3 ** http://sqlcipher.net
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #ifdef SQLITE_HAS_CODEC
33 #ifdef SQLCIPHER_CRYPTO_OPENSSL
34 #include "sqliteInt.h"
36 #include "sqlcipher.h"
37 #include <openssl/rand.h>
38 #include <openssl/evp.h>
39 #include <openssl/objects.h>
40 #include <openssl/hmac.h>
41 #include <openssl/err.h>
44 EVP_CIPHER
*evp_cipher
;
47 static unsigned int openssl_external_init
= 0;
48 static unsigned int openssl_init_count
= 0;
49 static sqlite3_mutex
* openssl_rand_mutex
= NULL
;
51 #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
52 static HMAC_CTX
*HMAC_CTX_new(void)
54 HMAC_CTX
*ctx
= OPENSSL_malloc(sizeof(*ctx
));
61 /* Per 1.1.0 (https://wiki.openssl.org/index.php/1.1_API_Changes)
62 HMAC_CTX_free should call HMAC_CTX_cleanup, then EVP_MD_CTX_Cleanup.
63 HMAC_CTX_cleanup internally calls EVP_MD_CTX_cleanup so these
64 calls are not needed. */
65 static void HMAC_CTX_free(HMAC_CTX
*ctx
)
68 HMAC_CTX_cleanup(ctx
);
74 static int sqlcipher_openssl_add_random(void *ctx
, void *buffer
, int length
) {
75 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
76 CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: entering openssl_rand_mutex %p\n", openssl_rand_mutex
);
77 sqlite3_mutex_enter(openssl_rand_mutex
);
78 CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: entered openssl_rand_mutex %p\n", openssl_rand_mutex
);
80 RAND_add(buffer
, length
, 0);
81 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
82 CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: leaving openssl_rand_mutex %p\n", openssl_rand_mutex
);
83 sqlite3_mutex_leave(openssl_rand_mutex
);
84 CODEC_TRACE_MUTEX("sqlcipher_openssl_add_random: left openssl_rand_mutex %p\n", openssl_rand_mutex
);
89 #define OPENSSL_CIPHER "aes-256-cbc"
92 /* activate and initialize sqlcipher. Most importantly, this will automatically
93 intialize OpenSSL's EVP system if it hasn't already be externally. Note that
94 this function may be called multiple times as new codecs are intiialized.
95 Thus it performs some basic counting to ensure that only the last and final
96 sqlcipher_openssl_deactivate() will free the EVP structures.
98 static int sqlcipher_openssl_activate(void *ctx
) {
99 /* initialize openssl and increment the internal init counter
100 but only if it hasn't been initalized outside of SQLCipher by this program
102 CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: entering static master mutex");
103 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER
));
104 CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: entered static master mutex");
106 if(openssl_init_count
== 0 && EVP_get_cipherbyname(OPENSSL_CIPHER
) != NULL
) {
107 /* if openssl has not yet been initialized by this library, but
108 a call to get_cipherbyname works, then the openssl library
109 has been initialized externally already. */
110 openssl_external_init
= 1;
113 #ifdef SQLCIPHER_FIPS
115 if(!FIPS_mode_set(1)){
116 ERR_load_crypto_strings();
117 ERR_print_errors_fp(stderr
);
122 if(openssl_init_count
== 0 && openssl_external_init
== 0) {
123 /* if the library was not externally initialized, then should be now */
124 #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
125 OpenSSL_add_all_algorithms();
129 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
130 if(openssl_rand_mutex
== NULL
) {
131 /* allocate a mutex to guard against concurrent calls to RAND_bytes() */
132 CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: allocating openssl_rand_mutex");
133 openssl_rand_mutex
= sqlite3_mutex_alloc(SQLITE_MUTEX_FAST
);
134 CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: allocated openssl_rand_mutex %p", openssl_rand_mutex
);
138 openssl_init_count
++;
139 CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: leaving static master mutex");
140 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER
));
141 CODEC_TRACE_MUTEX("sqlcipher_openssl_activate: left static master mutex");
145 /* deactivate SQLCipher, most imporantly decremeting the activation count and
146 freeing the EVP structures on the final deactivation to ensure that
147 OpenSSL memory is cleaned up */
148 static int sqlcipher_openssl_deactivate(void *ctx
) {
149 CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: entering static master mutex");
150 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER
));
151 CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: entered static master mutex");
152 openssl_init_count
--;
154 if(openssl_init_count
== 0) {
155 if(openssl_external_init
== 0) {
156 /* if OpenSSL hasn't be initialized externally, and the counter reaches zero
157 after it's decremented, release EVP memory
158 Note: this code will only be reached if OpensSSL_add_all_algorithms()
159 is called by SQLCipher internally. This should prevent SQLCipher from
160 "cleaning up" openssl when it was initialized externally by the program */
161 #if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
165 openssl_external_init
= 0;
167 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
168 CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: freeing openssl_rand_mutex %p", openssl_rand_mutex
);
169 sqlite3_mutex_free(openssl_rand_mutex
);
170 CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: freed openssl_rand_mutex %p", openssl_rand_mutex
);
171 openssl_rand_mutex
= NULL
;
174 CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: leaving static master mutex");
175 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER
));
176 CODEC_TRACE_MUTEX("sqlcipher_openssl_deactivate: left static master mutex");
180 static const char* sqlcipher_openssl_get_provider_name(void *ctx
) {
184 static const char* sqlcipher_openssl_get_provider_version(void *ctx
) {
185 return OPENSSL_VERSION_TEXT
;
188 /* generate a defined number of random bytes */
189 static int sqlcipher_openssl_random (void *ctx
, void *buffer
, int length
) {
191 /* concurrent calls to RAND_bytes can cause a crash under some openssl versions when a
192 naive application doesn't use CRYPTO_set_locking_callback and
193 CRYPTO_THREADID_set_callback to ensure openssl thread safety.
194 This is simple workaround to prevent this common crash
195 but a more proper solution is that applications setup platform-appropriate
196 thread saftey in openssl externally */
197 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
198 CODEC_TRACE_MUTEX("sqlcipher_openssl_random: entering openssl_rand_mutex %p", openssl_rand_mutex
);
199 sqlite3_mutex_enter(openssl_rand_mutex
);
200 CODEC_TRACE_MUTEX("sqlcipher_openssl_random: entered openssl_rand_mutex %p", openssl_rand_mutex
);
202 rc
= RAND_bytes((unsigned char *)buffer
, length
);
203 #ifndef SQLCIPHER_OPENSSL_NO_MUTEX_RAND
204 CODEC_TRACE_MUTEX("sqlcipher_openssl_random: leaving openssl_rand_mutex %p", openssl_rand_mutex
);
205 sqlite3_mutex_leave(openssl_rand_mutex
);
206 CODEC_TRACE_MUTEX("sqlcipher_openssl_random: left openssl_rand_mutex %p", openssl_rand_mutex
);
208 return (rc
== 1) ? SQLITE_OK
: SQLITE_ERROR
;
211 static int sqlcipher_openssl_hmac(void *ctx
, int algorithm
, unsigned char *hmac_key
, int key_sz
, unsigned char *in
, int in_sz
, unsigned char *in2
, int in2_sz
, unsigned char *out
) {
214 HMAC_CTX
* hctx
= NULL
;
216 if(in
== NULL
) goto error
;
218 hctx
= HMAC_CTX_new();
219 if(hctx
== NULL
) goto error
;
222 case SQLCIPHER_HMAC_SHA1
:
223 if(!HMAC_Init_ex(hctx
, hmac_key
, key_sz
, EVP_sha1(), NULL
)) goto error
;
225 case SQLCIPHER_HMAC_SHA256
:
226 if(!HMAC_Init_ex(hctx
, hmac_key
, key_sz
, EVP_sha256(), NULL
)) goto error
;
228 case SQLCIPHER_HMAC_SHA512
:
229 if(!HMAC_Init_ex(hctx
, hmac_key
, key_sz
, EVP_sha512(), NULL
)) goto error
;
235 if(!HMAC_Update(hctx
, in
, in_sz
)) goto error
;
237 if(!HMAC_Update(hctx
, in2
, in2_sz
)) goto error
;
239 if(!HMAC_Final(hctx
, out
, &outlen
)) goto error
;
245 if(hctx
) HMAC_CTX_free(hctx
);
249 static int sqlcipher_openssl_kdf(void *ctx
, int algorithm
, const unsigned char *pass
, int pass_sz
, unsigned char* salt
, int salt_sz
, int workfactor
, int key_sz
, unsigned char *key
) {
253 case SQLCIPHER_HMAC_SHA1
:
254 if(!PKCS5_PBKDF2_HMAC((const char *)pass
, pass_sz
, salt
, salt_sz
, workfactor
, EVP_sha1(), key_sz
, key
)) goto error
;
256 case SQLCIPHER_HMAC_SHA256
:
257 if(!PKCS5_PBKDF2_HMAC((const char *)pass
, pass_sz
, salt
, salt_sz
, workfactor
, EVP_sha256(), key_sz
, key
)) goto error
;
259 case SQLCIPHER_HMAC_SHA512
:
260 if(!PKCS5_PBKDF2_HMAC((const char *)pass
, pass_sz
, salt
, salt_sz
, workfactor
, EVP_sha512(), key_sz
, key
)) goto error
;
273 static int sqlcipher_openssl_cipher(void *ctx
, int mode
, unsigned char *key
, int key_sz
, unsigned char *iv
, unsigned char *in
, int in_sz
, unsigned char *out
) {
274 int tmp_csz
, csz
, rc
= SQLITE_OK
;
275 EVP_CIPHER_CTX
* ectx
= EVP_CIPHER_CTX_new();
276 if(ectx
== NULL
) goto error
;
277 if(!EVP_CipherInit_ex(ectx
, ((openssl_ctx
*)ctx
)->evp_cipher
, NULL
, NULL
, NULL
, mode
)) goto error
;
278 if(!EVP_CIPHER_CTX_set_padding(ectx
, 0)) goto error
; /* no padding */
279 if(!EVP_CipherInit_ex(ectx
, NULL
, NULL
, key
, iv
, mode
)) goto error
;
280 if(!EVP_CipherUpdate(ectx
, out
, &tmp_csz
, in
, in_sz
)) goto error
;
283 if(!EVP_CipherFinal_ex(ectx
, out
, &tmp_csz
)) goto error
;
285 assert(in_sz
== csz
);
291 if(ectx
) EVP_CIPHER_CTX_free(ectx
);
295 static const char* sqlcipher_openssl_get_cipher(void *ctx
) {
296 return OBJ_nid2sn(EVP_CIPHER_nid(((openssl_ctx
*)ctx
)->evp_cipher
));
299 static int sqlcipher_openssl_get_key_sz(void *ctx
) {
300 return EVP_CIPHER_key_length(((openssl_ctx
*)ctx
)->evp_cipher
);
303 static int sqlcipher_openssl_get_iv_sz(void *ctx
) {
304 return EVP_CIPHER_iv_length(((openssl_ctx
*)ctx
)->evp_cipher
);
307 static int sqlcipher_openssl_get_block_sz(void *ctx
) {
308 return EVP_CIPHER_block_size(((openssl_ctx
*)ctx
)->evp_cipher
);
311 static int sqlcipher_openssl_get_hmac_sz(void *ctx
, int algorithm
) {
313 case SQLCIPHER_HMAC_SHA1
:
314 return EVP_MD_size(EVP_sha1());
316 case SQLCIPHER_HMAC_SHA256
:
317 return EVP_MD_size(EVP_sha256());
319 case SQLCIPHER_HMAC_SHA512
:
320 return EVP_MD_size(EVP_sha512());
327 static int sqlcipher_openssl_ctx_init(void **ctx
) {
330 *ctx
= sqlcipher_malloc(sizeof(openssl_ctx
));
331 if(*ctx
== NULL
) return SQLITE_NOMEM
;
332 sqlcipher_openssl_activate(*ctx
);
334 o_ctx
= (openssl_ctx
*)*ctx
;
335 o_ctx
->evp_cipher
= (EVP_CIPHER
*) EVP_get_cipherbyname(OPENSSL_CIPHER
);
336 return o_ctx
->evp_cipher
!= NULL
? SQLITE_OK
: SQLITE_ERROR
;
339 static int sqlcipher_openssl_ctx_free(void **ctx
) {
340 sqlcipher_openssl_deactivate(*ctx
);
341 sqlcipher_free(*ctx
, sizeof(openssl_ctx
));
345 static int sqlcipher_openssl_fips_status(void *ctx
) {
346 #ifdef SQLCIPHER_FIPS
353 static int sqlcipher_openssl_id(void *ctx
) {
357 static void* sqlcipher_openssl_status(void *ctx
) {
361 int sqlcipher_openssl_setup(sqlcipher_provider
*p
) {
362 p
->activate
= sqlcipher_openssl_activate
;
363 p
->deactivate
= sqlcipher_openssl_deactivate
;
364 p
->get_provider_name
= sqlcipher_openssl_get_provider_name
;
365 p
->random
= sqlcipher_openssl_random
;
366 p
->hmac
= sqlcipher_openssl_hmac
;
367 p
->kdf
= sqlcipher_openssl_kdf
;
368 p
->cipher
= sqlcipher_openssl_cipher
;
369 p
->get_cipher
= sqlcipher_openssl_get_cipher
;
370 p
->get_key_sz
= sqlcipher_openssl_get_key_sz
;
371 p
->get_iv_sz
= sqlcipher_openssl_get_iv_sz
;
372 p
->get_block_sz
= sqlcipher_openssl_get_block_sz
;
373 p
->get_hmac_sz
= sqlcipher_openssl_get_hmac_sz
;
374 p
->ctx_init
= sqlcipher_openssl_ctx_init
;
375 p
->ctx_free
= sqlcipher_openssl_ctx_free
;
376 p
->add_random
= sqlcipher_openssl_add_random
;
377 p
->fips_status
= sqlcipher_openssl_fips_status
;
378 p
->get_provider_version
= sqlcipher_openssl_get_provider_version
;
379 p
->id
= sqlcipher_openssl_id
;
380 p
->status
= sqlcipher_openssl_status
;