src/crypto_openssl.c

   1 #ifdef SQLCIPHER_CRYPTO_OPENSSL
   2 #include "sqliteInt.h"
   3 #include "crypto.h"
   4 #include "sqlcipher.h"
   5 #include <openssl/rand.h>
   6 #include <openssl/evp.h>
   7 #include <openssl/hmac.h>
   8
   9 typedef struct {
  10   EVP_CIPHER *evp_cipher;
  11 } openssl_ctx;
  12
  13
  14 static unsigned int openssl_external_init = 0;
  15 static unsigned int openssl_init_count = 0;
  16
  17
  18 static int sqlcipher_openssl_add_random(void *ctx, void *buffer, int length) {
  19   RAND_add(buffer, length, 0);
  20   return SQLITE_OK;
  21 }
  22
  23 /* activate and initialize sqlcipher. Most importantly, this will automatically
  24    intialize OpenSSL's EVP system if it hasn't already be externally. Note that
  25    this function may be called multiple times as new codecs are intiialized.
  26    Thus it performs some basic counting to ensure that only the last and final
  27    sqlcipher_openssl_deactivate() will free the EVP structures.
  28 */
  29 static int sqlcipher_openssl_activate(void *ctx) {
  30   /* we'll initialize openssl and increment the internal init counter
  31      but only if it hasn't been initalized outside of SQLCipher by this program
  32      e.g. on startup */
  33   if(openssl_init_count == 0 && EVP_get_cipherbyname(CIPHER) != NULL) {
  34     openssl_external_init = 1;
  35   }
  36
  37   if(openssl_external_init == 0) {
  38     if(openssl_init_count == 0)  {
  39       OpenSSL_add_all_algorithms();
  40     }
  41     openssl_init_count++;
  42   }
  43 }
  44
  45 /* deactivate SQLCipher, most imporantly decremeting the activation count and
  46    freeing the EVP structures on the final deactivation to ensure that
  47    OpenSSL memory is cleaned up */
  48 static int sqlcipher_openssl_deactivate(void *ctx) {
  49   sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
  50   /* If it is initialized externally, then the init counter should never be greater than zero.
  51      This should prevent SQLCipher from "cleaning up" openssl
  52      when something else in the program might be using it. */
  53   if(openssl_external_init == 0) {
  54     openssl_init_count--;
  55     /* if the counter reaches zero after it's decremented release EVP memory
  56        Note: this code will only be reached if OpensSSL_add_all_algorithms()
  57        is called by SQLCipher internally. */
  58     if(openssl_init_count == 0) {
  59       EVP_cleanup();
  60     }
  61   }
  62   sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
  63 }
  64
  65 static const char* sqlcipher_openssl_get_provider_name(void *ctx) {
  66   return "openssl";
  67 }
  68
  69 /* generate a defined number of random bytes */
  70 static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) {
  71   return (RAND_bytes((unsigned char *)buffer, length) == 1) ? SQLITE_OK : SQLITE_ERROR;
  72 }
  73
  74 static int sqlcipher_openssl_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
  75   HMAC_CTX hctx;
  76   int outlen;
  77   HMAC_CTX_init(&hctx);
  78   HMAC_Init_ex(&hctx, hmac_key, key_sz, EVP_sha1(), NULL);
  79   HMAC_Update(&hctx, in, in_sz);
  80   HMAC_Update(&hctx, in2, in2_sz);
  81   HMAC_Final(&hctx, out, &outlen);
  82   HMAC_CTX_cleanup(&hctx);
  83   return SQLITE_OK;
  84 }
  85
  86 static int sqlcipher_openssl_kdf(void *ctx, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
  87   unsigned long random_buffer_sz = 256;
  88   char random_buffer[random_buffer_sz];
  89
  90   PKCS5_PBKDF2_HMAC_SHA1(pass, pass_sz, salt, salt_sz, workfactor, key_sz, key);
  91   return SQLITE_OK;
  92 }
  93
  94 static int sqlcipher_openssl_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
  95   EVP_CIPHER_CTX ectx;
  96   int tmp_csz, csz;
  97
  98   EVP_CipherInit(&ectx, ((openssl_ctx *)ctx)->evp_cipher, NULL, NULL, mode);
  99   EVP_CIPHER_CTX_set_padding(&ectx, 0); // no padding
 100   EVP_CipherInit(&ectx, NULL, key, iv, mode);
 101   EVP_CipherUpdate(&ectx, out, &tmp_csz, in, in_sz);
 102   csz = tmp_csz;
 103   out += tmp_csz;
 104   EVP_CipherFinal(&ectx, out, &tmp_csz);
 105   csz += tmp_csz;
 106   EVP_CIPHER_CTX_cleanup(&ectx);
 107   assert(in_sz == csz);
 108   return SQLITE_OK;
 109 }
 110
 111 static int sqlcipher_openssl_set_cipher(void *ctx, const char *cipher_name) {
 112   openssl_ctx *o_ctx = (openssl_ctx *)ctx;
 113   o_ctx->evp_cipher = (EVP_CIPHER *) EVP_get_cipherbyname(cipher_name);
 114   return SQLITE_OK;
 115 }
 116
 117 static const char* sqlcipher_openssl_get_cipher(void *ctx) {
 118   return EVP_CIPHER_name(((openssl_ctx *)ctx)->evp_cipher);
 119 }
 120
 121 static int sqlcipher_openssl_get_key_sz(void *ctx) {
 122   return EVP_CIPHER_key_length(((openssl_ctx *)ctx)->evp_cipher);
 123 }
 124
 125 static int sqlcipher_openssl_get_iv_sz(void *ctx) {
 126   return EVP_CIPHER_iv_length(((openssl_ctx *)ctx)->evp_cipher);
 127 }
 128
 129 static int sqlcipher_openssl_get_block_sz(void *ctx) {
 130   return EVP_CIPHER_block_size(((openssl_ctx *)ctx)->evp_cipher);
 131 }
 132
 133 static int sqlcipher_openssl_get_hmac_sz(void *ctx) {
 134   return EVP_MD_size(EVP_sha1());
 135 }
 136
 137 static int sqlcipher_openssl_ctx_copy(void *target_ctx, void *source_ctx) {
 138   memcpy(target_ctx, source_ctx, sizeof(openssl_ctx));
 139   return SQLITE_OK;
 140 }
 141
 142 static int sqlcipher_openssl_ctx_cmp(void *c1, void *c2) {
 143   return ((openssl_ctx *)c1)->evp_cipher == ((openssl_ctx *)c2)->evp_cipher;
 144 }
 145
 146 static int sqlcipher_openssl_ctx_init(void **ctx) {
 147   *ctx = sqlcipher_malloc(sizeof(openssl_ctx));
 148   if(*ctx == NULL) return SQLITE_NOMEM;
 149   sqlcipher_openssl_activate(*ctx);
 150   return SQLITE_OK;
 151 }
 152
 153 static int sqlcipher_openssl_ctx_free(void **ctx) {
 154   sqlcipher_openssl_deactivate(*ctx);
 155   sqlcipher_free(*ctx, sizeof(openssl_ctx));
 156   return SQLITE_OK;
 157 }
 158
 159 int sqlcipher_openssl_setup(sqlcipher_provider *p) {
 160   p->activate = sqlcipher_openssl_activate;
 161   p->deactivate = sqlcipher_openssl_deactivate;
 162   p->get_provider_name = sqlcipher_openssl_get_provider_name;
 163   p->random = sqlcipher_openssl_random;
 164   p->hmac = sqlcipher_openssl_hmac;
 165   p->kdf = sqlcipher_openssl_kdf;
 166   p->cipher = sqlcipher_openssl_cipher;
 167   p->set_cipher = sqlcipher_openssl_set_cipher;
 168   p->get_cipher = sqlcipher_openssl_get_cipher;
 169   p->get_key_sz = sqlcipher_openssl_get_key_sz;
 170   p->get_iv_sz = sqlcipher_openssl_get_iv_sz;
 171   p->get_block_sz = sqlcipher_openssl_get_block_sz;
 172   p->get_hmac_sz = sqlcipher_openssl_get_hmac_sz;
 173   p->ctx_copy = sqlcipher_openssl_ctx_copy;
 174   p->ctx_cmp = sqlcipher_openssl_ctx_cmp;
 175   p->ctx_init = sqlcipher_openssl_ctx_init;
 176   p->ctx_free = sqlcipher_openssl_ctx_free;
 177   p->add_random = sqlcipher_openssl_add_random;
 178 }
 179
 180 #endif