Skip to content

Commit 02cee4c

Browse files
sjlombardosjlombardo
committed
add support for HMAC-SHA256 and HMAC-SHA512 (default) for HMAC and PBKDF2
1 parent a0320d9 commit 02cee4c

File tree

8 files changed

+448
-56
lines changed

8 files changed

+448
-56
lines changed

src/crypto.c

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@
3535
#include "sqliteInt.h"
3636
#include "btreeInt.h"
3737
#include "crypto.h"
38+
#include "sqlcipher.h"
3839

3940
static const char* codec_get_cipher_version() {
4041
return CIPHER_VERSION;
@@ -328,6 +329,100 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef
328329
sqlite3_free(salt);
329330
}
330331
}
332+
}else
333+
if( sqlite3StrICmp(zLeft,"cipher_hmac_algorithm")==0 ){
334+
if(ctx) {
335+
if(zRight) {
336+
int rc = SQLITE_ERROR;
337+
if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) {
338+
rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA1);
339+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) {
340+
rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA256);
341+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA512_LABEL) == 0) {
342+
rc = sqlcipher_codec_ctx_set_hmac_algorithm(ctx, SQLCIPHER_HMAC_SHA512);
343+
}
344+
if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
345+
rc = codec_set_btree_to_codec_pagesize(db, pDb, ctx);
346+
if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
347+
} else {
348+
int algorithm = sqlcipher_codec_ctx_get_hmac_algorithm(ctx);
349+
if(algorithm == SQLCIPHER_HMAC_SHA1) {
350+
codec_vdbe_return_static_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL);
351+
} else if(algorithm == SQLCIPHER_HMAC_SHA256) {
352+
codec_vdbe_return_static_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL);
353+
} else if(algorithm == SQLCIPHER_HMAC_SHA512) {
354+
codec_vdbe_return_static_string(pParse, "cipher_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL);
355+
}
356+
}
357+
}
358+
}else
359+
if( sqlite3StrICmp(zLeft,"cipher_default_hmac_algorithm")==0 ){
360+
if(zRight) {
361+
int rc = SQLITE_ERROR;
362+
if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA1_LABEL) == 0) {
363+
rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA1);
364+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA256_LABEL) == 0) {
365+
rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA256);
366+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_HMAC_SHA512_LABEL) == 0) {
367+
rc = sqlcipher_set_default_hmac_algorithm(SQLCIPHER_HMAC_SHA512);
368+
}
369+
if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
370+
} else {
371+
int algorithm = sqlcipher_get_default_hmac_algorithm();
372+
if(algorithm == SQLCIPHER_HMAC_SHA1) {
373+
codec_vdbe_return_static_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA1_LABEL);
374+
} else if(algorithm == SQLCIPHER_HMAC_SHA256) {
375+
codec_vdbe_return_static_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA256_LABEL);
376+
} else if(algorithm == SQLCIPHER_HMAC_SHA512) {
377+
codec_vdbe_return_static_string(pParse, "cipher_default_hmac_algorithm", SQLCIPHER_HMAC_SHA512_LABEL);
378+
}
379+
}
380+
}else
381+
if( sqlite3StrICmp(zLeft,"cipher_kdf_algorithm")==0 ){
382+
if(ctx) {
383+
if(zRight) {
384+
int rc = SQLITE_ERROR;
385+
if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) {
386+
rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA1);
387+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) {
388+
rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA256);
389+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL) == 0) {
390+
rc = sqlcipher_codec_ctx_set_kdf_algorithm(ctx, SQLCIPHER_PBKDF2_HMAC_SHA512);
391+
}
392+
if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
393+
} else {
394+
int algorithm = sqlcipher_codec_ctx_get_kdf_algorithm(ctx);
395+
if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
396+
codec_vdbe_return_static_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL);
397+
} else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
398+
codec_vdbe_return_static_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL);
399+
} else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
400+
codec_vdbe_return_static_string(pParse, "cipher_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL);
401+
}
402+
}
403+
}
404+
}else
405+
if( sqlite3StrICmp(zLeft,"cipher_default_kdf_algorithm")==0 ){
406+
if(zRight) {
407+
int rc = SQLITE_ERROR;
408+
if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL) == 0) {
409+
rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA1);
410+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL) == 0) {
411+
rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA256);
412+
} else if(sqlite3StrICmp(zRight, SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL) == 0) {
413+
rc = sqlcipher_set_default_kdf_algorithm(SQLCIPHER_PBKDF2_HMAC_SHA512);
414+
}
415+
if (rc != SQLITE_OK) sqlcipher_codec_ctx_set_error(ctx, SQLITE_ERROR);
416+
} else {
417+
int algorithm = sqlcipher_get_default_kdf_algorithm();
418+
if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA1) {
419+
codec_vdbe_return_static_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA1_LABEL);
420+
} else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA256) {
421+
codec_vdbe_return_static_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA256_LABEL);
422+
} else if(algorithm == SQLCIPHER_PBKDF2_HMAC_SHA512) {
423+
codec_vdbe_return_static_string(pParse, "cipher_default_kdf_algorithm", SQLCIPHER_PBKDF2_HMAC_SHA512_LABEL);
424+
}
425+
}
331426
}else {
332427
return 0;
333428
}

src/crypto.h

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -267,6 +267,17 @@ int sqlcipher_get_default_plaintext_header_size();
267267
int sqlcipher_codec_ctx_set_plaintext_header_size(codec_ctx *ctx, int size);
268268
int sqlcipher_codec_ctx_get_plaintext_header_size(codec_ctx *ctx);
269269

270+
int sqlcipher_set_default_hmac_algorithm(int algorithm);
271+
int sqlcipher_get_default_hmac_algorithm();
272+
int sqlcipher_codec_ctx_set_hmac_algorithm(codec_ctx *ctx, int algorithm);
273+
int sqlcipher_codec_ctx_get_hmac_algorithm(codec_ctx *ctx);
274+
275+
int sqlcipher_set_default_kdf_algorithm(int algorithm);
276+
int sqlcipher_get_default_kdf_algorithm();
277+
int sqlcipher_codec_ctx_set_kdf_algorithm(codec_ctx *ctx, int algorithm);
278+
int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx);
279+
280+
270281
#endif
271282
#endif
272283
/* END SQLCIPHER */

src/crypto_cc.c

Lines changed: 42 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -64,18 +64,42 @@ static const char* sqlcipher_cc_get_provider_version(void *ctx) {
6464
#endif
6565
}
6666

67-
static int sqlcipher_cc_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
67+
static int sqlcipher_cc_hmac(void *ctx, int algorithm, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
6868
CCHmacContext hmac_context;
6969
if(in == NULL) return SQLITE_ERROR;
70-
CCHmacInit(&hmac_context, kCCHmacAlgSHA1, hmac_key, key_sz);
70+
switch(algorithm) {
71+
case SQLCIPHER_HMAC_SHA1:
72+
CCHmacInit(&hmac_context, kCCHmacAlgSHA1, hmac_key, key_sz);
73+
break;
74+
case SQLCIPHER_HMAC_SHA256:
75+
CCHmacInit(&hmac_context, kCCHmacAlgSHA256, hmac_key, key_sz);
76+
break;
77+
case SQLCIPHER_HMAC_SHA512:
78+
CCHmacInit(&hmac_context, kCCHmacAlgSHA512, hmac_key, key_sz);
79+
break;
80+
default:
81+
return SQLITE_ERROR;
82+
}
7183
CCHmacUpdate(&hmac_context, in, in_sz);
7284
if(in2 != NULL) CCHmacUpdate(&hmac_context, in2, in2_sz);
7385
CCHmacFinal(&hmac_context, out);
7486
return SQLITE_OK;
7587
}
7688

77-
static int sqlcipher_cc_kdf(void *ctx, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
78-
CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA1, workfactor, key, key_sz);
89+
static int sqlcipher_cc_kdf(void *ctx, int algorithm, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
90+
switch(algorithm) {
91+
case SQLCIPHER_HMAC_SHA1:
92+
CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA1, workfactor, key, key_sz);
93+
break;
94+
case SQLCIPHER_HMAC_SHA256:
95+
CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA256, workfactor, key, key_sz);
96+
break;
97+
case SQLCIPHER_HMAC_SHA512:
98+
CCKeyDerivationPBKDF(kCCPBKDF2, (const char *)pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA512, workfactor, key, key_sz);
99+
break;
100+
default:
101+
return SQLITE_ERROR;
102+
}
79103
return SQLITE_OK;
80104
}
81105

@@ -116,8 +140,20 @@ static int sqlcipher_cc_get_block_sz(void *ctx) {
116140
return kCCBlockSizeAES128;
117141
}
118142

119-
static int sqlcipher_cc_get_hmac_sz(void *ctx) {
120-
return CC_SHA1_DIGEST_LENGTH;
143+
static int sqlcipher_cc_get_hmac_sz(void *ctx, int algorithm) {
144+
switch(algorithm) {
145+
case SQLCIPHER_HMAC_SHA1:
146+
return CC_SHA1_DIGEST_LENGTH;
147+
break;
148+
case SQLCIPHER_HMAC_SHA256:
149+
return CC_SHA256_DIGEST_LENGTH;
150+
break;
151+
case SQLCIPHER_HMAC_SHA512:
152+
return CC_SHA512_DIGEST_LENGTH;
153+
break;
154+
default:
155+
return 0;
156+
}
121157
}
122158

123159
static int sqlcipher_cc_ctx_copy(void *target_ctx, void *source_ctx) {

0 commit comments

Comments
 (0)