aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/license.txt1
-rw-r--r--doc/log.txt2
-rw-r--r--src/engine/gnump/gmp_mem.cpp22
-rw-r--r--src/engine/gnump/gnump_engine.h7
-rw-r--r--src/hash/sha1/sha160.cpp4
-rw-r--r--src/utils/debug.cpp33
-rw-r--r--src/utils/debug.h19
-rw-r--r--src/utils/info.txt1
-rw-r--r--src/wrap/sqlite/codec.cpp123
-rw-r--r--src/wrap/sqlite/codec.h127
-rw-r--r--src/wrap/sqlite/codecext.cpp261
-rw-r--r--src/wrap/sqlite/readme.txt36
-rw-r--r--src/wrap/sqlite/sqlite.diff77
-rw-r--r--src/wrap/sqlite/test_sqlite.cpp101
14 files changed, 762 insertions, 52 deletions
diff --git a/doc/license.txt b/doc/license.txt
index 61615c3af..599bf7f63 100644
--- a/doc/license.txt
+++ b/doc/license.txt
@@ -14,6 +14,7 @@ Copyright (C) 1999-2010 Jack Lloyd
2007 Manuel Hartl
2007 Christoph Ludwig
2007 Patrick Sona
+ 2010 Olivier de Gaalon
All rights reserved.
Redistribution and use in source and binary forms, with or without
diff --git a/doc/log.txt b/doc/log.txt
index bb84922d2..ef16d85bf 100644
--- a/doc/log.txt
+++ b/doc/log.txt
@@ -4,8 +4,10 @@
- Add SSE2 implementation of IDEA
- Perform XTS encryption and decryption in parallel where possible
- Perform CBC decryption in parallel where possible
+ - Add SQLite3 db encryption codec, contributed by Olivier de Gaalon
- Add a block cipher cascade construction
- Add support for Win32 high resolution system timers
+ - Fix crash in GMP_Engine if library is shutdown and reinitialized
- Remove Timer class entirely
- Switch default PKCS #8 encryption algorithm from 3DES to AES-256
- New option --gen-amalgamation for creating a SQLite-style amalgamation
diff --git a/src/engine/gnump/gmp_mem.cpp b/src/engine/gnump/gmp_mem.cpp
index 59e0cc4c5..f3650e716 100644
--- a/src/engine/gnump/gmp_mem.cpp
+++ b/src/engine/gnump/gmp_mem.cpp
@@ -1,6 +1,6 @@
/*
* GNU MP Memory Handlers
-* (C) 1999-2007 Jack Lloyd
+* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
@@ -17,6 +17,7 @@ namespace {
* Allocator used by GNU MP
*/
Allocator* gmp_alloc = 0;
+u32bit gmp_alloc_refcnt = 0;
/*
* Allocation Function for GNU MP
@@ -48,23 +49,28 @@ void gmp_free(void* ptr, size_t n)
}
/*
-* Set the GNU MP memory functions
+* GMP_Engine Constructor
*/
-void GMP_Engine::set_memory_hooks()
+GMP_Engine::GMP_Engine()
{
if(gmp_alloc == 0)
{
gmp_alloc = Allocator::get(true);
mp_set_memory_functions(gmp_malloc, gmp_realloc, gmp_free);
}
+
+ ++gmp_alloc_refcnt;
}
-/*
-* GMP_Engine Constructor
-*/
-GMP_Engine::GMP_Engine()
+GMP_Engine::~GMP_Engine()
{
- set_memory_hooks();
+ --gmp_alloc_refcnt;
+
+ if(gmp_alloc_refcnt == 0)
+ {
+ mp_set_memory_functions(NULL, NULL, NULL);
+ gmp_alloc = 0;
+ }
}
}
diff --git a/src/engine/gnump/gnump_engine.h b/src/engine/gnump/gnump_engine.h
index ec4a7e721..d0b070441 100644
--- a/src/engine/gnump/gnump_engine.h
+++ b/src/engine/gnump/gnump_engine.h
@@ -18,6 +18,9 @@ namespace Botan {
class GMP_Engine : public Engine
{
public:
+ GMP_Engine();
+ ~GMP_Engine();
+
std::string provider_name() const { return "gmp"; }
#if defined(BOTAN_HAS_IF_PUBLIC_KEY_FAMILY)
@@ -46,10 +49,6 @@ class GMP_Engine : public Engine
Modular_Exponentiator* mod_exp(const BigInt&,
Power_Mod::Usage_Hints) const;
-
- GMP_Engine();
- private:
- static void set_memory_hooks();
};
}
diff --git a/src/hash/sha1/sha160.cpp b/src/hash/sha1/sha160.cpp
index ff44593f6..1ad08d483 100644
--- a/src/hash/sha1/sha160.cpp
+++ b/src/hash/sha1/sha160.cpp
@@ -134,8 +134,8 @@ void SHA_160::compress_n(const byte input[], u32bit blocks)
*/
void SHA_160::copy_out(byte output[])
{
- for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4)
- store_be(digest[j/4], output + j);
+ for(u32bit i = 0; i != OUTPUT_LENGTH; i += 4)
+ store_be(digest[i/4], output + i);
}
/*
diff --git a/src/utils/debug.cpp b/src/utils/debug.cpp
deleted file mode 100644
index 894418650..000000000
--- a/src/utils/debug.cpp
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
-* Internal-use debugging functions for Botan
-* (C) 2009 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/internal/debug.h>
-#include <cstdio>
-
-namespace Botan {
-
-namespace Debug {
-
-void print_vec(const std::string& name,
- const byte array[],
- size_t array_len)
- {
- std::printf("%s = ", name.c_str());
- for(size_t i = 0; i != array_len; ++i)
- std::printf("%02X", array[i]);
- std::printf("\n");
- }
-
-void print_vec(const std::string& name,
- const MemoryRegion<byte>& vec)
- {
- print_vec(name, &vec[0], vec.size());
- }
-
-}
-
-}
diff --git a/src/utils/debug.h b/src/utils/debug.h
index ee93d5ea0..c7f19c1b1 100644
--- a/src/utils/debug.h
+++ b/src/utils/debug.h
@@ -9,18 +9,29 @@
#define BOTAN_DEBUG_H__
#include <botan/secmem.h>
+#include <iostream>
namespace Botan {
namespace Debug {
+template<typename T>
void print_vec(const std::string& name,
- const byte array[],
- size_t array_len);
+ const T array[], size_t array_len)
+ {
+ std::cout << name << " = ";
-void print_vec(const std::string& name,
- const MemoryRegion<byte>& vec);
+ for(size_t i = 0; i != array_len; ++i)
+ std::cout << std::hex << array[i];
+ std::cout << std::endl;
+ }
+template<typename T>
+void print_vec(const std::string& name,
+ const MemoryRegion<T>& vec)
+ {
+ print_vec(name, &vec[0], vec.size());
+ }
}
diff --git a/src/utils/info.txt b/src/utils/info.txt
index f9d33d9d8..8f4ad5f0e 100644
--- a/src/utils/info.txt
+++ b/src/utils/info.txt
@@ -5,7 +5,6 @@ load_on always
<source>
charset.cpp
cpuid.cpp
-debug.cpp
mlock.cpp
parsing.cpp
time.cpp
diff --git a/src/wrap/sqlite/codec.cpp b/src/wrap/sqlite/codec.cpp
new file mode 100644
index 000000000..5dfcea82e
--- /dev/null
+++ b/src/wrap/sqlite/codec.cpp
@@ -0,0 +1,123 @@
+/*
+ * Codec class for SQLite3 encryption codec.
+ * (C) 2010 Olivier de Gaalon
+ *
+ * Distributed under the terms of the Botan license
+ */
+
+#include "codec.h"
+#include <botan/init.h>
+
+Codec::Codec(void *db)
+{
+ InitializeCodec(db);
+}
+
+Codec::Codec(const Codec& other, void *db)
+{
+ //Only used to copy main db key for an attached db
+ InitializeCodec(db);
+ m_hasReadKey = other.m_hasReadKey;
+ m_hasWriteKey = other.m_hasWriteKey;
+ m_readKey = other.m_readKey;
+ m_ivReadKey = other.m_ivReadKey;
+ m_writeKey = other.m_writeKey;
+ m_ivWriteKey = other.m_ivWriteKey;
+}
+
+void
+Codec::InitializeCodec(void *db)
+{
+ bool botanInitialized = false;
+ Library_State* state = swap_global_state(0);
+ if(state)
+ {
+ botanInitialized = true;
+ swap_global_state(state); // should return NULL FIXME: what if not?
+ }
+
+ if (!botanInitialized)
+ LibraryInitializer::initialize();
+
+ m_hasReadKey = false;
+ m_hasWriteKey = false;
+ m_db = db;
+
+ m_encipherFilter = get_cipher(BLOCK_CIPHER_STR, ENCRYPTION);
+ m_decipherFilter = get_cipher(BLOCK_CIPHER_STR, DECRYPTION);
+ m_cmac = new MAC_Filter(MAC_STR);
+ m_encipherPipe.append(m_encipherFilter);
+ m_decipherPipe.append(m_decipherFilter);
+ m_macPipe.append(m_cmac);
+}
+
+void
+Codec::GenerateWriteKey(const char* userPassword, int passwordLength)
+{
+ S2K* s2k = get_s2k(S2K_STR);
+ s2k->set_iterations(S2K_ITERATIONS);
+ s2k->change_salt((const byte*)SALT_STR.c_str(), SALT_SIZE);
+
+ SymmetricKey masterKey =
+ s2k->derive_key(KEY_SIZE + IV_DERIVATION_KEY_SIZE, std::string(userPassword, passwordLength));
+
+ m_writeKey = SymmetricKey(masterKey.bits_of(), KEY_SIZE);
+ m_ivWriteKey = SymmetricKey(masterKey.bits_of() + KEY_SIZE, IV_DERIVATION_KEY_SIZE);
+
+ m_hasWriteKey = true;
+}
+
+void
+Codec::DropWriteKey()
+{
+ m_hasWriteKey = false;
+}
+
+void
+Codec::SetReadIsWrite()
+{
+ m_readKey = m_writeKey;
+ m_ivReadKey = m_ivWriteKey;
+ m_hasReadKey = m_hasWriteKey;
+}
+
+void
+Codec::SetWriteIsRead()
+{
+ m_writeKey = m_readKey;
+ m_ivWriteKey = m_ivReadKey;
+ m_hasWriteKey = m_hasReadKey;
+}
+
+unsigned char *
+Codec::Encrypt(int page, unsigned char* data, bool useWriteKey)
+{
+ memcpy(m_page, data, m_pageSize);
+
+ m_encipherFilter->set_key(useWriteKey ? m_writeKey : m_readKey);
+ m_encipherFilter->set_iv(GetIVForPage(page, useWriteKey));
+ m_encipherPipe.process_msg(m_page, m_pageSize);
+ m_encipherPipe.read(m_page, m_encipherPipe.remaining(Pipe::LAST_MESSAGE), Pipe::LAST_MESSAGE);
+
+ return m_page; //return location of newly ciphered data
+}
+
+void
+Codec::Decrypt(int page, unsigned char* data)
+{
+ m_decipherFilter->set_key(m_readKey);
+ m_decipherFilter->set_iv(GetIVForPage(page, false));
+ m_decipherPipe.process_msg(data, m_pageSize);
+ m_decipherPipe.read(data, m_decipherPipe.remaining(Pipe::LAST_MESSAGE), Pipe::LAST_MESSAGE);
+}
+
+InitializationVector
+Codec::GetIVForPage(u32bit page, bool useWriteKey)
+{
+ static unsigned char* intiv[4];
+ store_le(page, (byte*)intiv);
+ m_cmac->set_key(useWriteKey ? m_ivWriteKey : m_ivReadKey);
+ m_macPipe.process_msg((byte*)intiv, 4);
+ return m_macPipe.read_all(Pipe::LAST_MESSAGE);
+}
+
diff --git a/src/wrap/sqlite/codec.h b/src/wrap/sqlite/codec.h
new file mode 100644
index 000000000..8b753be62
--- /dev/null
+++ b/src/wrap/sqlite/codec.h
@@ -0,0 +1,127 @@
+/*
+ * Codec class for SQLite3 encryption codec.
+ * (C) 2010 Olivier de Gaalon
+ *
+ * Distributed under the terms of the Botan license
+ */
+
+#ifndef _CODEC_H_
+#define _CODEC_H_
+
+#include <string>
+#include <botan/botan.h>
+#include <botan/loadstor.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(__BORLANDC__)
+#define __STDC__ 1
+#endif
+
+#include "./sqliteInt.h"
+
+#if defined(__BORLANDC__)
+#undef __STDC__
+#endif
+
+/* ATTENTION: Macro similar to that in pager.c
+ * Needed because pager is forward declared when needed most
+ * TODO: Check in case of new version of SQLite
+ * ... but it's VERY unlikely to change (it'd break all past DBs)
+ */
+#include "./os.h"
+#define CODEC_PAGER_MJ_PGNO(x) ((PENDING_BYTE/(x))+1)
+
+#ifdef __cplusplus
+} /* End of the 'extern "C"' block */
+#endif
+
+using namespace std;
+using namespace Botan;
+
+/*These constants can be used to tweak the codec behavior as follows
+ *Note that once you've encrypted a database with these settings,
+ *recompiling with any different settings will give you a library that
+ *cannot read that database, even given the same passphrase.*/
+
+//BLOCK_CIPHER_STR: Cipher and mode used for encrypting the database
+//make sure to add "/NoPadding" for modes that use padding schemes
+const string BLOCK_CIPHER_STR = "Twofish/XTS";
+
+//S2K_STR: Key derivation function used to derive both the encryption
+//and IV derivation keys from the given database passphrase
+const string S2K_STR = "PBKDF2(SHA-160)";
+
+//SALT_STR: Hard coded salt used to derive the key from the passphrase.
+const string SALT_STR = "&g#nB'9]";
+
+//MAC_STR: CMAC used to derive the IV that is used for db page
+//encryption
+const string MAC_STR = "CMAC(Twofish)";
+
+//S2K_ITERATIONS: Number of hash iterations used in the key derivation
+//process.
+const int S2K_ITERATIONS = 10000;
+
+//SALT_SIZE: Size of the salt in bytes (as given in SALT_STR)
+const int SALT_SIZE = 64/8; //64 bit, 8 byte salt
+
+//KEY_SIZE: Size of the encryption key. Note that XTS splits the key
+//between two ciphers, so if you're using XTS, double the intended key
+//size. (ie, "AES-128/XTS" should have a 256 bit KEY_SIZE)
+const int KEY_SIZE = 512/8; //512 bit, 64 byte key. (256 bit XTS key)
+
+//IV_DERIVATION_KEY_SIZE: Size of the key used with the CMAC (MAC_STR)
+//above.
+const int IV_DERIVATION_KEY_SIZE = 256/8; //256 bit, 32 byte key
+
+class Codec
+{
+public:
+ Codec(void *db);
+ Codec(const Codec& other, void *db);
+
+ void GenerateWriteKey(const char* userPassword, int passwordLength);
+ void DropWriteKey();
+ void SetWriteIsRead();
+ void SetReadIsWrite();
+
+ unsigned char* Encrypt(int page, unsigned char* data, bool useWriteKey);
+ void Decrypt(int page, unsigned char* data);
+
+ void SetPageSize(int pageSize) { m_pageSize = pageSize; }
+
+ bool HasReadKey() { return m_hasReadKey; }
+ bool HasWriteKey() { return m_hasWriteKey; }
+ void* GetDB() { return m_db; }
+
+private:
+ bool m_hasReadKey;
+ bool m_hasWriteKey;
+
+ SymmetricKey
+ m_readKey,
+ m_writeKey,
+ m_ivReadKey,
+ m_ivWriteKey;
+
+ Pipe
+ m_encipherPipe,
+ m_decipherPipe,
+ m_macPipe;
+
+ Keyed_Filter *m_encipherFilter;
+ Keyed_Filter *m_decipherFilter;
+ MAC_Filter *m_cmac;
+
+ int m_pageSize;
+ unsigned char m_page[SQLITE_MAX_PAGE_SIZE];
+ void* m_db;
+
+ InitializationVector GetIVForPage(u32bit page, bool useWriteKey);
+ void InitializeCodec(void *db);
+};
+
+#endif
diff --git a/src/wrap/sqlite/codecext.cpp b/src/wrap/sqlite/codecext.cpp
new file mode 100644
index 000000000..e542df975
--- /dev/null
+++ b/src/wrap/sqlite/codecext.cpp
@@ -0,0 +1,261 @@
+/*
+ * SQLite3 encryption extention codec
+ * (C) 2010 Olivier de Gaalon
+ *
+ * Distributed under the terms of the Botan license
+ */
+
+#ifndef SQLITE_OMIT_DISKIO
+#ifdef SQLITE_HAS_CODEC
+
+#include "codec.h"
+#include "sqlite3.h"
+
+// Required to implement, called from pragma.c, guessing that "see" is related to the
+// "SQLite Encryption Extension" (the semi-official, for-pay, encryption codec)
+extern "C"
+void sqlite3_activate_see(const char *info) { }
+
+// Free the encryption codec, called from pager.c (address passed in sqlite3PagerSetCodec)
+extern "C"
+void sqlite3PagerFreeCodec(void *pCodec)
+{
+ if (pCodec)
+ delete (Codec*) pCodec;
+}
+
+// Report the page size to the codec, called from pager.c (address passed in sqlite3PagerSetCodec)
+extern "C"
+void sqlite3CodecSizeChange(void *pCodec, int pageSize, int nReserve)
+{
+ Codec* codec = (Codec*) pCodec;
+ codec->SetPageSize(pageSize);
+}
+
+// Encrypt/Decrypt functionality, called by pager.c
+extern "C"
+void* sqlite3Codec(void* pCodec, void* data, Pgno nPageNum, int nMode)
+{
+ if (pCodec == NULL) //Db not encrypted
+ return data;
+
+ Codec* codec = (Codec*) pCodec;
+
+ try
+ {
+ switch(nMode)
+ {
+ case 0: // Undo a "case 7" journal file encryption
+ case 2: // Reload a page
+ case 3: // Load a page
+ if (codec->HasReadKey())
+ codec->Decrypt(nPageNum, (unsigned char*) data);
+ break;
+ case 6: // Encrypt a page for the main database file
+ if (codec->HasWriteKey())
+ data = codec->Encrypt(nPageNum, (unsigned char*) data, true);
+ break;
+ case 7: // Encrypt a page for the journal file
+ /*
+ *Under normal circumstances, the readkey is the same as the writekey. However,
+ *when the database is being rekeyed, the readkey is not the same as the writekey.
+ *(The writekey is the "destination key" for the rekey operation and the readkey
+ *is the key the db is currently encrypted with)
+ *Therefore, for case 7, when the rollback is being written, always encrypt using
+ *the database's readkey, which is guaranteed to be the same key that was used to
+ *read and write the original data.
+ */
+ if (codec->HasReadKey())
+ data = codec->Encrypt(nPageNum, (unsigned char*) data, false);
+ break;
+ }
+ }
+ catch(Botan::Exception e)
+ {
+ sqlite3Error((sqlite3*)codec->GetDB(), SQLITE_ERROR, "Botan Error: %s", e.what());
+ }
+
+ return data;
+}
+
+//These functions are defined in pager.c
+extern "C" void* sqlite3PagerGetCodec(Pager *pPager);
+extern "C" void sqlite3PagerSetCodec(
+ Pager *pPager,
+ void *(*xCodec)(void*,void*,Pgno,int),
+ void (*xCodecSizeChng)(void*,int,int),
+ void (*xCodecFree)(void*),
+ void *pCodec
+);
+
+
+extern "C"
+int sqlite3CodecAttach(sqlite3* db, int nDb, const void* zKey, int nKey)
+{
+ try {
+ if (zKey == NULL || nKey <= 0)
+ {
+ // No key specified, could mean either use the main db's encryption or no encryption
+ if (nDb != 0 && nKey < 0)
+ {
+ //Is an attached database, therefore use the key of main database, if main database is encrypted
+ Codec* mainCodec = (Codec*) sqlite3PagerGetCodec(sqlite3BtreePager(db->aDb[0].pBt));
+ if (mainCodec != NULL)
+ {
+ Codec* codec = new Codec(*mainCodec, db);
+ sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt),
+ sqlite3Codec,
+ sqlite3CodecSizeChange,
+ sqlite3PagerFreeCodec, codec);
+ }
+ }
+ }
+ else
+ {
+ // Key specified, setup encryption key for database
+ Codec* codec = new Codec(db);
+ codec->GenerateWriteKey((const char*) zKey, nKey);
+ codec->SetReadIsWrite();
+ sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt),
+ sqlite3Codec,
+ sqlite3CodecSizeChange,
+ sqlite3PagerFreeCodec, codec);
+ }
+ }
+ catch(Botan::Exception e) {
+ sqlite3Error(db, SQLITE_ERROR, "Botan Error: %s", e.what());
+ return SQLITE_ERROR;
+ }
+ return SQLITE_OK;
+}
+
+extern "C"
+void sqlite3CodecGetKey(sqlite3* db, int nDb, void** zKey, int* nKey)
+{
+ // The unencrypted password is not stored for security reasons
+ // therefore always return NULL
+ *zKey = NULL;
+ *nKey = -1;
+}
+
+extern "C"
+int sqlite3_key(sqlite3 *db, const void *zKey, int nKey)
+{
+ // The key is only set for the main database, not the temp database
+ return sqlite3CodecAttach(db, 0, zKey, nKey);
+}
+
+extern "C"
+int sqlite3_rekey(sqlite3 *db, const void *zKey, int nKey)
+{
+ // Changes the encryption key for an existing database.
+ int rc = SQLITE_ERROR;
+ Btree* pbt = db->aDb[0].pBt;
+ Pager* pPager = sqlite3BtreePager(pbt);
+ Codec* codec = (Codec*) sqlite3PagerGetCodec(pPager);
+
+ if ((zKey == NULL || nKey == 0) && codec == NULL)
+ {
+ // Database not encrypted and key not specified. Do nothing
+ return SQLITE_OK;
+ }
+
+ if (codec == NULL)
+ {
+ // Database not encrypted, but key specified. Encrypt database
+ try {
+ codec = new Codec(db);
+ codec->GenerateWriteKey((const char*) zKey, nKey);
+ } catch (Botan::Exception e) {
+ sqlite3Error(db, SQLITE_ERROR, "Botan Error %s", e.what());
+ return SQLITE_ERROR;
+ }
+ sqlite3PagerSetCodec(pPager, sqlite3Codec, sqlite3CodecSizeChange, sqlite3PagerFreeCodec, codec);
+ }
+ else if (zKey == NULL || nKey == 0)
+ {
+ // Database encrypted, but key not specified. Decrypt database
+ // Keep read key, drop write key
+ codec->DropWriteKey();
+ }
+ else
+ {
+ // Database encrypted and key specified. Re-encrypt database with new key
+ // Keep read key, change write key to new key
+ try {
+ codec->GenerateWriteKey((const char*) zKey, nKey);
+ } catch (Botan::Exception e) {
+ sqlite3Error(db, SQLITE_ERROR, "Botan Error %s", e.what());
+ return SQLITE_ERROR;
+ }
+ }
+
+ // Start transaction
+ rc = sqlite3BtreeBeginTrans(pbt, 1);
+ if (rc == SQLITE_OK)
+ {
+ // Rewrite all pages using the new encryption key (if specified)
+ int nPageCount = -1;
+ int rc = sqlite3PagerPagecount(pPager, &nPageCount);
+ Pgno nPage = (Pgno) nPageCount;
+ int pageSize = sqlite3BtreeGetPageSize(pbt);
+ //Can't use SQLite3 macro here since pager is forward declared...sigh
+ Pgno nSkip = CODEC_PAGER_MJ_PGNO(pageSize);
+ DbPage *pPage;
+
+ for (Pgno n = 1; rc == SQLITE_OK && n <= nPage; n++)
+ {
+ if (n == nSkip)
+ continue;
+
+ rc = sqlite3PagerGet(pPager, n, &pPage);
+
+ if (!rc)
+ {
+ rc = sqlite3PagerWrite(pPage);
+ sqlite3PagerUnref(pPage);
+ }
+ else
+ sqlite3Error(db, SQLITE_ERROR, "%s", "Error while rekeying database page. Transaction Canceled.");
+ }
+ }
+ else
+ sqlite3Error(db, SQLITE_ERROR, "%s", "Error beginning rekey transaction. Make sure that the current encryption key is correct.");
+
+ if (rc == SQLITE_OK)
+ {
+ // All good, commit
+ rc = sqlite3BtreeCommit(pbt);
+
+ if (rc == SQLITE_OK)
+ {
+ //Database rekeyed and committed successfully, update read key
+ if (codec->HasWriteKey())
+ codec->SetReadIsWrite();
+ else //No write key == no longer encrypted
+ sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL);
+ }
+ else
+ {
+ //FIXME: can't trigger this, not sure if rollback is needed, reference implementation didn't rollback
+ sqlite3Error(db, SQLITE_ERROR, "%s", "Could not commit rekey transaction.");
+ }
+ }
+ else
+ {
+ // Rollback, rekey failed
+ sqlite3BtreeRollback(pbt);
+
+ // go back to read key
+ if (codec->HasReadKey())
+ codec->SetWriteIsRead();
+ else //Database wasn't encrypted to start with
+ sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL);
+ }
+
+ return rc;
+}
+
+#endif // SQLITE_HAS_CODEC
+
+#endif // SQLITE_OMIT_DISKIO
diff --git a/src/wrap/sqlite/readme.txt b/src/wrap/sqlite/readme.txt
new file mode 100644
index 000000000..e131f9e91
--- /dev/null
+++ b/src/wrap/sqlite/readme.txt
@@ -0,0 +1,36 @@
+Build instructions for Botan SQLite3 codec
+---
+
+1. Requires Botan 1.8.8 or later (earlier versions OK if you switch to
+ CBC mode from XTS)
+
+2. Download SQLite3 version 3.6.17 or later, get the version "as
+ extracted from the source control system", NOT the amalgamation.
+
+3. Apply the patch "sqlite.diff" [*]:
+ $ patch -p0 < ../sqlite.diff
+ patching file Makefile.in
+ patching file src/pager.c
+
+ If the patch to pager.c fails for some reason (ie, changes in
+ SQLite3), all that need be done is remove the "static" keyword from
+ the functions sqlite3PagerSetCodec and sqlite3PagerGetCodec.
+
+5. Create a folder called "botan" in the SQLite3 src dir and copy
+ "codec.cpp", "codec.h", and "codecext.cpp" into it.
+
+6. As desired, edit the constants in codec.h to tweak the encryption
+ type to your needs. (Currently, Twofish/XTS with 256 bit key)
+
+7. Run ./configure in the SQLite3 root directory with the
+ "--disable-amalgamation" and (if desired) "--disable-shared"
+ arguments, and then run make.
+
+And to make sure it all worked...
+
+8. Make the test_sqlite.cpp file:
+ $ g++ test_sqlite.cpp -o test_sqlite -lbotan /path/to/libsqlite3.a
+9. Run it
+ $ ./test_sqlite
+10. Look for "All seems good"
+
diff --git a/src/wrap/sqlite/sqlite.diff b/src/wrap/sqlite/sqlite.diff
new file mode 100644
index 000000000..1a3ef764c
--- /dev/null
+++ b/src/wrap/sqlite/sqlite.diff
@@ -0,0 +1,77 @@
+--- Makefile.in.orig 2009-10-30 09:34:59.000000000 -0400
++++ Makefile.in 2010-01-21 22:51:22.000000000 -0500
+@@ -133,7 +133,10 @@
+ GCOV_LDFLAGS1 = -lgcov
+ USE_GCOV = @USE_GCOV@
+ LTCOMPILE_EXTRAS += $(GCOV_CFLAGS$(USE_GCOV))
++LTCOMPILE_EXTRAS += -DSQLITE_HAS_CODEC
+ LTLINK_EXTRAS += $(GCOV_LDFLAGS$(USE_GCOV))
++LTLINK_EXTRAS += -lstdc++
++LTLINK_EXTRAS += -lbotan
+
+
+ # The directory into which to store package information for
+@@ -176,7 +179,8 @@
+ table.lo tokenize.lo trigger.lo update.lo \
+ util.lo vacuum.lo \
+ vdbe.lo vdbeapi.lo vdbeaux.lo vdbeblob.lo vdbemem.lo \
+- walker.lo where.lo utf.lo vtab.lo
++ walker.lo where.lo utf.lo vtab.lo \
++ codec.lo codecext.lo
+
+ # Object files for the amalgamation.
+ #
+@@ -275,7 +279,10 @@
+ $(TOP)/src/vdbeInt.h \
+ $(TOP)/src/vtab.c \
+ $(TOP)/src/walker.c \
+- $(TOP)/src/where.c
++ $(TOP)/src/where.c \
++ $(TOP)/src/botan/codec.cpp \
++ $(TOP)/src/botan/codecext.cpp \
++ $(TOP)/src/botan/codec.h
+
+ # Generated source code files
+ #
+@@ -411,6 +418,7 @@
+ $(TOP)/src/sqlite3ext.h \
+ $(TOP)/src/sqliteInt.h \
+ $(TOP)/src/vdbe.h \
++ $(TOP)/src/botan/codec.h \
+ $(TOP)/src/vdbeInt.h \
+ parse.h \
+ config.h
+@@ -622,6 +630,13 @@
+ notify.lo: $(TOP)/src/notify.c $(HDR)
+ $(LTCOMPILE) $(TEMP_STORE) -c $(TOP)/src/notify.c
+
++codec.lo: $(TOP)/src/botan/codec.cpp $(HDR) $(TOP)/src/botan/codec.h
++ $(LTCOMPILE) $(TEMP_STORE) -c $(TOP)/src/botan/codec.cpp
++
++codecext.lo: $(TOP)/src/botan/codecext.cpp $(HDR) $(TOP)/src/botan/codec.h
++ $(LTCOMPILE) $(TEMP_STORE) -c $(TOP)/src/botan/codecext.cpp
++
++
+ pager.lo: $(TOP)/src/pager.c $(HDR) $(TOP)/src/pager.h
+ $(LTCOMPILE) $(TEMP_STORE) -c $(TOP)/src/pager.c
+
+--- src/pager.c.orig 2009-10-30 17:01:07.000000000 -0400
++++ src/pager.c 2010-01-21 22:51:53.000000000 -0500
+@@ -5046,7 +5046,7 @@
+ /*
+ ** Set or retrieve the codec for this pager
+ */
+-static void sqlite3PagerSetCodec(
++void sqlite3PagerSetCodec(
+ Pager *pPager,
+ void *(*xCodec)(void*,void*,Pgno,int),
+ void (*xCodecSizeChng)(void*,int,int),
+@@ -5060,7 +5060,7 @@
+ pPager->pCodec = pCodec;
+ pagerReportSize(pPager);
+ }
+-static void *sqlite3PagerGetCodec(Pager *pPager){
++void *sqlite3PagerGetCodec(Pager *pPager){
+ return pPager->pCodec;
+ }
+ #endif
diff --git a/src/wrap/sqlite/test_sqlite.cpp b/src/wrap/sqlite/test_sqlite.cpp
new file mode 100644
index 000000000..8d8cad946
--- /dev/null
+++ b/src/wrap/sqlite/test_sqlite.cpp
@@ -0,0 +1,101 @@
+/*
+ * Quick and dirty test for SQLite3 encryption codec.
+ * (C) 2010 Olivier de Gaalon
+ *
+ * Distributed under the terms of the Botan license
+ */
+
+#include <sqlite3.h>
+#include <stdio.h>
+
+namespace SQL
+{
+ const char * CREATE_TABLE_TEST =
+ "create table 'test' (id INTEGER PRIMARY KEY, name TEXT, creationtime TEXT);";
+ const char * CREATE_TABLE_TEST2 =
+ "create table 'test2' (id INTEGER PRIMARY KEY, name TEXT, creationtime TEXT);";
+ const char * INSERT_INTO_TEST =
+ "INSERT INTO test (name, creationtime) VALUES ('widget', '1st time');\
+ INSERT INTO test (name, creationtime) VALUES ('widget', '2nd time');\
+ INSERT INTO test (name, creationtime) VALUES ('widget', '3rd time');\
+ INSERT INTO test (name, creationtime) VALUES ('widget', '4th time');\
+ INSERT INTO test (name, creationtime) VALUES ('widget', '5th time');";
+ const char * INSERT_INTO_TEST2 =
+ "INSERT INTO test2 (name, creationtime) VALUES ('widget2', '1st time2');\
+ INSERT INTO test2 (name, creationtime) VALUES ('widget2', '2nd time2');\
+ INSERT INTO test2 (name, creationtime) VALUES ('widget2', '3rd time2');\
+ INSERT INTO test2 (name, creationtime) VALUES ('widget2', '4th time2');\
+ INSERT INTO test2 (name, creationtime) VALUES ('widget2', '5th time2');";
+ const char * SELECT_FROM_TEST =
+ "SELECT * FROM test;";
+ const char * SELECT_FROM_TEST2 =
+ "SELECT * FROM test2;";
+};
+
+static int callback(void *NotUsed, int argc, char **argv, char **azColName){
+ int i;
+ fprintf(stderr, "\t");
+ for(i=0; i<argc; i++){
+ fprintf(stderr, "%s = %s | ", azColName[i], argv[i] ? argv[i] : "NULL");
+ }
+ fprintf(stderr, "\n");
+ return 0;
+}
+
+int main(int argc, char** argv)
+{
+ sqlite3 * db;
+ const char * key = "testkey";
+ const char * dbname = "./testdb";
+ int keylen = 7;
+ char * error=0;
+
+ fprintf(stderr, "Creating Database \"%s\"\n", dbname);
+ int rc = sqlite3_open(dbname, &db);
+ if (rc != SQLITE_OK) { fprintf(stderr, "Can't open/create database: %s\n", sqlite3_errmsg(db)); return 1; }
+
+ fprintf(stderr, "Keying Database with key \"%s\"\n", key);
+ rc = sqlite3_key(db, key, keylen);
+ if (rc != SQLITE_OK) { fprintf(stderr, "Can't key database: %s\n", sqlite3_errmsg(db)); return 1; }
+
+ fprintf(stderr, "Creating table \"test\"\n");
+ rc = sqlite3_exec(db, SQL::CREATE_TABLE_TEST, 0, 0, &error);
+ if (rc != SQLITE_OK) { fprintf(stderr, "SQL error: %s\n", error); return 1; }
+
+ fprintf(stderr, "Creating table \"test2\"\n");
+ rc = sqlite3_exec(db, SQL::CREATE_TABLE_TEST2, 0, 0, &error);
+ if (rc != SQLITE_OK) { fprintf(stderr, "SQL error: %s\n", error); return 1; }
+
+ fprintf(stderr, "Inserting into table \"test\"\n");
+ rc = sqlite3_exec(db, SQL::INSERT_INTO_TEST, 0, 0, &error);
+ if (rc != SQLITE_OK) { fprintf(stderr, "SQL error: %s\n", error); return 1; }
+
+ fprintf(stderr, "Inserting into table \"test2\"\n");
+ rc = sqlite3_exec(db, SQL::INSERT_INTO_TEST2, 0, 0, &error);
+ if (rc != SQLITE_OK) { fprintf(stderr, "SQL error: %s\n", error); return 1; }
+
+ fprintf(stderr, "Closing Database \"%s\"\n", dbname);
+ sqlite3_close(db);
+
+ fprintf(stderr, "Opening Database \"%s\"\n", dbname);
+ rc = sqlite3_open(dbname, &db);
+ if (rc != SQLITE_OK) { fprintf(stderr, "Can't open/create database: %s\n", sqlite3_errmsg(db)); return 1; }
+
+ fprintf(stderr, "Keying Database with key \"%s\"\n", key);
+ rc = sqlite3_key(db, key, keylen);
+ if (rc != SQLITE_OK) { fprintf(stderr, "Can't key database: %s\n", sqlite3_errmsg(db)); return 1; }
+
+ fprintf(stderr, "Selecting all from test\n");
+ rc = sqlite3_exec(db, SQL::SELECT_FROM_TEST, callback, 0, &error);
+ if (rc != SQLITE_OK) { fprintf(stderr, "SQL error: %s\n", error); return 1; }
+
+ fprintf(stderr, "Selecting all from test2\n");
+ rc = sqlite3_exec(db, SQL::SELECT_FROM_TEST2, callback, 0, &error);
+ if (rc != SQLITE_OK) { fprintf(stderr, "SQL error: %s\n", error); return 1; }
+
+ fprintf(stderr, "Closing Database \"%s\"\n", dbname);
+ sqlite3_close(db);
+
+ fprintf(stderr, "All Seems Good \n");
+ return 0;
+}