src/crypto_cc.c

   1 /*
   2 ** SQLCipher
   3 ** http://sqlcipher.net
   4 **
   5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
   6 ** All rights reserved.
   7 **
   8 ** Redistribution and use in source and binary forms, with or without
   9 ** modification, are permitted provided that the following conditions are met:
  10 **     * Redistributions of source code must retain the above copyright
  11 **       notice, this list of conditions and the following disclaimer.
  12 **     * Redistributions in binary form must reproduce the above copyright
  13 **       notice, this list of conditions and the following disclaimer in the
  14 **       documentation and/or other materials provided with the distribution.
  15 **     * Neither the name of the ZETETIC LLC nor the
  16 **       names of its contributors may be used to endorse or promote products
  17 **       derived from this software without specific prior written permission.
  18 **
  19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
  20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
  23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 **
  30 */
  31 /* BEGIN SQLCIPHER */
  32 #ifdef SQLITE_HAS_CODEC
  33 #ifdef SQLCIPHER_CRYPTO_CC
  34 #include "crypto.h"
  35 #include "sqlcipher.h"
  36 #include <CommonCrypto/CommonCrypto.h>
  37 #include <Security/SecRandom.h>
  38 #include <CoreFoundation/CoreFoundation.h>
  39
  40 int sqlcipher_cc_setup(sqlcipher_provider *p);
  41
  42 static int sqlcipher_cc_add_random(void *ctx, void *buffer, int length) {
  43   return SQLITE_OK;
  44 }
  45
  46 /* generate a defined number of random bytes */
  47 static int sqlcipher_cc_random (void *ctx, void *buffer, int length) {
  48   return (SecRandomCopyBytes(kSecRandomDefault, length, (uint8_t *)buffer) == kCCSuccess) ? SQLITE_OK : SQLITE_ERROR;
  49 }
  50
  51 static const char* sqlcipher_cc_get_provider_name(void *ctx) {
  52   return "commoncrypto";
  53 }
  54
  55 static const char* sqlcipher_cc_get_provider_version(void *ctx) {
  56 #if TARGET_OS_MAC
  57   CFTypeRef version;
  58   CFBundleRef bundle = CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security"));
  59   if(bundle == NULL) {
  60     return "unknown";
  61   }
  62   version = CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("CFBundleShortVersionString"));
  63   return CFStringGetCStringPtr(version, kCFStringEncodingUTF8);
  64 #else
  65   return "unknown";
  66 #endif
  67 }
  68
  69 static int sqlcipher_cc_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
  70   CCHmacContext hmac_context;
  71   if(in == NULL) return SQLITE_ERROR;
  72   switch(algorithm) {
  73     case SQLCIPHER_HMAC_SHA1:
  74       CCHmacInit(&hmac_context, kCCHmacAlgSHA1, hmac_key, key_sz);
  75       break;
  76     case SQLCIPHER_HMAC_SHA256:
  77       CCHmacInit(&hmac_context, kCCHmacAlgSHA256, hmac_key, key_sz);
  78       break;
  79     case SQLCIPHER_HMAC_SHA512:
  80       CCHmacInit(&hmac_context, kCCHmacAlgSHA512, hmac_key, key_sz);
  81       break;
  82     default:
  83       return SQLITE_ERROR;
  84   }
  85   CCHmacUpdate(&hmac_context, in, in_sz);
  86   if(in2 != NULL) CCHmacUpdate(&hmac_context, in2, in2_sz);
  87   CCHmacFinal(&hmac_context, out);
  88   return SQLITE_OK;
  89 }
  90
  91 static int sqlcipher_cc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
  92   switch(algorithm) {
  93     case SQLCIPHER_HMAC_SHA1:
  94       if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA1, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
  95       break;
  96     case SQLCIPHER_HMAC_SHA256:
  97       if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA256, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
  98       break;
  99     case SQLCIPHER_HMAC_SHA512:
 100       if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA512, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
 101       break;
 102     default:
 103       return SQLITE_ERROR;
 104   }
 105   return SQLITE_OK;
 106 }
 107
 108 static int sqlcipher_cc_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
 109   CCCryptorRef cryptor;
 110   size_t tmp_csz, csz;
 111   CCOperation op = mode == CIPHER_ENCRYPT ? kCCEncrypt : kCCDecrypt;
 112
 113   if(CCCryptorCreate(op, kCCAlgorithmAES128, 0, key, kCCKeySizeAES256, iv, &cryptor) != kCCSuccess) return SQLITE_ERROR;
 114   if(CCCryptorUpdate(cryptor, in, in_sz, out, in_sz, &tmp_csz) != kCCSuccess) return SQLITE_ERROR;
 115   csz = tmp_csz;
 116   out += tmp_csz;
 117   if(CCCryptorFinal(cryptor, out, in_sz - csz, &tmp_csz) != kCCSuccess) return SQLITE_ERROR;
 118   csz += tmp_csz;
 119   if(CCCryptorRelease(cryptor) != kCCSuccess) return SQLITE_ERROR;
 120   assert(in_sz == csz);
 121
 122   return SQLITE_OK;
 123 }
 124
 125 static const char* sqlcipher_cc_get_cipher(void *ctx) {
 126   return "aes-256-cbc";
 127 }
 128
 129 static int sqlcipher_cc_get_key_sz(void *ctx) {
 130   return kCCKeySizeAES256;
 131 }
 132
 133 static int sqlcipher_cc_get_iv_sz(void *ctx) {
 134   return kCCBlockSizeAES128;
 135 }
 136
 137 static int sqlcipher_cc_get_block_sz(void *ctx) {
 138   return kCCBlockSizeAES128;
 139 }
 140
 141 static int sqlcipher_cc_get_hmac_sz(void *ctx, int algorithm) {
 142   switch(algorithm) {
 143     case SQLCIPHER_HMAC_SHA1:
 144       return CC_SHA1_DIGEST_LENGTH;
 145       break;
 146     case SQLCIPHER_HMAC_SHA256:
 147       return CC_SHA256_DIGEST_LENGTH;
 148       break;
 149     case SQLCIPHER_HMAC_SHA512:
 150       return CC_SHA512_DIGEST_LENGTH;
 151       break;
 152     default:
 153       return 0;
 154   }
 155 }
 156
 157 static int sqlcipher_cc_ctx_init(void **ctx) {
 158   return SQLITE_OK;
 159 }
 160
 161 static int sqlcipher_cc_ctx_free(void **ctx) {
 162   return SQLITE_OK;
 163 }
 164
 165 static int sqlcipher_cc_fips_status(void *ctx) {
 166   return 0;
 167 }
 168
 169 static int sqlcipher_cc_id(void *ctx) {
 170   return 1633265;
 171 }
 172
 173 static void* sqlcipher_cc_status(void *ctx) {
 174   return NULL;
 175 }
 176
 177 int sqlcipher_cc_setup(sqlcipher_provider *p) {
 178   p->random = sqlcipher_cc_random;
 179   p->get_provider_name = sqlcipher_cc_get_provider_name;
 180   p->hmac = sqlcipher_cc_hmac;
 181   p->kdf = sqlcipher_cc_kdf;
 182   p->cipher = sqlcipher_cc_cipher;
 183   p->get_cipher = sqlcipher_cc_get_cipher;
 184   p->get_key_sz = sqlcipher_cc_get_key_sz;
 185   p->get_iv_sz = sqlcipher_cc_get_iv_sz;
 186   p->get_block_sz = sqlcipher_cc_get_block_sz;
 187   p->get_hmac_sz = sqlcipher_cc_get_hmac_sz;
 188   p->ctx_init = sqlcipher_cc_ctx_init;
 189   p->ctx_free = sqlcipher_cc_ctx_free;
 190   p->add_random = sqlcipher_cc_add_random;
 191   p->fips_status = sqlcipher_cc_fips_status;
 192   p->get_provider_version = sqlcipher_cc_get_provider_version;
 193   p->id = sqlcipher_cc_id;
 194   p->status = sqlcipher_cc_status;
 195   return SQLITE_OK;
 196 }
 197
 198 #endif
 199 #endif
 200 /* END SQLCIPHER */