From f9044bf604ab39f41de465dcb17d9386dcbe81d9 Mon Sep 17 00:00:00 2001 From: Nick Parker Date: Mon, 22 Feb 2016 15:53:08 -0600 Subject: [PATCH] Initial reporting of the cipher provider version Execute PRAGMA cipher_provider_version; Supports OpenSSL, libtomcrypt, and common crypto when running on OS X --- src/crypto.c | 5 +++++ src/crypto.h | 2 +- src/crypto_cc.c | 15 +++++++++++++++ src/crypto_impl.c | 4 ++++ src/crypto_libtomcrypt.c | 5 +++++ src/crypto_openssl.c | 5 +++++ src/sqlcipher.h | 1 + 7 files changed, 36 insertions(+), 1 deletion(-) diff --git a/src/crypto.c b/src/crypto.c index 8e0efddf..ec4eb9bf 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -132,6 +132,11 @@ int sqlcipher_codec_pragma(sqlite3* db, int iDb, Parse *pParse, const char *zLef sqlcipher_codec_get_cipher_provider(ctx)); } } else + if( sqlite3StrICmp(zLeft, "cipher_provider_version")==0 && !zRight){ + if(ctx) { codec_vdbe_return_static_string(pParse, "cipher_provider_version", + sqlcipher_codec_get_provider_version(ctx)); + } + } else if( sqlite3StrICmp(zLeft, "cipher_version")==0 && !zRight ){ codec_vdbe_return_static_string(pParse, "cipher_version", codec_get_cipher_version()); }else diff --git a/src/crypto.h b/src/crypto.h index 1148c306..3e1f539b 100644 --- a/src/crypto.h +++ b/src/crypto.h @@ -240,7 +240,7 @@ static int sqlcipher_codec_get_store_pass(codec_ctx *ctx); static void sqlcipher_codec_get_pass(codec_ctx *ctx, void **zKey, int *nKey); static void sqlcipher_codec_set_store_pass(codec_ctx *ctx, int value); int sqlcipher_codec_fips_status(codec_ctx *ctx); - +const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx); #endif #endif /* END SQLCIPHER */ diff --git a/src/crypto_cc.c b/src/crypto_cc.c index 8872424d..077bed56 100644 --- a/src/crypto_cc.c +++ b/src/crypto_cc.c @@ -35,6 +35,7 @@ #include "sqlcipher.h" #include #include +#include static int sqlcipher_cc_add_random(void *ctx, void *buffer, int length) { return SQLITE_OK; @@ -49,6 +50,19 @@ static const char* sqlcipher_cc_get_provider_name(void *ctx) { return "commoncrypto"; } +static const char* sqlcipher_cc_get_provider_version(void *ctx) { +#if TARGET_OS_MAC + CFBundleRef bundle = CFBundleGetBundleWithIdentifier(CFSTR("com.apple.security")); + if(bundle == NULL) { + return "unknown"; + } + CFTypeRef version = CFBundleGetValueForInfoDictionaryKey(bundle, CFSTR("CFBundleShortVersionString")); + return CFStringGetCStringPtr(version, kCFStringEncodingUTF8); +#else + return "unknown"; +#endif +} + static int sqlcipher_cc_hmac(void *ctx, unsigned char *hmac_key, int key_sz, unsigned char *in, int in_sz, unsigned char *in2, int in2_sz, unsigned char *out) { CCHmacContext hmac_context; CCHmacInit(&hmac_context, kCCHmacAlgSHA1, hmac_key, key_sz); @@ -142,6 +156,7 @@ int sqlcipher_cc_setup(sqlcipher_provider *p) { p->ctx_free = sqlcipher_cc_ctx_free; p->add_random = sqlcipher_cc_add_random; p->fips_status = sqlcipher_cc_fips_status; + p->get_provider_version = sqlcipher_cc_get_provider_version; return SQLITE_OK; } diff --git a/src/crypto_impl.c b/src/crypto_impl.c index 1e559eea..5a45454d 100644 --- a/src/crypto_impl.c +++ b/src/crypto_impl.c @@ -1229,5 +1229,9 @@ int sqlcipher_codec_fips_status(codec_ctx *ctx) { return ctx->read_ctx->provider->fips_status(ctx->read_ctx); } +const char* sqlcipher_codec_get_provider_version(codec_ctx *ctx) { + return ctx->read_ctx->provider->get_provider_version(ctx->read_ctx); +} + #endif /* END SQLCIPHER */ diff --git a/src/crypto_libtomcrypt.c b/src/crypto_libtomcrypt.c index 02dc845a..2798dd57 100644 --- a/src/crypto_libtomcrypt.c +++ b/src/crypto_libtomcrypt.c @@ -124,6 +124,10 @@ static const char* sqlcipher_ltc_get_provider_name(void *ctx) { return "libtomcrypt"; } +static const char* sqlcipher_ltc_get_provider_version(void *ctx) { + return SCRYPT; +} + static int sqlcipher_ltc_random(void *ctx, void *buffer, int length) { #ifndef SQLCIPHER_LTC_NO_MUTEX_RAND sqlite3_mutex_enter(ltc_rand_mutex); @@ -251,6 +255,7 @@ int sqlcipher_ltc_setup(sqlcipher_provider *p) { p->ctx_free = sqlcipher_ltc_ctx_free; p->add_random = sqlcipher_ltc_add_random; p->fips_status = sqlcipher_ltc_fips_status; + p->get_provider_version = sqlcipher_ltc_get_provider_version; return SQLITE_OK; } diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c index eaa2a17f..cb4d55e7 100644 --- a/src/crypto_openssl.c +++ b/src/crypto_openssl.c @@ -131,6 +131,10 @@ static const char* sqlcipher_openssl_get_provider_name(void *ctx) { return "openssl"; } +static const char* sqlcipher_openssl_get_provider_version(void *ctx) { + return OPENSSL_VERSION_TEXT; +} + /* generate a defined number of random bytes */ static int sqlcipher_openssl_random (void *ctx, void *buffer, int length) { int rc = 0; @@ -263,6 +267,7 @@ int sqlcipher_openssl_setup(sqlcipher_provider *p) { p->ctx_free = sqlcipher_openssl_ctx_free; p->add_random = sqlcipher_openssl_add_random; p->fips_status = sqlcipher_openssl_fips_status; + p->get_provider_version = sqlcipher_openssl_get_provider_version; return SQLITE_OK; } diff --git a/src/sqlcipher.h b/src/sqlcipher.h index d73a5513..6da19447 100644 --- a/src/sqlcipher.h +++ b/src/sqlcipher.h @@ -56,6 +56,7 @@ typedef struct { int (*ctx_init)(void **ctx); int (*ctx_free)(void **ctx); int (*fips_status)(void *ctx); + const char* (*get_provider_version)(void *ctx); } sqlcipher_provider; /* utility functions */