deprecates cipher_hmac_pgno and cipher_hmac_salt_mask
This commit is contained in:
Stephen Lombardo
parent
e9b82ec35c
commit
fb3a1960df
|
|
@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
|
|||
- Clarify usage of sqlite3_rekey for plaintext databases in header
|
||||
- Normalize attach behavior when key is not yet derived
|
||||
- Adds PRAGMA cipher_settings to query current database codec settings
|
||||
- PRAGMA cipher_hmac_pgno and cipher_hmac_salt_mask are now deprecated
|
||||
|
||||
## [4.0.1] - 2018-12-17
|
||||
- Based on upstream SQLite 3.26.0 (addresses SQLite “Magellan” issue)
|
||||
|
|
|
|||
22
src/crypto.c
22
src/crypto.c
|
|
@ -258,6 +258,7 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef
|
|||
if( sqlite3StrICmp(zLeft,"cipher_hmac_pgno")==0 ){
|
||||
if(ctx) {
|
||||
if(zRight) {
|
||||
char *deprecation = "PRAGMA cipher_hmac_pgno is deprecated, please remove from use";
|
||||
/* clear both pgno endian flags */
|
||||
if(sqlite3StrICmp(zRight, "le") == 0) {
|
||||
sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_BE_PGNO);
|
||||
|
|
@ -269,6 +270,9 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef
|
|||
sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_LE_PGNO);
|
||||
sqlcipher_codec_ctx_unset_flag(ctx, CIPHER_FLAG_BE_PGNO);
|
||||
}
|
||||
codec_vdbe_return_string(pParse, "cipher_hmac_pgno", deprecation, P4_TRANSIENT);
|
||||
sqlite3_log(SQLITE_WARNING, deprecation);
|
||||
|
||||
} else {
|
||||
if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_LE_PGNO)) {
|
||||
codec_vdbe_return_string(pParse, "cipher_hmac_pgno", "le", P4_TRANSIENT);
|
||||
|
|
@ -283,15 +287,18 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef
|
|||
if( sqlite3StrICmp(zLeft,"cipher_hmac_salt_mask")==0 ){
|
||||
if(ctx) {
|
||||
if(zRight) {
|
||||
char *deprecation = "PRAGMA cipher_hmac_salt_mask is deprecated, please remove from use";
|
||||
if (sqlite3StrNICmp(zRight ,"x'", 2) == 0 && sqlite3Strlen30(zRight) == 5) {
|
||||
unsigned char mask = 0;
|
||||
const unsigned char *hex = (const unsigned char *)zRight+2;
|
||||
cipher_hex2bin(hex,2,&mask);
|
||||
sqlcipher_set_hmac_salt_mask(mask);
|
||||
}
|
||||
codec_vdbe_return_string(pParse, "cipher_hmac_salt_mask", deprecation, P4_TRANSIENT);
|
||||
sqlite3_log(SQLITE_WARNING, deprecation);
|
||||
} else {
|
||||
char *hmac_salt_mask = sqlite3_mprintf("%02x", sqlcipher_get_hmac_salt_mask());
|
||||
codec_vdbe_return_string(pParse, "cipher_hmac_salt_mask", hmac_salt_mask, P4_DYNAMIC);
|
||||
char *hmac_salt_mask = sqlite3_mprintf("%02x", sqlcipher_get_hmac_salt_mask());
|
||||
codec_vdbe_return_string(pParse, "cipher_hmac_salt_mask", hmac_salt_mask, P4_DYNAMIC);
|
||||
}
|
||||
}
|
||||
}else
|
||||
|
|
@ -548,17 +555,6 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef
|
|||
pragma = sqlite3_mprintf("PRAGMA cipher_use_hmac = %d;", sqlcipher_codec_ctx_get_use_hmac(ctx));
|
||||
codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
|
||||
|
||||
if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_LE_PGNO)) {
|
||||
codec_vdbe_return_string(pParse, "pragma", "PRAGMA cipher_hmac_pgno = le;", P4_TRANSIENT);
|
||||
} else if(sqlcipher_codec_ctx_get_flag(ctx, CIPHER_FLAG_BE_PGNO)) {
|
||||
codec_vdbe_return_string(pParse, "pragma", "PRAGMA cipher_hmac_pgno = be;", P4_TRANSIENT);
|
||||
} else {
|
||||
codec_vdbe_return_string(pParse, "pragma", "PRAGMA cipher_hmac_pgno = native;", P4_TRANSIENT);
|
||||
}
|
||||
|
||||
pragma = sqlite3_mprintf("PRAGMA cipher_hmac_salt_mask = %02x;", sqlcipher_get_hmac_salt_mask());
|
||||
codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
|
||||
|
||||
pragma = sqlite3_mprintf("PRAGMA cipher_plaintext_header_size = %d;", sqlcipher_codec_ctx_get_plaintext_header_size(ctx));
|
||||
codec_vdbe_return_string(pParse, "pragma", pragma, P4_DYNAMIC);
|
||||
|
||||
|
|
|
|||
|
|
@ -884,7 +884,7 @@ do_test open-2.0-be-database {
|
|||
SELECT count(*) FROM t1;
|
||||
SELECT distinct * FROM t1;
|
||||
}
|
||||
} {78536 1 1 one one 1 2 one two}
|
||||
} {{PRAGMA cipher_hmac_pgno is deprecated, please remove from use} 78536 1 1 one one 1 2 one two}
|
||||
db close
|
||||
|
||||
# open a 2.0 database with big-endian hmac page numbers
|
||||
|
|
@ -936,7 +936,7 @@ do_test open-2.0-beta-database {
|
|||
SELECT count(*) FROM t1;
|
||||
SELECT distinct * FROM t1;
|
||||
}
|
||||
} {38768 test-0-0 test-0-1 test-1-0 test-1-1}
|
||||
} {{PRAGMA cipher_hmac_salt_mask is deprecated, please remove from use} 38768 test-0-0 test-0-1 test-1-0 test-1-1}
|
||||
db close
|
||||
|
||||
# open a 2.0 beta database
|
||||
|
|
|
|||
|
|
@ -247,7 +247,7 @@ do_test verify-pragma-hmac-salt-mask-reports-value-changed {
|
|||
PRAGMA cipher_hmac_salt_mask;
|
||||
PRAGMA cipher_hmac_salt_mask = "x'3a'";
|
||||
}
|
||||
} {11}
|
||||
} {{PRAGMA cipher_hmac_salt_mask is deprecated, please remove from use} 11 {PRAGMA cipher_hmac_salt_mask is deprecated, please remove from use}}
|
||||
db close
|
||||
file delete -force test.db
|
||||
|
||||
|
|
@ -275,7 +275,7 @@ do_test verify-pragma-hmac-pgno-reports-value-changed {
|
|||
PRAGMA cipher_hmac_pgno = le;
|
||||
PRAGMA cipher_hmac_pgno;
|
||||
}
|
||||
} {be native le}
|
||||
} {{PRAGMA cipher_hmac_pgno is deprecated, please remove from use} be {PRAGMA cipher_hmac_pgno is deprecated, please remove from use} native {PRAGMA cipher_hmac_pgno is deprecated, please remove from use} le}
|
||||
db close
|
||||
file delete -force test.db
|
||||
|
||||
|
|
@ -383,7 +383,7 @@ do_test verify-cipher_settings_default {
|
|||
PRAGMA key = 'test';
|
||||
PRAGMA cipher_settings;
|
||||
}
|
||||
} {{PRAGMA kdf_iter = 256000;} {PRAGMA fast_kdf_iter = 2;} {PRAGMA cipher_page_size = 4096;} {PRAGMA cipher_use_hmac = 1;} {PRAGMA cipher_hmac_pgno = le;} {PRAGMA cipher_hmac_salt_mask = 3a;} {PRAGMA cipher_plaintext_header_size = 0;} {PRAGMA cipher_hmac_algorithm = HMAC_SHA512;} {PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;}}
|
||||
} {{PRAGMA kdf_iter = 256000;} {PRAGMA fast_kdf_iter = 2;} {PRAGMA cipher_page_size = 4096;} {PRAGMA cipher_use_hmac = 1;} {PRAGMA cipher_plaintext_header_size = 0;} {PRAGMA cipher_hmac_algorithm = HMAC_SHA512;} {PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA512;}}
|
||||
db close
|
||||
file delete -force test.db
|
||||
|
||||
|
|
@ -394,7 +394,7 @@ do_test verify-cipher_settings_v1 {
|
|||
PRAGMA cipher_compatibility = 1;
|
||||
PRAGMA cipher_settings;
|
||||
}
|
||||
} {{PRAGMA kdf_iter = 4000;} {PRAGMA fast_kdf_iter = 2;} {PRAGMA cipher_page_size = 1024;} {PRAGMA cipher_use_hmac = 0;} {PRAGMA cipher_hmac_pgno = le;} {PRAGMA cipher_hmac_salt_mask = 3a;} {PRAGMA cipher_plaintext_header_size = 0;} {PRAGMA cipher_hmac_algorithm = HMAC_SHA1;} {PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;}}
|
||||
} {{PRAGMA kdf_iter = 4000;} {PRAGMA fast_kdf_iter = 2;} {PRAGMA cipher_page_size = 1024;} {PRAGMA cipher_use_hmac = 0;} {PRAGMA cipher_plaintext_header_size = 0;} {PRAGMA cipher_hmac_algorithm = HMAC_SHA1;} {PRAGMA cipher_kdf_algorithm = PBKDF2_HMAC_SHA1;}}
|
||||
db close
|
||||
file delete -force test.db
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue