From f615ede67955c18d5f4f0dd2c0e8b22f88b55995 Mon Sep 17 00:00:00 2001 From: Stephen Lombardo Date: Tue, 2 Oct 2018 16:56:49 -0400 Subject: [PATCH] enable optional license support hooks --- src/crypto.c | 45 +++++++++++++++++++++++++++++++-------------- src/crypto.h | 14 ++++++++++++++ test/crypto.test | 5 ++++- 3 files changed, 49 insertions(+), 15 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 92977e6..ebdbe19 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -35,6 +35,10 @@ #include "sqlcipher.h" #include "crypto.h" +#ifdef SQLCIPHER_LICENSE +#include "sqlcipher-license.h" +#endif + static const char* codec_get_cipher_version() { return CIPHER_VERSION; } @@ -97,6 +101,22 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef CODEC_TRACE("sqlcipher_codec_pragma: entered db=%p iDb=%d pParse=%p zLeft=%s zRight=%s ctx=%p\n", db, iDb, pParse, zLeft, zRight, ctx); +#ifdef SQLCIPHER_LICENSE + if( sqlite3StrICmp(zLeft, "cipher_license")==0 && zRight ){ + char *license_result = sqlite3_mprintf("%d", sqlcipher_license_key(zRight)); + codec_vdbe_return_static_string(pParse, "cipher_license", license_result); + sqlite3_free(license_result); + } else + if( sqlite3StrICmp(zLeft, "cipher_license")==0 && !zRight ){ + if(ctx) { + char *license_result = sqlite3_mprintf("%d", ctx + ? sqlcipher_license_key_status(ctx) + : SQLITE_ERROR); + codec_vdbe_return_static_string(pParse, "cipher_license", license_result); + sqlite3_free(license_result); + } + } else +#endif if( sqlite3StrICmp(zLeft, "cipher_fips_status")== 0 && !zRight ){ if(ctx) { char *fips_mode_status = sqlite3_mprintf("%d", sqlcipher_codec_fips_status(ctx)); @@ -466,6 +486,10 @@ static void* sqlite3Codec(void *iCtx, void *data, Pgno pgno, int mode) { CODEC_TRACE("sqlite3Codec: entered pgno=%d, mode=%d, page_sz=%d\n", pgno, mode, page_sz); +#ifdef SQLCIPHER_LICENSE + if(sqlcipher_license_check(ctx) != SQLITE_OK) return NULL; +#endif + /* call to derive keys if not present yet */ if((rc = sqlcipher_codec_key_derive(ctx)) != SQLITE_OK) { sqlcipher_codec_ctx_set_error(ctx, rc); @@ -536,6 +560,13 @@ int sqlite3CodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) { sqlite3_mutex_enter(db->mutex); CODEC_TRACE_MUTEX("sqlite3CodecAttach: entered database mutex %p\n", db->mutex); +#ifdef SQLCIPHER_LICENSE + if((rc = sqlite3_set_authorizer(db, sqlcipher_license_authorizer, db)) != SQLITE_OK) { + sqlite3_mutex_leave(db->mutex); + return rc; + } +#endif + /* point the internal codec argument against the contet to be prepared */ CODEC_TRACE("sqlite3CodecAttach: calling sqlcipher_codec_ctx_init()\n"); rc = sqlcipher_codec_ctx_init(&ctx, pDb, pDb->pBt->pBt->pPager, fd, zKey, nKey); @@ -579,20 +610,6 @@ void sqlite3_activate_see(const char* in) { /* do nothing, security enhancements are always active */ } -static int sqlcipher_find_db_index(sqlite3 *db, const char *zDb) { - int db_index; - if(zDb == NULL){ - return 0; - } - for(db_index = 0; db_index < db->nDb; db_index++) { - struct Db *pDb = &db->aDb[db_index]; - if(strcmp(pDb->zDbSName, zDb) == 0) { - return db_index; - } - } - return 0; -} - int sqlite3_key(sqlite3 *db, const void *pKey, int nKey) { CODEC_TRACE("sqlite3_key entered: db=%p pKey=%s nKey=%d\n", db, (char *)pKey, nKey); return sqlite3_key_v2(db, "main", pKey, nKey); diff --git a/src/crypto.h b/src/crypto.h index 2836842..4354b0d 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -284,6 +284,20 @@ int sqlcipher_codec_ctx_get_kdf_algorithm(codec_ctx *ctx); void sqlcipher_set_mem_security(int); int sqlcipher_get_mem_security(); +int sqlcipher_find_db_index(sqlite3 *db, const char *zDb) { + int db_index; + if(zDb == NULL){ + return 0; + } + for(db_index = 0; db_index < db->nDb; db_index++) { + struct Db *pDb = &db->aDb[db_index]; + if(strcmp(pDb->zDbSName, zDb) == 0) { + return db_index; + } + } + return 0; +} + #endif #endif /* END SQLCIPHER */ diff --git a/test/crypto.test b/test/crypto.test index f7bded2..4441e7b 100644 --- a/test/crypto.test +++ b/test/crypto.test @@ -107,6 +107,10 @@ proc trace_proc sql { lappend TRACE_OUT [string trim $sql] } +if {[file exist "$testdir/sqlcipher-license.test"]} { + source $testdir/sqlcipher-license.test +} + # The database is initially empty. # set an hex key create some basic data # create table and insert operations should work @@ -2977,6 +2981,5 @@ do_test verify-memory-security { db close file delete -force test.db - sqlite3_test_control_pending_byte $old_pending_byte finish_test