Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | zonefile |
Files: | files | file ages | folders |
SHA3-256: |
231832c4cb15862e61dfcc00fba9ab78 |
User & Date: | dan 2018-02-26 07:58:39.046 |
Context
2018-02-27
| ||
14:26 | Have the zonefile extension use binary instead of text keys. (check-in: 39a4267fc9 user: dan tags: zonefile) | |
2018-02-26
| ||
07:58 | Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption. (check-in: 231832c4cb user: dan tags: zonefile) | |
2018-02-24
| ||
08:26 | Test edge cases in the zonefile module. Fix a broken error message in the same. (check-in: 1764ade22b user: dan tags: zonefile) | |
Changes
Changes to ext/zonefile/zonefile.c.
︙ | ︙ | |||
101 102 103 104 105 106 107 | ** implementations of the following type and functions that support the ** mock encryption method "xor" only are provided. Alternatively, the ** application may append a more functional implementation of the following ** type and functions to this file before compiling it with ** SQLITE_HAVE_ZONEFILE_CODEC defined. */ typedef struct ZonefileCodec ZonefileCodec; | | > > > > | 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 | ** implementations of the following type and functions that support the ** mock encryption method "xor" only are provided. Alternatively, the ** application may append a more functional implementation of the following ** type and functions to this file before compiling it with ** SQLITE_HAVE_ZONEFILE_CODEC defined. */ typedef struct ZonefileCodec ZonefileCodec; static int zonefileCodecCreate( int,int,unsigned char*,int,ZonefileCodec**,char**); static int zonefileCodecNonceSize(ZonefileCodec*); static void zonefileCodecEncode(ZonefileCodec*, unsigned char*, int); static void zonefileCodecDecode(ZonefileCodec*, unsigned char*, int); static void zonefileCodecDestroy(ZonefileCodec*); #ifndef SQLITE_HAVE_ZONEFILE_CODEC typedef struct ZonefileCodec ZonefileCodec; struct ZonefileCodec { u8 aKey[16]; int bEncrypt; /* Second parameter passed to Create() */ }; /* Create a new encryption module instance using algorithm iAlg. ** ** iAlg==1 AES128 CTR ** iAlg==2 AES128 CBC ** iAlg==3 AES256 CTR ** iAlg==4 AES256 CBC ** iAlg==5 XOR Testing use only ** ** If the requested algorithm is not available, the routine returns ** a NULL pointer. NULL is also returned on a OOM error. ** ** Use zonefileCodecDestroy() to reclaim memory. */ static int zonefileCodecCreate( int iAlg, int bEncrypt, /* True for encryption, zero for decryption */ unsigned char *pKey, int nKey, ZonefileCodec **pp, char **pzErr ){ ZonefileCodec *pRet; int rc = SQLITE_OK; if( iAlg!=5 ){ *pzErr = sqlite3_mprintf("unsupported encryption method: %d", iAlg); rc = SQLITE_ERROR; }else{ *pp = pRet = (ZonefileCodec*)sqlite3_malloc(sizeof(ZonefileCodec)); if( pRet==0 ){ rc = SQLITE_NOMEM; }else{ int i; for(i=0; i<sizeof(pRet->aKey); i++){ pRet->aKey[i] = pKey[i % nKey]; } pRet->bEncrypt = bEncrypt; } } return rc; } /* Return the size of the nonce used for the given encryption module */ |
︙ | ︙ | |||
172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 | */ static void zonefileCodecEncode( ZonefileCodec *pCodec, unsigned char *pIn, int nIn ){ int i; u8 *aNonce = &pIn[nIn]; sqlite3_randomness(16, aNonce); for(i=0; i<nIn; i++){ pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16]; } } /* Decrypt in-place. ** ** The size of the decrypted text will be less than the input buffer ** by nonce-size bytes. */ static void zonefileCodecDecode( ZonefileCodec *pCodec, unsigned char *pIn, int nIn ){ int i; u8 *aNonce = &pIn[nIn-16]; for(i=0; i<nIn-16; i++){ pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16]; } } /* Destroy an encryption module. ** It is harmless to pass in a NULL pointer. | > > | 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 | */ static void zonefileCodecEncode( ZonefileCodec *pCodec, unsigned char *pIn, int nIn ){ int i; u8 *aNonce = &pIn[nIn]; assert( pCodec->bEncrypt ); sqlite3_randomness(16, aNonce); for(i=0; i<nIn; i++){ pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16]; } } /* Decrypt in-place. ** ** The size of the decrypted text will be less than the input buffer ** by nonce-size bytes. */ static void zonefileCodecDecode( ZonefileCodec *pCodec, unsigned char *pIn, int nIn ){ int i; u8 *aNonce = &pIn[nIn-16]; assert( pCodec->bEncrypt==0 ); for(i=0; i<nIn-16; i++){ pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16]; } } /* Destroy an encryption module. ** It is harmless to pass in a NULL pointer. |
︙ | ︙ | |||
1120 1121 1122 1123 1124 1125 1126 | zJson = (const char*)sqlite3_value_text(objv[2]); } if( zonefileGetParams(pCtx, zJson, &sParam) ) return; if( sParam.encryptionType!=0 ){ int n = strlen(sParam.encryptionKey); rc = zonefileCodecCreate( | | | 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 | zJson = (const char*)sqlite3_value_text(objv[2]); } if( zonefileGetParams(pCtx, zJson, &sParam) ) return; if( sParam.encryptionType!=0 ){ int n = strlen(sParam.encryptionKey); rc = zonefileCodecCreate( sParam.encryptionType, 1, (u8*)sParam.encryptionKey, n, &pCodec, &zErr ); if( rc!=SQLITE_OK ){ if( zErr ){ sqlite3_result_error(pCtx, zErr, -1); }else{ sqlite3_result_error_code(pCtx, rc); } |
︙ | ︙ | |||
2581 2582 2583 2584 2585 2586 2587 | if( rc==SQLITE_OK && hdr.encryptionType ){ const char *z = 0; int n = zonefileKeyFind(pTab->pGlobal, pTab->zDb, pTab->zName, iFile, &z); if( n==0 ){ zErr = sqlite3_mprintf("missing encryption key for file \"%s\"", zFile); rc = SQLITE_ERROR; }else{ | | | 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 | if( rc==SQLITE_OK && hdr.encryptionType ){ const char *z = 0; int n = zonefileKeyFind(pTab->pGlobal, pTab->zDb, pTab->zName, iFile, &z); if( n==0 ){ zErr = sqlite3_mprintf("missing encryption key for file \"%s\"", zFile); rc = SQLITE_ERROR; }else{ rc = zonefileCodecCreate(hdr.encryptionType, 0, (u8*)z,n,&pCodec,&zErr); } } /* Read some data into memory. */ if( rc==SQLITE_OK ){ int szFrame = sqlite3_column_int(pCsr->pSelect, 3); |
︙ | ︙ |
Changes to ext/zonefile/zonefile1.test.
︙ | ︙ | |||
622 623 624 625 626 627 628 629 630 631 | set i 0 foreach id {1 2 3 2 3 1} { do_execsql_test 11.1.$i { SELECT data.v=nm.v FROM data,nm WHERE data.k=$id AND nm.k=$id } 1 incr i } finish_test | > > > > > > | 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 | set i 0 foreach id {1 2 3 2 3 1} { do_execsql_test 11.1.$i { SELECT data.v=nm.v FROM data,nm WHERE data.k=$id AND nm.k=$id } 1 incr i } if {[file exists /dev/null]} { do_catchsql_test 11.2 { INSERT INTO nm_files(filename) VALUES('/dev/null'); } {1 {failed to read zonefile header from file "/dev/null"}} } finish_test |