/ Check-in [231832c4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | zonefile
Files: files | file ages | folders
SHA3-256: 231832c4cb15862e61dfcc00fba9ab78ca7e2442a0d4aa1a98a191f5f8b4cff3
User & Date: dan 2018-02-26 07:58:39
Context
2018-02-27
14:26
Have the zonefile extension use binary instead of text keys. check-in: 39a4267f user: dan tags: zonefile
2018-02-26
07:58
Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption. check-in: 231832c4 user: dan tags: zonefile
2018-02-24
08:26
Test edge cases in the zonefile module. Fix a broken error message in the same. check-in: 1764ade2 user: dan tags: zonefile
Changes
Hide Diffs Side-by-Side Diffs Show Whitespace Changes Patch

Changes to ext/zonefile/zonefile.c.

   101    101   ** implementations of the following type and functions that support the
   102    102   ** mock encryption method "xor" only are provided. Alternatively, the
   103    103   ** application may append a more functional implementation of the following 
   104    104   ** type and functions to this file before compiling it with
   105    105   ** SQLITE_HAVE_ZONEFILE_CODEC defined.
   106    106   */
   107    107   typedef struct ZonefileCodec ZonefileCodec;
   108         -static int zonefileCodecCreate(int,unsigned char*,int,ZonefileCodec**,char**);
          108  +static int zonefileCodecCreate(
          109  +    int,int,unsigned char*,int,ZonefileCodec**,char**);
   109    110   static int zonefileCodecNonceSize(ZonefileCodec*);
   110    111   static void zonefileCodecEncode(ZonefileCodec*, unsigned char*, int);
   111    112   static void zonefileCodecDecode(ZonefileCodec*, unsigned char*, int);
   112    113   static void zonefileCodecDestroy(ZonefileCodec*);
   113    114   
   114    115   #ifndef SQLITE_HAVE_ZONEFILE_CODEC
   115    116   typedef struct ZonefileCodec ZonefileCodec;
   116    117   
   117    118   struct ZonefileCodec {
   118    119     u8 aKey[16];
          120  +  int bEncrypt;                   /* Second parameter passed to Create() */
   119    121   };
   120    122   
   121    123   /* Create a new encryption module instance using algorithm iAlg.
   122    124   **
   123    125   **   iAlg==1   AES128 CTR
   124    126   **   iAlg==2   AES128 CBC
   125    127   **   iAlg==3   AES256 CTR
................................................................................
   129    131   ** If the requested algorithm is not available, the routine returns
   130    132   ** a NULL pointer.  NULL is also returned on a OOM error.
   131    133   **
   132    134   ** Use zonefileCodecDestroy() to reclaim memory.
   133    135   */
   134    136   static int zonefileCodecCreate(
   135    137     int iAlg, 
          138  +  int bEncrypt,                   /* True for encryption, zero for decryption */
   136    139     unsigned char *pKey, int nKey, 
   137    140     ZonefileCodec **pp, 
   138    141     char **pzErr
   139    142   ){
   140    143     ZonefileCodec *pRet;
   141    144     int rc = SQLITE_OK;
   142    145     
................................................................................
   148    151       if( pRet==0 ){
   149    152         rc = SQLITE_NOMEM;
   150    153       }else{
   151    154         int i;
   152    155         for(i=0; i<sizeof(pRet->aKey); i++){
   153    156           pRet->aKey[i] = pKey[i % nKey];
   154    157         }
          158  +      pRet->bEncrypt = bEncrypt;
   155    159       }
   156    160     }
   157    161   
   158    162     return rc;
   159    163   }
   160    164   
   161    165   /* Return the size of the nonce used for the given encryption module */
................................................................................
   172    176   */
   173    177   static void zonefileCodecEncode(
   174    178     ZonefileCodec *pCodec, 
   175    179     unsigned char *pIn, int nIn
   176    180   ){
   177    181     int i;
   178    182     u8 *aNonce = &pIn[nIn];
          183  +  assert( pCodec->bEncrypt );
   179    184     sqlite3_randomness(16, aNonce);
   180    185     for(i=0; i<nIn; i++){
   181    186       pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
   182    187     }
   183    188   }
   184    189   
   185    190   /* Decrypt in-place.
................................................................................
   189    194   */
   190    195   static void zonefileCodecDecode(
   191    196     ZonefileCodec *pCodec, 
   192    197     unsigned char *pIn, int nIn
   193    198   ){
   194    199     int i;
   195    200     u8 *aNonce = &pIn[nIn-16];
          201  +  assert( pCodec->bEncrypt==0 );
   196    202     for(i=0; i<nIn-16; i++){
   197    203       pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
   198    204     }
   199    205   }
   200    206   
   201    207   /* Destroy an encryption module.
   202    208   ** It is harmless to pass in a NULL pointer.
................................................................................
  1120   1126       zJson = (const char*)sqlite3_value_text(objv[2]);
  1121   1127     }
  1122   1128     if( zonefileGetParams(pCtx, zJson, &sParam) ) return;
  1123   1129   
  1124   1130     if( sParam.encryptionType!=0 ){
  1125   1131       int n = strlen(sParam.encryptionKey);
  1126   1132       rc = zonefileCodecCreate(
  1127         -        sParam.encryptionType, (u8*)sParam.encryptionKey, n, &pCodec, &zErr
         1133  +        sParam.encryptionType, 1, (u8*)sParam.encryptionKey, n, &pCodec, &zErr
  1128   1134       );
  1129   1135       if( rc!=SQLITE_OK ){
  1130   1136         if( zErr ){
  1131   1137           sqlite3_result_error(pCtx, zErr, -1);
  1132   1138         }else{
  1133   1139           sqlite3_result_error_code(pCtx, rc);
  1134   1140         }
................................................................................
  2581   2587       if( rc==SQLITE_OK && hdr.encryptionType ){
  2582   2588         const char *z = 0;
  2583   2589         int n = zonefileKeyFind(pTab->pGlobal, pTab->zDb, pTab->zName, iFile, &z);
  2584   2590         if( n==0 ){
  2585   2591           zErr = sqlite3_mprintf("missing encryption key for file \"%s\"", zFile);
  2586   2592           rc = SQLITE_ERROR;
  2587   2593         }else{
  2588         -        rc = zonefileCodecCreate(hdr.encryptionType, (u8*)z, n, &pCodec, &zErr);
         2594  +        rc = zonefileCodecCreate(hdr.encryptionType, 0, (u8*)z,n,&pCodec,&zErr);
  2589   2595         }
  2590   2596       }
  2591   2597   
  2592   2598       /* Read some data into memory. */
  2593   2599       if( rc==SQLITE_OK ){
  2594   2600         int szFrame = sqlite3_column_int(pCsr->pSelect, 3);
  2595   2601   

Changes to ext/zonefile/zonefile1.test.

   622    622   set i 0
   623    623   foreach id {1 2 3 2 3 1} {
   624    624     do_execsql_test 11.1.$i {
   625    625       SELECT data.v=nm.v FROM data,nm WHERE data.k=$id AND nm.k=$id
   626    626     } 1
   627    627     incr i
   628    628   }
          629  +
          630  +if {[file exists /dev/null]} {
          631  +  do_catchsql_test 11.2 {
          632  +    INSERT INTO nm_files(filename) VALUES('/dev/null');
          633  +  } {1 {failed to read zonefile header from file "/dev/null"}}
          634  +}
   629    635   
   630    636   finish_test
   631    637