diff --git a/src/crypto_impl.c b/src/crypto_impl.c index b3dab1ab..9a01ebc5 100644 --- a/src/crypto_impl.c +++ b/src/crypto_impl.c @@ -519,7 +519,7 @@ int sqlcipher_codec_ctx_init(codec_ctx **iCtx, Db *pDb, Pager *pPager, sqlite3_f if(fd == NULL || sqlite3OsRead(fd, ctx->kdf_salt, FILE_HEADER_SZ, 0) != SQLITE_OK) { /* if unable to read the bytes, generate random salt */ - if(sqlcipher_random(ctx->kdf_salt, FILE_HEADER_SZ) != 1) return SQLITE_ERROR; + if(sqlcipher_random(&ctx->read_ctx->lib_ctx, ctx->kdf_salt, FILE_HEADER_SZ) != 1) return SQLITE_ERROR; } if((rc = sqlcipher_codec_ctx_set_cipher(ctx, CIPHER, 0)) != SQLITE_OK) return rc; @@ -581,10 +581,10 @@ int sqlcipher_page_hmac(cipher_ctx *ctx, Pgno pgno, unsigned char *in, int in_sz prevent both tampering with the ciphertext, manipulation of the IV, or resequencing otherwise valid pages out of order in a database */ sqlcipher_hmac( - ctx->hmac_key, ctx->key_sz, - in, in_sz, - (unsigned char*) &pgno_raw, sizeof(pgno), - out); + ctx->lib_ctx, ctx->hmac_key, + ctx->key_sz, in, + in_sz, (unsigned char*) &pgno_raw, + sizeof(pgno), out); return SQLITE_OK; } @@ -624,7 +624,7 @@ int sqlcipher_page_cipher(codec_ctx *ctx, int for_ctx, Pgno pgno, int mode, int if(mode == CIPHER_ENCRYPT) { /* start at front of the reserve block, write random data to the end */ - if(sqlcipher_random(iv_out, c_ctx->reserve_sz) != 1) return SQLITE_ERROR; + if(sqlcipher_random(c_ctx->lib_ctx, iv_out, c_ctx->reserve_sz) != 1) return SQLITE_ERROR; } else { /* CIPHER_DECRYPT */ memcpy(iv_out, iv_in, c_ctx->iv_sz); /* copy the iv from the input to output buffer */ } @@ -695,9 +695,9 @@ int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) { cipher_hex2bin(z, n, c_ctx->key); } else { CODEC_TRACE(("codec_key_derive: deriving key using full PBKDF2 with %d iterations\n", c_ctx->kdf_iter)); - sqlcipher_kdf( c_ctx->pass, c_ctx->pass_sz, - ctx->kdf_salt, ctx->kdf_salt_sz, - c_ctx->kdf_iter, c_ctx->key_sz, c_ctx->key); + sqlcipher_kdf(c_ctx->lib_ctx, c_ctx->pass, c_ctx->pass_sz, + ctx->kdf_salt, ctx->kdf_salt_sz, c_ctx->kdf_iter, + c_ctx->key_sz, c_ctx->key); } @@ -721,9 +721,9 @@ int sqlcipher_cipher_ctx_key_derive(codec_ctx *ctx, cipher_ctx *c_ctx) { c_ctx->fast_kdf_iter)); - sqlcipher_kdf( (const char*)c_ctx->key, c_ctx->key_sz, - ctx->hmac_kdf_salt, ctx->kdf_salt_sz, - c_ctx->fast_kdf_iter, c_ctx->key_sz, c_ctx->hmac_key); + sqlcipher_kdf(c_ctx->lib_ctx, (const char*)c_ctx->key, c_ctx->key_sz, + ctx->hmac_kdf_salt, ctx->kdf_salt_sz, c_ctx->fast_kdf_iter, + c_ctx->key_sz, c_ctx->hmac_key); } c_ctx->derive_key = 0; diff --git a/src/crypto_impl.h b/src/crypto_impl.h index f7d5a4f1..bde70b1e 100644 --- a/src/crypto_impl.h +++ b/src/crypto_impl.h @@ -36,10 +36,10 @@ #define CRYPTO_IMPL_H void sqlcipher_activate(void *ctx); -void sqlcipher_deactivate(); -int sqlcipher_random (void *buffer, int length); -int sqlcipher_hmac(unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out); -int sqlcipher_kdf(const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key); +void sqlcipher_deactivate(void *ctx); +int sqlcipher_random (void *ctx, void *buffer, int length); +int sqlcipher_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out); +int sqlcipher_kdf(void *ctx, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key); int sqlcipher_cipher(void *ctx, int mode, unsigned char *key, int key_sz, unsigned char *iv, unsigned char *in, int in_sz, unsigned char *out); int sqlcipher_set_cipher(void *ctx, const char *cipher_name); const char* sqlcipher_get_cipher(void *ctx); diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c index 416306a1..af9b6f1b 100644 --- a/src/crypto_openssl.c +++ b/src/crypto_openssl.c @@ -39,7 +39,7 @@ void sqlcipher_activate(void *ctx) { /* deactivate SQLCipher, most imporantly decremeting the activation count and freeing the EVP structures on the final deactivation to ensure that OpenSSL memory is cleaned up */ -void sqlcipher_deactivate() { +void sqlcipher_deactivate(void *ctx) { sqlite3_mutex_enter(sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER)); /* If it is initialized externally, then the init counter should never be greater than zero. This should prevent SQLCipher from "cleaning up" openssl @@ -57,11 +57,11 @@ void sqlcipher_deactivate() { } /* generate a defined number of pseudorandom bytes */ -int sqlcipher_random (void *buffer, int length) { +int sqlcipher_random (void *ctx, void *buffer, int length) { return RAND_bytes((unsigned char *)buffer, length); } -int sqlcipher_hmac(unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { +int sqlcipher_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { HMAC_CTX hctx; HMAC_CTX_init(&hctx); HMAC_Init_ex(&hctx, hmac_key, key_sz, EVP_sha1(), NULL); @@ -72,7 +72,7 @@ int sqlcipher_hmac(unsigned char *hmac_key, int key_sz, unsigned char *in, int i return SQLITE_OK; } -int sqlcipher_kdf(const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) { +int sqlcipher_kdf(void *ctx, const unsigned char *pass, int pass_sz, unsigned char* salt, int salt_sz, int workfactor, int key_sz, unsigned char *key) { PKCS5_PBKDF2_HMAC_SHA1(pass, pass_sz, salt, salt_sz, workfactor, key_sz, key); return SQLITE_OK; }