search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
skip PAGER_MJ_PGNO during cipher_integrity_check
[sqlcipher.git] / src / crypto_impl.c
blob8b024de5edc6bcbd2780b61dd00f79f328558bf0
1 /*
2 ** SQLCipher
3 ** http://sqlcipher.net
4 **
5 ** Copyright (c) 2008 - 2013, ZETETIC LLC
6 ** All rights reserved.
7 **
8 ** Redistribution and use in source and binary forms, with or without
9 ** modification, are permitted provided that the following conditions are met:
10 ** * Redistributions of source code must retain the above copyright
11 ** notice, this list of conditions and the following disclaimer.
12 ** * Redistributions in binary form must reproduce the above copyright
13 ** notice, this list of conditions and the following disclaimer in the
14 ** documentation and/or other materials provided with the distribution.
15 ** * Neither the name of the ZETETIC LLC nor the
16 ** names of its contributors may be used to endorse or promote products
17 ** derived from this software without specific prior written permission.
18 **
19 ** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
20 ** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
21 ** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22 ** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
23 ** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
24 ** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 ** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
26 ** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 ** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28 ** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 **
30 */
31 /* BEGIN SQLCIPHER */
32 #ifdef SQLITE_HAS_CODEC
33
34 #include "sqlcipher.h"
35 #include "crypto.h"
36 #ifndef OMIT_MEMLOCK
37 #if defined(__unix__) || defined(__APPLE__) || defined(_AIX)
38 #include <errno.h>
39 #include <unistd.h>
40 #include <sys/resource.h>
41 #include <sys/mman.h>
42 #elif defined(_WIN32)
43 #include <windows.h>
44 #endif
45 #endif
46
47 static volatile unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
48 static volatile unsigned char hmac_salt_mask = HMAC_SALT_MASK;
49 static volatile int default_kdf_iter = PBKDF2_ITER;
50 static volatile int default_page_size = 4096;
51 static volatile int default_plaintext_header_sz = 0;
52 static volatile int default_hmac_algorithm = SQLCIPHER_HMAC_SHA512;
53 static volatile int default_kdf_algorithm = SQLCIPHER_PBKDF2_HMAC_SHA512;
54 static volatile int mem_security_on = 1;
55 static volatile int mem_security_initialized = 0;
56 static volatile int mem_security_activated = 0;
57 static volatile unsigned int sqlcipher_activate_count = 0;
58 static volatile sqlite3_mem_methods default_mem_methods;
59 static sqlcipher_provider *default_provider = NULL;
60
61 static sqlite3_mutex* sqlcipher_static_mutex[SQLCIPHER_MUTEX_COUNT];
62
63 sqlite3_mutex* sqlcipher_mutex(int mutex) {
64 if(mutex < 0 || mutex >= SQLCIPHER_MUTEX_COUNT) return NULL;
65 return sqlcipher_static_mutex[mutex];
66 }
67
68 static int sqlcipher_mem_init(void *pAppData) {
69 return default_mem_methods.xInit(pAppData);
70 }
71 static void sqlcipher_mem_shutdown(void *pAppData) {
72 default_mem_methods.xShutdown(pAppData);
73 }
74 static void *sqlcipher_mem_malloc(int n) {
75 void *ptr = default_mem_methods.xMalloc(n);
76 if(mem_security_on) {
77 CODEC_TRACE_MEMORY("sqlcipher_mem_malloc: calling sqlcipher_mlock(%p,%d)\n", ptr, n);
78 sqlcipher_mlock(ptr, n);
79 if(!mem_security_activated) mem_security_activated = 1;
80 }
81 return ptr;
82 }
83 static int sqlcipher_mem_size(void *p) {
84 return default_mem_methods.xSize(p);
85 }
86 static void sqlcipher_mem_free(void *p) {
87 int sz;
88 if(mem_security_on) {
89 sz = sqlcipher_mem_size(p);
90 CODEC_TRACE_MEMORY("sqlcipher_mem_free: calling sqlcipher_memset(%p,0,%d) and sqlcipher_munlock(%p, %d) \n", p, sz, p, sz);
91 sqlcipher_memset(p, 0, sz);
92 sqlcipher_munlock(p, sz);
93 if(!mem_security_activated) mem_security_activated = 1;
94 }
95 default_mem_methods.xFree(p);
96 }
97 static void *sqlcipher_mem_realloc(void *p, int n) {
98 return default_mem_methods.xRealloc(p, n);
99 }
100 static int sqlcipher_mem_roundup(int n) {
101 return default_mem_methods.xRoundup(n);
102 }
103
104 static sqlite3_mem_methods sqlcipher_mem_methods = {
105 sqlcipher_mem_malloc,
106 sqlcipher_mem_free,
107 sqlcipher_mem_realloc,
108 sqlcipher_mem_size,
109 sqlcipher_mem_roundup,
110 sqlcipher_mem_init,
111 sqlcipher_mem_shutdown,
112 0
113 };
114
115 void sqlcipher_init_memmethods() {
116 if(mem_security_initialized) return;
117 if(sqlite3_config(SQLITE_CONFIG_GETMALLOC, &default_mem_methods) != SQLITE_OK ||
118 sqlite3_config(SQLITE_CONFIG_MALLOC, &sqlcipher_mem_methods) != SQLITE_OK) {
119 mem_security_on = mem_security_activated = 0;
120 }
121 mem_security_initialized = 1;
122 }
123
124 int sqlcipher_register_provider(sqlcipher_provider *p) {
125 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entering SQLCIPHER_MUTEX_PROVIDER\n");
126 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
127 CODEC_TRACE_MUTEX("sqlcipher_register_provider: entered SQLCIPHER_MUTEX_PROVIDER\n");
128
129 if(default_provider != NULL && default_provider != p) {
130 /* only free the current registerd provider if it has been initialized
131 and it isn't a pointer to the same provider passed to the function
132 (i.e. protect against a caller calling register twice for the same provider) */
133 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
134 }
135 default_provider = p;
136 CODEC_TRACE_MUTEX("sqlcipher_register_provider: leaving SQLCIPHER_MUTEX_PROVIDER\n");
137 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
138 CODEC_TRACE_MUTEX("sqlcipher_register_provider: left SQLCIPHER_MUTEX_PROVIDER\n");
139
140 return SQLITE_OK;
141 }
142
143 /* return a pointer to the currently registered provider. This will
144 allow an application to fetch the current registered provider and
145 make minor changes to it */
146 sqlcipher_provider* sqlcipher_get_provider() {
147 return default_provider;
148 }
149
150 void sqlcipher_activate() {
151 CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
152 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
153 CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
154
155 /* allocate new mutexes */
156 if(sqlcipher_activate_count == 0) {
157 int i;
158 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
159 sqlcipher_static_mutex[i] = sqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
160 }
161 }
162
163 /* check to see if there is a provider registered at this point
164 if there no provider registered at this point, register the
165 default provider */
166 if(sqlcipher_get_provider() == NULL) {
167 sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
168 #if defined (SQLCIPHER_CRYPTO_CC)
169 extern int sqlcipher_cc_setup(sqlcipher_provider *p);
170 sqlcipher_cc_setup(p);
171 #elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
172 extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
173 sqlcipher_ltc_setup(p);
174 #elif defined (SQLCIPHER_CRYPTO_NSS)
175 extern int sqlcipher_nss_setup(sqlcipher_provider *p);
176 sqlcipher_nss_setup(p);
177 #elif defined (SQLCIPHER_CRYPTO_OPENSSL)
178 extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
179 sqlcipher_openssl_setup(p);
180 #else
181 #error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
182 #endif
183 CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
184 #ifdef SQLCIPHER_EXT
185 sqlcipher_ext_provider_setup(p);
186 #endif
187 sqlcipher_register_provider(p);
188 CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
189 }
190
191 sqlcipher_activate_count++; /* increment activation count */
192
193 CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
194 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
195 CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
196 }
197
198 void sqlcipher_deactivate() {
199 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n");
200 sqlite3_mutex_enter(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
201 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered static master mutex\n");
202
203 sqlcipher_activate_count--;
204 /* if no connections are using sqlcipher, cleanup globals */
205 if(sqlcipher_activate_count < 1) {
206
207 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering SQLCIPHER_MUTEX_PROVIDER\n");
208 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
209 CODEC_TRACE_MUTEX("sqlcipher_deactivate: entered SQLCIPHER_MUTEX_PROVIDER\n");
210
211 if(default_provider != NULL) {
212 sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
213 default_provider = NULL;
214 }
215
216 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER\n");
217 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
218 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left SQLCIPHER_MUTEX_PROVIDER\n");
219
220 #ifdef SQLCIPHER_EXT
221 sqlcipher_ext_provider_destroy();
222 #endif
223
224 /* last connection closed, free mutexes */
225 if(sqlcipher_activate_count == 0) {
226 int i;
227 for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
228 sqlite3_mutex_free(sqlcipher_static_mutex[i]);
229 }
230 }
231 sqlcipher_activate_count = 0; /* reset activation count */
232 }
233
234 CODEC_TRACE_MUTEX("sqlcipher_deactivate: leaving static master mutex\n");
235 sqlite3_mutex_leave(sqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
236 CODEC_TRACE_MUTEX("sqlcipher_deactivate: left static master mutex\n");
237 }
238
239 /* constant time memset using volitile to avoid having the memset
240 optimized out by the compiler.
241 Note: As suggested by Joachim Schipper (joachim.schipper@fox-it.com)
242 */
243 void* sqlcipher_memset(void *v, unsigned char value, u64 len) {
244 u64 i = 0;
245 volatile unsigned char *a = v;
246
247 if (v == NULL) return v;
248
249 CODEC_TRACE_MEMORY("sqlcipher_memset: setting %p[0-%llu]=%d)\n", a, len, value);
250 for(i = 0; i < len; i++) {
251 a[i] = value;
252 }
253
254 return v;
255 }
256
257 /* constant time memory check tests every position of a memory segement
258 matches a single value (i.e. the memory is all zeros)
259 returns 0 if match, 1 of no match */
260 int sqlcipher_ismemset(const void *v, unsigned char value, u64 len) {
261 const unsigned char *a = v;
262 u64 i = 0, result = 0;
263
264 for(i = 0; i < len; i++) {
265 result |= a[i] ^ value;
266 }
267
268 return (result != 0);
269 }
270
271 /* constant time memory comparison routine.
272 returns 0 if match, 1 if no match */
273 int sqlcipher_memcmp(const void *v0, const void *v1, int len) {
274 const unsigned char *a0 = v0, *a1 = v1;
275 int i = 0, result = 0;
276
277 for(i = 0; i < len; i++) {
278 result |= a0[i] ^ a1[i];
279 }
280
281 return (result != 0);
282 }
283
284 void sqlcipher_mlock(void *ptr, u64 sz) {
285 #ifndef OMIT_MEMLOCK
286 #if defined(__unix__) || defined(__APPLE__)
287 int rc;
288 unsigned long pagesize = sysconf(_SC_PAGESIZE);
289 unsigned long offset = (unsigned long) ptr % pagesize;
290
291 if(ptr == NULL || sz == 0) return;
292
293 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: calling mlock(%p,%lu); _SC_PAGESIZE=%lu\n", ptr - offset, sz + offset, pagesize);
294 rc = mlock(ptr - offset, sz + offset);
295 if(rc!=0) {
296 CODEC_TRACE_MEMORY("sqlcipher_mem_lock: mlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
297 }
298 #elif defined(_WIN32)
299 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
300 int rc;
301 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualLock(%p,%d)\n", ptr, sz);
302 rc = VirtualLock(ptr, sz);
303 if(rc==0) {
304 CODEC_TRACE("sqlcipher_mem_lock: VirtualLock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
305 }
306 #endif
307 #endif
308 #endif
309 }
310
311 void sqlcipher_munlock(void *ptr, u64 sz) {
312 #ifndef OMIT_MEMLOCK
313 #if defined(__unix__) || defined(__APPLE__)
314 int rc;
315 unsigned long pagesize = sysconf(_SC_PAGESIZE);
316 unsigned long offset = (unsigned long) ptr % pagesize;
317
318 if(ptr == NULL || sz == 0) return;
319
320 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: calling munlock(%p,%lu)\n", ptr - offset, sz + offset);
321 rc = munlock(ptr - offset, sz + offset);
322 if(rc!=0) {
323 CODEC_TRACE_MEMORY("sqlcipher_mem_unlock: munlock(%p,%lu) returned %d errno=%d\n", ptr - offset, sz + offset, rc, errno);
324 }
325 #elif defined(_WIN32)
326 #if !(defined(WINAPI_FAMILY) && (WINAPI_FAMILY == WINAPI_FAMILY_PHONE_APP || WINAPI_FAMILY == WINAPI_FAMILY_APP))
327 int rc;
328 CODEC_TRACE("sqlcipher_mem_lock: calling VirtualUnlock(%p,%d)\n", ptr, sz);
329 rc = VirtualUnlock(ptr, sz);
330 if(!rc) {
331 CODEC_TRACE("sqlcipher_mem_unlock: VirtualUnlock(%p,%d) returned %d LastError=%d\n", ptr, sz, rc, GetLastError());
332 }
333 #endif
334 #endif
335 #endif
336 }
337
338 /**
339 * Free and wipe memory. Uses SQLites internal sqlite3_free so that memory
340 * can be countend and memory leak detection works in the test suite.
341 * If ptr is not null memory will be freed.
342 * If sz is greater than zero, the memory will be overwritten with zero before it is freed
343 * If sz is > 0, and not compiled with OMIT_MEMLOCK, system will attempt to unlock the
344 * memory segment so it can be paged
345 */
346 void sqlcipher_free(void *ptr, u64 sz) {
347 CODEC_TRACE_MEMORY("sqlcipher_free: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
348 sqlcipher_memset(ptr, 0, sz);
349 sqlcipher_munlock(ptr, sz);
350 sqlite3_free(ptr);
351 }
352
353 /**
354 * allocate memory. Uses sqlite's internall malloc wrapper so memory can be
355 * reference counted and leak detection works. Unless compiled with OMIT_MEMLOCK
356 * attempts to lock the memory pages so sensitive information won't be swapped
357 */
358 void* sqlcipher_malloc(u64 sz) {
359 void *ptr;
360 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlite3Malloc(%llu)\n", sz);
361 ptr = sqlite3Malloc(sz);
362 CODEC_TRACE_MEMORY("sqlcipher_malloc: calling sqlcipher_memset(%p,0,%llu)\n", ptr, sz);
363 sqlcipher_memset(ptr, 0, sz);
364 sqlcipher_mlock(ptr, sz);
365 return ptr;
366 }
367
368 char* sqlcipher_version() {
369 #ifdef CIPHER_VERSION_QUALIFIER
370 char *version = sqlite3_mprintf("%s %s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_QUALIFIER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
371 #else
372 char *version = sqlite3_mprintf("%s %s", CIPHER_XSTR(CIPHER_VERSION_NUMBER), CIPHER_XSTR(CIPHER_VERSION_BUILD));
373 #endif
374 return version;
375 }
376
377 /**
378 * Initialize new cipher_ctx struct. This function will allocate memory
379 * for the cipher context and for the key
380 *
381 * returns SQLITE_OK if initialization was successful
382 * returns SQLITE_NOMEM if an error occured allocating memory
383 */
384 static int sqlcipher_cipher_ctx_init(codec_ctx *ctx, cipher_ctx **iCtx) {
385 cipher_ctx *c_ctx;
386 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating context\n");
387 *iCtx = (cipher_ctx *) sqlcipher_malloc(sizeof(cipher_ctx));
388 c_ctx = *iCtx;
389 if(c_ctx == NULL) return SQLITE_NOMEM;
390
391 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating key\n");
392 c_ctx->key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
393
394 CODEC_TRACE("sqlcipher_cipher_ctx_init: allocating hmac_key\n");
395 c_ctx->hmac_key = (unsigned char *) sqlcipher_malloc(ctx->key_sz);
396
397 if(c_ctx->key == NULL) return SQLITE_NOMEM;
398 if(c_ctx->hmac_key == NULL) return SQLITE_NOMEM;
399
400 return SQLITE_OK;
401 }
402
403 /**
404 * Free and wipe memory associated with a cipher_ctx
405 */
406 static void sqlcipher_cipher_ctx_free(codec_ctx* ctx, cipher_ctx **iCtx) {
407 cipher_ctx *c_ctx = *iCtx;
408 CODEC_TRACE("cipher_ctx_free: entered iCtx=%p\n", iCtx);
409 sqlcipher_free(c_ctx->key, ctx->key_sz);
410 sqlcipher_free(c_ctx->hmac_key, ctx->key_sz);
411 sqlcipher_free(c_ctx->pass, c_ctx->pass_sz);
412 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
413 sqlcipher_free(c_ctx, sizeof(cipher_ctx));
414 }
415
416 static int sqlcipher_codec_ctx_reserve_setup(codec_ctx *ctx) {
417 int base_reserve = ctx->iv_sz; /* base reserve size will be IV only */
418 int reserve = base_reserve;
419
420 ctx->hmac_sz = ctx->provider->get_hmac_sz(ctx->provider_ctx, ctx->hmac_algorithm);
421
422 if(sqlcipher_codec_ctx_get_use_hmac(ctx))
423 reserve += ctx->hmac_sz; /* if reserve will include hmac, update that size */
424
425 /* calculate the amount of reserve needed in even increments of the cipher block size */
426 reserve = ((reserve % ctx->block_sz) == 0) ? reserve :
427 ((reserve / ctx->block_sz) + 1) * ctx->block_sz;
428
429 CODEC_TRACE("sqlcipher_codec_ctx_reserve_setup: base_reserve=%d block_sz=%d md_size=%d reserve=%d\n",
430 base_reserve, ctx->block_sz, ctx->hmac_sz, reserve);
431
432 ctx->reserve_sz = reserve;
433
434 return SQLITE_OK;
435 }
436
437 /**
438 * Compare one cipher_ctx to another.
439 *
440 * returns 0 if all the parameters (except the derived key data) are the same
441 * returns 1 otherwise
442 */
443 static int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
444 int are_equal = (
445 c1->pass_sz == c2->pass_sz
446 && (
447 c1->pass == c2->pass
448 || !sqlcipher_memcmp((const unsigned char*)c1->pass,
449 (const unsigned char*)c2->pass,
450 c1->pass_sz)
451 ));
452
453 CODEC_TRACE("sqlcipher_cipher_ctx_cmp: entered \
454 c1=%p c2=%p \
455 c1->pass_sz=%d c2->pass_sz=%d \
456 c1->pass=%p c2->pass=%p \
457 c1->pass=%s c2->pass=%s \
458 sqlcipher_memcmp=%d \
459 are_equal=%d \
460 \n",
461 c1, c2,
462 c1->pass_sz, c2->pass_sz,
463 c1->pass, c2->pass,
464 c1->pass, c2->pass,
465 (c1->pass == NULL || c2->pass == NULL)
466 ? -1 : sqlcipher_memcmp(
467 (const unsigned char*)c1->pass,
468 (const unsigned char*)c2->pass,
469 c1->pass_sz),
470 are_equal
471 );
472
473 return !are_equal; /* return 0 if they are the same, 1 otherwise */
474 }
475
476 /**
477 * Copy one cipher_ctx to another. For instance, assuming that read_ctx is a
478 * fully initialized context, you could copy it to write_ctx and all yet data
479 * and pass information across
480 *
481 * returns SQLITE_OK if initialization was successful
482 * returns SQLITE_NOMEM if an error occured allocating memory
483 */
484 static int sqlcipher_cipher_ctx_copy(codec_ctx *ctx, cipher_ctx *target, cipher_ctx *source) {
485 void *key = target->key;
486 void *hmac_key = target->hmac_key;
487
488 CODEC_TRACE("sqlcipher_cipher_ctx_copy: entered target=%p, source=%p\n", target, source);
489 sqlcipher_free(target->pass, target->pass_sz);
490 sqlcipher_free(target->keyspec, ctx->keyspec_sz);
491 memcpy(target, source, sizeof(cipher_ctx));
492
493 target->key = key; /* restore pointer to previously allocated key data */
494 memcpy(target->key, source->key, ctx->key_sz);
495
496 target->hmac_key = hmac_key; /* restore pointer to previously allocated hmac key data */
497 memcpy(target->hmac_key, source->hmac_key, ctx->key_sz);
498
499 if(source->pass && source->pass_sz) {
500 target->pass = sqlcipher_malloc(source->pass_sz);
501 if(target->pass == NULL) return SQLITE_NOMEM;
502 memcpy(target->pass, source->pass, source->pass_sz);
503 }
504 if(source->keyspec) {
505 target->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
506 if(target->keyspec == NULL) return SQLITE_NOMEM;
507 memcpy(target->keyspec, source->keyspec, ctx->keyspec_sz);
508 }
509 return SQLITE_OK;
510 }
511
512 /**
513 * Set the keyspec for the cipher_ctx
514 *
515 * returns SQLITE_OK if assignment was successfull
516 * returns SQLITE_NOMEM if an error occured allocating memory
517 */
518 static int sqlcipher_cipher_ctx_set_keyspec(codec_ctx *ctx, cipher_ctx *c_ctx, const unsigned char *key) {
519 /* free, zero existing pointers and size */
520 sqlcipher_free(c_ctx->keyspec, ctx->keyspec_sz);
521 c_ctx->keyspec = NULL;
522
523 c_ctx->keyspec = sqlcipher_malloc(ctx->keyspec_sz);
524 if(c_ctx->keyspec == NULL) return SQLITE_NOMEM;
525
526 c_ctx->keyspec[0] = 'x';
527 c_ctx->keyspec[1] = '\'';
528 cipher_bin2hex(key, ctx->key_sz, c_ctx->keyspec + 2);
529 cipher_bin2hex(ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->keyspec + (ctx->key_sz * 2) + 2);
530 c_ctx->keyspec[ctx->keyspec_sz - 1] = '\'';
531 return SQLITE_OK;
532 }
533
534 int sqlcipher_codec_get_store_pass(codec_ctx *ctx) {
535 return ctx->store_pass;
536 }
537
538 void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value) {
539 ctx->store_pass = value;
540 }
541
542 void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey) {
543 *zKey = ctx->read_ctx->pass;
544 *nKey = ctx->read_ctx->pass_sz;
545 }
546
547 static void sqlcipher_set_derive_key(codec_ctx *ctx, int derive) {
548 if(ctx->read_ctx != NULL) ctx->read_ctx->derive_key = 1;
549 if(ctx->write_ctx != NULL) ctx->write_ctx->derive_key = 1;
550 }
551
552 /**
553 * Set the passphrase for the cipher_ctx
554 *
555 * returns SQLITE_OK if assignment was successfull
556 * returns SQLITE_NOMEM if an error occured allocating memory
557 */
558 static int sqlcipher_cipher_ctx_set_pass(cipher_ctx *ctx, const void *zKey, int nKey) {
559 /* free, zero existing pointers and size */
560 sqlcipher_free(ctx->pass, ctx->pass_sz);
561 ctx->pass = NULL;
562 ctx->pass_sz = 0;
563
564 if(zKey && nKey) { /* if new password is provided, copy it */
565 ctx->pass_sz = nKey;
566 ctx->pass = sqlcipher_malloc(nKey);
567 if(ctx->pass == NULL) return SQLITE_NOMEM;
568 memcpy(ctx->pass, zKey, nKey);
569 }
570 return SQLITE_OK;
571 }
572
573 int sqlcipher_codec_ctx_set_pass(codec_ctx *ctx, const void *zKey, int nKey, int for_ctx) {
574 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
575 int rc;
576
577 if((rc = sqlcipher_cipher_ctx_set_pass(c_ctx, zKey, nKey)) != SQLITE_OK) return rc;
578 c_ctx->derive_key = 1;
579
580 if(for_ctx == 2)
581 if((rc = sqlcipher_cipher_ctx_copy(ctx, for_ctx ? ctx->read_ctx : ctx->write_ctx, c_ctx)) != SQLITE_OK)
582 return rc;
583
584 return SQLITE_OK;
585 }
586
587 const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx) {
588 return ctx->provider->get_cipher(ctx->provider_ctx);
589 }
590
591 /* set the global default KDF iteration */
592 void sqlcipher_set_default_kdf_iter(int iter) {
593 default_kdf_iter = iter;
594 }
595
596 int sqlcipher_get_default_kdf_iter() {
597 return default_kdf_iter;
598 }
599
600 int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter) {
601 ctx->kdf_iter = kdf_iter;
602 sqlcipher_set_derive_key(ctx, 1);
603 return SQLITE_OK;
604 }
605
606 int sqlcipher_codec_ctx_get_kdf_iter(codec_ctx *ctx) {
607 return ctx->kdf_iter;
608 }
609
610 int sqlcipher_codec_ctx_set_fast_kdf_iter(codec_ctx *ctx, int fast_kdf_iter) {
611 ctx->fast_kdf_iter = fast_kdf_iter;
612 sqlcipher_set_derive_key(ctx, 1);
613 return SQLITE_OK;
614 }
615
616 int sqlcipher_codec_ctx_get_fast_kdf_iter(codec_ctx *ctx) {
617 return ctx->fast_kdf_iter;
618 }
619
620 /* set the global default flag for HMAC */
621 void sqlcipher_set_default_use_hmac(int use) {
622 if(use) default_flags |= CIPHER_FLAG_HMAC;
623 else default_flags &= ~CIPHER_FLAG_HMAC;
624 }
625
626 int sqlcipher_get_default_use_hmac() {
627 return (default_flags & CIPHER_FLAG_HMAC) != 0;
628 }
629
630 void sqlcipher_set_hmac_salt_mask(unsigned char mask) {
631 hmac_salt_mask = mask;
632 }
633
634 unsigned char sqlcipher_get_hmac_salt_mask() {
635 return hmac_salt_mask;
636 }
637
638 /* set the codec flag for whether this individual database should be using hmac */
639 int sqlcipher_codec_ctx_set_use_hmac(codec_ctx *ctx, int use) {
640 if(use) {
641 sqlcipher_codec_ctx_set_flag(ctx, CIPHER_FLAG_HMAC);
642 } else {
643 sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_HMAC);
644 }
645
646 return sqlcipher_codec_ctx_reserve_setup(ctx);
647 }
648
649 int sqlcipher_codec_ctx_get_use_hmac(codec_ctx *ctx) {
650 return (ctx->flags & CIPHER_FLAG_HMAC) != 0;
651 }
652
653 /* the length of plaintext header size must be:
654 * 1. greater than or equal to zero
655 * 2. a multiple of the cipher block size
656 * 3. less than the usable size of the first database page
657 */
658 int sqlcipher_set_default_plaintext_header_size(int size) {
659 default_plaintext_header_sz = size;
660 return SQLITE_OK;
661 }
662
663 int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size) {
664 if(size >= 0 && (size % ctx->block_sz) == 0 && size < (ctx->page_sz - ctx->reserve_sz)) {
665 ctx->plaintext_header_sz = size;
666 return SQLITE_OK;
667 }
668 return SQLITE_ERROR;
669 }
670
671 int sqlcipher_get_default_plaintext_header_size() {
672 return default_plaintext_header_sz;
673 }
674
675 int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx) {
676 return ctx->plaintext_header_sz;
677 }
678
679 /* manipulate HMAC algorithm */
680 int sqlcipher_set_default_hmac_algorithm(int algorithm) {
681 default_hmac_algorithm = algorithm;
682 return SQLITE_OK;
683 }
684
685 int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm) {
686 ctx->hmac_algorithm = algorithm;
687 return sqlcipher_codec_ctx_reserve_setup(ctx);
688 }
689
690 int sqlcipher_get_default_hmac_algorithm() {
691 return default_hmac_algorithm;
692 }
693
694 int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx) {
695 return ctx->hmac_algorithm;
696 }
697
698 /* manipulate KDF algorithm */
699 int sqlcipher_set_default_kdf_algorithm(int algorithm) {
700 default_kdf_algorithm = algorithm;
701 return SQLITE_OK;
702 }
703
704 int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm) {
705 ctx->kdf_algorithm = algorithm;
706 return SQLITE_OK;
707 }
708
709 int sqlcipher_get_default_kdf_algorithm() {
710 return default_kdf_algorithm;
711 }
712
713 int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx) {
714 return ctx->kdf_algorithm;
715 }
716
717 int sqlcipher_codec_ctx_set_flag(codec_ctx *ctx, unsigned int flag) {
718 ctx->flags |= flag;
719 return SQLITE_OK;
720 }
721
722 int sqlcipher_codec_ctx_unset_flag(codec_ctx *ctx, unsigned int flag) {
723 ctx->flags &= ~flag;
724 return SQLITE_OK;
725 }
726
727 int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag) {
728 return (ctx->flags & flag) != 0;
729 }
730
731 void sqlcipher_codec_ctx_set_error(codec_ctx *ctx, int error) {
732 CODEC_TRACE("sqlcipher_codec_ctx_set_error: ctx=%p, error=%d\n", ctx, error);
733 sqlite3pager_error(ctx->pBt->pBt->pPager, error);
734 ctx->pBt->pBt->db->errCode = error;
735 }
736
737 int sqlcipher_codec_ctx_get_reservesize(codec_ctx *ctx) {
738 return ctx->reserve_sz;
739 }
740
741 void* sqlcipher_codec_ctx_get_data(codec_ctx *ctx) {
742 return ctx->buffer;
743 }
744
745 static int sqlcipher_codec_ctx_init_kdf_salt(codec_ctx *ctx) {
746 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
747
748 if(!ctx->need_kdf_salt) {
749 return SQLITE_OK; /* don't reload salt when not needed */
750 }
751
752 /* read salt from header, if present, otherwise generate a new random salt */
753 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: obtaining salt\n");
754 if(fd == NULL || fd->pMethods == 0 || sqlite3OsRead(fd, ctx->kdf_salt, ctx->kdf_salt_sz, 0) != SQLITE_OK) {
755 CODEC_TRACE("sqlcipher_codec_ctx_init_kdf_salt: unable to read salt from file header, generating random\n");
756 if(ctx->provider->random(ctx->provider_ctx, ctx->kdf_salt, ctx->kdf_salt_sz) != SQLITE_OK) return SQLITE_ERROR;
757 }
758 ctx->need_kdf_salt = 0;
759 return SQLITE_OK;
760 }
761
762 int sqlcipher_codec_ctx_set_kdf_salt(codec_ctx *ctx, unsigned char *salt, int size) {
763 if(size >= ctx->kdf_salt_sz) {
764 memcpy(ctx->kdf_salt, salt, ctx->kdf_salt_sz);
765 ctx->need_kdf_salt = 0;
766 return SQLITE_OK;
767 }
768 return SQLITE_ERROR;
769 }
770
771 int sqlcipher_codec_ctx_get_kdf_salt(codec_ctx *ctx, void** salt) {
772 int rc = SQLITE_OK;
773 if(ctx->need_kdf_salt) {
774 rc = sqlcipher_codec_ctx_init_kdf_salt(ctx);
775 }
776 *salt = ctx->kdf_salt;
777 return rc;
778 }
779
780 void sqlcipher_codec_get_keyspec(codec_ctx *ctx, void **zKey, int *nKey) {
781 *zKey = ctx->read_ctx->keyspec;
782 *nKey = ctx->keyspec_sz;
783 }
784
785 int sqlcipher_codec_ctx_set_pagesize(codec_ctx *ctx, int size) {
786 if(!((size != 0) && ((size & (size - 1)) == 0)) || size < 512 || size > 65536) {
787 CODEC_TRACE(("cipher_page_size not a power of 2 and between 512 and 65536 inclusive\n"));
788 return SQLITE_ERROR;
789 }
790 /* attempt to free the existing page buffer */
791 sqlcipher_free(ctx->buffer,ctx->page_sz);
792 ctx->page_sz = size;
793
794 /* pre-allocate a page buffer of PageSize bytes. This will
795 be used as a persistent buffer for encryption and decryption
796 operations to avoid overhead of multiple memory allocations*/
797 ctx->buffer = sqlcipher_malloc(size);
798 if(ctx->buffer == NULL) return SQLITE_NOMEM;
799
800 return SQLITE_OK;
801 }
802
803 int sqlcipher_codec_ctx_get_pagesize(codec_ctx *ctx) {
804 return ctx->page_sz;
805 }
806
807 void sqlcipher_set_default_pagesize(int page_size) {
808 default_page_size = page_size;
809 }
810
811 int sqlcipher_get_default_pagesize() {
812 return default_page_size;
813 }
814
815 void sqlcipher_set_mem_security(int on) {
816 mem_security_on = on;
817 mem_security_activated = 0;
818 }
819
820 int sqlcipher_get_mem_security() {
821 return mem_security_on && mem_security_activated;
822 }
823
824
825 int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, const void *zKey, int nKey) {
826 int rc;
827 codec_ctx *ctx;
828
829 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating context\n");
830
831 *iCtx = sqlcipher_malloc(sizeof(codec_ctx));
832 ctx = *iCtx;
833
834 if(ctx == NULL) return SQLITE_NOMEM;
835
836 ctx->pBt = pDb->pBt; /* assign pointer to database btree structure */
837
838 /* allocate space for salt data. Then read the first 16 bytes
839 directly off the database file. This is the salt for the
840 key derivation function. If we get a short read allocate
841 a new random salt value */
842 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating kdf_salt\n");
843 ctx->kdf_salt_sz = FILE_HEADER_SZ;
844 ctx->kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
845 if(ctx->kdf_salt == NULL) return SQLITE_NOMEM;
846
847 /* allocate space for separate hmac salt data. We want the
848 HMAC derivation salt to be different than the encryption
849 key derivation salt */
850 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating hmac_kdf_salt\n");
851 ctx->hmac_kdf_salt = sqlcipher_malloc(ctx->kdf_salt_sz);
852 if(ctx->hmac_kdf_salt == NULL) return SQLITE_NOMEM;
853
854 /* setup default flags */
855 ctx->flags = default_flags;
856
857 /* defer attempt to read KDF salt until first use */
858 ctx->need_kdf_salt = 1;
859
860 /* setup the crypto provider */
861 CODEC_TRACE("sqlcipher_codec_ctx_init: allocating provider\n");
862 ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
863 if(ctx->provider == NULL) return SQLITE_NOMEM;
864
865 /* make a copy of the provider to be used for the duration of the context */
866 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entering SQLCIPHER_MUTEX_PROVIDER\n");
867 sqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
868 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: entered SQLCIPHER_MUTEX_PROVIDER\n");
869
870 memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
871
872 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: leaving SQLCIPHER_MUTEX_PROVIDER\n");
873 sqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER));
874 CODEC_TRACE_MUTEX("sqlcipher_codec_ctx_init: left SQLCIPHER_MUTEX_PROVIDER\n");
875
876 CODEC_TRACE("sqlcipher_codec_ctx_init: calling provider ctx_init\n");
877 if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) return rc;
878
879 ctx->key_sz = ctx->provider->get_key_sz(ctx->provider_ctx);
880 ctx->iv_sz = ctx->provider->get_iv_sz(ctx->provider_ctx);
881 ctx->block_sz = ctx->provider->get_block_sz(ctx->provider_ctx);
882
883 /* establic the size for a hex-formated key specification, containing the
884 raw encryption key and the salt used to generate it format. will be x'hexkey...hexsalt'
885 so oversize by 3 bytes */
886 ctx->keyspec_sz = ((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3;
887
888 /*
889 Always overwrite page size and set to the default because the first page of the database
890 in encrypted and thus sqlite can't effectively determine the pagesize. this causes an issue in
891 cases where bytes 16 & 17 of the page header are a power of 2 as reported by John Lehman
892 */
893 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_pagesize with %d\n", default_page_size);
894 if((rc = sqlcipher_codec_ctx_set_pagesize(ctx, default_page_size)) != SQLITE_OK) return rc;
895
896 /* establish settings for the KDF iterations and fast (HMAC) KDF iterations */
897 CODEC_TRACE("sqlcipher_codec_ctx_init: setting default_kdf_iter\n");
898 if((rc = sqlcipher_codec_ctx_set_kdf_iter(ctx, default_kdf_iter)) != SQLITE_OK) return rc;
899
900 CODEC_TRACE("sqlcipher_codec_ctx_init: setting fast_kdf_iter\n");
901 if((rc = sqlcipher_codec_ctx_set_fast_kdf_iter(ctx, FAST_PBKDF2_ITER)) != SQLITE_OK) return rc;
902
903 /* set the default HMAC and KDF algorithms which will determine the reserve size */
904 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_hmac_algorithm with %d\n", default_hmac_algorithm);
905 if((rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, default_hmac_algorithm)) != SQLITE_OK) return rc;
906
907 /* Note that use_hmac is a special case that requires recalculation of page size
908 so we call set_use_hmac to perform setup */
909 CODEC_TRACE("sqlcipher_codec_ctx_init: setting use_hmac\n");
910 if((rc = sqlcipher_codec_ctx_set_use_hmac(ctx, default_flags & CIPHER_FLAG_HMAC)) != SQLITE_OK) return rc;
911
912 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_kdf_algorithm with %d\n", default_kdf_algorithm);
913 if((rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, default_kdf_algorithm)) != SQLITE_OK) return rc;
914
915 /* setup the default plaintext header size */
916 CODEC_TRACE("sqlcipher_codec_ctx_init: calling sqlcipher_codec_ctx_set_plaintext_header_size with %d\n", default_plaintext_header_sz);
917 if((rc = sqlcipher_codec_ctx_set_plaintext_header_size(ctx, default_plaintext_header_sz)) != SQLITE_OK) return rc;
918
919 /* initialize the read and write sub-contexts. this must happen after key_sz is established */
920 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing read_ctx\n");
921 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->read_ctx)) != SQLITE_OK) return rc;
922
923 CODEC_TRACE("sqlcipher_codec_ctx_init: initializing write_ctx\n");
924 if((rc = sqlcipher_cipher_ctx_init(ctx, &ctx->write_ctx)) != SQLITE_OK) return rc;
925
926 /* set the key material on one of the sub cipher contexts and sync them up */
927 CODEC_TRACE("sqlcipher_codec_ctx_init: setting pass key\n");
928 if((rc = sqlcipher_codec_ctx_set_pass(ctx, zKey, nKey, 0)) != SQLITE_OK) return rc;
929
930 CODEC_TRACE("sqlcipher_codec_ctx_init: copying write_ctx to read_ctx\n");
931 if((rc = sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx)) != SQLITE_OK) return rc;
932
933 return SQLITE_OK;
934 }
935
936 /**
937 * Free and wipe memory associated with a cipher_ctx, including the allocated
938 * read_ctx and write_ctx.
939 */
940 void sqlcipher_codec_ctx_free(codec_ctx **iCtx) {
941 codec_ctx *ctx = *iCtx;
942 CODEC_TRACE("codec_ctx_free: entered iCtx=%p\n", iCtx);
943 sqlcipher_free(ctx->kdf_salt, ctx->kdf_salt_sz);
944 sqlcipher_free(ctx->hmac_kdf_salt, ctx->kdf_salt_sz);
945 sqlcipher_free(ctx->buffer, 0);
946
947 ctx->provider->ctx_free(&ctx->provider_ctx);
948 sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
949
950 sqlcipher_cipher_ctx_free(ctx, &ctx->read_ctx);
951 sqlcipher_cipher_ctx_free(ctx, &ctx->write_ctx);
952 sqlcipher_free(ctx, sizeof(codec_ctx));
953 }
954
955 /** convert a 32bit unsigned integer to little endian byte ordering */
956 static void sqlcipher_put4byte_le(unsigned char *p, u32 v) {
957 p[0] = (u8)v;
958 p[1] = (u8)(v>>8);
959 p[2] = (u8)(v>>16);
960 p[3] = (u8)(v>>24);
961 }
962
963 static int sqlcipher_page_hmac(codec_ctx *ctx, cipher_ctx *c_ctx, Pgno pgno, unsigned char *in, int in_sz, unsigned char *out) {
964 unsigned char pgno_raw[sizeof(pgno)];
965 /* we may convert page number to consistent representation before calculating MAC for
966 compatibility across big-endian and little-endian platforms.
967
968 Note: The public release of sqlcipher 2.0.0 to 2.0.6 had a bug where the bytes of pgno
969 were used directly in the MAC. SQLCipher convert's to little endian by default to preserve
970 backwards compatibility on the most popular platforms, but can optionally be configured
971 to use either big endian or native byte ordering via pragma. */
972
973 if(ctx->flags & CIPHER_FLAG_LE_PGNO) { /* compute hmac using little endian pgno*/
974 sqlcipher_put4byte_le(pgno_raw, pgno);
975 } else if(ctx->flags & CIPHER_FLAG_BE_PGNO) { /* compute hmac using big endian pgno */
976 sqlite3Put4byte(pgno_raw, pgno); /* sqlite3Put4byte converts 32bit uint to big endian */
977 } else { /* use native byte ordering */
978 memcpy(pgno_raw, &pgno, sizeof(pgno));
979 }
980
981 /* include the encrypted page data, initialization vector, and page number in HMAC. This will
982 prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
983 valid pages out of order in a database */
984 return ctx->provider->hmac(
985 ctx->provider_ctx, ctx->hmac_algorithm, c_ctx->hmac_key,
986 ctx->key_sz, in,
987 in_sz, (unsigned char*) &pgno_raw,
988 sizeof(pgno), out);
989 }
990
991 /*
992 * ctx - codec context
993 * pgno - page number in database
994 * size - size in bytes of input and output buffers
995 * mode - 1 to encrypt, 0 to decrypt
996 * in - pointer to input bytes
997 * out - pouter to output bytes
998 */
999 int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int page_sz, unsigned char *in, unsigned char *out) {
1000 cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
1001 unsigned char *iv_in, *iv_out, *hmac_in, *hmac_out, *out_start;
1002 int size;
1003
1004 /* calculate some required positions into various buffers */
1005 size = page_sz - ctx->reserve_sz; /* adjust size to useable size and memset reserve at end of page */
1006 iv_out = out + size;
1007 iv_in = in + size;
1008
1009 /* hmac will be written immediately after the initialization vector. the remainder of the page reserve will contain
1010 random bytes. note, these pointers are only valid when using hmac */
1011 hmac_in = in + size + ctx->iv_sz;
1012 hmac_out = out + size + ctx->iv_sz;
1013 out_start = out; /* note the original position of the output buffer pointer, as out will be rewritten during encryption */
1014
1015 CODEC_TRACE("codec_cipher:entered pgno=%d, mode=%d, size=%d\n", pgno, mode, size);
1016 CODEC_HEXDUMP("codec_cipher: input page data", in, page_sz);
1017
1018 /* the key size should never be zero. If it is, error out. */
1019 if(ctx->key_sz == 0) {
1020 CODEC_TRACE("codec_cipher: error possible context corruption, key_sz is zero for pgno=%d\n", pgno);
1021 goto error;
1022 }
1023
1024 if(mode == CIPHER_ENCRYPT) {
1025 /* start at front of the reserve block, write random data to the end */
1026 if(ctx->provider->random(ctx->provider_ctx, iv_out, ctx->reserve_sz) != SQLITE_OK) goto error;
1027 } else { /* CIPHER_DECRYPT */
1028 memcpy(iv_out, iv_in, ctx->iv_sz); /* copy the iv from the input to output buffer */
1029 }
1030
1031 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_DECRYPT) && !ctx->skip_read_hmac) {
1032 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, in, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1033 CODEC_TRACE("codec_cipher: hmac operation on decrypt failed for pgno=%d\n", pgno);
1034 goto error;
1035 }
1036
1037 CODEC_TRACE("codec_cipher: comparing hmac on in=%p out=%p hmac_sz=%d\n", hmac_in, hmac_out, ctx->hmac_sz);
1038 if(sqlcipher_memcmp(hmac_in, hmac_out, ctx->hmac_sz) != 0) { /* the hmac check failed */
1039 if(sqlcipher_ismemset(in, 0, page_sz) == 0) {
1040 /* first check if the entire contents of the page is zeros. If so, this page
1041 resulted from a short read (i.e. sqlite attempted to pull a page after the end of the file. these
1042 short read failures must be ignored for autovaccum mode to work so wipe the output buffer
1043 and return SQLITE_OK to skip the decryption step. */
1044 CODEC_TRACE("codec_cipher: zeroed page (short read) for pgno %d, encryption but returning SQLITE_OK\n", pgno);
1045 sqlcipher_memset(out, 0, page_sz);
1046 return SQLITE_OK;
1047 } else {
1048 /* if the page memory is not all zeros, it means the there was data and a hmac on the page.
1049 since the check failed, the page was either tampered with or corrupted. wipe the output buffer,
1050 and return SQLITE_ERROR to the caller */
1051 CODEC_TRACE("codec_cipher: hmac check failed for pgno=%d returning SQLITE_ERROR\n", pgno);
1052 goto error;
1053 }
1054 }
1055 }
1056
1057 if(ctx->provider->cipher(ctx->provider_ctx, mode, c_ctx->key, ctx->key_sz, iv_out, in, size, out) != SQLITE_OK) {
1058 CODEC_TRACE("codec_cipher: cipher operation mode=%d failed for pgno=%d returning SQLITE_ERROR\n", mode, pgno);
1059 goto error;
1060 };
1061
1062 if((ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
1063 if(sqlcipher_page_hmac(ctx, c_ctx, pgno, out_start, size + ctx->iv_sz, hmac_out) != SQLITE_OK) {
1064 CODEC_TRACE("codec_cipher: hmac operation on encrypt failed for pgno=%d\n", pgno);
1065 goto error;
1066 };
1067 }
1068
1069 CODEC_HEXDUMP("codec_cipher: output page data", out_start, page_sz);
1070
1071 return SQLITE_OK;
1072 error:
1073 sqlcipher_memset(out, 0, page_sz);
1074 return SQLITE_ERROR;
1075 }
1076
1077 /**
1078 * Derive an encryption key for a cipher contex key based on the raw password.
1079 *
1080 * If the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1081 * the key (i.e 64 hex chars for a 256 bit key) then the key data will be used directly.
1082
1083 * Else, if the raw key data is formated as x'hex' and there are exactly enough hex chars to fill
1084 * the key and the salt (i.e 92 hex chars for a 256 bit key and 16 byte salt) then it will be unpacked
1085 * as the key followed by the salt.
1086 *
1087 * Otherwise, a key data will be derived using PBKDF2
1088 *
1089 * returns SQLITE_OK if initialization was successful
1090 * returns SQLITE_ERROR if the key could't be derived (for instance if pass is NULL or pass_sz is 0)
1091 */
1092 static int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
1093 int rc;
1094 CODEC_TRACE("cipher_ctx_key_derive: entered c_ctx->pass=%s, c_ctx->pass_sz=%d \
1095 ctx->kdf_salt=%p ctx->kdf_salt_sz=%d ctx->kdf_iter=%d \
1096 ctx->hmac_kdf_salt=%p, ctx->fast_kdf_iter=%d ctx->key_sz=%d\n",
1097 c_ctx->pass, c_ctx->pass_sz, ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1098 ctx->hmac_kdf_salt, ctx->fast_kdf_iter, ctx->key_sz);
1099
1100
1101 if(c_ctx->pass && c_ctx->pass_sz) { /* if key material is present on the context for derivation */
1102
1103 /* if necessary, initialize the salt from the header or random source */
1104 if(ctx->need_kdf_salt) {
1105 if((rc = sqlcipher_codec_ctx_init_kdf_salt(ctx)) != SQLITE_OK) return rc;
1106 }
1107
1108 if (c_ctx->pass_sz == ((ctx->key_sz * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, ctx->key_sz * 2)) {
1109 int n = c_ctx->pass_sz - 3; /* adjust for leading x' and tailing ' */
1110 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1111 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1112 cipher_hex2bin(z, n, c_ctx->key);
1113 } else if (c_ctx->pass_sz == (((ctx->key_sz + ctx->kdf_salt_sz) * 2) + 3) && sqlite3StrNICmp((const char *)c_ctx->pass ,"x'", 2) == 0 && cipher_isHex(c_ctx->pass + 2, (ctx->key_sz + ctx->kdf_salt_sz) * 2)) {
1114 const unsigned char *z = c_ctx->pass + 2; /* adjust lead offset of x' */
1115 CODEC_TRACE("cipher_ctx_key_derive: using raw key from hex\n");
1116 cipher_hex2bin(z, (ctx->key_sz * 2), c_ctx->key);
1117 cipher_hex2bin(z + (ctx->key_sz * 2), (ctx->kdf_salt_sz * 2), ctx->kdf_salt);
1118 } else {
1119 CODEC_TRACE("cipher_ctx_key_derive: deriving key using full PBKDF2 with %d iterations\n", ctx->kdf_iter);
1120 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->pass, c_ctx->pass_sz,
1121 ctx->kdf_salt, ctx->kdf_salt_sz, ctx->kdf_iter,
1122 ctx->key_sz, c_ctx->key) != SQLITE_OK) return SQLITE_ERROR;
1123 }
1124
1125 /* set the context "keyspec" containing the hex-formatted key and salt to be used when attaching databases */
1126 if((rc = sqlcipher_cipher_ctx_set_keyspec(ctx, c_ctx, c_ctx->key)) != SQLITE_OK) return rc;
1127
1128 /* if this context is setup to use hmac checks, generate a seperate and different
1129 key for HMAC. In this case, we use the output of the previous KDF as the input to
1130 this KDF run. This ensures a distinct but predictable HMAC key. */
1131 if(ctx->flags & CIPHER_FLAG_HMAC) {
1132 int i;
1133
1134 /* start by copying the kdf key into the hmac salt slot
1135 then XOR it with the fixed hmac salt defined at compile time
1136 this ensures that the salt passed in to derive the hmac key, while
1137 easy to derive and publically known, is not the same as the salt used
1138 to generate the encryption key */
1139 memcpy(ctx->hmac_kdf_salt, ctx->kdf_salt, ctx->kdf_salt_sz);
1140 for(i = 0; i < ctx->kdf_salt_sz; i++) {
1141 ctx->hmac_kdf_salt[i] ^= hmac_salt_mask;
1142 }
1143
1144 CODEC_TRACE("cipher_ctx_key_derive: deriving hmac key from encryption key using PBKDF2 with %d iterations\n",
1145 ctx->fast_kdf_iter);
1146
1147
1148 if(ctx->provider->kdf(ctx->provider_ctx, ctx->kdf_algorithm, c_ctx->key, ctx->key_sz,
1149 ctx->hmac_kdf_salt, ctx->kdf_salt_sz, ctx->fast_kdf_iter,
1150 ctx->key_sz, c_ctx->hmac_key) != SQLITE_OK) return SQLITE_ERROR;
1151 }
1152
1153 c_ctx->derive_key = 0;
1154 return SQLITE_OK;
1155 };
1156 return SQLITE_ERROR;
1157 }
1158
1159 int sqlcipher_codec_key_derive(codec_ctx *ctx) {
1160 /* derive key on first use if necessary */
1161 if(ctx->read_ctx->derive_key) {
1162 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1163 }
1164
1165 if(ctx->write_ctx->derive_key) {
1166 if(sqlcipher_cipher_ctx_cmp(ctx->write_ctx, ctx->read_ctx) == 0) {
1167 /* the relevant parameters are the same, just copy read key */
1168 if(sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx) != SQLITE_OK) return SQLITE_ERROR;
1169 } else {
1170 if(sqlcipher_cipher_ctx_key_derive(ctx, ctx->write_ctx) != SQLITE_OK) return SQLITE_ERROR;
1171 }
1172 }
1173
1174 /* TODO: wipe and free passphrase after key derivation */
1175 if(ctx->store_pass != 1) {
1176 sqlcipher_cipher_ctx_set_pass(ctx->read_ctx, NULL, 0);
1177 sqlcipher_cipher_ctx_set_pass(ctx->write_ctx, NULL, 0);
1178 }
1179
1180 return SQLITE_OK;
1181 }
1182
1183 int sqlcipher_codec_key_copy(codec_ctx *ctx, int source) {
1184 if(source == CIPHER_READ_CTX) {
1185 return sqlcipher_cipher_ctx_copy(ctx, ctx->write_ctx, ctx->read_ctx);
1186 } else {
1187 return sqlcipher_cipher_ctx_copy(ctx, ctx->read_ctx, ctx->write_ctx);
1188 }
1189 }
1190
1191 const char* sqlcipher_codec_get_cipher_provider(codec_ctx *ctx) {
1192 return ctx->provider->get_provider_name(ctx->provider_ctx);
1193 }
1194
1195
1196 static int sqlcipher_check_connection(const char *filename, char *key, int key_sz, char *sql, int *user_version, char** journal_mode) {
1197 int rc;
1198 sqlite3 *db = NULL;
1199 sqlite3_stmt *statement = NULL;
1200 char *query_journal_mode = "PRAGMA journal_mode;";
1201 char *query_user_version = "PRAGMA user_version;";
1202
1203 rc = sqlite3_open(filename, &db);
1204 if(rc != SQLITE_OK) goto cleanup;
1205
1206 rc = sqlite3_key(db, key, key_sz);
1207 if(rc != SQLITE_OK) goto cleanup;
1208
1209 rc = sqlite3_exec(db, sql, NULL, NULL, NULL);
1210 if(rc != SQLITE_OK) goto cleanup;
1211
1212 /* start by querying the user version.
1213 this will fail if the key is incorrect */
1214 rc = sqlite3_prepare(db, query_user_version, -1, &statement, NULL);
1215 if(rc != SQLITE_OK) goto cleanup;
1216
1217 rc = sqlite3_step(statement);
1218 if(rc == SQLITE_ROW) {
1219 *user_version = sqlite3_column_int(statement, 0);
1220 } else {
1221 goto cleanup;
1222 }
1223 sqlite3_finalize(statement);
1224
1225 rc = sqlite3_prepare(db, query_journal_mode, -1, &statement, NULL);
1226 if(rc != SQLITE_OK) goto cleanup;
1227
1228 rc = sqlite3_step(statement);
1229 if(rc == SQLITE_ROW) {
1230 *journal_mode = sqlite3_mprintf("%s", sqlite3_column_text(statement, 0));
1231 } else {
1232 goto cleanup;
1233 }
1234 rc = SQLITE_OK;
1235 /* cleanup will finalize open statement */
1236
1237 cleanup:
1238 if(statement) sqlite3_finalize(statement);
1239 if(db) sqlite3_close(db);
1240 return rc;
1241 }
1242
1243 int sqlcipher_codec_ctx_integrity_check(codec_ctx *ctx, Parse *pParse, char *column) {
1244 Pgno page = 1;
1245 int rc = 0;
1246 char *result;
1247 unsigned char *hmac_out = NULL;
1248 sqlite3_file *fd = sqlite3PagerFile(ctx->pBt->pBt->pPager);
1249 i64 file_sz;
1250
1251 Vdbe *v = sqlite3GetVdbe(pParse);
1252 sqlite3VdbeSetNumCols(v, 1);
1253 sqlite3VdbeSetColName(v, 0, COLNAME_NAME, column, SQLITE_STATIC);
1254
1255 if(fd == NULL || fd->pMethods == 0) {
1256 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "database file is undefined", P4_TRANSIENT);
1257 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1258 goto cleanup;
1259 }
1260
1261 if(!(ctx->flags & CIPHER_FLAG_HMAC)) {
1262 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "HMAC is not enabled, unable to integrity check", P4_TRANSIENT);
1263 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1264 goto cleanup;
1265 }
1266
1267 if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) {
1268 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, "unable to derive keys", P4_TRANSIENT);
1269 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1270 goto cleanup;
1271 }
1272
1273 sqlite3OsFileSize(fd, &file_sz);
1274 hmac_out = sqlcipher_malloc(ctx->hmac_sz);
1275
1276 for(page = 1; page <= file_sz / ctx->page_sz; page++) {
1277 int offset = (page - 1) * ctx->page_sz;
1278 int payload_sz = ctx->page_sz - ctx->reserve_sz + ctx->iv_sz;
1279 int read_sz = ctx->page_sz;
1280
1281 /* skip integrity check on PAGER_MJ_PGNO since it will have no valid content */
1282 if(sqlite3pager_is_mj_pgno(ctx->pBt->pBt->pPager, page)) continue;
1283
1284 if(page==1) {
1285 int page1_offset = ctx->plaintext_header_sz ? ctx->plaintext_header_sz : FILE_HEADER_SZ;
1286 read_sz = read_sz - page1_offset;
1287 payload_sz = payload_sz - page1_offset;
1288 offset += page1_offset;
1289 }
1290
1291 sqlcipher_memset(ctx->buffer, 0, ctx->page_sz);
1292 sqlcipher_memset(hmac_out, 0, ctx->hmac_sz);
1293 if(sqlite3OsRead(fd, ctx->buffer, read_sz, offset) != SQLITE_OK) {
1294 result = sqlite3_mprintf("error reading %d bytes from file page %d at offset %d\n", read_sz, page, offset);
1295 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1296 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1297 } else if(sqlcipher_page_hmac(ctx, ctx->read_ctx, page, ctx->buffer, payload_sz, hmac_out) != SQLITE_OK) {
1298 result = sqlite3_mprintf("HMAC operation failed for page %d", page);
1299 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1300 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1301 } else if(sqlcipher_memcmp(ctx->buffer + payload_sz, hmac_out, ctx->hmac_sz) != 0) {
1302 result = sqlite3_mprintf("HMAC verification failed for page %d", page);
1303 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1304 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1305 }
1306 }
1307
1308 if(file_sz % ctx->page_sz != 0) {
1309 result = sqlite3_mprintf("page %d has an invalid size of %lld bytes", page, file_sz - ((file_sz / ctx->page_sz) * ctx->page_sz));
1310 sqlite3VdbeAddOp4(v, OP_String8, 0, 1, 0, result, P4_DYNAMIC);
1311 sqlite3VdbeAddOp2(v, OP_ResultRow, 1, 1);
1312 }
1313
1314 cleanup:
1315 if(hmac_out != NULL) sqlcipher_free(hmac_out, ctx->hmac_sz);
1316 return SQLITE_OK;
1317 }
1318
1319 int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
1320 int i, pass_sz, keyspec_sz, nRes, user_version, rc, oflags;
1321 Db *pDb = 0;
1322 sqlite3 *db = ctx->pBt->db;
1323 const char *db_filename = sqlite3_db_filename(db, "main");
1324 char *set_user_version = NULL, *pass = NULL, *attach_command = NULL, *migrated_db_filename = NULL, *keyspec = NULL, *temp = NULL, *journal_mode = NULL, *set_journal_mode = NULL, *pragma_compat = NULL;
1325 Btree *pDest = NULL, *pSrc = NULL;
1326 sqlite3_file *srcfile, *destfile;
1327 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1328 LPWSTR w_db_filename = NULL, w_migrated_db_filename = NULL;
1329 int w_db_filename_sz = 0, w_migrated_db_filename_sz = 0;
1330 #endif
1331 pass_sz = keyspec_sz = rc = user_version = 0;
1332
1333 if(!db_filename || sqlite3Strlen30(db_filename) < 1)
1334 goto cleanup; /* exit immediately if this is an in memory database */
1335
1336 /* pull the provided password / key material off the current codec context */
1337 pass_sz = ctx->read_ctx->pass_sz;
1338 pass = sqlcipher_malloc(pass_sz+1);
1339 memset(pass, 0, pass_sz+1);
1340 memcpy(pass, ctx->read_ctx->pass, pass_sz);
1341
1342 /* Version 4 - current, no upgrade required, so exit immediately */
1343 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, "", &user_version, &journal_mode);
1344 if(rc == SQLITE_OK){
1345 CODEC_TRACE("No upgrade required - exiting\n");
1346 goto cleanup;
1347 }
1348
1349 for(i = 3; i > 0; i--) {
1350 pragma_compat = sqlite3_mprintf("PRAGMA cipher_compatibility = %d;", i);
1351 rc = sqlcipher_check_connection(db_filename, pass, pass_sz, pragma_compat, &user_version, &journal_mode);
1352 if(rc == SQLITE_OK) {
1353 CODEC_TRACE("Version %d format found\n", i);
1354 goto migrate;
1355 }
1356 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1357 pragma_compat = NULL;
1358 }
1359 /* if we exit the loop normally we failed to determine the version, this is an error */
1360 CODEC_TRACE("Upgrade format not determined\n");
1361 goto handle_error;
1362
1363 migrate:
1364
1365 temp = sqlite3_mprintf("%s-migrated", db_filename);
1366 /* overallocate migrated_db_filename, because sqlite3OsOpen will read past the null terminator
1367 * to determine whether the filename was URI formatted */
1368 migrated_db_filename = sqlcipher_malloc(sqlite3Strlen30(temp)+2);
1369 memcpy(migrated_db_filename, temp, sqlite3Strlen30(temp));
1370 sqlcipher_free(temp, sqlite3Strlen30(temp));
1371
1372 attach_command = sqlite3_mprintf("ATTACH DATABASE '%s' as migrate;", migrated_db_filename, pass);
1373 set_user_version = sqlite3_mprintf("PRAGMA migrate.user_version = %d;", user_version);
1374
1375 rc = sqlite3_exec(db, pragma_compat, NULL, NULL, NULL);
1376 if(rc != SQLITE_OK){
1377 CODEC_TRACE("set compatibility mode failed, error code %d\n", rc);
1378 goto handle_error;
1379 }
1380
1381 /* force journal mode to DELETE, we will set it back later if different */
1382 rc = sqlite3_exec(db, "PRAGMA journal_mode = delete;", NULL, NULL, NULL);
1383 if(rc != SQLITE_OK){
1384 CODEC_TRACE("force journal mode DELETE failed, error code %d\n", rc);
1385 goto handle_error;
1386 }
1387
1388 rc = sqlite3_exec(db, attach_command, NULL, NULL, NULL);
1389 if(rc != SQLITE_OK){
1390 CODEC_TRACE("attach failed, error code %d\n", rc);
1391 goto handle_error;
1392 }
1393
1394 rc = sqlite3_key_v2(db, "migrate", pass, pass_sz);
1395 if(rc != SQLITE_OK){
1396 CODEC_TRACE("keying attached database failed, error code %d\n", rc);
1397 goto handle_error;
1398 }
1399
1400 rc = sqlite3_exec(db, "SELECT sqlcipher_export('migrate');", NULL, NULL, NULL);
1401 if(rc != SQLITE_OK){
1402 CODEC_TRACE("sqlcipher_export failed, error code %d\n", rc);
1403 goto handle_error;
1404 }
1405
1406 rc = sqlite3_exec(db, set_user_version, NULL, NULL, NULL);
1407 if(rc != SQLITE_OK){
1408 CODEC_TRACE("set user version failed, error code %d\n", rc);
1409 goto handle_error;
1410 }
1411
1412 if( !db->autoCommit ){
1413 CODEC_TRACE("cannot migrate from within a transaction");
1414 goto handle_error;
1415 }
1416 if( db->nVdbeActive>1 ){
1417 CODEC_TRACE("cannot migrate - SQL statements in progress");
1418 goto handle_error;
1419 }
1420
1421 pDest = db->aDb[0].pBt;
1422 pDb = &(db->aDb[db->nDb-1]);
1423 pSrc = pDb->pBt;
1424
1425 nRes = sqlite3BtreeGetRequestedReserve(pSrc);
1426 /* unset the BTS_PAGESIZE_FIXED flag to avoid SQLITE_READONLY */
1427 pDest->pBt->btsFlags &= ~BTS_PAGESIZE_FIXED;
1428 rc = sqlite3BtreeSetPageSize(pDest, default_page_size, nRes, 0);
1429 CODEC_TRACE("set btree page size to %d res %d rc %d\n", default_page_size, nRes, rc);
1430 if( rc!=SQLITE_OK ) goto handle_error;
1431
1432 sqlite3CodecGetKey(db, db->nDb - 1, (void**)&keyspec, &keyspec_sz);
1433 sqlite3CodecAttach(db, 0, keyspec, keyspec_sz);
1434
1435 srcfile = sqlite3PagerFile(pSrc->pBt->pPager);
1436 destfile = sqlite3PagerFile(pDest->pBt->pPager);
1437
1438 sqlite3OsClose(srcfile);
1439 sqlite3OsClose(destfile);
1440
1441 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1442 CODEC_TRACE("performing windows MoveFileExA\n");
1443
1444 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, NULL, 0);
1445 w_db_filename = sqlcipher_malloc(w_db_filename_sz * sizeof(wchar_t));
1446 w_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) db_filename, -1, (const LPWSTR) w_db_filename, w_db_filename_sz);
1447
1448 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, NULL, 0);
1449 w_migrated_db_filename = sqlcipher_malloc(w_migrated_db_filename_sz * sizeof(wchar_t));
1450 w_migrated_db_filename_sz = MultiByteToWideChar(CP_UTF8, 0, (LPCCH) migrated_db_filename, -1, (const LPWSTR) w_migrated_db_filename, w_migrated_db_filename_sz);
1451
1452 if(!MoveFileExW(w_migrated_db_filename, w_db_filename, MOVEFILE_REPLACE_EXISTING)) {
1453 CODEC_TRACE("move error");
1454 rc = SQLITE_ERROR;
1455 CODEC_TRACE("error occurred while renaming %d\n", rc);
1456 goto handle_error;
1457 }
1458 #else
1459 CODEC_TRACE("performing POSIX rename\n");
1460 if ((rc = rename(migrated_db_filename, db_filename)) != 0) {
1461 CODEC_TRACE("error occurred while renaming %d\n", rc);
1462 goto handle_error;
1463 }
1464 #endif
1465 CODEC_TRACE("renamed migration database %s to main database %s: %d\n", migrated_db_filename, db_filename, rc);
1466
1467 rc = sqlite3OsOpen(db->pVfs, migrated_db_filename, srcfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1468 CODEC_TRACE("reopened migration database: %d\n", rc);
1469 if( rc!=SQLITE_OK ) goto handle_error;
1470
1471 rc = sqlite3OsOpen(db->pVfs, db_filename, destfile, SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|SQLITE_OPEN_MAIN_DB, &oflags);
1472 CODEC_TRACE("reopened main database: %d\n", rc);
1473 if( rc!=SQLITE_OK ) goto handle_error;
1474
1475 sqlite3pager_reset(pDest->pBt->pPager);
1476 CODEC_TRACE("reset pager\n");
1477
1478 rc = sqlite3_exec(db, "DETACH DATABASE migrate;", NULL, NULL, NULL);
1479 CODEC_TRACE("DETACH DATABASE called %d\n", rc);
1480 if(rc != SQLITE_OK) goto cleanup;
1481
1482 rc = sqlite3OsDelete(db->pVfs, migrated_db_filename, 0);
1483 CODEC_TRACE("deleted migration database: %d\n", rc);
1484 if( rc!=SQLITE_OK ) goto handle_error;
1485
1486 sqlite3ResetAllSchemasOfConnection(db);
1487 CODEC_TRACE("reset all schemas\n");
1488
1489 set_journal_mode = sqlite3_mprintf("PRAGMA journal_mode = %s;", journal_mode);
1490 rc = sqlite3_exec(db, set_journal_mode, NULL, NULL, NULL);
1491 CODEC_TRACE("%s: %d\n", set_journal_mode, rc);
1492 if( rc!=SQLITE_OK ) goto handle_error;
1493
1494 goto cleanup;
1495
1496 handle_error:
1497 CODEC_TRACE("An error occurred attempting to migrate the database - last error %d\n", rc);
1498 rc = SQLITE_ERROR;
1499
1500 cleanup:
1501 if(pass) sqlcipher_free(pass, pass_sz);
1502 if(attach_command) sqlcipher_free(attach_command, sqlite3Strlen30(attach_command));
1503 if(migrated_db_filename) sqlcipher_free(migrated_db_filename, sqlite3Strlen30(migrated_db_filename));
1504 if(set_user_version) sqlcipher_free(set_user_version, sqlite3Strlen30(set_user_version));
1505 if(set_journal_mode) sqlcipher_free(set_journal_mode, sqlite3Strlen30(set_journal_mode));
1506 if(journal_mode) sqlcipher_free(journal_mode, sqlite3Strlen30(journal_mode));
1507 if(pragma_compat) sqlcipher_free(pragma_compat, sqlite3Strlen30(pragma_compat));
1508 #if defined(_WIN32) || defined(SQLITE_OS_WINRT)
1509 if(w_db_filename) sqlcipher_free(w_db_filename, w_db_filename_sz);
1510 if(w_migrated_db_filename) sqlcipher_free(w_migrated_db_filename, w_migrated_db_filename_sz);
1511 #endif
1512 return rc;
1513 }
1514
1515 int sqlcipher_codec_add_random(codec_ctx *ctx, const char *zRight, int random_sz){
1516 const char *suffix = &zRight[random_sz-1];
1517 int n = random_sz - 3; /* adjust for leading x' and tailing ' */
1518 if (n > 0 &&
1519 sqlite3StrNICmp((const char *)zRight ,"x'", 2) == 0 &&
1520 sqlite3StrNICmp(suffix, "'", 1) == 0 &&
1521 n % 2 == 0) {
1522 int rc = 0;
1523 int buffer_sz = n / 2;
1524 unsigned char *random;
1525 const unsigned char *z = (const unsigned char *)zRight + 2; /* adjust lead offset of x' */
1526 CODEC_TRACE("sqlcipher_codec_add_random: using raw random blob from hex\n");
1527 random = sqlcipher_malloc(buffer_sz);
1528 memset(random, 0, buffer_sz);
1529 cipher_hex2bin(z, n, random);
1530 rc = ctx->provider->add_random(ctx->provider_ctx, random, buffer_sz);
1531 sqlcipher_free(random, buffer_sz);
1532 return rc;
1533 }
1534 return SQLITE_ERROR;
1535 }
1536
1537 static void sqlcipher_profile_callback(void *file, const char *sql, sqlite3_uint64 run_time){
1538 FILE *f = (FILE*)file;
1539 double elapsed = run_time/1000000.0;
1540 if(f) fprintf(f, "Elapsed time:%.3f ms - %s\n", elapsed, sql);
1541 }
1542
1543 int sqlcipher_cipher_profile(sqlite3 *db, const char *destination){
1544 #if defined(SQLITE_OMIT_TRACE) || defined(SQLITE_OMIT_DEPRECATED)
1545 return SQLITE_ERROR;
1546 #else
1547 FILE *f;
1548 if(sqlite3StrICmp(destination, "stdout") == 0){
1549 f = stdout;
1550 }else if(sqlite3StrICmp(destination, "stderr") == 0){
1551 f = stderr;
1552 }else if(sqlite3StrICmp(destination, "off") == 0){
1553 f = 0;
1554 }else{
1555 #if !defined(SQLCIPHER_PROFILE_USE_FOPEN) && (defined(_WIN32) && (__STDC_VERSION__ > 199901L) || defined(SQLITE_OS_WINRT))
1556 if(fopen_s(&f, destination, "a") != 0) return SQLITE_ERROR;
1557 #else
1558 if((f = fopen(destination, "a")) == 0) return SQLITE_ERROR;
1559 #endif
1560 }
1561 sqlite3_profile(db, sqlcipher_profile_callback, f);
1562 return SQLITE_OK;
1563 #endif
1564 }
1565
1566 int sqlcipher_codec_fips_status(codec_ctx *ctx) {
1567 return ctx->provider->fips_status(ctx->provider_ctx);
1568 }
1569
1570 const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
1571 return ctx->provider->get_provider_version(ctx->provider_ctx);
1572 }
1573
1574 #endif
1575 /* END SQLCIPHER */
SQLCipher is an SQLite extension that provides 256 bit AES encryption of database files.