salt */
807 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init_kdf_salt: obtaining salt");
808 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
809 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random");
810 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) {
811 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_init_kdf_salt: error retrieving random bytes from provider");
812 return SQLITE_ERROR;
813 }
814 }
815 ctx->need_kdf_salt = 0;
816 return SQLITE_OK;
817 }
818
819 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
820 if(size >= ctx->kdf_salt_sz) {
821 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
822 ctx->need_kdf_salt = 0;
823 return SQLITE_OK;
824 }
825 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_ctx_set_kdf_salt: attempt to set salt of incorrect size %d", size);
826 return SQLITE_ERROR;
827 }
828
829 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
830 int rc = SQLITE_OK;
831 if(ctx->need_kdf_salt) {
832 rc = sqlcipher_codec_ctx_init_kdf_salt(ctx);
833 }
834 *salt = ctx->kdf_salt;
835 return rc;
836 }
837
838 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
839 *zKey = ctx->read_ctx->keyspec;
840 *nKey = ctx->keyspec_sz;
841 }
842
843 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
844 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
845 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_page_size not a power of 2 and between 512 and 65536 inclusive");
846 return SQLITE_ERROR;
847 }
848 /* attempt to free the existing page buffer */
849 sqlcipher_free(ctx->buffer,ctx->page_sz);
850 ctx->page_sz = size;
851
852 /* pre-allocate a page buffer of PageSize bytes. This will
853 be used as a persistent buffer for encryption and decryption
854 operations to avoid overhead of multiple memory allocations*/
855 ctx->buffer = sqlcipher_malloc(size);
856 if(ctx->buffer == NULL) return SQLITE_NOMEM;
857
858 return SQLITE_OK;
859 }
860
861 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
862 return ctx->page_sz;
863 }
864
865 void sqlcipher_set_default_pagesize(int page_size) {
866 default_page_size = page_size;
867 }
868
869 int sqlcipher_get_default_pagesize() {
870 return default_page_size;
871 }
872
873 void sqlcipher_set_mem_security(int on) {
874 /* memory security can only be enabled, not disabled */
875 if(on) {
876 mem_security_on = on;
877 mem_security_activated = 0;
878 }
879 }
880
881 int sqlcipher_get_mem_security() {
882 return mem_security_on && mem_security_activated;
883 }
884
885
886 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
887 int rc;
888 codec_ctx *ctx;
889
890 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating context");
891
892 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
893 ctx = *iCtx;
894
895 if(ctx == NULL) return SQLITE_NOMEM;
896
897 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
898
899 /* allocate space for salt data. Then read the first 16 bytes
900 directly off the database file. This is the salt for the
901 key derivation function. If we get a short read allocate
902 a new random salt value */
903 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating kdf_salt");
904 ctx->kdf_salt_sz = FILE_HEADER_SZ;
905 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
906 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
907
908 /* allocate space for separate hmac salt data. We want the
909 HMAC derivation salt to be different than the encryption
910 key derivation salt */
911 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating hmac_kdf_salt");
912 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
913 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
914
915 /* setup default flags */
916 ctx->flags = default_flags;
917
918 /* defer attempt to read KDF salt until first use */
919 ctx->need_kdf_salt = 1;
920
921 /* setup the crypto provider */
922 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: allocating provider");
923 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
924 if(ctx->provider == NULL) return SQLITE_NOMEM;
925
926 /* make a copy of the provider to be used for the duration of the context */
927 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER");
928 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
929 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER");
930
931 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
932
933 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER");
934 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
935 sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER");
936
937 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: calling provider ctx_init");
938 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) return rc;
939
940 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
941 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
942 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
943
944 /* establic the size for a hex-formated key specification, containing the
945 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
946 so oversize by 3 bytes */
947 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
948
949 /*
950 Always overwrite page size and set to the default because the first page of the database
951 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
952 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
953 */
954 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_pagesize with %d", default_page_size);
955 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) return rc;
956
957 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
958 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: setting default_kdf_iter");
959 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) return rc;
960
961 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: setting fast_kdf_iter");
962 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) return rc;
963
964 /* set the default HMAC and KDF algorithms which will determine the reserve size */
965 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_hmac_algorithm with %d", default_hmac_algorithm);
966 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) return rc;
967
968 /* Note that use_hmac is a special case that requires recalculation of page size
969 so we call set_use_hmac to perform setup */
970 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: setting use_hmac");
971 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, default_flags & CIPHER_FLAG_HMAC)) != SQLITE_OK) return rc;
972
973 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_kdf_algorithm with %d", default_kdf_algorithm);
974 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) return rc;
975
976 /* setup the default plaintext header size */
977 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_plaintext_header_size with %d", default_plaintext_header_sz);
978 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) return rc;
979
980 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
981 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: initializing read_ctx");
982 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) return rc;
983
984 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: initializing write_ctx");
985 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) return rc;
986
987 /* set the key material on one of the sub cipher contexts and sync them up */
988 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: setting pass key");
989 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) return rc;
990
991 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_ctx_init: copying write_ctx to read_ctx");
992 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) return rc;
993
994 return SQLITE_OK;
995 }
996
997 /**
998 * Free and wipe memory associated with a cipher_ctx, including the allocated
999 * read_ctx and write_ctx.
1000 */
1001 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
1002 codec_ctx *ctx = *iCtx;
1003 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "codec_ctx_free: entered iCtx=%p", iCtx);
1004 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
1005 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
1006 sqlcipher_free(ctx->buffer, ctx->page_sz);
1007
1008 ctx->provider->ctx_free(&ctx->provider_ctx);
1009 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
1010
1011 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
1012 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
1013 sqlcipher_free(ctx, sizeof(codec_ctx));
1014 }
1015
1016 /** convert a 32bit unsigned integer to little endian byte ordering */
1017 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
1018 p[0] = (u8)v;
1019 p[1] = (u8)(v>>8);
1020 p[2] = (u8)(v>>16);
1021 p[3] = (u8)(v>>24);
1022 }
1023
1024 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
1025 unsigned char pgno_raw[sizeof(pgno)];
1026 /* we may convert page number to consistent representation before calculating MAC for
1027 compatibility across big-endian and little-endian platforms.
1028
1029 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
1030 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
1031 backwards compatibility on the most popular platforms, but can optionally be configured
1032 to use either big endian or native byte ordering via pragma. */
1033
1034 if(ctx->flags & CIPHER_FLAG_LE_PGNO) { /* compute hmac using little endian pgno*/
1035 sqlcipher_put4byte_le(pgno_raw, pgno);
1036 } else if(ctx->flags & CIPHER_FLAG_BE_PGNO) { /* compute hmac using big endian pgno */
1037 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
1038 } else { /* use native byte ordering */
1039 memcpy(pgno_raw, &pgno, sizeof(pgno));
1040 }
1041
1042 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
1043 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
1044 valid pages out of order in a database */
1045 return ctx->provider->hmac(
1046 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
1047 ctx->key_sz, in,
1048 in_sz, (unsigned char*) &pgno_raw,
1049 sizeof(pgno), out);
1050 }
1051
1052 /*
1053 * ctx - codec context
1054 * pgno - page number in database
1055 * size - size in bytes of input and output buffers
1056 * mode - 1 to encrypt, 0 to decrypt
1057 * in - pointer to input bytes
1058 * out - pouter to output bytes
1059 */
1060 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1061 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1062 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1063 int size;
1064
1065 /* calculate some required positions into various buffers */
1066 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1067 iv_out = out + size;
1068 iv_in = in + size;
1069
1070 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1071 random bytes. note, these pointers are only valid when using hmac */
1072 hmac_in = in + size + ctx->iv_sz;
1073 hmac_out = out + size + ctx->iv_sz;
1074 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1075
1076 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: entered pgno=%d, mode=%d, size=%d", pgno, mode, size);
1077 CODEC_HEXDUMP("sqlcipher_page_cipher: input page data", in, page_sz);
1078
1079 /* the key size should never be zero. If it is, error out. */
1080 if(ctx->key_sz == 0) {
1081 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: error possible context corruption, key_sz is zero for pgno=%d", pgno);
1082 goto error;
1083 }
1084
1085 if(mode == CIPHER_ENCRYPT) {
1086 /* start at front of the reserve block, write random data to the end */
1087 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1088 } else { /* CIPHER_DECRYPT */
1089 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1090 }
1091
1092 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT) && !ctx->skip_read_hmac) {
1093 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1094 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac operation on decrypt failed for pgno=%d", pgno);
1095 goto error;
1096 }
1097
1098 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_page_cipher: comparing hmac on in=%p out=%p hmac_sz=%d", hmac_in, hmac_out, ctx->hmac_sz);
1099 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1100 if(sqlcipher_ismemset(in, 0, page_sz) == 0) {
1101 /* first check if the entire contents of the page is zeros. If so, this page
1102 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1103 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1104 and return SQLITE_OK to skip the decryption step. */
1105 sqlcipher_log(SQLCIPHER_LOG_INFO, "sqlcipher_page_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK", pgno);
1106 sqlcipher_memset(out, 0, page_sz);
1107 return SQLITE_OK;
1108 } else {
1109 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1110 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1111 and return SQLITE_ERROR to the caller */
1112 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR", pgno);
1113 goto error;
1114 }
1115 }
1116 }
1117
1118 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1119 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR", mode, pgno);
1120 goto error;
1121 };
1122
1123 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1124 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1125 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_page_cipher: hmac operation on encrypt failed for pgno=%d", pgno);
1126 goto error;
1127 };
1128 }
1129
1130 CODEC_HEXDUMP("sqlcipher_page_cipher: output page data", out_start, page_sz);
1131
1132 return SQLITE_OK;
1133 error:
1134 sqlcipher_memset(out, 0, page_sz);
1135 return SQLITE_ERROR;
1136 }
1137
1138 /**
1139 * Derive an encryption key for a cipher contex key based on the raw password.
1140 *
1141 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1142 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1143
1144 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1145 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1146 * as the key followed by the salt.
1147 *
1148 * Otherwise, a key data will be derived using PBKDF2
1149 *
1150 * returns SQLITE_OK if initialization was successful
1151 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1152 */
1153 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1154 int rc;
1155 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: entered c_ctx->pass=%p, c_ctx->pass_sz=%d \
1156 ctx->kdf_salt=%p ctx->kdf_salt_sz=%d ctx->kdf_iter=%d \
1157 ctx->hmac_kdf_salt=%p, ctx->fast_kdf_iter=%d ctx->key_sz=%d",
1158 c_ctx->pass, c_ctx->pass_sz, ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1159 ctx->hmac_kdf_salt, ctx->fast_kdf_iter, ctx->key_sz);
1160
1161
1162 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1163
1164 /* if necessary, initialize the salt from the header or random source */
1165 if(ctx->need_kdf_salt) {
1166 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) return rc;
1167 }
1168
1169 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1170 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1171 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1172 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: using raw key from hex");
1173 cipher_hex2bin(z, n, c_ctx->key);
1174 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1175 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1176 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: using raw key from hex");
1177 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1178 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1179 } else {
1180 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations", ctx->kdf_iter);
1181 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1182 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1183 ctx->key_sz, c_ctx->key) != SQLITE_OK) {
1184 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: error occurred from provider kdf generating encryption key");
1185 return SQLITE_ERROR;
1186 }
1187 }
1188
1189 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1190 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) return rc;
1191
1192 /* if this context is setup to use hmac checks, generate a seperate and different
1193 key for HMAC. In this case, we use the output of the previous KDF as the input to
1194 this KDF run. This ensures a distinct but predictable HMAC key. */
1195 if(ctx->flags & CIPHER_FLAG_HMAC) {
1196 int i;
1197
1198 /* start by copying the kdf key into the hmac salt slot
1199 then XOR it with the fixed hmac salt defined at compile time
1200 this ensures that the salt passed in to derive the hmac key, while
1201 easy to derive and publically known, is not the same as the salt used
1202 to generate the encryption key */
1203 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1204 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1205 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1206 }
1207
1208 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations",
1209 ctx->fast_kdf_iter);
1210
1211
1212 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1213 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1214 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) {
1215 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: error occurred from provider kdf generating HMAC key");
1216 return SQLITE_ERROR;
1217 }
1218 }
1219
1220 c_ctx->derive_key = 0;
1221 return SQLITE_OK;
1222 }
1223 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cipher_ctx_key_derive: key material is not present on the context for key derivation");
1224 return SQLITE_ERROR;
1225 }
1226
1227 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1228 /* derive key on first use if necessary */
1229 if(ctx->read_ctx->derive_key) {
1230 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) {
1231 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred deriving read_ctx key");
1232 return SQLITE_ERROR;
1233 }
1234 }
1235
1236 if(ctx->write_ctx->derive_key) {
1237 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1238 /* the relevant parameters are the same, just copy read key */
1239 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) {
1240 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred copying read_ctx to write_ctx");
1241 return SQLITE_ERROR;
1242 }
1243 } else {
1244 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) {
1245 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_key_derive: error occurred deriving write_ctx key");
1246 return SQLITE_ERROR;
1247 }
1248 }
1249 }
1250
1251 /* TODO: wipe and free passphrase after key derivation */
1252 if(ctx->store_pass != 1) {
1253 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1254 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1255 }
1256
1257 return SQLITE_OK;
1258 }
1259
1260 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1261 if(source == CIPHER_READ_CTX) {
1262 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1263 } else {
1264 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1265 }
1266 }
1267
1268 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1269 return ctx->provider->get_provider_name(ctx->provider_ctx);
1270 }
1271
1272
1273 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1274 int rc;
1275 sqlite3 *db = NULL;
1276 sqlite3_stmt *statement = NULL;
1277 char *query_journal_mode = "PRAGMA journal_mode;";
1278 char *query_user_version = "PRAGMA user_version;";
1279
1280 rc = sqlite3_open(filename, &db);
1281 if(rc != SQLITE_OK) goto cleanup;
1282
1283 rc = sqlite3_key(db, key, key_sz);
1284 if(rc != SQLITE_OK) goto cleanup;
1285
1286 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1287 if(rc != SQLITE_OK) goto cleanup;
1288
1289 /* start by querying the user version.
1290 this will fail if the key is incorrect */
1291 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1292 if(rc != SQLITE_OK) goto cleanup;
1293
1294 rc = sqlite3_step(statement);
1295 if(rc == SQLITE_ROW) {
1296 *user_version = sqlite3_column_int(statement, 0);
1297 } else {
1298 goto cleanup;
1299 }
1300 sqlite3_finalize(statement);
1301
1302 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1303 if(rc != SQLITE_OK) goto cleanup;
1304
1305 rc = sqlite3_step(statement);
1306 if(rc == SQLITE_ROW) {
1307 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1308 } else {
1309 goto cleanup;
1310 }
1311 rc = SQLITE_OK;
1312 /* cleanup will finalize open statement */
1313
1314 cleanup:
1315 if(statement) sqlite3_finalize(statement);
1316 if(db) sqlite3_close(db);
1317 return rc;
1318 }
1319
1320 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1321 Pgno page = 1;
1322 int rc = 0;
1323 char *result;
1324 unsigned char *hmac_out = NULL;
1325 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1326 i64 file_sz;
1327
1328 Vdbe *v = sqlite3GetVdbe(pParse);
1329 sqlite3VdbeSetNumCols(v, 1);
1330 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1331
1332 if(fd == NULL || fd->pMethods == 0) {
1333 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1334 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1335 goto cleanup;
1336 }
1337
1338 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1339 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1340 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1341 goto cleanup;
1342 }
1343
1344 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1345 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1346 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1347 goto cleanup;
1348 }
1349
1350 sqlite3OsFileSize(fd, &file_sz);
1351 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1352
1353 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1354 i64 offset = (page - 1) * ctx->page_sz;
1355 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1356 int read_sz = ctx->page_sz;
1357
1358 /* skip integrity check on PAGER_MJ_PGNO since it will have no valid content */
1359 if(sqlite3pager_is_mj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1360
1361 if(page==1) {
1362 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1363 read_sz = read_sz - page1_offset;
1364 payload_sz = payload_sz - page1_offset;
1365 offset += page1_offset;
1366 }
1367
1368 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1369 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1370 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1371 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d", read_sz, page, offset);
1372 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1373 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1374 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1375 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1376 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1377 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1378 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1379 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1380 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1381 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1382 }
1383 }
1384
1385 if(file_sz % ctx->page_sz != 0) {
1386 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1387 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1388 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1389 }
1390
1391 cleanup:
1392 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1393 return SQLITE_OK;
1394 }
1395
1396 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1397 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1398 Db *pDb = 0;
1399 sqlite3 *db = ctx->pBt->db;
1400 const char *db_filename = sqlite3_db_filename(db, "main");
1401 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1402 Btree *pDest = NULL, *pSrc = NULL;
1403 sqlite3_file *srcfile, *destfile;
1404 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1405 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1406 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1407 #endif
1408 pass_sz = keyspec_sz = rc = user_version = 0;
1409
1410 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1411 goto cleanup; /* exit immediately if this is an in memory database */
1412
1413 /* pull the provided password / key material off the current codec context */
1414 pass_sz = ctx->read_ctx->pass_sz;
1415 pass = sqlcipher_malloc(pass_sz+1);
1416 memset(pass, 0, pass_sz+1);
1417 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1418
1419 /* Version 4 - current, no upgrade required, so exit immediately */
1420 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1421 if(rc == SQLITE_OK){
1422 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "No upgrade required - exiting");
1423 goto cleanup;
1424 }
1425
1426 for(i = 3; i > 0; i--) {
1427 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1428 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1429 if(rc == SQLITE_OK) {
1430 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "Version %d format found", i);
1431 goto migrate;
1432 }
1433 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1434 pragma_compat = NULL;
1435 }
1436
1437 /* if we exit the loop normally we failed to determine the version, this is an error */
1438 sqlcipher_log(SQLCIPHER_LOG_ERROR, "Upgrade format not determined");
1439 goto handle_error;
1440
1441 migrate:
1442
1443 temp = sqlite3_mprintf("%s-migrated", db_filename);
1444 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1445 * to determine whether the filename was URI formatted */
1446 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1447 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1448 sqlcipher_free(temp, sqlite3Strlen30(temp));
1449
1450 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1451 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1452
1453 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1454 if(rc != SQLITE_OK){
1455 sqlcipher_log(SQLCIPHER_LOG_ERROR, "set compatibility mode failed, error code %d", rc);
1456 goto handle_error;
1457 }
1458
1459 /* force journal mode to DELETE, we will set it back later if different */
1460 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1461 if(rc != SQLITE_OK){
1462 sqlcipher_log(SQLCIPHER_LOG_ERROR, "force journal mode DELETE failed, error code %d", rc);
1463 goto handle_error;
1464 }
1465
1466 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1467 if(rc != SQLITE_OK){
1468 sqlcipher_log(SQLCIPHER_LOG_ERROR, "attach failed, error code %d", rc);
1469 goto handle_error;
1470 }
1471
1472 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1473 if(rc != SQLITE_OK){
1474 sqlcipher_log(SQLCIPHER_LOG_ERROR, "keying attached database failed, error code %d", rc);
1475 goto handle_error;
1476 }
1477
1478 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1479 if(rc != SQLITE_OK){
1480 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_export failed, error code %d", rc);
1481 goto handle_error;
1482 }
1483
1484 #ifdef SQLCIPHER_TEST
1485 if((sqlcipher_get_test_flags() & TEST_FAIL_MIGRATE) > 0) {
1486 rc = SQLITE_ERROR;
1487 sqlcipher_log(SQLCIPHER_LOG_ERROR, "simulated migrate failure, error code %d", rc);
1488 goto handle_error;
1489 }
1490 #endif
1491
1492 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1493 if(rc != SQLITE_OK){
1494 sqlcipher_log(SQLCIPHER_LOG_ERROR, "set user version failed, error code %d", rc);
1495 goto handle_error;
1496 }
1497
1498 if( !db->autoCommit ){
1499 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cannot migrate from within a transaction");
1500 goto handle_error;
1501 }
1502 if( db->nVdbeActive>1 ){
1503 sqlcipher_log(SQLCIPHER_LOG_ERROR, "cannot migrate - SQL statements in progress");
1504 goto handle_error;
1505 }
1506
1507 pDest = db->aDb[0].pBt;
1508 pDb = &(db->aDb[db->nDb-1]);
1509 pSrc = pDb->pBt;
1510
1511 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1512 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1513 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1514 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1515 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "set btree page size to %d res %d rc %d", default_page_size, nRes, rc);
1516 if( rc!=SQLITE_OK ) goto handle_error;
1517
1518 sqlite3CodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1519 sqlite3CodecAttach(db, 0, keyspec, keyspec_sz);
1520
1521 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1522 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1523
1524 sqlite3OsClose(srcfile);
1525 sqlite3OsClose(destfile);
1526
1527 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1528 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "performing windows MoveFileExA");
1529
1530 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1531 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1532 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1533
1534 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1535 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1536 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1537
1538 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1539 rc = SQLITE_ERROR;
1540 sqlcipher_log(SQLCIPHER_LOG_ERROR, "error occurred while renaming %d", rc);
1541 goto handle_error;
1542 }
1543 #else
1544 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "performing POSIX rename");
1545 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1546 sqlcipher_log(SQLCIPHER_LOG_ERROR, "error occurred while renaming %d", rc);
1547 goto handle_error;
1548 }
1549 #endif
1550 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "renamed migration database %s to main database %s: %d", migrated_db_filename, db_filename, rc);
1551
1552 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1553 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reopened migration database: %d", rc);
1554 if( rc!=SQLITE_OK ) goto handle_error;
1555
1556 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1557 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reopened main database: %d", rc);
1558 if( rc!=SQLITE_OK ) goto handle_error;
1559
1560 sqlite3pager_reset(pDest->pBt->pPager);
1561 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reset pager");
1562
1563 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1564 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "DETACH DATABASE called %d", rc);
1565 if(rc != SQLITE_OK) goto cleanup;
1566
1567 sqlite3ResetAllSchemasOfConnection(db);
1568 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "reset all schemas");
1569
1570 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1571 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1572 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "%s: %d", set_journal_mode, rc);
1573 if( rc!=SQLITE_OK ) goto handle_error;
1574
1575 goto cleanup;
1576
1577 handle_error:
1578 sqlcipher_log(SQLCIPHER_LOG_ERROR, "An error occurred attempting to migrate the database - last error %d", rc);
1579
1580 cleanup:
1581 if(migrated_db_filename) {
1582 int del_rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1583 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "deleted migration database: %d", del_rc);
1584 }
1585
1586 if(pass) sqlcipher_free(pass, pass_sz);
1587 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1588 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1589 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1590 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1591 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1592 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1593 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1594 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1595 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1596 #endif
1597 return rc;
1598 }
1599
1600 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1601 const char *suffix = &zRight[random_sz-1];
1602 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1603 if (n > 0 &&
1604 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1605 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1606 n % 2 == 0) {
1607 int rc = 0;
1608 int buffer_sz = n / 2;
1609 unsigned char *random;
1610 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1611 sqlcipher_log(SQLCIPHER_LOG_DEBUG, "sqlcipher_codec_add_random: using raw random blob from hex");
1612 random = sqlcipher_malloc(buffer_sz);
1613 memset(random, 0, buffer_sz);
1614 cipher_hex2bin(z, n, random);
1615 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1616 sqlcipher_free(random, buffer_sz);
1617 return rc;
1618 }
1619 sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlcipher_codec_add_random: attemt to add random with invalid format");
1620 return SQLITE_ERROR;
1621 }
1622
1623 #if !defined(SQLITE_OMIT_TRACE)
1624 static int sqlcipher_profile_callback(unsigned int trace, void *file, void *stmt, void *run_time){
1625 FILE *f = (FILE*) file;
1626 char *fmt = "Elapsed time:%.3f ms - %s\n";
1627 double elapsed = (*((sqlite3_uint64*)run_time))/1000000.0;
1628 #ifdef __ANDROID__
1629 if(f == NULL) {
1630 __android_log_print(ANDROID_LOG_DEBUG, "sqlcipher", fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt);
1631 }
1632 #endif
1633 if(f) fprintf(f, fmt, elapsed, sqlite3_sql((sqlite3_stmt*)stmt));
1634 return SQLITE_OK;
1635 }
1636 #endif
1637
1638 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1639 #if defined(SQLITE_OMIT_TRACE)
1640 return SQLITE_ERROR;
1641 #else
1642 FILE *f = NULL;
1643 if(sqlite3_stricmp(destination, "off") == 0){
1644 sqlite3_trace_v2(db, 0, NULL, NULL); /* disable tracing */
1645 } else {
1646 if(sqlite3_stricmp(destination, "stdout") == 0){
1647 f = stdout;
1648 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1649 f = stderr;
1650 }else if(sqlite3_stricmp(destination, "logcat") == 0){
1651 f = NULL; /* file pointer will be NULL indicating logcat on android */
1652 }else{
1653 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1654 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1655 #else
1656 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1657 #endif
1658 }
1659 sqlite3_trace_v2(db, SQLITE_TRACE_PROFILE, sqlcipher_profile_callback, f);
1660 }
1661 return SQLITE_OK;
1662 #endif
1663 }
1664
1665 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1666 return ctx->provider->fips_status(ctx->provider_ctx);
1667 }
1668
1669 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1670 return ctx->provider->get_provider_version(ctx->provider_ctx);
1671 }
1672
1673 #ifndef SQLCIPHER_OMIT_LOG
1674 void sqlcipher_log(unsigned int level, const char *message, ...) {
1675 va_list params;
1676 va_start(params, message);
1677
1678 #ifdef CODEC_DEBUG
1679 #ifdef __ANDROID__
1680 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1681 #else
1682 vfprintf(stderr, message, params);
1683 fprintf(stderr, "\n");
1684 #endif
1685 #endif
1686
1687 if(level > sqlcipher_log_level || (sqlcipher_log_logcat == 0 && sqlcipher_log_file == NULL)) {
1688 /* no log target or tag not in included filters */
1689 goto end;
1690 }
1691 if(sqlcipher_log_file != NULL){
1692 char buffer[20];
1693 struct tm tt;
1694 struct timeval tv;
1695 int ms;
1696 gettimeofday(&tv, NULL);
1697 ms = tv.tv_usec/1000.0;
1698 localtime_r(&tv.tv_sec, &tt);
1699 strftime(buffer, 20, "%Y-%m-%d %H:%M:%S", &tt);
1700 fprintf((FILE*)sqlcipher_log_file, "%s.%03d: ", buffer, ms);
1701 vfprintf((FILE*)sqlcipher_log_file, message, params);
1702 fprintf((FILE*)sqlcipher_log_file, "\n");
1703 }
1704 #ifdef __ANDROID__
1705 if(sqlcipher_log_logcat) {
1706 __android_log_vprint(ANDROID_LOG_DEBUG, "sqlcipher", message, params);
1707 }
1708 #endif
1709 end:
1710 va_end(params);
1711 }
1712 #endif
1713
1714 int sqlcipher_set_log_level(unsigned int level) {
1715 sqlcipher_log_level = level;
1716 }
1717
1718 int sqlcipher_set_log(const char *destination){
1719 #ifdef SQLCIPHER_OMIT_LOG
1720 return SQLITE_ERROR;
1721 #else
1722 /* close open trace file if it is not stdout or stderr, then
1723 reset trace settings */
1724 if(sqlcipher_log_file != NULL && sqlcipher_log_file != stdout && sqlcipher_log_file != stderr) {
1725 fclose((FILE*)sqlcipher_log_file);
1726 }
1727 sqlcipher_log_file = NULL;
1728 sqlcipher_log_logcat = 0;
1729
1730 if(sqlite3_stricmp(destination, "logcat") == 0){
1731 sqlcipher_log_logcat = 1;
1732 } else if(sqlite3_stricmp(destination, "stdout") == 0){
1733 sqlcipher_log_file = stdout;
1734 }else if(sqlite3_stricmp(destination, "stderr") == 0){
1735 sqlcipher_log_file = stderr;
1736 }else if(sqlite3_stricmp(destination, "off") != 0){
1737 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1738 if(fopen_s(&sqlcipher_log_file, destination, "a") != 0) return SQLITE_ERROR;
1739 #else
1740 if((sqlcipher_log_file = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1741 #endif
1742 }
1743 sqlcipher_log(SQLCIPHER_LOG_INFO, "sqlcipher_set_log: set log to %s", destination);
1744 return SQLITE_OK;
1745 #endif
1746 }
1747
1748 #endif
1749 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.