Make sqlcipher_openssl_setup static and remove code for other providers.

This commit is contained in:
levlam 2022-08-04 21:56:14 +03:00
parent 824631b5be
commit ecfd1dacd3

View File

@ -21110,13 +21110,6 @@ SQLITE_API int tdsqlite3pager_is_mj_pgno(Pager*, Pgno);
SQLITE_API void tdsqlite3pager_error(Pager*, int); SQLITE_API void tdsqlite3pager_error(Pager*, int);
SQLITE_API void tdsqlite3pager_reset(Pager *pPager); SQLITE_API void tdsqlite3pager_reset(Pager *pPager);
#if !defined (SQLCIPHER_CRYPTO_CC) \
&& !defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT) \
&& !defined (SQLCIPHER_CRYPTO_NSS) \
&& !defined (SQLCIPHER_CRYPTO_OPENSSL)
#define SQLCIPHER_CRYPTO_OPENSSL
#endif
#define FILE_HEADER_SZ 16 #define FILE_HEADER_SZ 16
#define CIPHER_XSTR(s) CIPHER_STR(s) #define CIPHER_XSTR(s) CIPHER_STR(s)
@ -22680,54 +22673,6 @@ sqlcipher_provider* sqlcipher_get_provider() {
return default_provider; return default_provider;
} }
void sqlcipher_activate() {
CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
/* allocate new mutexes */
if(sqlcipher_activate_count == 0) {
int i;
for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
sqlcipher_static_mutex[i] = tdsqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
}
}
/* check to see if there is a provider registered at this point
if there no provider registered at this point, register the
default provider */
if(sqlcipher_get_provider() == NULL) {
sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
#if defined (SQLCIPHER_CRYPTO_CC)
extern int sqlcipher_cc_setup(sqlcipher_provider *p);
sqlcipher_cc_setup(p);
#elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
sqlcipher_ltc_setup(p);
#elif defined (SQLCIPHER_CRYPTO_NSS)
extern int sqlcipher_nss_setup(sqlcipher_provider *p);
sqlcipher_nss_setup(p);
#elif defined (SQLCIPHER_CRYPTO_OPENSSL)
extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
sqlcipher_openssl_setup(p);
#else
#error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
#endif
CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
#ifdef SQLCIPHER_EXT
sqlcipher_ext_provider_setup(p);
#endif
sqlcipher_register_provider(p);
CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
}
sqlcipher_activate_count++; /* increment activation count */
CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
tdsqlite3_mutex_leave(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
}
void sqlcipher_deactivate() { void sqlcipher_deactivate() {
CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n"); CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n");
tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER)); tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
@ -24105,614 +24050,6 @@ const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
/* END SQLCIPHER */ /* END SQLCIPHER */
/************** End of crypto_impl.c *****************************************/ /************** End of crypto_impl.c *****************************************/
/************** Begin file crypto_libtomcrypt.c ******************************/
/*
** SQLCipher
** http://sqlcipher.net
**
** Copyright (c) 2008 - 2013, ZETETIC LLC
** All rights reserved.
**
** Redistribution and use in source and binary forms, with or without
** modification, are permitted provided that the following conditions are met:
** * Redistributions of source code must retain the above copyright
** notice, this list of conditions and the following disclaimer.
** * Redistributions in binary form must reproduce the above copyright
** notice, this list of conditions and the following disclaimer in the
** documentation and/or other materials provided with the distribution.
** * Neither the name of the ZETETIC LLC nor the
** names of its contributors may be used to endorse or promote products
** derived from this software without specific prior written permission.
**
** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
**
*/
/* BEGIN SQLCIPHER */
#ifdef SQLITE_HAS_CODEC
#ifdef SQLCIPHER_CRYPTO_LIBTOMCRYPT
/* #include "sqliteInt.h" */
/* #include "sqlcipher.h" */
#include <tomcrypt.h>
#define FORTUNA_MAX_SZ 32
static prng_state prng;
static volatile unsigned int ltc_init = 0;
static volatile unsigned int ltc_ref_count = 0;
#define LTC_CIPHER "rijndael"
static int sqlcipher_ltc_add_random(void *ctx, void *buffer, int length) {
int rc = 0;
int data_to_read = length;
int block_sz = data_to_read < FORTUNA_MAX_SZ ? data_to_read : FORTUNA_MAX_SZ;
const unsigned char * data = (const unsigned char *)buffer;
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND\n");
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND\n");
while(data_to_read > 0){
rc = fortuna_add_entropy(data, block_sz, &prng);
rc = rc != CRYPT_OK ? SQLITE_ERROR : SQLITE_OK;
if(rc != SQLITE_OK){
break;
}
data_to_read -= block_sz;
data += block_sz;
block_sz = data_to_read < FORTUNA_MAX_SZ ? data_to_read : FORTUNA_MAX_SZ;
}
fortuna_ready(&prng);
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND\n");
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: left SQLCIPHER_MUTEX_PROVIDER_RAND\n");
return rc;
}
static int sqlcipher_ltc_activate(void *ctx) {
unsigned char random_buffer[FORTUNA_MAX_SZ];
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
sqlcipher_memset(random_buffer, 0, FORTUNA_MAX_SZ);
if(ltc_init == 0) {
if(register_prng(&fortuna_desc) < 0) return SQLITE_ERROR;
if(register_cipher(&rijndael_desc) < 0) return SQLITE_ERROR;
if(register_hash(&sha512_desc) < 0) return SQLITE_ERROR;
if(register_hash(&sha256_desc) < 0) return SQLITE_ERROR;
if(register_hash(&sha1_desc) < 0) return SQLITE_ERROR;
if(fortuna_start(&prng) != CRYPT_OK) {
return SQLITE_ERROR;
}
ltc_init = 1;
}
ltc_ref_count++;
#ifndef SQLCIPHER_TEST
tdsqlite3_randomness(FORTUNA_MAX_SZ, random_buffer);
#endif
if(sqlcipher_ltc_add_random(ctx, random_buffer, FORTUNA_MAX_SZ) != SQLITE_OK) {
return SQLITE_ERROR;
}
sqlcipher_memset(random_buffer, 0, FORTUNA_MAX_SZ);
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
return SQLITE_OK;
}
static int sqlcipher_ltc_deactivate(void *ctx) {
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
ltc_ref_count--;
if(ltc_ref_count == 0){
fortuna_done(&prng);
sqlcipher_memset((void *)&prng, 0, sizeof(prng));
}
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
return SQLITE_OK;
}
static const char* sqlcipher_ltc_get_provider_name(void *ctx) {
return "libtomcrypt";
}
static const char* sqlcipher_ltc_get_provider_version(void *ctx) {
return SCRYPT;
}
static int sqlcipher_ltc_random(void *ctx, void *buffer, int length) {
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND\n");
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND\n");
fortuna_read(buffer, length, &prng);
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND\n");
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: left SQLCIPHER_MUTEX_PROVIDER_RAND\n");
return SQLITE_OK;
}
static int sqlcipher_ltc_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
int rc, hash_idx;
hmac_state hmac;
unsigned long outlen;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
hash_idx = find_hash("sha1");
break;
case SQLCIPHER_HMAC_SHA256:
hash_idx = find_hash("sha256");
break;
case SQLCIPHER_HMAC_SHA512:
hash_idx = find_hash("sha512");
break;
default:
return SQLITE_ERROR;
}
if(hash_idx < 0) return SQLITE_ERROR;
outlen = hash_descriptor[hash_idx].hashsize;
if(in == NULL) return SQLITE_ERROR;
if((rc = hmac_init(&hmac, hash_idx, hmac_key, key_sz)) != CRYPT_OK) return SQLITE_ERROR;
if((rc = hmac_process(&hmac, in, in_sz)) != CRYPT_OK) return SQLITE_ERROR;
if(in2 != NULL && (rc = hmac_process(&hmac, in2, in2_sz)) != CRYPT_OK) return SQLITE_ERROR;
if((rc = hmac_done(&hmac, out, &outlen)) != CRYPT_OK) return SQLITE_ERROR;
return SQLITE_OK;
}
static int sqlcipher_ltc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
int rc, hash_idx;
unsigned long outlen = key_sz;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
hash_idx = find_hash("sha1");
break;
case SQLCIPHER_HMAC_SHA256:
hash_idx = find_hash("sha256");
break;
case SQLCIPHER_HMAC_SHA512:
hash_idx = find_hash("sha512");
break;
default:
return SQLITE_ERROR;
}
if(hash_idx < 0) return SQLITE_ERROR;
if((rc = pkcs_5_alg2(pass, pass_sz, salt, salt_sz,
workfactor, hash_idx, key, &outlen)) != CRYPT_OK) {
return SQLITE_ERROR;
}
return SQLITE_OK;
}
static const char* sqlcipher_ltc_get_cipher(void *ctx) {
return "aes-256-cbc";
}
static int sqlcipher_ltc_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
int rc, cipher_idx;
symmetric_CBC cbc;
if((cipher_idx = find_cipher(LTC_CIPHER)) == -1) return SQLITE_ERROR;
if((rc = cbc_start(cipher_idx, iv, key, key_sz, 0, &cbc)) != CRYPT_OK) return SQLITE_ERROR;
rc = mode == 1 ? cbc_encrypt(in, out, in_sz, &cbc) : cbc_decrypt(in, out, in_sz, &cbc);
if(rc != CRYPT_OK) return SQLITE_ERROR;
cbc_done(&cbc);
return SQLITE_OK;
}
static int sqlcipher_ltc_get_key_sz(void *ctx) {
int cipher_idx = find_cipher(LTC_CIPHER);
return cipher_descriptor[cipher_idx].max_key_length;
}
static int sqlcipher_ltc_get_iv_sz(void *ctx) {
int cipher_idx = find_cipher(LTC_CIPHER);
return cipher_descriptor[cipher_idx].block_length;
}
static int sqlcipher_ltc_get_block_sz(void *ctx) {
int cipher_idx = find_cipher(LTC_CIPHER);
return cipher_descriptor[cipher_idx].block_length;
}
static int sqlcipher_ltc_get_hmac_sz(void *ctx, int algorithm) {
int hash_idx;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
hash_idx = find_hash("sha1");
break;
case SQLCIPHER_HMAC_SHA256:
hash_idx = find_hash("sha256");
break;
case SQLCIPHER_HMAC_SHA512:
hash_idx = find_hash("sha512");
break;
default:
return 0;
}
if(hash_idx < 0) return 0;
return hash_descriptor[hash_idx].hashsize;
}
static int sqlcipher_ltc_ctx_init(void **ctx) {
sqlcipher_ltc_activate(NULL);
return SQLITE_OK;
}
static int sqlcipher_ltc_ctx_free(void **ctx) {
sqlcipher_ltc_deactivate(&ctx);
return SQLITE_OK;
}
static int sqlcipher_ltc_fips_status(void *ctx) {
return 0;
}
int sqlcipher_ltc_setup(sqlcipher_provider *p) {
p->activate = sqlcipher_ltc_activate;
p->deactivate = sqlcipher_ltc_deactivate;
p->get_provider_name = sqlcipher_ltc_get_provider_name;
p->random = sqlcipher_ltc_random;
p->hmac = sqlcipher_ltc_hmac;
p->kdf = sqlcipher_ltc_kdf;
p->cipher = sqlcipher_ltc_cipher;
p->get_cipher = sqlcipher_ltc_get_cipher;
p->get_key_sz = sqlcipher_ltc_get_key_sz;
p->get_iv_sz = sqlcipher_ltc_get_iv_sz;
p->get_block_sz = sqlcipher_ltc_get_block_sz;
p->get_hmac_sz = sqlcipher_ltc_get_hmac_sz;
p->ctx_init = sqlcipher_ltc_ctx_init;
p->ctx_free = sqlcipher_ltc_ctx_free;
p->add_random = sqlcipher_ltc_add_random;
p->fips_status = sqlcipher_ltc_fips_status;
p->get_provider_version = sqlcipher_ltc_get_provider_version;
return SQLITE_OK;
}
#endif
#endif
/* END SQLCIPHER */
/************** End of crypto_libtomcrypt.c **********************************/
/************** Begin file crypto_nss.c **************************************/
/*
** SQLCipher
** http://sqlcipher.net
**
** Copyright (c) 2008 - 2013, ZETETIC LLC
** All rights reserved.
**
** Redistribution and use in source and binary forms, with or without
** modification, are permitted provided that the following conditions are met:
** * Redistributions of source code must retain the above copyright
** notice, this list of conditions and the following disclaimer.
** * Redistributions in binary form must reproduce the above copyright
** notice, this list of conditions and the following disclaimer in the
** documentation and/or other materials provided with the distribution.
** * Neither the name of the ZETETIC LLC nor the
** names of its contributors may be used to endorse or promote products
** derived from this software without specific prior written permission.
**
** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
**
*/
/* BEGIN SQLCIPHER */
#ifdef SQLITE_HAS_CODEC
#ifdef SQLCIPHER_CRYPTO_NSS
/* #include "crypto.h" */
/* #include "sqlcipher.h" */
#include <nss/blapit.h>
#include <nss/nss.h>
#include <nss/pk11pub.h>
static NSSInitContext* nss_init_context = NULL;
static unsigned int nss_init_count = 0;
int sqlcipher_nss_setup(sqlcipher_provider *p);
static int sqlcipher_nss_activate(void *ctx) {
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
if (nss_init_context == NULL) {
nss_init_context = NSS_InitContext("", "", "", "", NULL,
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
NSS_INIT_FORCEOPEN | NSS_INIT_OPTIMIZESPACE | NSS_INIT_NOROOTINIT);
}
nss_init_count++;
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
return SQLITE_OK;
}
static int sqlcipher_nss_deactivate(void *ctx) {
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
nss_init_count--;
if (nss_init_count == 0 && nss_init_context != NULL) {
NSS_ShutdownContext(nss_init_context);
nss_init_context = NULL;
}
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
return SQLITE_OK;
}
static int sqlcipher_nss_add_random(void *ctx, void *buffer, int length) {
return SQLITE_OK;
}
/* generate a defined number of random bytes */
static int sqlcipher_nss_random (void *ctx, void *buffer, int length) {
// PK11_GenerateRandom should be thread-safe.
return (PK11_GenerateRandom((unsigned char *)buffer, length) == SECSuccess) ? SQLITE_OK : SQLITE_ERROR;
}
static const char* sqlcipher_nss_get_provider_name(void *ctx) {
return "nss";
}
static const char* sqlcipher_nss_get_provider_version(void *ctx) {
return NSS_GetVersion();
}
static const char* sqlcipher_nss_get_cipher(void *ctx) {
return "aes-256-cbc";
}
static int sqlcipher_nss_get_key_sz(void *ctx) {
return AES_256_KEY_LENGTH;
}
static int sqlcipher_nss_get_iv_sz(void *ctx) {
return AES_BLOCK_SIZE;
}
static int sqlcipher_nss_get_block_sz(void *ctx) {
return AES_BLOCK_SIZE;
}
static int sqlcipher_nss_get_hmac_sz(void *ctx, int algorithm) {
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
return SHA1_LENGTH;
break;
case SQLCIPHER_HMAC_SHA256:
return SHA256_LENGTH;
break;
case SQLCIPHER_HMAC_SHA512:
return SHA512_LENGTH;
break;
default:
return 0;
}
}
static int sqlcipher_nss_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
int rc = SQLITE_OK;
unsigned int length;
unsigned int outLen;
PK11Context* context = NULL;
PK11SlotInfo * slot = NULL;
PK11SymKey* symKey = NULL;
if(in == NULL) goto error;
CK_MECHANISM_TYPE mech;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
mech = CKM_SHA_1_HMAC;
break;
case SQLCIPHER_HMAC_SHA256:
mech = CKM_SHA256_HMAC;
break;
case SQLCIPHER_HMAC_SHA512:
mech = CKM_SHA512_HMAC;
break;
default:
goto error;
}
length = sqlcipher_nss_get_hmac_sz(ctx, algorithm);
slot = PK11_GetInternalSlot();
if (slot == NULL) goto error;
SECItem keyItem;
keyItem.data = hmac_key;
keyItem.len = key_sz;
symKey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
CKA_SIGN, &keyItem, NULL);
if (symKey == NULL) goto error;
SECItem noParams;
noParams.data = 0;
noParams.len = 0;
context = PK11_CreateContextBySymKey(mech, CKA_SIGN, symKey, &noParams);
if (context == NULL) goto error;
if (PK11_DigestBegin(context) != SECSuccess) goto error;
if (PK11_DigestOp(context, in, in_sz) != SECSuccess) goto error;
if (in2 != NULL) {
if (PK11_DigestOp(context, in2, in2_sz) != SECSuccess) goto error;
}
if (PK11_DigestFinal(context, out, &outLen, length) != SECSuccess) goto error;
goto cleanup;
error:
rc = SQLITE_ERROR;
cleanup:
if (context) PK11_DestroyContext(context, PR_TRUE);
if (symKey) PK11_FreeSymKey(symKey);
if (slot) PK11_FreeSlot(slot);
return rc;
}
static int sqlcipher_nss_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
int rc = SQLITE_OK;
PK11SlotInfo * slot = NULL;
SECAlgorithmID * algid = NULL;
PK11SymKey* symKey = NULL;
SECOidTag oidtag;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
oidtag = SEC_OID_HMAC_SHA1;
break;
case SQLCIPHER_HMAC_SHA256:
oidtag = SEC_OID_HMAC_SHA256;
break;
case SQLCIPHER_HMAC_SHA512:
oidtag = SEC_OID_HMAC_SHA512;
break;
default:
goto error;
}
SECItem secSalt;
secSalt.data = salt;
secSalt.len = salt_sz;
// Always pass SEC_OID_HMAC_SHA1 (i.e. PBMAC1) as this parameter
// is unused for key generation. It is currently only used
// for PBKDF2 authentication or key (un)wrapping when specifying an
// encryption algorithm (PBES2).
algid = PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, SEC_OID_HMAC_SHA1,
oidtag, key_sz, workfactor, &secSalt);
if (algid == NULL) goto error;
slot = PK11_GetInternalSlot();
if (slot == NULL) goto error;
SECItem pwItem;
pwItem.data = (unsigned char *) pass; // PK11_PBEKeyGen doesn't modify the key.
pwItem.len = pass_sz;
symKey = PK11_PBEKeyGen(slot, algid, &pwItem, PR_FALSE, NULL);
if (symKey == NULL) goto error;
if (PK11_ExtractKeyValue(symKey) != SECSuccess) goto error;
// No need to free keyData as it is a buffer managed by symKey.
SECItem* keyData = PK11_GetKeyData(symKey);
if (keyData == NULL) goto error;
memcpy(key, keyData->data, key_sz);
goto cleanup;
error:
rc = SQLITE_ERROR;
cleanup:
if (slot) PK11_FreeSlot(slot);
if (algid) SECOID_DestroyAlgorithmID(algid, PR_TRUE);
if (symKey) PK11_FreeSymKey(symKey);
return rc;
}
static int sqlcipher_nss_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
int rc = SQLITE_OK;
PK11SlotInfo * slot = NULL;
PK11SymKey* symKey = NULL;
unsigned int outLen;
SECItem params;
params.data = iv;
params.len = sqlcipher_nss_get_iv_sz(ctx);
slot = PK11_GetInternalSlot();
if (slot == NULL) goto error;
SECItem keyItem;
keyItem.data = key;
keyItem.len = key_sz;
symKey = PK11_ImportSymKey(slot, CKM_AES_CBC, PK11_OriginUnwrap,
CKA_ENCRYPT, &keyItem, NULL);
if (symKey == NULL) goto error;
SECStatus rv;
if (mode == CIPHER_ENCRYPT) {
rv = PK11_Encrypt(symKey, CKM_AES_CBC, &params, out, &outLen,
in_sz + 16, in, in_sz);
} else {
rv = PK11_Decrypt(symKey, CKM_AES_CBC, &params, out, &outLen,
in_sz + 16, in, in_sz);
}
if (rv != SECSuccess) goto error;
goto cleanup;
error:
rc = SQLITE_ERROR;
cleanup:
if (slot) PK11_FreeSlot(slot);
if (symKey) PK11_FreeSymKey(symKey);
return rc;
}
static int sqlcipher_nss_ctx_init(void **ctx) {
sqlcipher_nss_activate(NULL);
return SQLITE_OK;
}
static int sqlcipher_nss_ctx_free(void **ctx) {
sqlcipher_nss_deactivate(NULL);
return SQLITE_OK;
}
static int sqlcipher_nss_fips_status(void *ctx) {
return 0;
}
int sqlcipher_nss_setup(sqlcipher_provider *p) {
p->activate = sqlcipher_nss_activate;
p->deactivate = sqlcipher_nss_deactivate;
p->random = sqlcipher_nss_random;
p->get_provider_name = sqlcipher_nss_get_provider_name;
p->hmac = sqlcipher_nss_hmac;
p->kdf = sqlcipher_nss_kdf;
p->cipher = sqlcipher_nss_cipher;
p->get_cipher = sqlcipher_nss_get_cipher;
p->get_key_sz = sqlcipher_nss_get_key_sz;
p->get_iv_sz = sqlcipher_nss_get_iv_sz;
p->get_block_sz = sqlcipher_nss_get_block_sz;
p->get_hmac_sz = sqlcipher_nss_get_hmac_sz;
p->ctx_init = sqlcipher_nss_ctx_init;
p->ctx_free = sqlcipher_nss_ctx_free;
p->add_random = sqlcipher_nss_add_random;
p->fips_status = sqlcipher_nss_fips_status;
p->get_provider_version = sqlcipher_nss_get_provider_version;
return SQLITE_OK;
}
#endif
#endif
/* END SQLCIPHER */
/************** End of crypto_nss.c ******************************************/
/************** Begin file crypto_openssl.c **********************************/ /************** Begin file crypto_openssl.c **********************************/
/* /*
** SQLCipher ** SQLCipher
@ -24746,7 +24083,6 @@ int sqlcipher_nss_setup(sqlcipher_provider *p) {
*/ */
/* BEGIN SQLCIPHER */ /* BEGIN SQLCIPHER */
#ifdef SQLITE_HAS_CODEC #ifdef SQLITE_HAS_CODEC
#ifdef SQLCIPHER_CRYPTO_OPENSSL
/* #include "sqliteInt.h" */ /* #include "sqliteInt.h" */
/* #include "crypto.h" */ /* #include "crypto.h" */
/* #include "sqlcipher.h" */ /* #include "sqlcipher.h" */
@ -25076,7 +24412,7 @@ static int sqlcipher_openssl_fips_status(void *ctx) {
#endif #endif
} }
int sqlcipher_openssl_setup(sqlcipher_provider *p) { SQLITE_PRIVATE int sqlcipher_openssl_setup(sqlcipher_provider *p) {
p->activate = sqlcipher_openssl_activate; p->activate = sqlcipher_openssl_activate;
p->deactivate = sqlcipher_openssl_deactivate; p->deactivate = sqlcipher_openssl_deactivate;
p->get_provider_name = sqlcipher_openssl_get_provider_name; p->get_provider_name = sqlcipher_openssl_get_provider_name;
@ -25097,204 +24433,44 @@ int sqlcipher_openssl_setup(sqlcipher_provider *p) {
return SQLITE_OK; return SQLITE_OK;
} }
void sqlcipher_activate() {
CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
/* allocate new mutexes */
if(sqlcipher_activate_count == 0) {
int i;
for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
sqlcipher_static_mutex[i] = tdsqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
}
}
/* check to see if there is a provider registered at this point
if there no provider registered at this point, register the
default provider */
if(sqlcipher_get_provider() == NULL) {
sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
sqlcipher_openssl_setup(p);
CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
#ifdef SQLCIPHER_EXT
sqlcipher_ext_provider_setup(p);
#endif #endif
sqlcipher_register_provider(p);
CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
}
sqlcipher_activate_count++; /* increment activation count */
CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
tdsqlite3_mutex_leave(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
}
#endif #endif
/* END SQLCIPHER */ /* END SQLCIPHER */
/************** End of crypto_openssl.c **************************************/ /************** End of crypto_openssl.c **************************************/
/************** Begin file crypto_cc.c ***************************************/
/*
** SQLCipher
** http://sqlcipher.net
**
** Copyright (c) 2008 - 2013, ZETETIC LLC
** All rights reserved.
**
** Redistribution and use in source and binary forms, with or without
** modification, are permitted provided that the following conditions are met:
** * Redistributions of source code must retain the above copyright
** notice, this list of conditions and the following disclaimer.
** * Redistributions in binary form must reproduce the above copyright
** notice, this list of conditions and the following disclaimer in the
** documentation and/or other materials provided with the distribution.
** * Neither the name of the ZETETIC LLC nor the
** names of its contributors may be used to endorse or promote products
** derived from this software without specific prior written permission.
**
** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
**
*/
/* BEGIN SQLCIPHER */
#ifdef SQLITE_HAS_CODEC
#ifdef SQLCIPHER_CRYPTO_CC
/* #include "crypto.h" */
/* #include "sqlcipher.h" */
#include <CommonCrypto/CommonCrypto.h>
#include <Security/SecRandom.h>
#include <CoreFoundation/CoreFoundation.h>
int sqlcipher_cc_setup(sqlcipher_provider *p);
static int sqlcipher_cc_add_random(void *ctx, void *buffer, int length) {
return SQLITE_OK;
}
/* generate a defined number of random bytes */
static int sqlcipher_cc_random (void *ctx, void *buffer, int length) {
return (SecRandomCopyBytes(kSecRandomDefault, length, (uint8_t *)buffer) == kCCSuccess) ? SQLITE_OK : SQLITE_ERROR;
}
static const char* sqlcipher_cc_get_provider_name(void *ctx) {
return "commoncrypto";
}
static const char* sqlcipher_cc_get_provider_version(void *ctx) {
#if TARGET_OS_MAC
CFTypeRef version;
CFBundleRef bundle = CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security"));
if(bundle == NULL) {
return "unknown";
}
version = CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("CFBundleShortVersionString"));
return CFStringGetCStringPtr(version, kCFStringEncodingUTF8);
#else
return "unknown";
#endif
}
static int sqlcipher_cc_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
CCHmacContext hmac_context;
if(in == NULL) return SQLITE_ERROR;
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
CCHmacInit(&hmac_context, kCCHmacAlgSHA1, hmac_key, key_sz);
break;
case SQLCIPHER_HMAC_SHA256:
CCHmacInit(&hmac_context, kCCHmacAlgSHA256, hmac_key, key_sz);
break;
case SQLCIPHER_HMAC_SHA512:
CCHmacInit(&hmac_context, kCCHmacAlgSHA512, hmac_key, key_sz);
break;
default:
return SQLITE_ERROR;
}
CCHmacUpdate(&hmac_context, in, in_sz);
if(in2 != NULL) CCHmacUpdate(&hmac_context, in2, in2_sz);
CCHmacFinal(&hmac_context, out);
return SQLITE_OK;
}
static int sqlcipher_cc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA1, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
break;
case SQLCIPHER_HMAC_SHA256:
if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA256, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
break;
case SQLCIPHER_HMAC_SHA512:
if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA512, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
break;
default:
return SQLITE_ERROR;
}
return SQLITE_OK;
}
static int sqlcipher_cc_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
CCCryptorRef cryptor;
size_t tmp_csz, csz;
CCOperation op = mode == CIPHER_ENCRYPT ? kCCEncrypt : kCCDecrypt;
if(CCCryptorCreate(op, kCCAlgorithmAES128, 0, key, kCCKeySizeAES256, iv, &cryptor) != kCCSuccess) return SQLITE_ERROR;
if(CCCryptorUpdate(cryptor, in, in_sz, out, in_sz, &tmp_csz) != kCCSuccess) return SQLITE_ERROR;
csz = tmp_csz;
out += tmp_csz;
if(CCCryptorFinal(cryptor, out, in_sz - csz, &tmp_csz) != kCCSuccess) return SQLITE_ERROR;
csz += tmp_csz;
if(CCCryptorRelease(cryptor) != kCCSuccess) return SQLITE_ERROR;
assert(in_sz == csz);
return SQLITE_OK;
}
static const char* sqlcipher_cc_get_cipher(void *ctx) {
return "aes-256-cbc";
}
static int sqlcipher_cc_get_key_sz(void *ctx) {
return kCCKeySizeAES256;
}
static int sqlcipher_cc_get_iv_sz(void *ctx) {
return kCCBlockSizeAES128;
}
static int sqlcipher_cc_get_block_sz(void *ctx) {
return kCCBlockSizeAES128;
}
static int sqlcipher_cc_get_hmac_sz(void *ctx, int algorithm) {
switch(algorithm) {
case SQLCIPHER_HMAC_SHA1:
return CC_SHA1_DIGEST_LENGTH;
break;
case SQLCIPHER_HMAC_SHA256:
return CC_SHA256_DIGEST_LENGTH;
break;
case SQLCIPHER_HMAC_SHA512:
return CC_SHA512_DIGEST_LENGTH;
break;
default:
return 0;
}
}
static int sqlcipher_cc_ctx_init(void **ctx) {
return SQLITE_OK;
}
static int sqlcipher_cc_ctx_free(void **ctx) {
return SQLITE_OK;
}
static int sqlcipher_cc_fips_status(void *ctx) {
return 0;
}
int sqlcipher_cc_setup(sqlcipher_provider *p) {
p->random = sqlcipher_cc_random;
p->get_provider_name = sqlcipher_cc_get_provider_name;
p->hmac = sqlcipher_cc_hmac;
p->kdf = sqlcipher_cc_kdf;
p->cipher = sqlcipher_cc_cipher;
p->get_cipher = sqlcipher_cc_get_cipher;
p->get_key_sz = sqlcipher_cc_get_key_sz;
p->get_iv_sz = sqlcipher_cc_get_iv_sz;
p->get_block_sz = sqlcipher_cc_get_block_sz;
p->get_hmac_sz = sqlcipher_cc_get_hmac_sz;
p->ctx_init = sqlcipher_cc_ctx_init;
p->ctx_free = sqlcipher_cc_ctx_free;
p->add_random = sqlcipher_cc_add_random;
p->fips_status = sqlcipher_cc_fips_status;
p->get_provider_version = sqlcipher_cc_get_provider_version;
return SQLITE_OK;
}
#endif
#endif
/* END SQLCIPHER */
/************** End of crypto_cc.c *******************************************/
/************** Begin file global.c ******************************************/ /************** Begin file global.c ******************************************/
/* /*
** 2008 June 13 ** 2008 June 13
@ -32418,7 +31594,6 @@ SQLITE_PRIVATE int tdsqlite3MallocInit(void){
that will wipe all memory allocated by SQLite that will wipe all memory allocated by SQLite
when freed */ when freed */
if( rc==SQLITE_OK ) { if( rc==SQLITE_OK ) {
extern void sqlcipher_init_memmethods(void);
sqlcipher_init_memmethods(); sqlcipher_init_memmethods();
} }
#endif #endif
@ -79198,8 +78373,6 @@ SQLITE_API tdsqlite3_backup *tdsqlite3_backup_init(
/* BEGIN SQLCIPHER */ /* BEGIN SQLCIPHER */
#ifdef SQLITE_HAS_CODEC #ifdef SQLITE_HAS_CODEC
{ {
extern int sqlcipher_find_db_index(tdsqlite3*, const char*);
extern void tdsqlite3CodecGetKey(tdsqlite3*, int, void**, int*);
int srcNKey, destNKey; int srcNKey, destNKey;
void *zKey; void *zKey;
@ -121902,7 +121075,6 @@ SQLITE_PRIVATE void tdsqlite3RegisterPerConnectionBuiltinFunctions(tdsqlite3 *db
#ifdef SQLITE_HAS_CODEC #ifdef SQLITE_HAS_CODEC
#ifndef OMIT_EXPORT #ifndef OMIT_EXPORT
{ {
extern void sqlcipher_exportFunc(tdsqlite3_context *, int, tdsqlite3_value **);
tdsqlite3CreateFunc(db, "sqlcipher_export", -1, SQLITE_TEXT, 0, sqlcipher_exportFunc, 0, 0, 0, 0, 0); tdsqlite3CreateFunc(db, "sqlcipher_export", -1, SQLITE_TEXT, 0, sqlcipher_exportFunc, 0, 0, 0, 0, 0);
} }
#endif #endif
@ -129173,11 +128345,6 @@ SQLITE_PRIVATE void tdsqlite3Pragma(
Db *pDb; /* The specific database being pragmaed */ Db *pDb; /* The specific database being pragmaed */
Vdbe *v = tdsqlite3GetVdbe(pParse); /* Prepared statement */ Vdbe *v = tdsqlite3GetVdbe(pParse); /* Prepared statement */
const PragmaName *pPragma; /* The pragma */ const PragmaName *pPragma; /* The pragma */
/* BEGIN SQLCIPHER */
#ifdef SQLITE_HAS_CODEC
extern int sqlcipher_codec_pragma(tdsqlite3*, int, Parse *, const char *, const char *);
#endif
/* END SQLCIPHER */
if( v==0 ) return; if( v==0 ) return;
tdsqlite3VdbeRunOnlyOnce(v); tdsqlite3VdbeRunOnlyOnce(v);