Make sqlcipher_openssl_setup static and remove code for other providers.
This commit is contained in:
parent
824631b5be
commit
ecfd1dacd3
901
sqlite/sqlite/sqlite3.c
vendored
901
sqlite/sqlite/sqlite3.c
vendored
@ -21110,13 +21110,6 @@ SQLITE_API int tdsqlite3pager_is_mj_pgno(Pager*, Pgno);
|
|||||||
SQLITE_API void tdsqlite3pager_error(Pager*, int);
|
SQLITE_API void tdsqlite3pager_error(Pager*, int);
|
||||||
SQLITE_API void tdsqlite3pager_reset(Pager *pPager);
|
SQLITE_API void tdsqlite3pager_reset(Pager *pPager);
|
||||||
|
|
||||||
#if !defined (SQLCIPHER_CRYPTO_CC) \
|
|
||||||
&& !defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT) \
|
|
||||||
&& !defined (SQLCIPHER_CRYPTO_NSS) \
|
|
||||||
&& !defined (SQLCIPHER_CRYPTO_OPENSSL)
|
|
||||||
#define SQLCIPHER_CRYPTO_OPENSSL
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define FILE_HEADER_SZ 16
|
#define FILE_HEADER_SZ 16
|
||||||
|
|
||||||
#define CIPHER_XSTR(s) CIPHER_STR(s)
|
#define CIPHER_XSTR(s) CIPHER_STR(s)
|
||||||
@ -22680,54 +22673,6 @@ sqlcipher_provider* sqlcipher_get_provider() {
|
|||||||
return default_provider;
|
return default_provider;
|
||||||
}
|
}
|
||||||
|
|
||||||
void sqlcipher_activate() {
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
|
|
||||||
tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
|
|
||||||
|
|
||||||
/* allocate new mutexes */
|
|
||||||
if(sqlcipher_activate_count == 0) {
|
|
||||||
int i;
|
|
||||||
for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
|
|
||||||
sqlcipher_static_mutex[i] = tdsqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/* check to see if there is a provider registered at this point
|
|
||||||
if there no provider registered at this point, register the
|
|
||||||
default provider */
|
|
||||||
if(sqlcipher_get_provider() == NULL) {
|
|
||||||
sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
|
|
||||||
#if defined (SQLCIPHER_CRYPTO_CC)
|
|
||||||
extern int sqlcipher_cc_setup(sqlcipher_provider *p);
|
|
||||||
sqlcipher_cc_setup(p);
|
|
||||||
#elif defined (SQLCIPHER_CRYPTO_LIBTOMCRYPT)
|
|
||||||
extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
|
|
||||||
sqlcipher_ltc_setup(p);
|
|
||||||
#elif defined (SQLCIPHER_CRYPTO_NSS)
|
|
||||||
extern int sqlcipher_nss_setup(sqlcipher_provider *p);
|
|
||||||
sqlcipher_nss_setup(p);
|
|
||||||
#elif defined (SQLCIPHER_CRYPTO_OPENSSL)
|
|
||||||
extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
|
|
||||||
sqlcipher_openssl_setup(p);
|
|
||||||
#else
|
|
||||||
#error "NO DEFAULT SQLCIPHER CRYPTO PROVIDER DEFINED"
|
|
||||||
#endif
|
|
||||||
CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
|
|
||||||
#ifdef SQLCIPHER_EXT
|
|
||||||
sqlcipher_ext_provider_setup(p);
|
|
||||||
#endif
|
|
||||||
sqlcipher_register_provider(p);
|
|
||||||
CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
|
|
||||||
}
|
|
||||||
|
|
||||||
sqlcipher_activate_count++; /* increment activation count */
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
|
|
||||||
tdsqlite3_mutex_leave(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
void sqlcipher_deactivate() {
|
void sqlcipher_deactivate() {
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n");
|
CODEC_TRACE_MUTEX("sqlcipher_deactivate: entering static master mutex\n");
|
||||||
tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
|
tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
|
||||||
@ -24105,614 +24050,6 @@ const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) {
|
|||||||
/* END SQLCIPHER */
|
/* END SQLCIPHER */
|
||||||
|
|
||||||
/************** End of crypto_impl.c *****************************************/
|
/************** End of crypto_impl.c *****************************************/
|
||||||
/************** Begin file crypto_libtomcrypt.c ******************************/
|
|
||||||
/*
|
|
||||||
** SQLCipher
|
|
||||||
** http://sqlcipher.net
|
|
||||||
**
|
|
||||||
** Copyright (c) 2008 - 2013, ZETETIC LLC
|
|
||||||
** All rights reserved.
|
|
||||||
**
|
|
||||||
** Redistribution and use in source and binary forms, with or without
|
|
||||||
** modification, are permitted provided that the following conditions are met:
|
|
||||||
** * Redistributions of source code must retain the above copyright
|
|
||||||
** notice, this list of conditions and the following disclaimer.
|
|
||||||
** * Redistributions in binary form must reproduce the above copyright
|
|
||||||
** notice, this list of conditions and the following disclaimer in the
|
|
||||||
** documentation and/or other materials provided with the distribution.
|
|
||||||
** * Neither the name of the ZETETIC LLC nor the
|
|
||||||
** names of its contributors may be used to endorse or promote products
|
|
||||||
** derived from this software without specific prior written permission.
|
|
||||||
**
|
|
||||||
** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
|
|
||||||
** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
||||||
** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
||||||
** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
|
|
||||||
** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
||||||
** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
||||||
** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
||||||
** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
||||||
** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
**
|
|
||||||
*/
|
|
||||||
/* BEGIN SQLCIPHER */
|
|
||||||
#ifdef SQLITE_HAS_CODEC
|
|
||||||
#ifdef SQLCIPHER_CRYPTO_LIBTOMCRYPT
|
|
||||||
/* #include "sqliteInt.h" */
|
|
||||||
/* #include "sqlcipher.h" */
|
|
||||||
#include <tomcrypt.h>
|
|
||||||
|
|
||||||
#define FORTUNA_MAX_SZ 32
|
|
||||||
static prng_state prng;
|
|
||||||
static volatile unsigned int ltc_init = 0;
|
|
||||||
static volatile unsigned int ltc_ref_count = 0;
|
|
||||||
|
|
||||||
#define LTC_CIPHER "rijndael"
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_add_random(void *ctx, void *buffer, int length) {
|
|
||||||
int rc = 0;
|
|
||||||
int data_to_read = length;
|
|
||||||
int block_sz = data_to_read < FORTUNA_MAX_SZ ? data_to_read : FORTUNA_MAX_SZ;
|
|
||||||
const unsigned char * data = (const unsigned char *)buffer;
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
|
|
||||||
while(data_to_read > 0){
|
|
||||||
rc = fortuna_add_entropy(data, block_sz, &prng);
|
|
||||||
rc = rc != CRYPT_OK ? SQLITE_ERROR : SQLITE_OK;
|
|
||||||
if(rc != SQLITE_OK){
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
data_to_read -= block_sz;
|
|
||||||
data += block_sz;
|
|
||||||
block_sz = data_to_read < FORTUNA_MAX_SZ ? data_to_read : FORTUNA_MAX_SZ;
|
|
||||||
}
|
|
||||||
fortuna_ready(&prng);
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_add_random: left SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_activate(void *ctx) {
|
|
||||||
unsigned char random_buffer[FORTUNA_MAX_SZ];
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
|
|
||||||
sqlcipher_memset(random_buffer, 0, FORTUNA_MAX_SZ);
|
|
||||||
if(ltc_init == 0) {
|
|
||||||
if(register_prng(&fortuna_desc) < 0) return SQLITE_ERROR;
|
|
||||||
if(register_cipher(&rijndael_desc) < 0) return SQLITE_ERROR;
|
|
||||||
if(register_hash(&sha512_desc) < 0) return SQLITE_ERROR;
|
|
||||||
if(register_hash(&sha256_desc) < 0) return SQLITE_ERROR;
|
|
||||||
if(register_hash(&sha1_desc) < 0) return SQLITE_ERROR;
|
|
||||||
if(fortuna_start(&prng) != CRYPT_OK) {
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ltc_init = 1;
|
|
||||||
}
|
|
||||||
ltc_ref_count++;
|
|
||||||
|
|
||||||
#ifndef SQLCIPHER_TEST
|
|
||||||
tdsqlite3_randomness(FORTUNA_MAX_SZ, random_buffer);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(sqlcipher_ltc_add_random(ctx, random_buffer, FORTUNA_MAX_SZ) != SQLITE_OK) {
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
sqlcipher_memset(random_buffer, 0, FORTUNA_MAX_SZ);
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_deactivate(void *ctx) {
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
|
|
||||||
ltc_ref_count--;
|
|
||||||
if(ltc_ref_count == 0){
|
|
||||||
fortuna_done(&prng);
|
|
||||||
sqlcipher_memset((void *)&prng, 0, sizeof(prng));
|
|
||||||
}
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_deactivate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_ltc_get_provider_name(void *ctx) {
|
|
||||||
return "libtomcrypt";
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_ltc_get_provider_version(void *ctx) {
|
|
||||||
return SCRYPT;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_random(void *ctx, void *buffer, int length) {
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: entering SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: entered SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
|
|
||||||
fortuna_read(buffer, length, &prng);
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: leaving SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_RAND));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_ltc_random: left SQLCIPHER_MUTEX_PROVIDER_RAND\n");
|
|
||||||
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
|
|
||||||
int rc, hash_idx;
|
|
||||||
hmac_state hmac;
|
|
||||||
unsigned long outlen;
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
hash_idx = find_hash("sha1");
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
hash_idx = find_hash("sha256");
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
hash_idx = find_hash("sha512");
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(hash_idx < 0) return SQLITE_ERROR;
|
|
||||||
outlen = hash_descriptor[hash_idx].hashsize;
|
|
||||||
|
|
||||||
if(in == NULL) return SQLITE_ERROR;
|
|
||||||
if((rc = hmac_init(&hmac, hash_idx, hmac_key, key_sz)) != CRYPT_OK) return SQLITE_ERROR;
|
|
||||||
if((rc = hmac_process(&hmac, in, in_sz)) != CRYPT_OK) return SQLITE_ERROR;
|
|
||||||
if(in2 != NULL && (rc = hmac_process(&hmac, in2, in2_sz)) != CRYPT_OK) return SQLITE_ERROR;
|
|
||||||
if((rc = hmac_done(&hmac, out, &outlen)) != CRYPT_OK) return SQLITE_ERROR;
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
|
|
||||||
int rc, hash_idx;
|
|
||||||
unsigned long outlen = key_sz;
|
|
||||||
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
hash_idx = find_hash("sha1");
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
hash_idx = find_hash("sha256");
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
hash_idx = find_hash("sha512");
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
if(hash_idx < 0) return SQLITE_ERROR;
|
|
||||||
|
|
||||||
if((rc = pkcs_5_alg2(pass, pass_sz, salt, salt_sz,
|
|
||||||
workfactor, hash_idx, key, &outlen)) != CRYPT_OK) {
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_ltc_get_cipher(void *ctx) {
|
|
||||||
return "aes-256-cbc";
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
|
|
||||||
int rc, cipher_idx;
|
|
||||||
symmetric_CBC cbc;
|
|
||||||
|
|
||||||
if((cipher_idx = find_cipher(LTC_CIPHER)) == -1) return SQLITE_ERROR;
|
|
||||||
if((rc = cbc_start(cipher_idx, iv, key, key_sz, 0, &cbc)) != CRYPT_OK) return SQLITE_ERROR;
|
|
||||||
rc = mode == 1 ? cbc_encrypt(in, out, in_sz, &cbc) : cbc_decrypt(in, out, in_sz, &cbc);
|
|
||||||
if(rc != CRYPT_OK) return SQLITE_ERROR;
|
|
||||||
cbc_done(&cbc);
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_get_key_sz(void *ctx) {
|
|
||||||
int cipher_idx = find_cipher(LTC_CIPHER);
|
|
||||||
return cipher_descriptor[cipher_idx].max_key_length;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_get_iv_sz(void *ctx) {
|
|
||||||
int cipher_idx = find_cipher(LTC_CIPHER);
|
|
||||||
return cipher_descriptor[cipher_idx].block_length;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_get_block_sz(void *ctx) {
|
|
||||||
int cipher_idx = find_cipher(LTC_CIPHER);
|
|
||||||
return cipher_descriptor[cipher_idx].block_length;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_get_hmac_sz(void *ctx, int algorithm) {
|
|
||||||
int hash_idx;
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
hash_idx = find_hash("sha1");
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
hash_idx = find_hash("sha256");
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
hash_idx = find_hash("sha512");
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(hash_idx < 0) return 0;
|
|
||||||
|
|
||||||
return hash_descriptor[hash_idx].hashsize;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_ctx_init(void **ctx) {
|
|
||||||
sqlcipher_ltc_activate(NULL);
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_ctx_free(void **ctx) {
|
|
||||||
sqlcipher_ltc_deactivate(&ctx);
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_ltc_fips_status(void *ctx) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int sqlcipher_ltc_setup(sqlcipher_provider *p) {
|
|
||||||
p->activate = sqlcipher_ltc_activate;
|
|
||||||
p->deactivate = sqlcipher_ltc_deactivate;
|
|
||||||
p->get_provider_name = sqlcipher_ltc_get_provider_name;
|
|
||||||
p->random = sqlcipher_ltc_random;
|
|
||||||
p->hmac = sqlcipher_ltc_hmac;
|
|
||||||
p->kdf = sqlcipher_ltc_kdf;
|
|
||||||
p->cipher = sqlcipher_ltc_cipher;
|
|
||||||
p->get_cipher = sqlcipher_ltc_get_cipher;
|
|
||||||
p->get_key_sz = sqlcipher_ltc_get_key_sz;
|
|
||||||
p->get_iv_sz = sqlcipher_ltc_get_iv_sz;
|
|
||||||
p->get_block_sz = sqlcipher_ltc_get_block_sz;
|
|
||||||
p->get_hmac_sz = sqlcipher_ltc_get_hmac_sz;
|
|
||||||
p->ctx_init = sqlcipher_ltc_ctx_init;
|
|
||||||
p->ctx_free = sqlcipher_ltc_ctx_free;
|
|
||||||
p->add_random = sqlcipher_ltc_add_random;
|
|
||||||
p->fips_status = sqlcipher_ltc_fips_status;
|
|
||||||
p->get_provider_version = sqlcipher_ltc_get_provider_version;
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
/* END SQLCIPHER */
|
|
||||||
|
|
||||||
/************** End of crypto_libtomcrypt.c **********************************/
|
|
||||||
/************** Begin file crypto_nss.c **************************************/
|
|
||||||
/*
|
|
||||||
** SQLCipher
|
|
||||||
** http://sqlcipher.net
|
|
||||||
**
|
|
||||||
** Copyright (c) 2008 - 2013, ZETETIC LLC
|
|
||||||
** All rights reserved.
|
|
||||||
**
|
|
||||||
** Redistribution and use in source and binary forms, with or without
|
|
||||||
** modification, are permitted provided that the following conditions are met:
|
|
||||||
** * Redistributions of source code must retain the above copyright
|
|
||||||
** notice, this list of conditions and the following disclaimer.
|
|
||||||
** * Redistributions in binary form must reproduce the above copyright
|
|
||||||
** notice, this list of conditions and the following disclaimer in the
|
|
||||||
** documentation and/or other materials provided with the distribution.
|
|
||||||
** * Neither the name of the ZETETIC LLC nor the
|
|
||||||
** names of its contributors may be used to endorse or promote products
|
|
||||||
** derived from this software without specific prior written permission.
|
|
||||||
**
|
|
||||||
** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
|
|
||||||
** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
||||||
** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
||||||
** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
|
|
||||||
** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
||||||
** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
||||||
** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
||||||
** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
||||||
** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
**
|
|
||||||
*/
|
|
||||||
/* BEGIN SQLCIPHER */
|
|
||||||
#ifdef SQLITE_HAS_CODEC
|
|
||||||
#ifdef SQLCIPHER_CRYPTO_NSS
|
|
||||||
/* #include "crypto.h" */
|
|
||||||
/* #include "sqlcipher.h" */
|
|
||||||
#include <nss/blapit.h>
|
|
||||||
#include <nss/nss.h>
|
|
||||||
#include <nss/pk11pub.h>
|
|
||||||
|
|
||||||
static NSSInitContext* nss_init_context = NULL;
|
|
||||||
static unsigned int nss_init_count = 0;
|
|
||||||
|
|
||||||
int sqlcipher_nss_setup(sqlcipher_provider *p);
|
|
||||||
|
|
||||||
static int sqlcipher_nss_activate(void *ctx) {
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
if (nss_init_context == NULL) {
|
|
||||||
nss_init_context = NSS_InitContext("", "", "", "", NULL,
|
|
||||||
NSS_INIT_READONLY | NSS_INIT_NOCERTDB | NSS_INIT_NOMODDB |
|
|
||||||
NSS_INIT_FORCEOPEN | NSS_INIT_OPTIMIZESPACE | NSS_INIT_NOROOTINIT);
|
|
||||||
}
|
|
||||||
nss_init_count++;
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_deactivate(void *ctx) {
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entering SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_enter(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: entered SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
|
|
||||||
nss_init_count--;
|
|
||||||
if (nss_init_count == 0 && nss_init_context != NULL) {
|
|
||||||
NSS_ShutdownContext(nss_init_context);
|
|
||||||
nss_init_context = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: leaving SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
tdsqlite3_mutex_leave(sqlcipher_mutex(SQLCIPHER_MUTEX_PROVIDER_ACTIVATE));
|
|
||||||
CODEC_TRACE_MUTEX("sqlcipher_nss_activate: left SQLCIPHER_MUTEX_PROVIDER_ACTIVATE\n");
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_add_random(void *ctx, void *buffer, int length) {
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* generate a defined number of random bytes */
|
|
||||||
static int sqlcipher_nss_random (void *ctx, void *buffer, int length) {
|
|
||||||
// PK11_GenerateRandom should be thread-safe.
|
|
||||||
return (PK11_GenerateRandom((unsigned char *)buffer, length) == SECSuccess) ? SQLITE_OK : SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_nss_get_provider_name(void *ctx) {
|
|
||||||
return "nss";
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_nss_get_provider_version(void *ctx) {
|
|
||||||
return NSS_GetVersion();
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_nss_get_cipher(void *ctx) {
|
|
||||||
return "aes-256-cbc";
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_get_key_sz(void *ctx) {
|
|
||||||
return AES_256_KEY_LENGTH;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_get_iv_sz(void *ctx) {
|
|
||||||
return AES_BLOCK_SIZE;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_get_block_sz(void *ctx) {
|
|
||||||
return AES_BLOCK_SIZE;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_get_hmac_sz(void *ctx, int algorithm) {
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
return SHA1_LENGTH;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
return SHA256_LENGTH;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
return SHA512_LENGTH;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
|
|
||||||
int rc = SQLITE_OK;
|
|
||||||
unsigned int length;
|
|
||||||
unsigned int outLen;
|
|
||||||
PK11Context* context = NULL;
|
|
||||||
PK11SlotInfo * slot = NULL;
|
|
||||||
PK11SymKey* symKey = NULL;
|
|
||||||
if(in == NULL) goto error;
|
|
||||||
CK_MECHANISM_TYPE mech;
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
mech = CKM_SHA_1_HMAC;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
mech = CKM_SHA256_HMAC;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
mech = CKM_SHA512_HMAC;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
length = sqlcipher_nss_get_hmac_sz(ctx, algorithm);
|
|
||||||
slot = PK11_GetInternalSlot();
|
|
||||||
if (slot == NULL) goto error;
|
|
||||||
SECItem keyItem;
|
|
||||||
keyItem.data = hmac_key;
|
|
||||||
keyItem.len = key_sz;
|
|
||||||
symKey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap,
|
|
||||||
CKA_SIGN, &keyItem, NULL);
|
|
||||||
if (symKey == NULL) goto error;
|
|
||||||
SECItem noParams;
|
|
||||||
noParams.data = 0;
|
|
||||||
noParams.len = 0;
|
|
||||||
context = PK11_CreateContextBySymKey(mech, CKA_SIGN, symKey, &noParams);
|
|
||||||
if (context == NULL) goto error;
|
|
||||||
if (PK11_DigestBegin(context) != SECSuccess) goto error;
|
|
||||||
if (PK11_DigestOp(context, in, in_sz) != SECSuccess) goto error;
|
|
||||||
if (in2 != NULL) {
|
|
||||||
if (PK11_DigestOp(context, in2, in2_sz) != SECSuccess) goto error;
|
|
||||||
}
|
|
||||||
if (PK11_DigestFinal(context, out, &outLen, length) != SECSuccess) goto error;
|
|
||||||
|
|
||||||
goto cleanup;
|
|
||||||
error:
|
|
||||||
rc = SQLITE_ERROR;
|
|
||||||
cleanup:
|
|
||||||
if (context) PK11_DestroyContext(context, PR_TRUE);
|
|
||||||
if (symKey) PK11_FreeSymKey(symKey);
|
|
||||||
if (slot) PK11_FreeSlot(slot);
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
|
|
||||||
int rc = SQLITE_OK;
|
|
||||||
PK11SlotInfo * slot = NULL;
|
|
||||||
SECAlgorithmID * algid = NULL;
|
|
||||||
PK11SymKey* symKey = NULL;
|
|
||||||
SECOidTag oidtag;
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
oidtag = SEC_OID_HMAC_SHA1;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
oidtag = SEC_OID_HMAC_SHA256;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
oidtag = SEC_OID_HMAC_SHA512;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
goto error;
|
|
||||||
}
|
|
||||||
SECItem secSalt;
|
|
||||||
secSalt.data = salt;
|
|
||||||
secSalt.len = salt_sz;
|
|
||||||
// Always pass SEC_OID_HMAC_SHA1 (i.e. PBMAC1) as this parameter
|
|
||||||
// is unused for key generation. It is currently only used
|
|
||||||
// for PBKDF2 authentication or key (un)wrapping when specifying an
|
|
||||||
// encryption algorithm (PBES2).
|
|
||||||
algid = PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, SEC_OID_HMAC_SHA1,
|
|
||||||
oidtag, key_sz, workfactor, &secSalt);
|
|
||||||
if (algid == NULL) goto error;
|
|
||||||
slot = PK11_GetInternalSlot();
|
|
||||||
if (slot == NULL) goto error;
|
|
||||||
SECItem pwItem;
|
|
||||||
pwItem.data = (unsigned char *) pass; // PK11_PBEKeyGen doesn't modify the key.
|
|
||||||
pwItem.len = pass_sz;
|
|
||||||
symKey = PK11_PBEKeyGen(slot, algid, &pwItem, PR_FALSE, NULL);
|
|
||||||
if (symKey == NULL) goto error;
|
|
||||||
if (PK11_ExtractKeyValue(symKey) != SECSuccess) goto error;
|
|
||||||
// No need to free keyData as it is a buffer managed by symKey.
|
|
||||||
SECItem* keyData = PK11_GetKeyData(symKey);
|
|
||||||
if (keyData == NULL) goto error;
|
|
||||||
memcpy(key, keyData->data, key_sz);
|
|
||||||
|
|
||||||
goto cleanup;
|
|
||||||
error:
|
|
||||||
rc = SQLITE_ERROR;
|
|
||||||
cleanup:
|
|
||||||
if (slot) PK11_FreeSlot(slot);
|
|
||||||
if (algid) SECOID_DestroyAlgorithmID(algid, PR_TRUE);
|
|
||||||
if (symKey) PK11_FreeSymKey(symKey);
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
|
|
||||||
int rc = SQLITE_OK;
|
|
||||||
PK11SlotInfo * slot = NULL;
|
|
||||||
PK11SymKey* symKey = NULL;
|
|
||||||
unsigned int outLen;
|
|
||||||
SECItem params;
|
|
||||||
params.data = iv;
|
|
||||||
params.len = sqlcipher_nss_get_iv_sz(ctx);
|
|
||||||
slot = PK11_GetInternalSlot();
|
|
||||||
if (slot == NULL) goto error;
|
|
||||||
SECItem keyItem;
|
|
||||||
keyItem.data = key;
|
|
||||||
keyItem.len = key_sz;
|
|
||||||
symKey = PK11_ImportSymKey(slot, CKM_AES_CBC, PK11_OriginUnwrap,
|
|
||||||
CKA_ENCRYPT, &keyItem, NULL);
|
|
||||||
if (symKey == NULL) goto error;
|
|
||||||
SECStatus rv;
|
|
||||||
if (mode == CIPHER_ENCRYPT) {
|
|
||||||
rv = PK11_Encrypt(symKey, CKM_AES_CBC, ¶ms, out, &outLen,
|
|
||||||
in_sz + 16, in, in_sz);
|
|
||||||
} else {
|
|
||||||
rv = PK11_Decrypt(symKey, CKM_AES_CBC, ¶ms, out, &outLen,
|
|
||||||
in_sz + 16, in, in_sz);
|
|
||||||
}
|
|
||||||
if (rv != SECSuccess) goto error;
|
|
||||||
|
|
||||||
goto cleanup;
|
|
||||||
error:
|
|
||||||
rc = SQLITE_ERROR;
|
|
||||||
cleanup:
|
|
||||||
if (slot) PK11_FreeSlot(slot);
|
|
||||||
if (symKey) PK11_FreeSymKey(symKey);
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_ctx_init(void **ctx) {
|
|
||||||
sqlcipher_nss_activate(NULL);
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_ctx_free(void **ctx) {
|
|
||||||
sqlcipher_nss_deactivate(NULL);
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_nss_fips_status(void *ctx) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int sqlcipher_nss_setup(sqlcipher_provider *p) {
|
|
||||||
p->activate = sqlcipher_nss_activate;
|
|
||||||
p->deactivate = sqlcipher_nss_deactivate;
|
|
||||||
p->random = sqlcipher_nss_random;
|
|
||||||
p->get_provider_name = sqlcipher_nss_get_provider_name;
|
|
||||||
p->hmac = sqlcipher_nss_hmac;
|
|
||||||
p->kdf = sqlcipher_nss_kdf;
|
|
||||||
p->cipher = sqlcipher_nss_cipher;
|
|
||||||
p->get_cipher = sqlcipher_nss_get_cipher;
|
|
||||||
p->get_key_sz = sqlcipher_nss_get_key_sz;
|
|
||||||
p->get_iv_sz = sqlcipher_nss_get_iv_sz;
|
|
||||||
p->get_block_sz = sqlcipher_nss_get_block_sz;
|
|
||||||
p->get_hmac_sz = sqlcipher_nss_get_hmac_sz;
|
|
||||||
p->ctx_init = sqlcipher_nss_ctx_init;
|
|
||||||
p->ctx_free = sqlcipher_nss_ctx_free;
|
|
||||||
p->add_random = sqlcipher_nss_add_random;
|
|
||||||
p->fips_status = sqlcipher_nss_fips_status;
|
|
||||||
p->get_provider_version = sqlcipher_nss_get_provider_version;
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
/* END SQLCIPHER */
|
|
||||||
|
|
||||||
/************** End of crypto_nss.c ******************************************/
|
|
||||||
/************** Begin file crypto_openssl.c **********************************/
|
/************** Begin file crypto_openssl.c **********************************/
|
||||||
/*
|
/*
|
||||||
** SQLCipher
|
** SQLCipher
|
||||||
@ -24746,7 +24083,6 @@ int sqlcipher_nss_setup(sqlcipher_provider *p) {
|
|||||||
*/
|
*/
|
||||||
/* BEGIN SQLCIPHER */
|
/* BEGIN SQLCIPHER */
|
||||||
#ifdef SQLITE_HAS_CODEC
|
#ifdef SQLITE_HAS_CODEC
|
||||||
#ifdef SQLCIPHER_CRYPTO_OPENSSL
|
|
||||||
/* #include "sqliteInt.h" */
|
/* #include "sqliteInt.h" */
|
||||||
/* #include "crypto.h" */
|
/* #include "crypto.h" */
|
||||||
/* #include "sqlcipher.h" */
|
/* #include "sqlcipher.h" */
|
||||||
@ -25076,7 +24412,7 @@ static int sqlcipher_openssl_fips_status(void *ctx) {
|
|||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
int sqlcipher_openssl_setup(sqlcipher_provider *p) {
|
SQLITE_PRIVATE int sqlcipher_openssl_setup(sqlcipher_provider *p) {
|
||||||
p->activate = sqlcipher_openssl_activate;
|
p->activate = sqlcipher_openssl_activate;
|
||||||
p->deactivate = sqlcipher_openssl_deactivate;
|
p->deactivate = sqlcipher_openssl_deactivate;
|
||||||
p->get_provider_name = sqlcipher_openssl_get_provider_name;
|
p->get_provider_name = sqlcipher_openssl_get_provider_name;
|
||||||
@ -25097,204 +24433,44 @@ int sqlcipher_openssl_setup(sqlcipher_provider *p) {
|
|||||||
return SQLITE_OK;
|
return SQLITE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void sqlcipher_activate() {
|
||||||
|
CODEC_TRACE_MUTEX("sqlcipher_activate: entering static master mutex\n");
|
||||||
|
tdsqlite3_mutex_enter(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
|
||||||
|
CODEC_TRACE_MUTEX("sqlcipher_activate: entered static master mutex\n");
|
||||||
|
|
||||||
|
/* allocate new mutexes */
|
||||||
|
if(sqlcipher_activate_count == 0) {
|
||||||
|
int i;
|
||||||
|
for(i = 0; i < SQLCIPHER_MUTEX_COUNT; i++) {
|
||||||
|
sqlcipher_static_mutex[i] = tdsqlite3_mutex_alloc(SQLITE_MUTEX_FAST);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/* check to see if there is a provider registered at this point
|
||||||
|
if there no provider registered at this point, register the
|
||||||
|
default provider */
|
||||||
|
if(sqlcipher_get_provider() == NULL) {
|
||||||
|
sqlcipher_provider *p = sqlcipher_malloc(sizeof(sqlcipher_provider));
|
||||||
|
sqlcipher_openssl_setup(p);
|
||||||
|
CODEC_TRACE("sqlcipher_activate: calling sqlcipher_register_provider(%p)\n", p);
|
||||||
|
#ifdef SQLCIPHER_EXT
|
||||||
|
sqlcipher_ext_provider_setup(p);
|
||||||
#endif
|
#endif
|
||||||
|
sqlcipher_register_provider(p);
|
||||||
|
CODEC_TRACE("sqlcipher_activate: called sqlcipher_register_provider(%p)\n",p);
|
||||||
|
}
|
||||||
|
|
||||||
|
sqlcipher_activate_count++; /* increment activation count */
|
||||||
|
|
||||||
|
CODEC_TRACE_MUTEX("sqlcipher_activate: leaving static master mutex\n");
|
||||||
|
tdsqlite3_mutex_leave(tdsqlite3_mutex_alloc(SQLITE_MUTEX_STATIC_MASTER));
|
||||||
|
CODEC_TRACE_MUTEX("sqlcipher_activate: left static master mutex\n");
|
||||||
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
/* END SQLCIPHER */
|
/* END SQLCIPHER */
|
||||||
|
|
||||||
/************** End of crypto_openssl.c **************************************/
|
/************** End of crypto_openssl.c **************************************/
|
||||||
/************** Begin file crypto_cc.c ***************************************/
|
|
||||||
/*
|
|
||||||
** SQLCipher
|
|
||||||
** http://sqlcipher.net
|
|
||||||
**
|
|
||||||
** Copyright (c) 2008 - 2013, ZETETIC LLC
|
|
||||||
** All rights reserved.
|
|
||||||
**
|
|
||||||
** Redistribution and use in source and binary forms, with or without
|
|
||||||
** modification, are permitted provided that the following conditions are met:
|
|
||||||
** * Redistributions of source code must retain the above copyright
|
|
||||||
** notice, this list of conditions and the following disclaimer.
|
|
||||||
** * Redistributions in binary form must reproduce the above copyright
|
|
||||||
** notice, this list of conditions and the following disclaimer in the
|
|
||||||
** documentation and/or other materials provided with the distribution.
|
|
||||||
** * Neither the name of the ZETETIC LLC nor the
|
|
||||||
** names of its contributors may be used to endorse or promote products
|
|
||||||
** derived from this software without specific prior written permission.
|
|
||||||
**
|
|
||||||
** THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
|
|
||||||
** EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
||||||
** WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
||||||
** DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
|
|
||||||
** DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
||||||
** (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
||||||
** LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
||||||
** ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
** (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
||||||
** SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
**
|
|
||||||
*/
|
|
||||||
/* BEGIN SQLCIPHER */
|
|
||||||
#ifdef SQLITE_HAS_CODEC
|
|
||||||
#ifdef SQLCIPHER_CRYPTO_CC
|
|
||||||
/* #include "crypto.h" */
|
|
||||||
/* #include "sqlcipher.h" */
|
|
||||||
#include <CommonCrypto/CommonCrypto.h>
|
|
||||||
#include <Security/SecRandom.h>
|
|
||||||
#include <CoreFoundation/CoreFoundation.h>
|
|
||||||
|
|
||||||
int sqlcipher_cc_setup(sqlcipher_provider *p);
|
|
||||||
|
|
||||||
static int sqlcipher_cc_add_random(void *ctx, void *buffer, int length) {
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* generate a defined number of random bytes */
|
|
||||||
static int sqlcipher_cc_random (void *ctx, void *buffer, int length) {
|
|
||||||
return (SecRandomCopyBytes(kSecRandomDefault, length, (uint8_t *)buffer) == kCCSuccess) ? SQLITE_OK : SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_cc_get_provider_name(void *ctx) {
|
|
||||||
return "commoncrypto";
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_cc_get_provider_version(void *ctx) {
|
|
||||||
#if TARGET_OS_MAC
|
|
||||||
CFTypeRef version;
|
|
||||||
CFBundleRef bundle = CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security"));
|
|
||||||
if(bundle == NULL) {
|
|
||||||
return "unknown";
|
|
||||||
}
|
|
||||||
version = CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("CFBundleShortVersionString"));
|
|
||||||
return CFStringGetCStringPtr(version, kCFStringEncodingUTF8);
|
|
||||||
#else
|
|
||||||
return "unknown";
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
|
|
||||||
CCHmacContext hmac_context;
|
|
||||||
if(in == NULL) return SQLITE_ERROR;
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
CCHmacInit(&hmac_context, kCCHmacAlgSHA1, hmac_key, key_sz);
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
CCHmacInit(&hmac_context, kCCHmacAlgSHA256, hmac_key, key_sz);
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
CCHmacInit(&hmac_context, kCCHmacAlgSHA512, hmac_key, key_sz);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
CCHmacUpdate(&hmac_context, in, in_sz);
|
|
||||||
if(in2 != NULL) CCHmacUpdate(&hmac_context, in2, in2_sz);
|
|
||||||
CCHmacFinal(&hmac_context, out);
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA1, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA256, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
if(CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA512, workfactor, key, key_sz) != kCCSuccess) return SQLITE_ERROR;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return SQLITE_ERROR;
|
|
||||||
}
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
|
|
||||||
CCCryptorRef cryptor;
|
|
||||||
size_t tmp_csz, csz;
|
|
||||||
CCOperation op = mode == CIPHER_ENCRYPT ? kCCEncrypt : kCCDecrypt;
|
|
||||||
|
|
||||||
if(CCCryptorCreate(op, kCCAlgorithmAES128, 0, key, kCCKeySizeAES256, iv, &cryptor) != kCCSuccess) return SQLITE_ERROR;
|
|
||||||
if(CCCryptorUpdate(cryptor, in, in_sz, out, in_sz, &tmp_csz) != kCCSuccess) return SQLITE_ERROR;
|
|
||||||
csz = tmp_csz;
|
|
||||||
out += tmp_csz;
|
|
||||||
if(CCCryptorFinal(cryptor, out, in_sz - csz, &tmp_csz) != kCCSuccess) return SQLITE_ERROR;
|
|
||||||
csz += tmp_csz;
|
|
||||||
if(CCCryptorRelease(cryptor) != kCCSuccess) return SQLITE_ERROR;
|
|
||||||
assert(in_sz == csz);
|
|
||||||
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static const char* sqlcipher_cc_get_cipher(void *ctx) {
|
|
||||||
return "aes-256-cbc";
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_get_key_sz(void *ctx) {
|
|
||||||
return kCCKeySizeAES256;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_get_iv_sz(void *ctx) {
|
|
||||||
return kCCBlockSizeAES128;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_get_block_sz(void *ctx) {
|
|
||||||
return kCCBlockSizeAES128;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_get_hmac_sz(void *ctx, int algorithm) {
|
|
||||||
switch(algorithm) {
|
|
||||||
case SQLCIPHER_HMAC_SHA1:
|
|
||||||
return CC_SHA1_DIGEST_LENGTH;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA256:
|
|
||||||
return CC_SHA256_DIGEST_LENGTH;
|
|
||||||
break;
|
|
||||||
case SQLCIPHER_HMAC_SHA512:
|
|
||||||
return CC_SHA512_DIGEST_LENGTH;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_ctx_init(void **ctx) {
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_ctx_free(void **ctx) {
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int sqlcipher_cc_fips_status(void *ctx) {
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int sqlcipher_cc_setup(sqlcipher_provider *p) {
|
|
||||||
p->random = sqlcipher_cc_random;
|
|
||||||
p->get_provider_name = sqlcipher_cc_get_provider_name;
|
|
||||||
p->hmac = sqlcipher_cc_hmac;
|
|
||||||
p->kdf = sqlcipher_cc_kdf;
|
|
||||||
p->cipher = sqlcipher_cc_cipher;
|
|
||||||
p->get_cipher = sqlcipher_cc_get_cipher;
|
|
||||||
p->get_key_sz = sqlcipher_cc_get_key_sz;
|
|
||||||
p->get_iv_sz = sqlcipher_cc_get_iv_sz;
|
|
||||||
p->get_block_sz = sqlcipher_cc_get_block_sz;
|
|
||||||
p->get_hmac_sz = sqlcipher_cc_get_hmac_sz;
|
|
||||||
p->ctx_init = sqlcipher_cc_ctx_init;
|
|
||||||
p->ctx_free = sqlcipher_cc_ctx_free;
|
|
||||||
p->add_random = sqlcipher_cc_add_random;
|
|
||||||
p->fips_status = sqlcipher_cc_fips_status;
|
|
||||||
p->get_provider_version = sqlcipher_cc_get_provider_version;
|
|
||||||
return SQLITE_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
/* END SQLCIPHER */
|
|
||||||
|
|
||||||
/************** End of crypto_cc.c *******************************************/
|
|
||||||
/************** Begin file global.c ******************************************/
|
/************** Begin file global.c ******************************************/
|
||||||
/*
|
/*
|
||||||
** 2008 June 13
|
** 2008 June 13
|
||||||
@ -32418,7 +31594,6 @@ SQLITE_PRIVATE int tdsqlite3MallocInit(void){
|
|||||||
that will wipe all memory allocated by SQLite
|
that will wipe all memory allocated by SQLite
|
||||||
when freed */
|
when freed */
|
||||||
if( rc==SQLITE_OK ) {
|
if( rc==SQLITE_OK ) {
|
||||||
extern void sqlcipher_init_memmethods(void);
|
|
||||||
sqlcipher_init_memmethods();
|
sqlcipher_init_memmethods();
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -79198,8 +78373,6 @@ SQLITE_API tdsqlite3_backup *tdsqlite3_backup_init(
|
|||||||
/* BEGIN SQLCIPHER */
|
/* BEGIN SQLCIPHER */
|
||||||
#ifdef SQLITE_HAS_CODEC
|
#ifdef SQLITE_HAS_CODEC
|
||||||
{
|
{
|
||||||
extern int sqlcipher_find_db_index(tdsqlite3*, const char*);
|
|
||||||
extern void tdsqlite3CodecGetKey(tdsqlite3*, int, void**, int*);
|
|
||||||
int srcNKey, destNKey;
|
int srcNKey, destNKey;
|
||||||
void *zKey;
|
void *zKey;
|
||||||
|
|
||||||
@ -121902,7 +121075,6 @@ SQLITE_PRIVATE void tdsqlite3RegisterPerConnectionBuiltinFunctions(tdsqlite3 *db
|
|||||||
#ifdef SQLITE_HAS_CODEC
|
#ifdef SQLITE_HAS_CODEC
|
||||||
#ifndef OMIT_EXPORT
|
#ifndef OMIT_EXPORT
|
||||||
{
|
{
|
||||||
extern void sqlcipher_exportFunc(tdsqlite3_context *, int, tdsqlite3_value **);
|
|
||||||
tdsqlite3CreateFunc(db, "sqlcipher_export", -1, SQLITE_TEXT, 0, sqlcipher_exportFunc, 0, 0, 0, 0, 0);
|
tdsqlite3CreateFunc(db, "sqlcipher_export", -1, SQLITE_TEXT, 0, sqlcipher_exportFunc, 0, 0, 0, 0, 0);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
@ -129173,11 +128345,6 @@ SQLITE_PRIVATE void tdsqlite3Pragma(
|
|||||||
Db *pDb; /* The specific database being pragmaed */
|
Db *pDb; /* The specific database being pragmaed */
|
||||||
Vdbe *v = tdsqlite3GetVdbe(pParse); /* Prepared statement */
|
Vdbe *v = tdsqlite3GetVdbe(pParse); /* Prepared statement */
|
||||||
const PragmaName *pPragma; /* The pragma */
|
const PragmaName *pPragma; /* The pragma */
|
||||||
/* BEGIN SQLCIPHER */
|
|
||||||
#ifdef SQLITE_HAS_CODEC
|
|
||||||
extern int sqlcipher_codec_pragma(tdsqlite3*, int, Parse *, const char *, const char *);
|
|
||||||
#endif
|
|
||||||
/* END SQLCIPHER */
|
|
||||||
|
|
||||||
if( v==0 ) return;
|
if( v==0 ) return;
|
||||||
tdsqlite3VdbeRunOnlyOnce(v);
|
tdsqlite3VdbeRunOnlyOnce(v);
|
||||||
|
Loading…
Reference in New Issue
Block a user