aboutsummaryrefslogtreecommitdiffstats
path: root/src/wrap/sqlite/codecext.cpp
blob: e542df975479422af9dfe30fd044b02317be3b0f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
/*
 * SQLite3 encryption extention codec
 * (C) 2010 Olivier de Gaalon
 *
 * Distributed under the terms of the Botan license
 */

#ifndef SQLITE_OMIT_DISKIO
#ifdef SQLITE_HAS_CODEC

#include "codec.h"
#include "sqlite3.h"

// Required to implement, called from pragma.c, guessing that "see" is related to the
// "SQLite Encryption Extension" (the semi-official, for-pay, encryption codec)
extern "C"
void sqlite3_activate_see(const char *info) { }

// Free the encryption codec, called from pager.c (address passed in sqlite3PagerSetCodec)
extern "C"
void sqlite3PagerFreeCodec(void *pCodec)
{
    if (pCodec)
        delete (Codec*) pCodec;
}

// Report the page size to the codec, called from pager.c (address passed in sqlite3PagerSetCodec)
extern "C"
void sqlite3CodecSizeChange(void *pCodec, int pageSize, int nReserve)
{
    Codec* codec = (Codec*) pCodec;
    codec->SetPageSize(pageSize);
}

// Encrypt/Decrypt functionality, called by pager.c
extern "C"
void* sqlite3Codec(void* pCodec, void* data, Pgno nPageNum, int nMode)
{
    if (pCodec == NULL) //Db not encrypted
        return data;

    Codec* codec = (Codec*) pCodec;

    try
    {
        switch(nMode)
        {
        case 0: // Undo a "case 7" journal file encryption
        case 2: // Reload a page
        case 3: // Load a page
                if (codec->HasReadKey())
                    codec->Decrypt(nPageNum, (unsigned char*) data);
            break;
        case 6: // Encrypt a page for the main database file
            if (codec->HasWriteKey())
                data = codec->Encrypt(nPageNum, (unsigned char*) data, true);
            break;
        case 7: // Encrypt a page for the journal file
        /*
        *Under normal circumstances, the readkey is the same as the writekey.  However,
        *when the database is being rekeyed, the readkey is not the same as the writekey.
        *(The writekey is the "destination key" for the rekey operation and the readkey
        *is the key the db is currently encrypted with)
        *Therefore, for case 7, when the rollback is being written, always encrypt using
        *the database's readkey, which is guaranteed to be the same key that was used to
        *read and write the original data.
        */
            if (codec->HasReadKey())
                data = codec->Encrypt(nPageNum, (unsigned char*) data, false);
            break;
        }
    }
    catch(Botan::Exception e)
    {
        sqlite3Error((sqlite3*)codec->GetDB(), SQLITE_ERROR, "Botan Error: %s", e.what());
    }

    return data;
}

//These functions are defined in pager.c
extern "C" void* sqlite3PagerGetCodec(Pager *pPager);
extern "C" void sqlite3PagerSetCodec(
    Pager *pPager,
    void *(*xCodec)(void*,void*,Pgno,int),
    void (*xCodecSizeChng)(void*,int,int),
    void (*xCodecFree)(void*),
    void *pCodec
);


extern "C"
int sqlite3CodecAttach(sqlite3* db, int nDb, const void* zKey, int nKey)
{
    try {
        if (zKey == NULL || nKey <= 0)
        {
            // No key specified, could mean either use the main db's encryption or no encryption
            if (nDb != 0 && nKey < 0)
            {
                //Is an attached database, therefore use the key of main database, if main database is encrypted
                Codec* mainCodec = (Codec*) sqlite3PagerGetCodec(sqlite3BtreePager(db->aDb[0].pBt));
                if (mainCodec != NULL)
                {
                    Codec* codec = new Codec(*mainCodec, db);
                    sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt),
                                        sqlite3Codec,
                                        sqlite3CodecSizeChange,
                                        sqlite3PagerFreeCodec, codec);
                }
            }
        }
        else
        {
            // Key specified, setup encryption key for database
            Codec* codec = new Codec(db);
            codec->GenerateWriteKey((const char*) zKey, nKey);
            codec->SetReadIsWrite();
            sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt),
                                sqlite3Codec,
                                sqlite3CodecSizeChange,
                                sqlite3PagerFreeCodec, codec);
        }
    }
    catch(Botan::Exception e) {
        sqlite3Error(db, SQLITE_ERROR, "Botan Error: %s", e.what());
        return SQLITE_ERROR;
    }
    return SQLITE_OK;
}

extern "C"
void sqlite3CodecGetKey(sqlite3* db, int nDb, void** zKey, int* nKey)
{
    // The unencrypted password is not stored for security reasons
    // therefore always return NULL
    *zKey = NULL;
    *nKey = -1;
}

extern "C"
int sqlite3_key(sqlite3 *db, const void *zKey, int nKey)
{
    // The key is only set for the main database, not the temp database
    return sqlite3CodecAttach(db, 0, zKey, nKey);
}

extern "C"
int sqlite3_rekey(sqlite3 *db, const void *zKey, int nKey)
{
    // Changes the encryption key for an existing database.
    int rc = SQLITE_ERROR;
    Btree* pbt = db->aDb[0].pBt;
    Pager* pPager = sqlite3BtreePager(pbt);
    Codec* codec = (Codec*) sqlite3PagerGetCodec(pPager);

    if ((zKey == NULL || nKey == 0) && codec == NULL)
    {
        // Database not encrypted and key not specified. Do nothing
        return SQLITE_OK;
    }

    if (codec == NULL)
    {
        // Database not encrypted, but key specified. Encrypt database
        try {
            codec = new Codec(db);
            codec->GenerateWriteKey((const char*) zKey, nKey);
        } catch (Botan::Exception e) {
            sqlite3Error(db, SQLITE_ERROR, "Botan Error %s", e.what());
            return SQLITE_ERROR;
        }
        sqlite3PagerSetCodec(pPager, sqlite3Codec, sqlite3CodecSizeChange, sqlite3PagerFreeCodec, codec);
    }
    else if (zKey == NULL || nKey == 0)
    {
        // Database encrypted, but key not specified. Decrypt database
        // Keep read key, drop write key
        codec->DropWriteKey();
    }
    else
    {
        // Database encrypted and key specified. Re-encrypt database with new key
        // Keep read key, change write key to new key
        try {
            codec->GenerateWriteKey((const char*) zKey, nKey);
        } catch (Botan::Exception e) {
            sqlite3Error(db, SQLITE_ERROR, "Botan Error %s", e.what());
            return SQLITE_ERROR;
        }
    }

    // Start transaction
    rc = sqlite3BtreeBeginTrans(pbt, 1);
    if (rc == SQLITE_OK)
    {
        // Rewrite all pages using the new encryption key (if specified)
        int nPageCount = -1;
        int rc = sqlite3PagerPagecount(pPager, &nPageCount);
        Pgno nPage = (Pgno) nPageCount;
        int pageSize = sqlite3BtreeGetPageSize(pbt);
        //Can't use SQLite3 macro here since pager is forward declared...sigh
        Pgno nSkip = CODEC_PAGER_MJ_PGNO(pageSize);
        DbPage *pPage;

        for (Pgno n = 1; rc == SQLITE_OK && n <= nPage; n++)
        {
            if (n == nSkip)
                continue;

            rc = sqlite3PagerGet(pPager, n, &pPage);

            if (!rc)
            {
                rc = sqlite3PagerWrite(pPage);
                sqlite3PagerUnref(pPage);
            }
            else
                sqlite3Error(db, SQLITE_ERROR, "%s", "Error while rekeying database page. Transaction Canceled.");
        }
    }
    else
        sqlite3Error(db, SQLITE_ERROR, "%s", "Error beginning rekey transaction. Make sure that the current encryption key is correct.");

    if (rc == SQLITE_OK)
    {
        // All good, commit
        rc = sqlite3BtreeCommit(pbt);

        if (rc == SQLITE_OK)
        {
            //Database rekeyed and committed successfully, update read key
            if (codec->HasWriteKey())
                codec->SetReadIsWrite();
            else //No write key == no longer encrypted
                sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL); 
        }
        else
        {
            //FIXME: can't trigger this, not sure if rollback is needed, reference implementation didn't rollback
            sqlite3Error(db, SQLITE_ERROR, "%s", "Could not commit rekey transaction.");
        }
    }
    else
    {
        // Rollback, rekey failed
        sqlite3BtreeRollback(pbt);

        // go back to read key
        if (codec->HasReadKey())
            codec->SetWriteIsRead();
        else //Database wasn't encrypted to start with
            sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL); 
    }

    return rc;
}

#endif // SQLITE_HAS_CODEC

#endif // SQLITE_OMIT_DISKIO