src/crypto_nss.c

   1 /*
   2 ** SQLCipher
   3 ** http://sqlcipher.net
   4 **
   5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
   6 ** All rights reserved.
   7 **
   8 ** Redistribution and use in source and binary forms, with or without
   9 ** modification, are permitted provided that the following conditions are met:
  10 **     * Redistributions of source code must retain the above copyright
  11 **       notice, this list of conditions and the following disclaimer.
  12 **     * Redistributions in binary form must reproduce the above copyright
  13 **       notice, this list of conditions and the following disclaimer in the
  14 **       documentation and/or other materials provided with the distribution.
  15 **     * Neither the name of the ZETETIC LLC nor the
  16 **       names of its contributors may be used to endorse or promote products
  17 **       derived from this software without specific prior written permission.
  18 **
  19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
  20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
  23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
  26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29 **
  30 */
  31 /* BEGIN SQLCIPHER */
  32 #ifdef SQLITE_HAS_CODEC
  33 #ifdef SQLCIPHER_CRYPTO_NSS
  34 #include "crypto.h"
  35 #include "sqlcipher.h"
  36 #include <nss/blapit.h>
  37 #include <nss/nss.h>
  38 #include <nss/pk11pub.h>
  39
  40 static NSSInitContext* nss_init_context = NULL;
  41 static unsigned int nss_init_count = 0;
  42
  43 int sqlcipher_nss_setup(sqlcipher_provider *p);
  44
  45 static int sqlcipher_nss_activate(void *ctx) {
  46
  47   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  48   sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
  49   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  50   if (nss_init_context == NULL) {
  51     nss_init_context = NSS_InitContext("", "", "", "", NULL,
  52                         NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
  53                         NSS_INIT_FORCEOPEN | NSS_INIT_OPTIMIZESPACE | NSS_INIT_NOROOTINIT);
  54   }
  55   nss_init_count++;
  56   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  57   sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
  58   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  59   return SQLITE_OK;
  60 }
  61
  62 static int sqlcipher_nss_deactivate(void *ctx) {
  63   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  64   sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
  65   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  66
  67   nss_init_count--;
  68   if (nss_init_count == 0 && nss_init_context != NULL) {
  69     NSS_ShutdownContext(nss_init_context);
  70     nss_init_context = NULL;
  71   }
  72
  73   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  74   sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
  75   CODEC_TRACE_MUTEX("sqlcipher_nss_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
  76   return SQLITE_OK;
  77 }
  78
  79 static int sqlcipher_nss_add_random(void *ctx, void *buffer, int length) {
  80   return SQLITE_OK;
  81 }
  82
  83 /* generate a defined number of random bytes */
  84 static int sqlcipher_nss_random (void *ctx, void *buffer, int length) {
  85   // PK11_GenerateRandom should be thread-safe.
  86   return (PK11_GenerateRandom((unsigned char *)buffer, length) == SECSuccess) ? SQLITE_OK : SQLITE_ERROR;
  87 }
  88
  89 static const char* sqlcipher_nss_get_provider_name(void *ctx) {
  90   return "nss";
  91 }
  92
  93 static const char* sqlcipher_nss_get_provider_version(void *ctx) {
  94   return NSS_GetVersion();
  95 }
  96
  97 static const char* sqlcipher_nss_get_cipher(void *ctx) {
  98   return "aes-256-cbc";
  99 }
 100
 101 static int sqlcipher_nss_get_key_sz(void *ctx) {
 102   return AES_256_KEY_LENGTH;
 103 }
 104
 105 static int sqlcipher_nss_get_iv_sz(void *ctx) {
 106   return AES_BLOCK_SIZE;
 107 }
 108
 109 static int sqlcipher_nss_get_block_sz(void *ctx) {
 110   return AES_BLOCK_SIZE;
 111 }
 112
 113 static int sqlcipher_nss_get_hmac_sz(void *ctx, int algorithm) {
 114   switch(algorithm) {
 115     case SQLCIPHER_HMAC_SHA1:
 116       return SHA1_LENGTH;
 117       break;
 118     case SQLCIPHER_HMAC_SHA256:
 119       return SHA256_LENGTH;
 120       break;
 121     case SQLCIPHER_HMAC_SHA512:
 122       return SHA512_LENGTH;
 123       break;
 124     default:
 125       return 0;
 126   }
 127 }
 128
 129 static int sqlcipher_nss_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
 130   int rc = SQLITE_OK;
 131   unsigned int length;
 132   unsigned int outLen;
 133   PK11Context* context = NULL;
 134   PK11SlotInfo * slot = NULL;
 135   PK11SymKey* symKey = NULL;
 136   if(in == NULL) goto error;
 137   CK_MECHANISM_TYPE mech;
 138   switch(algorithm) {
 139     case SQLCIPHER_HMAC_SHA1:
 140       mech = CKM_SHA_1_HMAC;
 141       break;
 142     case SQLCIPHER_HMAC_SHA256:
 143       mech = CKM_SHA256_HMAC;
 144       break;
 145     case SQLCIPHER_HMAC_SHA512:
 146       mech = CKM_SHA512_HMAC;
 147       break;
 148     default:
 149       goto error;
 150   }
 151   length = sqlcipher_nss_get_hmac_sz(ctx, algorithm);
 152   slot = PK11_GetInternalSlot();
 153   if (slot == NULL) goto error;
 154   SECItem keyItem;
 155   keyItem.data = hmac_key;
 156   keyItem.len = key_sz;
 157   symKey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
 158                              CKA_SIGN, &keyItem, NULL);
 159   if (symKey == NULL) goto error;
 160   SECItem noParams;
 161   noParams.data = 0;
 162   noParams.len = 0;
 163   context = PK11_CreateContextBySymKey(mech, CKA_SIGN, symKey, &noParams);
 164   if (context == NULL) goto error;
 165   if (PK11_DigestBegin(context) != SECSuccess) goto error;
 166   if (PK11_DigestOp(context, in, in_sz) != SECSuccess) goto error;
 167   if (in2 != NULL) {
 168     if (PK11_DigestOp(context, in2, in2_sz) != SECSuccess) goto error;
 169   }
 170   if (PK11_DigestFinal(context, out, &outLen, length) != SECSuccess) goto error;
 171
 172   goto cleanup;
 173   error:
 174     rc = SQLITE_ERROR;
 175   cleanup:
 176     if (context) PK11_DestroyContext(context, PR_TRUE);
 177     if (symKey) PK11_FreeSymKey(symKey);
 178     if (slot) PK11_FreeSlot(slot);
 179     return rc;
 180 }
 181
 182 static int sqlcipher_nss_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
 183   int rc = SQLITE_OK;
 184   PK11SlotInfo * slot = NULL;
 185   SECAlgorithmID * algid = NULL;
 186   PK11SymKey* symKey = NULL;
 187   SECOidTag oidtag;
 188   switch(algorithm) {
 189     case SQLCIPHER_HMAC_SHA1:
 190       oidtag = SEC_OID_HMAC_SHA1;
 191       break;
 192     case SQLCIPHER_HMAC_SHA256:
 193       oidtag = SEC_OID_HMAC_SHA256;
 194       break;
 195     case SQLCIPHER_HMAC_SHA512:
 196       oidtag = SEC_OID_HMAC_SHA512;
 197       break;
 198     default:
 199       goto error;
 200   }
 201   SECItem secSalt;
 202   secSalt.data = salt;
 203   secSalt.len = salt_sz;
 204   // Always pass SEC_OID_HMAC_SHA1 (i.e. PBMAC1) as this parameter
 205   // is unused for key generation. It is currently only used
 206   // for PBKDF2 authentication or key (un)wrapping when specifying an
 207   // encryption algorithm (PBES2).
 208   algid = PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, SEC_OID_HMAC_SHA1,
 209                                       oidtag, key_sz, workfactor, &secSalt);
 210   if (algid == NULL) goto error;
 211   slot = PK11_GetInternalSlot();
 212   if (slot == NULL) goto error;
 213   SECItem pwItem;
 214   pwItem.data = (unsigned char *) pass; // PK11_PBEKeyGen doesn't modify the key.
 215   pwItem.len = pass_sz;
 216   symKey = PK11_PBEKeyGen(slot, algid, &pwItem, PR_FALSE, NULL);
 217   if (symKey == NULL) goto error;
 218   if (PK11_ExtractKeyValue(symKey) != SECSuccess) goto error;
 219   // No need to free keyData as it is a buffer managed by symKey.
 220   SECItem* keyData = PK11_GetKeyData(symKey);
 221   if (keyData == NULL) goto error;
 222   memcpy(key, keyData->data, key_sz);
 223
 224   goto cleanup;
 225   error:
 226     rc = SQLITE_ERROR;
 227   cleanup:
 228     if (slot) PK11_FreeSlot(slot);
 229     if (algid) SECOID_DestroyAlgorithmID(algid, PR_TRUE);
 230     if (symKey) PK11_FreeSymKey(symKey);
 231     return rc;
 232 }
 233
 234 static int sqlcipher_nss_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
 235   int rc = SQLITE_OK;
 236   PK11SlotInfo * slot = NULL;
 237   PK11SymKey* symKey = NULL;
 238   unsigned int outLen;
 239   SECItem params;
 240   params.data = iv;
 241   params.len = sqlcipher_nss_get_iv_sz(ctx);
 242   slot = PK11_GetInternalSlot();
 243   if (slot == NULL) goto error;
 244   SECItem keyItem;
 245   keyItem.data = key;
 246   keyItem.len = key_sz;
 247   symKey = PK11_ImportSymKey(slot, CKM_AES_CBC, PK11_OriginUnwrap,
 248                              CKA_ENCRYPT, &keyItem, NULL);
 249   if (symKey == NULL) goto error;
 250   SECStatus rv;
 251   if (mode == CIPHER_ENCRYPT) {
 252     rv = PK11_Encrypt(symKey, CKM_AES_CBC, &params, out, &outLen,
 253                       in_sz + 16, in, in_sz);
 254   } else {
 255     rv = PK11_Decrypt(symKey, CKM_AES_CBC, &params, out, &outLen,
 256                       in_sz + 16, in, in_sz);
 257   }
 258   if (rv != SECSuccess) goto error;
 259
 260   goto cleanup;
 261   error:
 262     rc = SQLITE_ERROR;
 263   cleanup:
 264     if (slot) PK11_FreeSlot(slot);
 265     if (symKey) PK11_FreeSymKey(symKey);
 266     return rc;
 267 }
 268
 269 static int sqlcipher_nss_ctx_init(void **ctx) {
 270   sqlcipher_nss_activate(NULL);
 271   return SQLITE_OK;
 272 }
 273
 274 static int sqlcipher_nss_ctx_free(void **ctx) {
 275   sqlcipher_nss_deactivate(NULL);
 276   return SQLITE_OK;
 277 }
 278
 279 static int sqlcipher_nss_fips_status(void *ctx) {
 280   return 0;
 281 }
 282
 283 int sqlcipher_nss_setup(sqlcipher_provider *p) {
 284   p->activate = sqlcipher_nss_activate;
 285   p->deactivate = sqlcipher_nss_deactivate;
 286   p->random = sqlcipher_nss_random;
 287   p->get_provider_name = sqlcipher_nss_get_provider_name;
 288   p->hmac = sqlcipher_nss_hmac;
 289   p->kdf = sqlcipher_nss_kdf;
 290   p->cipher = sqlcipher_nss_cipher;
 291   p->get_cipher = sqlcipher_nss_get_cipher;
 292   p->get_key_sz = sqlcipher_nss_get_key_sz;
 293   p->get_iv_sz = sqlcipher_nss_get_iv_sz;
 294   p->get_block_sz = sqlcipher_nss_get_block_sz;
 295   p->get_hmac_sz = sqlcipher_nss_get_hmac_sz;
 296   p->ctx_init = sqlcipher_nss_ctx_init;
 297   p->ctx_free = sqlcipher_nss_ctx_free;
 298   p->add_random = sqlcipher_nss_add_random;
 299   p->fips_status = sqlcipher_nss_fips_status;
 300   p->get_provider_version = sqlcipher_nss_get_provider_version;
 301   return SQLITE_OK;
 302 }
 303
 304 #endif
 305 #endif
 306 /* END SQLCIPHER */