SQLite

Check-in [231832c4cb]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | zonefile
Files: files | file ages | folders
SHA3-256: 231832c4cb15862e61dfcc00fba9ab78ca7e2442a0d4aa1a98a191f5f8b4cff3
User & Date: dan 2018-02-26 07:58:39.046
Context
2018-02-27
14:26
Have the zonefile extension use binary instead of text keys. (check-in: 39a4267fc9 user: dan tags: zonefile)
2018-02-26
07:58
Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption. (check-in: 231832c4cb user: dan tags: zonefile)
2018-02-24
08:26
Test edge cases in the zonefile module. Fix a broken error message in the same. (check-in: 1764ade22b user: dan tags: zonefile)
Changes
Unified Diff Ignore Whitespace Patch
Changes to ext/zonefile/zonefile.c.
101
102
103
104
105
106
107
108

109
110
111
112
113
114
115
116
117
118

119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

155
156
157
158
159
160
161
** implementations of the following type and functions that support the
** mock encryption method "xor" only are provided. Alternatively, the
** application may append a more functional implementation of the following 
** type and functions to this file before compiling it with
** SQLITE_HAVE_ZONEFILE_CODEC defined.
*/
typedef struct ZonefileCodec ZonefileCodec;
static int zonefileCodecCreate(int,unsigned char*,int,ZonefileCodec**,char**);

static int zonefileCodecNonceSize(ZonefileCodec*);
static void zonefileCodecEncode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDecode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDestroy(ZonefileCodec*);

#ifndef SQLITE_HAVE_ZONEFILE_CODEC
typedef struct ZonefileCodec ZonefileCodec;

struct ZonefileCodec {
  u8 aKey[16];

};

/* Create a new encryption module instance using algorithm iAlg.
**
**   iAlg==1   AES128 CTR
**   iAlg==2   AES128 CBC
**   iAlg==3   AES256 CTR
**   iAlg==4   AES256 CBC
**   iAlg==5   XOR          Testing use only
**
** If the requested algorithm is not available, the routine returns
** a NULL pointer.  NULL is also returned on a OOM error.
**
** Use zonefileCodecDestroy() to reclaim memory.
*/
static int zonefileCodecCreate(
  int iAlg, 

  unsigned char *pKey, int nKey, 
  ZonefileCodec **pp, 
  char **pzErr
){
  ZonefileCodec *pRet;
  int rc = SQLITE_OK;
  
  if( iAlg!=5 ){
    *pzErr = sqlite3_mprintf("unsupported encryption method: %d", iAlg);
    rc = SQLITE_ERROR;
  }else{
    *pp = pRet = (ZonefileCodec*)sqlite3_malloc(sizeof(ZonefileCodec));
    if( pRet==0 ){
      rc = SQLITE_NOMEM;
    }else{
      int i;
      for(i=0; i<sizeof(pRet->aKey); i++){
        pRet->aKey[i] = pKey[i % nKey];
      }

    }
  }

  return rc;
}

/* Return the size of the nonce used for the given encryption module */







|
>










>

















>



















>







101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
** implementations of the following type and functions that support the
** mock encryption method "xor" only are provided. Alternatively, the
** application may append a more functional implementation of the following 
** type and functions to this file before compiling it with
** SQLITE_HAVE_ZONEFILE_CODEC defined.
*/
typedef struct ZonefileCodec ZonefileCodec;
static int zonefileCodecCreate(
    int,int,unsigned char*,int,ZonefileCodec**,char**);
static int zonefileCodecNonceSize(ZonefileCodec*);
static void zonefileCodecEncode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDecode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDestroy(ZonefileCodec*);

#ifndef SQLITE_HAVE_ZONEFILE_CODEC
typedef struct ZonefileCodec ZonefileCodec;

struct ZonefileCodec {
  u8 aKey[16];
  int bEncrypt;                   /* Second parameter passed to Create() */
};

/* Create a new encryption module instance using algorithm iAlg.
**
**   iAlg==1   AES128 CTR
**   iAlg==2   AES128 CBC
**   iAlg==3   AES256 CTR
**   iAlg==4   AES256 CBC
**   iAlg==5   XOR          Testing use only
**
** If the requested algorithm is not available, the routine returns
** a NULL pointer.  NULL is also returned on a OOM error.
**
** Use zonefileCodecDestroy() to reclaim memory.
*/
static int zonefileCodecCreate(
  int iAlg, 
  int bEncrypt,                   /* True for encryption, zero for decryption */
  unsigned char *pKey, int nKey, 
  ZonefileCodec **pp, 
  char **pzErr
){
  ZonefileCodec *pRet;
  int rc = SQLITE_OK;
  
  if( iAlg!=5 ){
    *pzErr = sqlite3_mprintf("unsupported encryption method: %d", iAlg);
    rc = SQLITE_ERROR;
  }else{
    *pp = pRet = (ZonefileCodec*)sqlite3_malloc(sizeof(ZonefileCodec));
    if( pRet==0 ){
      rc = SQLITE_NOMEM;
    }else{
      int i;
      for(i=0; i<sizeof(pRet->aKey); i++){
        pRet->aKey[i] = pKey[i % nKey];
      }
      pRet->bEncrypt = bEncrypt;
    }
  }

  return rc;
}

/* Return the size of the nonce used for the given encryption module */
172
173
174
175
176
177
178

179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195

196
197
198
199
200
201
202
*/
static void zonefileCodecEncode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn];

  sqlite3_randomness(16, aNonce);
  for(i=0; i<nIn; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Decrypt in-place.
**
** The size of the decrypted text will be less than the input buffer
** by nonce-size bytes.
*/
static void zonefileCodecDecode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn-16];

  for(i=0; i<nIn-16; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Destroy an encryption module.
** It is harmless to pass in a NULL pointer.







>

















>







176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
*/
static void zonefileCodecEncode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn];
  assert( pCodec->bEncrypt );
  sqlite3_randomness(16, aNonce);
  for(i=0; i<nIn; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Decrypt in-place.
**
** The size of the decrypted text will be less than the input buffer
** by nonce-size bytes.
*/
static void zonefileCodecDecode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn-16];
  assert( pCodec->bEncrypt==0 );
  for(i=0; i<nIn-16; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Destroy an encryption module.
** It is harmless to pass in a NULL pointer.
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
    zJson = (const char*)sqlite3_value_text(objv[2]);
  }
  if( zonefileGetParams(pCtx, zJson, &sParam) ) return;

  if( sParam.encryptionType!=0 ){
    int n = strlen(sParam.encryptionKey);
    rc = zonefileCodecCreate(
        sParam.encryptionType, (u8*)sParam.encryptionKey, n, &pCodec, &zErr
    );
    if( rc!=SQLITE_OK ){
      if( zErr ){
        sqlite3_result_error(pCtx, zErr, -1);
      }else{
        sqlite3_result_error_code(pCtx, rc);
      }







|







1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
    zJson = (const char*)sqlite3_value_text(objv[2]);
  }
  if( zonefileGetParams(pCtx, zJson, &sParam) ) return;

  if( sParam.encryptionType!=0 ){
    int n = strlen(sParam.encryptionKey);
    rc = zonefileCodecCreate(
        sParam.encryptionType, 1, (u8*)sParam.encryptionKey, n, &pCodec, &zErr
    );
    if( rc!=SQLITE_OK ){
      if( zErr ){
        sqlite3_result_error(pCtx, zErr, -1);
      }else{
        sqlite3_result_error_code(pCtx, rc);
      }
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
    if( rc==SQLITE_OK && hdr.encryptionType ){
      const char *z = 0;
      int n = zonefileKeyFind(pTab->pGlobal, pTab->zDb, pTab->zName, iFile, &z);
      if( n==0 ){
        zErr = sqlite3_mprintf("missing encryption key for file \"%s\"", zFile);
        rc = SQLITE_ERROR;
      }else{
        rc = zonefileCodecCreate(hdr.encryptionType, (u8*)z, n, &pCodec, &zErr);
      }
    }

    /* Read some data into memory. */
    if( rc==SQLITE_OK ){
      int szFrame = sqlite3_column_int(pCsr->pSelect, 3);








|







2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
    if( rc==SQLITE_OK && hdr.encryptionType ){
      const char *z = 0;
      int n = zonefileKeyFind(pTab->pGlobal, pTab->zDb, pTab->zName, iFile, &z);
      if( n==0 ){
        zErr = sqlite3_mprintf("missing encryption key for file \"%s\"", zFile);
        rc = SQLITE_ERROR;
      }else{
        rc = zonefileCodecCreate(hdr.encryptionType, 0, (u8*)z,n,&pCodec,&zErr);
      }
    }

    /* Read some data into memory. */
    if( rc==SQLITE_OK ){
      int szFrame = sqlite3_column_int(pCsr->pSelect, 3);

Changes to ext/zonefile/zonefile1.test.
622
623
624
625
626
627
628






629
630
631
set i 0
foreach id {1 2 3 2 3 1} {
  do_execsql_test 11.1.$i {
    SELECT data.v=nm.v FROM data,nm WHERE data.k=$id AND nm.k=$id
  } 1
  incr i
}







finish_test








>
>
>
>
>
>



622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
set i 0
foreach id {1 2 3 2 3 1} {
  do_execsql_test 11.1.$i {
    SELECT data.v=nm.v FROM data,nm WHERE data.k=$id AND nm.k=$id
  } 1
  incr i
}

if {[file exists /dev/null]} {
  do_catchsql_test 11.2 {
    INSERT INTO nm_files(filename) VALUES('/dev/null');
  } {1 {failed to read zonefile header from file "/dev/null"}}
}

finish_test