Skip to content

Commit c7f1d14

Browse files
sjlombardosjlombardo
committed
providers accessed via function pointers
1 parent 50843f0 commit c7f1d14

File tree

7 files changed

+181
-124
lines changed

7 files changed

+181
-124
lines changed

Makefile.in

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -140,7 +140,6 @@ CRYPTOLIBOBJ = \
140140
CRYPTOSRC = \
141141
$(TOP)/src/crypto.h \
142142
$(TOP)/src/crypto.c \
143-
$(TOP)/src/crypto_impl.h \
144143
$(TOP)/src/crypto_impl.c \
145144
$(TOP)/src/crypto_libtomcrypt.c \
146145
$(TOP)/src/crypto_openssl.c

src/crypto.h

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,25 @@ int sqlcipher_codec_ctx_get_flag(codec_ctx *ctx, unsigned int flag, int for_ctx)
208208

209209
/* end extensions defined in crypto_impl.c */
210210

211+
typedef struct {
212+
int (*activate)(void *ctx);
213+
int (*deactivate)(void *ctx);
214+
int (*random)(void *ctx, void *buffer, int length);
215+
int (*hmac)(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out);
216+
int (*kdf)(void *ctx, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key);
217+
int (*cipher)(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out);
218+
int (*set_cipher)(void *ctx, const char *cipher_name);
219+
const char* (*get_cipher)(void *ctx);
220+
int (*get_key_sz)(void *ctx);
221+
int (*get_iv_sz)(void *ctx);
222+
int (*get_block_sz)(void *ctx);
223+
int (*get_hmac_sz)(void *ctx);
224+
int (*ctx_copy)(void *target_ctx, void *source_ctx);
225+
int (*ctx_cmp)(void *c1, void *c2);
226+
int (*ctx_init)(void **ctx);
227+
int (*ctx_free)(void **ctx);
228+
} sqlcipher_provider;
229+
211230
#endif
212231
#endif
213232
/* END CRYPTO */

src/crypto_impl.c

Lines changed: 65 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,6 @@
3636
#include "sqliteInt.h"
3737
#include "btreeInt.h"
3838
#include "crypto.h"
39-
#include "crypto_impl.h"
4039
#ifndef OMIT_MEMLOCK
4140
#if defined(__unix__) || defined(__APPLE__)
4241
#include <sys/mman.h>
@@ -62,7 +61,8 @@ typedef struct {
6261
unsigned char *key;
6362
unsigned char *hmac_key;
6463
char *pass;
65-
void *lib_ctx;
64+
sqlcipher_provider *provider;
65+
void *provider_ctx;
6666
} cipher_ctx;
6767

6868
void sqlcipher_cipher_ctx_free(cipher_ctx **);
@@ -78,6 +78,8 @@ int sqlcipher_page_hmac(cipher_ctx *, Pgno, unsigned char *, int, unsigned char
7878
static unsigned int default_flags = DEFAULT_CIPHER_FLAGS;
7979
static unsigned char hmac_salt_mask = HMAC_SALT_MASK;
8080

81+
static sqlcipher_provider *default_provider = NULL;
82+
8183
struct codec_ctx {
8284
int kdf_salt_sz;
8385
int page_sz;
@@ -89,6 +91,39 @@ struct codec_ctx {
8991
cipher_ctx *write_ctx;
9092
};
9193

94+
static int sqlcipher_register_provider(sqlcipher_provider *p) {
95+
if(default_provider != NULL) {
96+
sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
97+
}
98+
default_provider = p;
99+
}
100+
101+
void sqlcipher_activate() {
102+
sqlcipher_provider *p;
103+
sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
104+
p = sqlcipher_malloc(sizeof(sqlcipher_provider));
105+
{
106+
#ifdef SQLCIPHER_CRYPTO_OPENSSL
107+
extern int sqlcipher_openssl_setup(sqlcipher_provider *p);
108+
sqlcipher_openssl_setup(p);
109+
#elif SQLCIPHER_CRYPTO_LIBTOMCRYPT
110+
extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
111+
sqlcipher_ltc_setup(p);
112+
#endif
113+
}
114+
sqlcipher_register_provider(p);
115+
116+
sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
117+
}
118+
119+
void sqlcipher_deactivate() {
120+
sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
121+
if(default_provider != NULL) {
122+
sqlcipher_free(default_provider, sizeof(sqlcipher_provider));
123+
default_provider = NULL;
124+
}
125+
sqlite3_mutex_leave(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER));
126+
}
92127

93128
/* constant time memset using volitile to avoid having the memset
94129
optimized out by the compiler.
@@ -193,7 +228,11 @@ int sqlcipher_cipher_ctx_init(cipher_ctx **iCtx) {
193228
ctx = *iCtx;
194229
if(ctx == NULL) return SQLITE_NOMEM;
195230

196-
if((rc = sqlcipher_ctx_init(&ctx->lib_ctx)) != SQLITE_OK) return rc;
231+
ctx->provider = (sqlcipher_provider *) sqlcipher_malloc(sizeof(sqlcipher_provider));
232+
if(ctx->provider == NULL) return SQLITE_NOMEM;
233+
memcpy(ctx->provider, default_provider, sizeof(sqlcipher_provider));
234+
235+
if((rc = ctx->provider->ctx_init(&ctx->provider_ctx)) != SQLITE_OK) return rc;
197236
ctx->key = (unsigned char *) sqlcipher_malloc(CIPHER_MAX_KEY_SZ);
198237
ctx->hmac_key = (unsigned char *) sqlcipher_malloc(CIPHER_MAX_KEY_SZ);
199238
if(ctx->key == NULL) return SQLITE_NOMEM;
@@ -211,7 +250,8 @@ int sqlcipher_cipher_ctx_init(cipher_ctx **iCtx) {
211250
void sqlcipher_cipher_ctx_free(cipher_ctx **iCtx) {
212251
cipher_ctx *ctx = *iCtx;
213252
CODEC_TRACE(("cipher_ctx_free: entered iCtx=%p\n", iCtx));
214-
sqlcipher_ctx_free(&ctx->lib_ctx);
253+
ctx->provider->ctx_free(&ctx->provider_ctx);
254+
sqlcipher_free(ctx->provider, sizeof(sqlcipher_provider));
215255
sqlcipher_free(ctx->key, ctx->key_sz);
216256
sqlcipher_free(ctx->hmac_key, ctx->key_sz);
217257
sqlcipher_free(ctx->pass, ctx->pass_sz);
@@ -235,7 +275,7 @@ int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
235275
&& c1->pass_sz == c2->pass_sz
236276
&& c1->flags == c2->flags
237277
&& c1->hmac_sz == c2->hmac_sz
238-
&& sqlcipher_ctx_cmp(c1->lib_ctx, c2->lib_ctx)
278+
&& c1->provider->ctx_cmp(c1->provider_ctx, c2->provider_ctx)
239279
&& (
240280
c1->pass == c2->pass
241281
|| !sqlcipher_memcmp((const unsigned char*)c1->pass,
@@ -257,7 +297,8 @@ int sqlcipher_cipher_ctx_cmp(cipher_ctx *c1, cipher_ctx *c2) {
257297
int sqlcipher_cipher_ctx_copy(cipher_ctx *target, cipher_ctx *source) {
258298
void *key = target->key;
259299
void *hmac_key = target->hmac_key;
260-
void *lib_ctx = target->lib_ctx;
300+
void *provider = target->provider;
301+
void *provider_ctx = target->provider_ctx;
261302

262303
CODEC_TRACE(("sqlcipher_cipher_ctx_copy: entered target=%p, source=%p\n", target, source));
263304
sqlcipher_free(target->pass, target->pass_sz);
@@ -269,8 +310,11 @@ int sqlcipher_cipher_ctx_copy(cipher_ctx *target, cipher_ctx *source) {
269310
target->hmac_key = hmac_key; //restore pointer to previously allocated hmac key data
270311
memcpy(target->hmac_key, source->hmac_key, CIPHER_MAX_KEY_SZ);
271312

272-
target->lib_ctx = lib_ctx; // restore pointer to previouly allocated evp;
273-
sqlcipher_ctx_copy(target->lib_ctx, source->lib_ctx);
313+
target->provider = provider; // restore pointer to previouly allocated provider;
314+
memcpy(target->provider, source->provider, sizeof(sqlcipher_provider));
315+
316+
target->provider_ctx = provider_ctx; // restore pointer to previouly allocated provider context;
317+
target->provider->ctx_copy(target->provider_ctx, source->provider_ctx);
274318

275319
target->pass = sqlcipher_malloc(source->pass_sz);
276320
if(target->pass == NULL) return SQLITE_NOMEM;
@@ -317,12 +361,12 @@ int sqlcipher_codec_ctx_set_cipher(codec_ctx *ctx, const char *cipher_name, int
317361
cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
318362
int rc;
319363

320-
sqlcipher_set_cipher(c_ctx->lib_ctx, cipher_name);
364+
c_ctx->provider->set_cipher(c_ctx->provider_ctx, cipher_name);
321365

322-
c_ctx->key_sz = sqlcipher_get_key_sz(c_ctx->lib_ctx);
323-
c_ctx->iv_sz = sqlcipher_get_iv_sz(c_ctx->lib_ctx);
324-
c_ctx->block_sz = sqlcipher_get_block_sz(c_ctx->lib_ctx);
325-
c_ctx->hmac_sz = sqlcipher_get_hmac_sz(c_ctx->lib_ctx);
366+
c_ctx->key_sz = c_ctx->provider->get_key_sz(c_ctx->provider_ctx);
367+
c_ctx->iv_sz = c_ctx->provider->get_iv_sz(c_ctx->provider_ctx);
368+
c_ctx->block_sz = c_ctx->provider->get_block_sz(c_ctx->provider_ctx);
369+
c_ctx->hmac_sz = c_ctx->provider->get_hmac_sz(c_ctx->provider_ctx);
326370
c_ctx->derive_key = 1;
327371

328372
if(for_ctx == 2)
@@ -334,7 +378,7 @@ int sqlcipher_codec_ctx_set_cipher(codec_ctx *ctx, const char *cipher_name, int
334378

335379
const char* sqlcipher_codec_ctx_get_cipher(codec_ctx *ctx, int for_ctx) {
336380
cipher_ctx *c_ctx = for_ctx ? ctx->write_ctx : ctx->read_ctx;
337-
return sqlcipher_get_cipher(c_ctx->lib_ctx);
381+
return c_ctx->provider->get_cipher(c_ctx->provider_ctx);
338382
}
339383

340384
int sqlcipher_codec_ctx_set_kdf_iter(codec_ctx *ctx, int kdf_iter, int for_ctx) {
@@ -519,7 +563,7 @@ int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, sqlite3_f
519563

520564
if(fd == NULL || sqlite3OsRead(fd, ctx->kdf_salt, FILE_HEADER_SZ, 0) != SQLITE_OK) {
521565
/* if unable to read the bytes, generate random salt */
522-
if(sqlcipher_random(&ctx->read_ctx->lib_ctx, ctx->kdf_salt, FILE_HEADER_SZ) != 1) return SQLITE_ERROR;
566+
if(ctx->read_ctx->provider->random(&ctx->read_ctx->provider_ctx, ctx->kdf_salt, FILE_HEADER_SZ) != 1) return SQLITE_ERROR;
523567
}
524568

525569
if((rc = sqlcipher_codec_ctx_set_cipher(ctx, CIPHER, 0)) != SQLITE_OK) return rc;
@@ -580,8 +624,8 @@ int sqlcipher_page_hmac(cipher_ctx *ctx, Pgno pgno, unsigned char *in, int in_sz
580624
/* include the encrypted page data, initialization vector, and page number in HMAC. This will
581625
prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise
582626
valid pages out of order in a database */
583-
sqlcipher_hmac(
584-
ctx->lib_ctx, ctx->hmac_key,
627+
ctx->provider->hmac(
628+
ctx->provider_ctx, ctx->hmac_key,
585629
ctx->key_sz, in,
586630
in_sz, (unsigned char*) &pgno_raw,
587631
sizeof(pgno), out);
@@ -624,7 +668,7 @@ int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int
624668

625669
if(mode == CIPHER_ENCRYPT) {
626670
/* start at front of the reserve block, write random data to the end */
627-
if(sqlcipher_random(c_ctx->lib_ctx, iv_out, c_ctx->reserve_sz) != 1) return SQLITE_ERROR;
671+
if(c_ctx->provider->random(c_ctx->provider_ctx, iv_out, c_ctx->reserve_sz) != 1) return SQLITE_ERROR;
628672
} else { /* CIPHER_DECRYPT */
629673
memcpy(iv_out, iv_in, c_ctx->iv_sz); /* copy the iv from the input to output buffer */
630674
}
@@ -657,7 +701,7 @@ int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int
657701
}
658702
}
659703

660-
sqlcipher_cipher(c_ctx->lib_ctx, mode, c_ctx->key, c_ctx->key_sz, iv_out, in, size, out);
704+
c_ctx->provider->cipher(c_ctx->provider_ctx, mode, c_ctx->key, c_ctx->key_sz, iv_out, in, size, out);
661705

662706
if((c_ctx->flags & CIPHER_FLAG_HMAC) && (mode == CIPHER_ENCRYPT)) {
663707
sqlcipher_page_hmac(c_ctx, pgno, out_start, size + c_ctx->iv_sz, hmac_out);
@@ -695,7 +739,7 @@ int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
695739
cipher_hex2bin(z, n, c_ctx->key);
696740
} else {
697741
CODEC_TRACE(("codec_key_derive: deriving key using full PBKDF2 with %d iterations\n", c_ctx->kdf_iter));
698-
sqlcipher_kdf(c_ctx->lib_ctx, c_ctx->pass, c_ctx->pass_sz,
742+
c_ctx->provider->kdf(c_ctx->provider_ctx, c_ctx->pass, c_ctx->pass_sz,
699743
ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->kdf_iter,
700744
c_ctx->key_sz, c_ctx->key);
701745

@@ -721,7 +765,7 @@ int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) {
721765
c_ctx->fast_kdf_iter));
722766

723767

724-
sqlcipher_kdf(c_ctx->lib_ctx, (const char*)c_ctx->key, c_ctx->key_sz,
768+
c_ctx->provider->kdf(c_ctx->provider_ctx, (const char*)c_ctx->key, c_ctx->key_sz,
725769
ctx->hmac_kdf_salt, ctx->kdf_salt_sz, c_ctx->fast_kdf_iter,
726770
c_ctx->key_sz, c_ctx->hmac_key);
727771
}

src/crypto_impl.h

Lines changed: 0 additions & 57 deletions
This file was deleted.

0 commit comments

Comments
 (0)