From 35b4d9a4257a717e322d5f044abeef77d23f98fa Mon Sep 17 00:00:00 2001
From: Stephen Lombardo <sjlombardo@zetetic.net>
Date: Wed, 5 Jun 2013 13:43:08 -0400
Subject: [PATCH] initial implementation of CommonCrypto provider

---
 Makefile.in         |   8 +++-
 src/crypto_cc.c     | 102 ++++++++++++++++++++++++++++++++++++++++++++
 src/crypto_impl.c   |   3 ++
 tool/mksqlite3c.tcl |   1 +
 4 files changed, 112 insertions(+), 2 deletions(-)
 create mode 100644 src/crypto_cc.c

diff --git a/Makefile.in b/Makefile.in
index 588a6ad..76fb83e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -137,7 +137,8 @@ CRYPTOLIBOBJ = \
   crypto.lo \
   crypto_impl.lo \
   crypto_openssl.lo \
-  crypto_libtomcrypt.lo
+  crypto_libtomcrypt.lo \
+  crypto_cc.lo
   
 CRYPTOSRC = \
   $(TOP)/src/crypto.h \
@@ -145,7 +146,8 @@ CRYPTOSRC = \
   $(TOP)/src/crypto.c \
   $(TOP)/src/crypto_impl.c \
 	$(TOP)/src/crypto_libtomcrypt.c \
-	$(TOP)/src/crypto_openssl.c
+	$(TOP)/src/crypto_openssl.c \
+	$(TOP)/src/crypto_cc.c
 
 # END CRYPTO
 
@@ -597,6 +599,8 @@ crypto_openssl.lo:	$(TOP)/src/crypto_openssl.c $(HDR)
 	$(LTCOMPILE) -c $(TOP)/src/crypto_openssl.c
 crypto_libtomcrypt.lo:	$(TOP)/src/crypto_libtomcrypt.c $(HDR)
 	$(LTCOMPILE) -c $(TOP)/src/crypto_libtomcrypt.c
+crypto_cc.lo:	$(TOP)/src/crypto_cc.c $(HDR)
+	$(LTCOMPILE) -c $(TOP)/src/crypto_cc.c
 # END CRYPTO
 
 # Rules to build individual *.o files from files in the src directory.
diff --git a/src/crypto_cc.c b/src/crypto_cc.c
new file mode 100644
index 0000000..3edd1aa
--- /dev/null
+++ b/src/crypto_cc.c
@@ -0,0 +1,102 @@
+#ifdef SQLCIPHER_CRYPTO_CC
+#include "crypto.h"
+#include "sqlcipher.h"
+#include <CommonCrypto/CommonCrypto.h>
+#include <Security/SecRandom.h>
+
+/* generate a defined number of random bytes */
+static int sqlcipher_cc_random (void *ctx, void *buffer, int length) {
+  return (SecRandomCopyBytes(kSecRandomDefault, length, (uint8_t *)buffer) == 0);
+  return RAND_bytes((unsigned char *)buffer, length);
+}
+
+static int sqlcipher_cc_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) {
+  CCHmacContext hmac_context;
+  CCHmacInit(&hmac_context, kCCHmacAlgSHA1, hmac_key, key_sz);
+  CCHmacUpdate(&hmac_context, in, in_sz);
+  CCHmacUpdate(&hmac_context, in2, in2_sz);
+  CCHmacFinal(&hmac_context, out);
+  return SQLITE_OK; 
+}
+
+static int sqlcipher_cc_kdf(void *ctx, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) {
+  CCKeyDerivationPBKDF(kCCPBKDF2, pass, pass_sz, salt, salt_sz, kCCPRFHmacAlgSHA1, workfactor, key, key_sz);
+  return SQLITE_OK; 
+}
+
+static int sqlcipher_cc_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out) {
+  CCCryptorRef cryptor;
+  CCOptions cryptor_options;
+  size_t tmp_csz, csz;
+  CCOperation op = mode == CIPHER_ENCRYPT ? kCCEncrypt : kCCDecrypt;
+
+  CCCryptorCreate(op, kCCAlgorithmAES128, 0, key, kCCKeySizeAES256, iv, &cryptor);
+  CCCryptorUpdate(cryptor, in, in_sz, out, in_sz, &tmp_csz);
+  csz = tmp_csz;
+  out += tmp_csz;
+  CCCryptorFinal(cryptor, out, in_sz - csz, &tmp_csz);
+  csz += tmp_csz;
+  CCCryptorRelease(cryptor);
+  assert(size == csz);
+
+  return SQLITE_OK; 
+}
+
+static int sqlcipher_cc_set_cipher(void *ctx, const char *cipher_name) {
+  return SQLITE_OK;
+}
+
+static const char* sqlcipher_cc_get_cipher(void *ctx) {
+  return "aes-256-cbc";
+}
+
+static int sqlcipher_cc_get_key_sz(void *ctx) {
+  return kCCKeySizeAES256;
+}
+
+static int sqlcipher_cc_get_iv_sz(void *ctx) {
+  return kCCBlockSizeAES128;
+}
+
+static int sqlcipher_cc_get_block_sz(void *ctx) {
+  return kCCBlockSizeAES128;
+}
+
+static int sqlcipher_cc_get_hmac_sz(void *ctx) {
+  return CC_SHA1_DIGEST_LENGTH;
+}
+
+static int sqlcipher_cc_ctx_copy(void *target_ctx, void *source_ctx) {
+  return SQLITE_OK;
+}
+
+static int sqlcipher_cc_ctx_cmp(void *c1, void *c2) {
+  return SQLITE_OK;
+}
+
+static int sqlcipher_cc_ctx_init(void **ctx) {
+  return SQLITE_OK;
+}
+
+static int sqlcipher_cc_ctx_free(void **ctx) {
+  return SQLITE_OK;
+}
+
+int sqlcipher_cc_setup(sqlcipher_provider *p) {
+  p->random = sqlcipher_cc_random;
+  p->hmac = sqlcipher_cc_hmac;
+  p->kdf = sqlcipher_cc_kdf;
+  p->cipher = sqlcipher_cc_cipher;
+  p->set_cipher = sqlcipher_cc_set_cipher;
+  p->get_cipher = sqlcipher_cc_get_cipher;
+  p->get_key_sz = sqlcipher_cc_get_key_sz;
+  p->get_iv_sz = sqlcipher_cc_get_iv_sz;
+  p->get_block_sz = sqlcipher_cc_get_block_sz;
+  p->get_hmac_sz = sqlcipher_cc_get_hmac_sz;
+  p->ctx_copy = sqlcipher_cc_ctx_copy;
+  p->ctx_cmp = sqlcipher_cc_ctx_cmp;
+  p->ctx_init = sqlcipher_cc_ctx_init;
+  p->ctx_free = sqlcipher_cc_ctx_free;
+}
+
+#endif
diff --git a/src/crypto_impl.c b/src/crypto_impl.c
index 1816bb5..bf5ba55 100644
--- a/src/crypto_impl.c
+++ b/src/crypto_impl.c
@@ -100,6 +100,9 @@ void sqlcipher_activate() {
 #elif SQLCIPHER_CRYPTO_LIBTOMCRYPT
   extern int sqlcipher_ltc_setup(sqlcipher_provider *p);
   sqlcipher_ltc_setup(p);
+#elif SQLCIPHER_CRYPTO_CC
+  extern int sqlcipher_cc_setup(sqlcipher_provider *p);
+  sqlcipher_cc_setup(p);
 #endif
   }
   sqlcipher_register_provider(p);
diff --git a/tool/mksqlite3c.tcl b/tool/mksqlite3c.tcl
index fa85834..07c01ef 100644
--- a/tool/mksqlite3c.tcl
+++ b/tool/mksqlite3c.tcl
@@ -230,6 +230,7 @@ foreach file {
    crypto_impl.c
    crypto_libtomcrypt.c
    crypto_openssl.c
+   crypto_cc.c
 
    global.c
    ctime.c