From 56ac1e2f7a703efe2924ea0fa0691bbe03bb03f4 Mon Sep 17 00:00:00 2001 From: utelle Date: Tue, 4 Jun 2024 21:54:14 +0200 Subject: [PATCH] Fix issue #166, check parameter legacy_page_size - #166: Add missing SQLITE_PRIVATE attributes to several internal functions - Add check for cipher configuration parameter legacy_page_size to accept only valid page sizes --- CHANGELOG.md | 15 +++++++++++ src/ascon/aead.c | 2 ++ src/ascon/crypto_aead.h | 6 +++++ src/ascon/crypto_hash.h | 5 ++++ src/ascon/crypto_pbkdf2.h | 5 ++++ src/ascon/hash.c | 1 + src/ascon/pbkdf2.c | 11 +++++--- src/chacha20poly1305.c | 4 +++ src/cipher_chacha20.c | 3 ++- src/cipher_config.c | 14 +++++++++- src/cipher_config.h | 2 +- src/fastpbkdf2.c | 4 +++ src/fastpbkdf2.h | 8 ++++++ src/rijndael.c | 10 ++++++++ src/rijndael.h | 26 +++++++++++-------- src/sha1.c | 4 +++ src/sha1.h | 12 ++++++--- src/sha2.c | 31 +++++++++++++++++----- src/sha2.h | 54 ++++++++++++++++++--------------------- src/sqlite3mc.c | 23 +++++++++++------ src/sqlite3mc_version.h | 4 +-- src/sqlite3mc_vfs.c | 3 ++- src/sqlite3mc_vfs.h | 1 + 23 files changed, 179 insertions(+), 69 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4be8bbe..137aa5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Removed extern keyword in function declarations +- Cleaned up white space +- Added SQLITE_PRIVATE for several internal functions +- The cipher configuration parameter `legacy_page_size` now accepts only valid page sizes + +### Fixed + +- Fixed issue [#156](../../issues/156)) - corrupted database if MMAP_SIZE > 0 was used +- Fixed issue [#158](../../issues/158)) - add check to verify compatibility of source and target database in backup operation +- Fixed issue [#160](../../issues/160)) - fix accessing memory out of array bounds +- Fixed issue [#162](../../issues/162)) - fix loading/storing misaligned data +- Fixed issue [#166](../../issues/166)) - missing attribute SQLITE_PRIVATE for several internal functions + ## [1.8.5] - 2024-05-24 ### Changed diff --git a/src/ascon/aead.c b/src/ascon/aead.c index a92fc45..b65e63e 100644 --- a/src/ascon/aead.c +++ b/src/ascon/aead.c @@ -197,6 +197,7 @@ forceinline void ascon_final(ascon_state_t* s, const ascon_key_t* key) { ascon_printstate("final 2nd key xor", s); } +SQLITE_PRIVATE int ascon_aead_encrypt(uint8_t* ctext, uint8_t tag[ASCON_AEAD_TAG_LEN], const uint8_t* mtext, uint64_t mlen, @@ -220,6 +221,7 @@ int ascon_aead_encrypt(uint8_t* ctext, return 0; } +SQLITE_PRIVATE int ascon_aead_decrypt(uint8_t* mtext, const uint8_t* ctext, uint64_t clen, const uint8_t* ad, uint64_t adlen, diff --git a/src/ascon/crypto_aead.h b/src/ascon/crypto_aead.h index 0955c76..4c205ba 100644 --- a/src/ascon/crypto_aead.h +++ b/src/ascon/crypto_aead.h @@ -13,6 +13,10 @@ #ifndef CRYPTO_AEAD_H #define CRYPTO_AEAD_H +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE +#endif + #include /* @@ -27,6 +31,7 @@ ** \param nonce Buffer with nonce data ** \param k Buffer with key data */ +SQLITE_PRIVATE int ascon_aead_encrypt(uint8_t* ctext, uint8_t tag[ASCON_AEAD_TAG_LEN], const uint8_t* mtext, uint64_t mlen, const uint8_t* ad, uint64_t adlen, @@ -45,6 +50,7 @@ int ascon_aead_encrypt(uint8_t* ctext, uint8_t tag[ASCON_AEAD_TAG_LEN], ** \param nonce Buffer with nonce data ** \param k Buffer with key data */ +SQLITE_PRIVATE int ascon_aead_decrypt(uint8_t* mtext, const uint8_t* ctext, uint64_t clen, const uint8_t* ad, uint64_t adlen, const uint8_t tag[ASCON_AEAD_TAG_LEN], diff --git a/src/ascon/crypto_hash.h b/src/ascon/crypto_hash.h index af9b04e..4f326f1 100644 --- a/src/ascon/crypto_hash.h +++ b/src/ascon/crypto_hash.h @@ -13,6 +13,10 @@ #ifndef CRYPTO_HASH_H #define CRYPTO_HASH_H +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE +#endif + #include /* @@ -22,6 +26,7 @@ ** \param in Buffer with input data ** \param passwordlen Length of input data in bytes */ +SQLITE_PRIVATE int ascon_hash(uint8_t* out, const uint8_t* in, uint64_t inlen); #endif diff --git a/src/ascon/crypto_pbkdf2.h b/src/ascon/crypto_pbkdf2.h index 95d7f9d..d9f247b 100644 --- a/src/ascon/crypto_pbkdf2.h +++ b/src/ascon/crypto_pbkdf2.h @@ -17,6 +17,10 @@ #ifndef ASCON_PBKDF2_H #define ASCON_PBKDF2_H +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE +#endif + #include /* @@ -35,6 +39,7 @@ ** \param saltlen Number of bytes in the salt ** \param count Number of iterations to perform */ +SQLITE_PRIVATE void ascon_pbkdf2(uint8_t* out, uint32_t outlen, const uint8_t* password, uint32_t passwordlen, const uint8_t* salt, uint32_t saltlen, uint32_t count) diff --git a/src/ascon/hash.c b/src/ascon/hash.c index 46d1762..ae400f1 100644 --- a/src/ascon/hash.c +++ b/src/ascon/hash.c @@ -89,6 +89,7 @@ forceinline void ascon_squeeze(ascon_state_t* s, uint8_t* out, ascon_printstate("squeeze output", s); } +SQLITE_PRIVATE int ascon_hash(uint8_t* out, const uint8_t* in, uint64_t inlen) { ascon_state_t s; diff --git a/src/ascon/pbkdf2.c b/src/ascon/pbkdf2.c index 010096d..1f84d55 100644 --- a/src/ascon/pbkdf2.c +++ b/src/ascon/pbkdf2.c @@ -15,6 +15,7 @@ #define ASCON_HASH_SIZE 32 #define ASCON_PBKDF2_SIZE 32 +SQLITE_PRIVATE void ascon_pbkdf2_init(ascon_state_t* state, const char* functionName, const unsigned char* custom, uint32_t customlen, uint32_t outlen) { @@ -60,10 +61,11 @@ void ascon_pbkdf2_init(ascon_state_t* state, const char* functionName, * Note: Instead of HMAC like in RFC 8018, use the following PRF: * PRF(P, X) = ASCON-cXOF(X, 256, "PBKDF2", P) */ -static void ascon_pbkdf2_f(ascon_state_t* state, - uint8_t* T, /*uint8_t* U,*/ - const uint8_t* salt, uint32_t saltlen, - uint32_t count, uint32_t blocknum) +static +void ascon_pbkdf2_f(ascon_state_t* state, + uint8_t* T, /*uint8_t* U,*/ + const uint8_t* salt, uint32_t saltlen, + uint32_t count, uint32_t blocknum) { uint32_t asconSaltLen = (saltlen < ASCON_SALT_LEN) ? saltlen : ASCON_SALT_LEN; uint8_t temp[ASCON_SALT_LEN+4]; @@ -109,6 +111,7 @@ static void ascon_pbkdf2_f(ascon_state_t* state, sqlite3mcSecureZeroMemory(&state2, sizeof(ascon_state_t)); } +SQLITE_PRIVATE void ascon_pbkdf2(uint8_t* out, uint32_t outlen, const uint8_t* password, uint32_t passwordlen, const uint8_t* salt, uint32_t saltlen, uint32_t count) diff --git a/src/chacha20poly1305.c b/src/chacha20poly1305.c index 9c8238f..13bdad6 100644 --- a/src/chacha20poly1305.c +++ b/src/chacha20poly1305.c @@ -74,6 +74,7 @@ static void chacha20_block(uint32_t x[16]) #undef CC20QR } +SQLITE_PRIVATE void chacha20_xor(void* buffer, size_t n, const uint8_t key[32], const uint8_t nonce[12], uint32_t counter) { @@ -141,6 +142,7 @@ void chacha20_xor(void* buffer, size_t n, const uint8_t key[32], /* * Poly1305 authentication tags */ +SQLITE_PRIVATE void poly1305(const uint8_t* msg, size_t n, const uint8_t key[32], uint8_t tag[16]) { @@ -210,6 +212,7 @@ void poly1305(const uint8_t* msg, size_t n, const uint8_t key[32], s4 = d4; STORE32_LE(tag + 12, s4); } +SQLITE_PRIVATE int poly1305_tagcmp(const uint8_t tag1[16], const uint8_t tag2[16]) { uint8_t d = 0; @@ -405,6 +408,7 @@ static size_t entropy(void* buf, size_t n) /* * ChaCha20 random number generator */ +SQLITE_PRIVATE void chacha20_rng(void* out, size_t n) { static uint8_t key[32], nonce[12], buffer[64] = { 0 }; diff --git a/src/cipher_chacha20.c b/src/cipher_chacha20.c index f93a867..6818682 100644 --- a/src/cipher_chacha20.c +++ b/src/cipher_chacha20.c @@ -274,7 +274,8 @@ EncryptPageChaCha20Cipher(void* cipher, int page, unsigned char* data, int len, return rc; } -int chacha20_ismemset(const void* v, unsigned char value, int len) +static int +chacha20_ismemset(const void* v, unsigned char value, int len) { const unsigned char* a = v; int i = 0, result = 0; diff --git a/src/cipher_config.c b/src/cipher_config.c index 593c5bd..94c6e54 100644 --- a/src/cipher_config.c +++ b/src/cipher_config.c @@ -188,6 +188,17 @@ sqlite3mc_cipher_name(int cipherIndex) return cipherName; } +static +int checkLegacyPageSize(const char* paramName, int pageSize) +{ + int ok = 1; + if (sqlite3_stricmp(paramName, "legacy_page_size") == 0 && pageSize > 0) + { + ok = pageSize >= 512 && pageSize <= SQLITE_MAX_PAGE_SIZE && ((pageSize - 1) & pageSize) == 0; + } + return ok; +} + SQLITE_API int sqlite3mc_config_cipher(sqlite3* db, const char* cipherName, const char* paramName, int newValue) { @@ -294,7 +305,8 @@ sqlite3mc_config_cipher(sqlite3* db, const char* cipherName, const char* paramNa value = (hasDefaultPrefix) ? param->m_default : (hasMinPrefix) ? param->m_minValue : (hasMaxPrefix) ? param->m_maxValue : param->m_value; if (!hasMinPrefix && !hasMaxPrefix) { - if (newValue >= 0 && newValue >= param->m_minValue && newValue <= param->m_maxValue) + if (newValue >= 0 && newValue >= param->m_minValue && newValue <= param->m_maxValue && + checkLegacyPageSize(paramName, newValue)) { if (hasDefaultPrefix) { diff --git a/src/cipher_config.h b/src/cipher_config.h index 5a57c70..451b98a 100644 --- a/src/cipher_config.h +++ b/src/cipher_config.h @@ -16,7 +16,7 @@ SQLITE_PRIVATE void sqlite3mcConfigTable(sqlite3_context* context, int argc, sql SQLITE_PRIVATE CodecParameter* sqlite3mcGetCodecParams(sqlite3* db); /* Forward declaration */ -static unsigned char* sqlite3mcGetSaltWriteCipher(Codec* codec); +SQLITE_PRIVATE unsigned char* sqlite3mcGetSaltWriteCipher(Codec* codec); SQLITE_PRIVATE void sqlite3mcCodecDataSql(sqlite3_context* context, int argc, sqlite3_value** argv); SQLITE_PRIVATE void sqlite3mcConfigParams(sqlite3_context* context, int argc, sqlite3_value** argv); diff --git a/src/fastpbkdf2.c b/src/fastpbkdf2.c index a190f76..7ed8e16 100644 --- a/src/fastpbkdf2.c +++ b/src/fastpbkdf2.c @@ -391,6 +391,7 @@ DECL_PBKDF2(sha512, sha512_extract, sha512_xor) +SQLITE_PRIVATE void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw, const uint8_t *salt, size_t nsalt, uint32_t iterations, @@ -402,6 +403,7 @@ void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw, #endif } +SQLITE_PRIVATE void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw, const uint8_t *salt, size_t nsalt, uint32_t iterations, @@ -410,6 +412,7 @@ void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw, PBKDF2(sha256)(pw, npw, salt, nsalt, iterations, out, nout); } +SQLITE_PRIVATE void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw, const uint8_t *salt, size_t nsalt, uint32_t iterations, @@ -418,6 +421,7 @@ void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw, PBKDF2(sha512)(pw, npw, salt, nsalt, iterations, out, nout); } +SQLITE_PRIVATE void sqlcipher_hmac(int algorithm, unsigned char* key, int nkey, unsigned char* in, int in_sz, unsigned char* in2, int in2_sz, unsigned char* out) { switch (algorithm) diff --git a/src/fastpbkdf2.h b/src/fastpbkdf2.h index 75f7e2c..d523314 100644 --- a/src/fastpbkdf2.h +++ b/src/fastpbkdf2.h @@ -15,6 +15,10 @@ #ifndef FASTPBKDF2_H #define FASTPBKDF2_H +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE +#endif + #include #include "mystdint.h" @@ -31,6 +35,7 @@ extern "C" { * * This function cannot fail; it does not report errors. */ +SQLITE_PRIVATE void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw, const uint8_t *salt, size_t nsalt, uint32_t iterations, @@ -45,6 +50,7 @@ void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw, * * This function cannot fail; it does not report errors. */ +SQLITE_PRIVATE void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw, const uint8_t *salt, size_t nsalt, uint32_t iterations, @@ -59,6 +65,7 @@ void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw, * * This function cannot fail; it does not report errors. */ +SQLITE_PRIVATE void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw, const uint8_t *salt, size_t nsalt, uint32_t iterations, @@ -68,6 +75,7 @@ void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw, * * This function cannot fail; it does not report errors. */ +SQLITE_PRIVATE void sqlcipher_hmac(int algorithm, unsigned char* key, int nkey, unsigned char* in, int in_sz, diff --git a/src/rijndael.c b/src/rijndael.c index de7ce7a..144e849 100644 --- a/src/rijndael.c +++ b/src/rijndael.c @@ -1003,11 +1003,13 @@ static UINT32 rcon[30]= ////////////////////////////////////////////////////////////////////////////////////////////////////////////////// */ +SQLITE_PRIVATE void RijndaelCreate(Rijndael* rijndael) { rijndael->m_state = RIJNDAEL_State_Invalid; } +SQLITE_PRIVATE int RijndaelInit(Rijndael* rijndael, int mode, int dir, UINT8* key, int keyLen, UINT8* initVector) { UINT32 uKeyLenInBytes; @@ -1252,6 +1254,7 @@ int RijndaelBlockEncrypt(Rijndael* rijndael, UINT8* input, int inputLen, UINT8* return 128 * numBlocks; } +SQLITE_PRIVATE int RijndaelPadEncrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 *outBuffer) { int i, numBlocks, padLen; @@ -1310,6 +1313,7 @@ int RijndaelPadEncrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 return 16*(numBlocks + 1); } +SQLITE_PRIVATE int RijndaelBlockDecrypt(Rijndael* rijndael, UINT8* input, int inputLen, UINT8* outBuffer) { int i, k, numBlocks, lenFrag; @@ -1471,6 +1475,7 @@ int RijndaelBlockDecrypt(Rijndael* rijndael, UINT8* input, int inputLen, UINT8* return 128*numBlocks; } +SQLITE_PRIVATE int RijndaelPadDecrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 *outBuffer) { int i, numBlocks, padLen; @@ -1549,6 +1554,7 @@ int RijndaelPadDecrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////// */ +SQLITE_PRIVATE void RijndaelKeySched(Rijndael* rijndael, UINT8 key[_MAX_KEY_COLUMNS][4]) { int j,rconpointer = 0; @@ -1629,6 +1635,7 @@ void RijndaelKeySched(Rijndael* rijndael, UINT8 key[_MAX_KEY_COLUMNS][4]) } } +SQLITE_PRIVATE void RijndaelKeyEncToDec(Rijndael* rijndael) { UINT32 r; @@ -1647,6 +1654,7 @@ void RijndaelKeyEncToDec(Rijndael* rijndael) } } +SQLITE_PRIVATE void RijndaelEncrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]) { UINT32 r; @@ -1722,6 +1730,7 @@ void RijndaelEncrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]) *((UINT32*)(b+12)) ^= *((UINT32*)rijndael->m_expandedKey[rijndael->m_uRounds][3]); } +SQLITE_PRIVATE void RijndaelDecrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]) { int r; @@ -1798,6 +1807,7 @@ void RijndaelDecrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]) *((UINT32*)(b+12)) ^= *((UINT32*)rijndael->m_expandedKey[0][3]); } +SQLITE_PRIVATE void RijndaelInvalidate(Rijndael* rijndael) { rijndael->m_state = RIJNDAEL_State_Invalid; diff --git a/src/rijndael.h b/src/rijndael.h index 5d3b862..ad995fb 100644 --- a/src/rijndael.h +++ b/src/rijndael.h @@ -18,6 +18,10 @@ #ifndef _RIJNDAEL_H_ #define _RIJNDAEL_H_ +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE +#endif + /* // File : rijndael.h // Creation date : Sun Nov 5 2000 03:21:05 CEST @@ -125,7 +129,7 @@ typedef struct _Rijndael UINT8 m_expandedKey[_MAX_ROUNDS+1][4][4]; } Rijndael; -void RijndaelCreate(Rijndael* rijndael); +SQLITE_PRIVATE void RijndaelCreate(Rijndael* rijndael); /* ////////////////////////////////////////////////////////////////////////////////////////// @@ -147,7 +151,7 @@ void RijndaelCreate(Rijndael* rijndael); // keyLen : Rijndael::Key16Bytes , Rijndael::Key24Bytes or Rijndael::Key32Bytes // initVector: initialization vector, you will usually use 0 here */ -int RijndaelInit(Rijndael* rijndael, int mode, int dir, UINT8* key, int keyLen, UINT8* initVector); +SQLITE_PRIVATE int RijndaelInit(Rijndael* rijndael, int mode, int dir, UINT8* key, int keyLen, UINT8* initVector); /* // Encrypts the input array (can be binary data) @@ -158,7 +162,7 @@ int RijndaelInit(Rijndael* rijndael, int mode, int dir, UINT8* key, int keyLen, // outBuffer must be at least inputLen / 8 bytes long. // Returns the encrypted buffer length in BITS or an error code < 0 in case of error */ -int RijndaelBlockEncrypt(Rijndael* rijndael, UINT8 *input, int inputLen, UINT8 *outBuffer); +SQLITE_PRIVATE int RijndaelBlockEncrypt(Rijndael* rijndael, UINT8 *input, int inputLen, UINT8 *outBuffer); /* // Encrypts the input array (can be binary data) @@ -167,7 +171,7 @@ int RijndaelBlockEncrypt(Rijndael* rijndael, UINT8 *input, int inputLen, UINT8 * // outBuffer must be at least (inputLen + 16) bytes long // Returns the encrypted buffer length in BYTES or an error code < 0 in case of error */ -int RijndaelPadEncrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 *outBuffer); +SQLITE_PRIVATE int RijndaelPadEncrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 *outBuffer); /* // Decrypts the input vector @@ -175,7 +179,7 @@ int RijndaelPadEncrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 // outBuffer must be at least inputLen / 8 bytes long // Returns the decrypted buffer length in BITS and an error code < 0 in case of error */ -int RijndaelBlockDecrypt(Rijndael* rijndael, UINT8 *input, int inputLen, UINT8 *outBuffer); +SQLITE_PRIVATE int RijndaelBlockDecrypt(Rijndael* rijndael, UINT8 *input, int inputLen, UINT8 *outBuffer); /* // Decrypts the input vector @@ -183,12 +187,12 @@ int RijndaelBlockDecrypt(Rijndael* rijndael, UINT8 *input, int inputLen, UINT8 * // outBuffer must be at least inputLen bytes long // Returns the decrypted buffer length in BYTES and an error code < 0 in case of error */ -int RijndaelPadDecrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 *outBuffer); +SQLITE_PRIVATE int RijndaelPadDecrypt(Rijndael* rijndael, UINT8 *input, int inputOctets, UINT8 *outBuffer); -void RijndaelInvalidate(Rijndael* rijndael); -void RijndaelKeySched(Rijndael* rijndael, UINT8 key[_MAX_KEY_COLUMNS][4]); -void RijndaelKeyEncToDec(Rijndael* rijndael); -void RijndaelEncrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]); -void RijndaelDecrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]); +SQLITE_PRIVATE void RijndaelInvalidate(Rijndael* rijndael); +SQLITE_PRIVATE void RijndaelKeySched(Rijndael* rijndael, UINT8 key[_MAX_KEY_COLUMNS][4]); +SQLITE_PRIVATE void RijndaelKeyEncToDec(Rijndael* rijndael); +SQLITE_PRIVATE void RijndaelEncrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]); +SQLITE_PRIVATE void RijndaelDecrypt(Rijndael* rijndael, UINT8 a[16], UINT8 b[16]); #endif /* _RIJNDAEL_H_ */ diff --git a/src/sha1.c b/src/sha1.c index 670ea24..c49041c 100644 --- a/src/sha1.c +++ b/src/sha1.c @@ -141,6 +141,7 @@ A million repetitions of "a" z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=ror(w,2); /* Hash a single 512-bit block. This is the core of the algorithm. */ +SQLITE_PRIVATE void sha1_transform(sha1_ctx *context, const uint8_t buffer[64]) { uint32_t a, b, c, d, e; @@ -205,6 +206,7 @@ void sha1_transform(sha1_ctx *context, const uint8_t buffer[64]) * * @param context SHA1-Context */ +SQLITE_PRIVATE void sha1_init(sha1_ctx *context) { /* SHA1 initialization constants */ @@ -224,6 +226,7 @@ void sha1_init(sha1_ctx *context) * @param p Buffer to run SHA1 on * @param len Number of bytes */ +SQLITE_PRIVATE void sha1_update(sha1_ctx *context, const void *p, size_t len) { const uint8_t *data = p; @@ -259,6 +262,7 @@ void sha1_update(sha1_ctx *context, const void *p, size_t len) * @param digest Generated message digest * @param context SHA1-Context */ +SQLITE_PRIVATE void sha1_final(sha1_ctx *context, uint8_t digest[SHA1_DIGEST_SIZE]) { uint32_t i; diff --git a/src/sha1.h b/src/sha1.h index bf2c56a..844b607 100644 --- a/src/sha1.h +++ b/src/sha1.h @@ -4,6 +4,10 @@ #ifndef SHA1_H_ #define SHA1_H_ (1) +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE +#endif + /** SHA-1 Context */ typedef struct { uint32_t h[5]; @@ -17,12 +21,12 @@ typedef struct { /** SHA-1 Digest size in bytes */ #define SHA1_DIGEST_SIZE 20 -void sha1_init(sha1_ctx *context); +SQLITE_PRIVATE void sha1_init(sha1_ctx *context); -void sha1_update(sha1_ctx *context, const void *p, size_t len); +SQLITE_PRIVATE void sha1_update(sha1_ctx *context, const void *p, size_t len); -void sha1_final(sha1_ctx *context, uint8_t digest[SHA1_DIGEST_SIZE]); +SQLITE_PRIVATE void sha1_final(sha1_ctx *context, uint8_t digest[SHA1_DIGEST_SIZE]); -void sha1_transform(sha1_ctx *context, const uint8_t buffer[64]); +SQLITE_PRIVATE void sha1_transform(sha1_ctx *context, const uint8_t buffer[64]); #endif /* SHA1_H_ */ diff --git a/src/sha2.c b/src/sha2.c index 587cc39..cf13004 100644 --- a/src/sha2.c +++ b/src/sha2.c @@ -131,27 +131,27 @@ wv[h] = t1 + t2; \ } -uint32 sha224_h0[8] = +static uint32 sha224_h0[8] = {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; -uint32 sha256_h0[8] = +static uint32 sha256_h0[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; -uint64 sha384_h0[8] = +static uint64 sha384_h0[8] = {li_64(cbbb9d5dc1059ed8), li_64(629a292a367cd507), li_64(9159015a3070dd17), li_64(152fecd8f70e5939), li_64(67332667ffc00b31), li_64(8eb44a8768581511), li_64(db0c2e0d64f98fa7), li_64(47b5481dbefa4fa4)}; -uint64 sha512_h0[8] = +static uint64 sha512_h0[8] = {li_64(6a09e667f3bcc908), li_64(bb67ae8584caa73b), li_64(3c6ef372fe94f82b), li_64(a54ff53a5f1d36f1), li_64(510e527fade682d1), li_64(9b05688c2b3e6c1f), li_64(1f83d9abfb41bd6b), li_64(5be0cd19137e2179)}; -uint32 sha256_k[64] = +static uint32 sha256_k[64] = {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, @@ -169,7 +169,7 @@ uint32 sha256_k[64] = 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; -uint64 sha512_k[80] = +static uint64 sha512_k[80] = {li_64(428a2f98d728ae22), li_64(7137449123ef65cd), li_64(b5c0fbcfec4d3b2f), li_64(e9b5dba58189dbbc), li_64(3956c25bf348b538), li_64(59f111f1b605d019), @@ -329,11 +329,13 @@ void sha256_transf(sha256_ctx *ctx, const unsigned char *message, } } +SQLITE_PRIVATE void sha256_transform(sha256_ctx *ctx, const unsigned char *message) { sha256_transf(ctx, message, 1); } +SQLITE_PRIVATE void sha256(const unsigned char *message, unsigned int len, unsigned char *digest) { sha256_ctx ctx; @@ -343,6 +345,7 @@ void sha256(const unsigned char *message, unsigned int len, unsigned char *diges sha256_final(&ctx, digest); } +SQLITE_PRIVATE void sha256_init(sha256_ctx *ctx) { #ifndef UNROLL_LOOPS @@ -361,6 +364,7 @@ void sha256_init(sha256_ctx *ctx) ctx->tot_len = 0; } +SQLITE_PRIVATE void sha256_update(sha256_ctx *ctx, const unsigned char *message, unsigned int len) { @@ -395,6 +399,7 @@ void sha256_update(sha256_ctx *ctx, const unsigned char *message, ctx->tot_len += (block_nb + 1) << 6; } +SQLITE_PRIVATE void sha256_final(sha256_ctx *ctx, unsigned char *digest) { unsigned int block_nb; @@ -531,11 +536,13 @@ void sha512_transf(sha512_ctx *ctx, const unsigned char *message, } } +SQLITE_PRIVATE void sha512_transform(sha512_ctx *ctx, const unsigned char *message) { sha512_transf(ctx, message, 1); } +SQLITE_PRIVATE void sha512(const unsigned char *message, unsigned int len, unsigned char *digest) { @@ -546,6 +553,7 @@ void sha512(const unsigned char *message, unsigned int len, sha512_final(&ctx, digest); } +SQLITE_PRIVATE void sha512_init(sha512_ctx *ctx) { #ifndef UNROLL_LOOPS @@ -564,6 +572,7 @@ void sha512_init(sha512_ctx *ctx) ctx->tot_len = 0; } +SQLITE_PRIVATE void sha512_update(sha512_ctx *ctx, const unsigned char *message, unsigned int len) { @@ -598,6 +607,7 @@ void sha512_update(sha512_ctx *ctx, const unsigned char *message, ctx->tot_len += (block_nb + 1) << 7; } +SQLITE_PRIVATE void sha512_final(sha512_ctx *ctx, unsigned char *digest) { unsigned int block_nb; @@ -638,6 +648,7 @@ void sha512_final(sha512_ctx *ctx, unsigned char *digest) /* SHA-384 functions */ +SQLITE_PRIVATE void sha384(const unsigned char *message, unsigned int len, unsigned char *digest) { @@ -648,6 +659,7 @@ void sha384(const unsigned char *message, unsigned int len, sha384_final(&ctx, digest); } +SQLITE_PRIVATE void sha384_init(sha384_ctx *ctx) { #ifndef UNROLL_LOOPS @@ -666,6 +678,7 @@ void sha384_init(sha384_ctx *ctx) ctx->tot_len = 0; } +SQLITE_PRIVATE void sha384_update(sha384_ctx *ctx, const unsigned char *message, unsigned int len) { @@ -700,6 +713,7 @@ void sha384_update(sha384_ctx *ctx, const unsigned char *message, ctx->tot_len += (block_nb + 1) << 7; } +SQLITE_PRIVATE void sha384_final(sha384_ctx *ctx, unsigned char *digest) { unsigned int block_nb; @@ -738,6 +752,7 @@ void sha384_final(sha384_ctx *ctx, unsigned char *digest) /* SHA-224 functions */ +SQLITE_PRIVATE void sha224(const unsigned char *message, unsigned int len, unsigned char *digest) { @@ -748,6 +763,7 @@ void sha224(const unsigned char *message, unsigned int len, sha224_final(&ctx, digest); } +SQLITE_PRIVATE void sha224_init(sha224_ctx *ctx) { #ifndef UNROLL_LOOPS @@ -766,6 +782,7 @@ void sha224_init(sha224_ctx *ctx) ctx->tot_len = 0; } +SQLITE_PRIVATE void sha224_update(sha224_ctx *ctx, const unsigned char *message, unsigned int len) { @@ -800,6 +817,7 @@ void sha224_update(sha224_ctx *ctx, const unsigned char *message, ctx->tot_len += (block_nb + 1) << 6; } +SQLITE_PRIVATE void sha224_final(sha224_ctx *ctx, unsigned char *digest) { unsigned int block_nb; @@ -963,4 +981,3 @@ int main() } #endif /* TEST_VECTORS */ - diff --git a/src/sha2.h b/src/sha2.h index 720fc49..07c12c7 100644 --- a/src/sha2.h +++ b/src/sha2.h @@ -34,6 +34,10 @@ #ifndef SHA2_H #define SHA2_H +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE +#endif + #define SHA224_DIGEST_SIZE ( 224 / 8) #define SHA256_DIGEST_SIZE ( 256 / 8) #define SHA384_DIGEST_SIZE ( 384 / 8) @@ -127,35 +131,27 @@ typedef struct { typedef sha512_ctx sha384_ctx; typedef sha256_ctx sha224_ctx; -void sha224_init(sha224_ctx *ctx); -void sha224_update(sha224_ctx *ctx, const unsigned char *message, - unsigned int len); -void sha224_final(sha224_ctx *ctx, unsigned char *digest); -void sha224(const unsigned char *message, unsigned int len, - unsigned char *digest); - -void sha256_init(sha256_ctx * ctx); -void sha256_update(sha256_ctx *ctx, const unsigned char *message, - unsigned int len); -void sha256_final(sha256_ctx *ctx, unsigned char *digest); -void sha256_transform(sha256_ctx *ctx, const unsigned char *message); -void sha256(const unsigned char *message, unsigned int len, - unsigned char *digest); - -void sha384_init(sha384_ctx *ctx); -void sha384_update(sha384_ctx *ctx, const unsigned char *message, - unsigned int len); -void sha384_final(sha384_ctx *ctx, unsigned char *digest); -void sha384(const unsigned char *message, unsigned int len, - unsigned char *digest); - -void sha512_init(sha512_ctx *ctx); -void sha512_update(sha512_ctx *ctx, const unsigned char *message, - unsigned int len); -void sha512_final(sha512_ctx *ctx, unsigned char *digest); -void sha512_transform(sha512_ctx *ctx, const unsigned char *message); -void sha512(const unsigned char *message, unsigned int len, - unsigned char *digest); +SQLITE_PRIVATE void sha224_init(sha224_ctx *ctx); +SQLITE_PRIVATE void sha224_update(sha224_ctx *ctx, const unsigned char *message, unsigned int len); +SQLITE_PRIVATE void sha224_final(sha224_ctx *ctx, unsigned char *digest); +SQLITE_PRIVATE void sha224(const unsigned char *message, unsigned int len, unsigned char *digest); + +SQLITE_PRIVATE void sha256_init(sha256_ctx * ctx); +SQLITE_PRIVATE void sha256_update(sha256_ctx *ctx, const unsigned char *message, unsigned int len); +SQLITE_PRIVATE void sha256_final(sha256_ctx *ctx, unsigned char *digest); +SQLITE_PRIVATE void sha256_transform(sha256_ctx *ctx, const unsigned char *message); +SQLITE_PRIVATE void sha256(const unsigned char *message, unsigned int len, unsigned char *digest); + +SQLITE_PRIVATE void sha384_init(sha384_ctx *ctx); +SQLITE_PRIVATE void sha384_update(sha384_ctx *ctx, const unsigned char *message, unsigned int len); +SQLITE_PRIVATE void sha384_final(sha384_ctx *ctx, unsigned char *digest); +SQLITE_PRIVATE void sha384(const unsigned char *message, unsigned int len, unsigned char *digest); + +SQLITE_PRIVATE void sha512_init(sha512_ctx *ctx); +SQLITE_PRIVATE void sha512_update(sha512_ctx *ctx, const unsigned char *message, unsigned int len); +SQLITE_PRIVATE void sha512_final(sha512_ctx *ctx, unsigned char *digest); +SQLITE_PRIVATE void sha512_transform(sha512_ctx *ctx, const unsigned char *message); +SQLITE_PRIVATE void sha512(const unsigned char *message, unsigned int len, unsigned char *digest); #ifdef __cplusplus } diff --git a/src/sqlite3mc.c b/src/sqlite3mc.c index d2dd1fd..05cf60d 100644 --- a/src/sqlite3mc.c +++ b/src/sqlite3mc.c @@ -51,8 +51,15 @@ #define SQLITE_EXTRA_INIT sqlite3mc_initialize #define SQLITE_EXTRA_SHUTDOWN sqlite3mc_shutdown -int sqlite3mc_initialize(const char* arg); -void sqlite3mc_shutdown(void); +/* +** Declare all internal functions as 'static' unless told otherwise +*/ +#ifndef SQLITE_PRIVATE +#define SQLITE_PRIVATE static +#endif + +SQLITE_PRIVATE int sqlite3mc_initialize(const char* arg); +SQLITE_PRIVATE void sqlite3mc_shutdown(void); /* ** To enable the extension functions define SQLITE_ENABLE_EXTFUNC on compiling this module @@ -179,10 +186,10 @@ SQLITE_PRIVATE int sqlite3mcGetMemorySecurity(); #include "fastpbkdf2.c" /* Prototypes for several crypto functions to make pedantic compilers happy */ -void chacha20_xor(void* data, size_t n, const uint8_t key[32], const uint8_t nonce[12], uint32_t counter); -void poly1305(const uint8_t* msg, size_t n, const uint8_t key[32], uint8_t tag[16]); -int poly1305_tagcmp(const uint8_t tag1[16], const uint8_t tag2[16]); -void chacha20_rng(void* out, size_t n); +SQLITE_PRIVATE void chacha20_xor(void* data, size_t n, const uint8_t key[32], const uint8_t nonce[12], uint32_t counter); +SQLITE_PRIVATE void poly1305(const uint8_t* msg, size_t n, const uint8_t key[32], uint8_t tag[16]); +SQLITE_PRIVATE int poly1305_tagcmp(const uint8_t tag1[16], const uint8_t tag2[16]); +SQLITE_PRIVATE void chacha20_rng(void* out, size_t n); #include "chacha20poly1305.c" #endif @@ -661,7 +668,7 @@ sqlite3mcTermCipherTables() globalCipherCount = 0; } -int +SQLITE_PRIVATE int sqlite3mc_initialize(const char* arg) { int rc = sqlite3mcInitCipherTables(); @@ -793,7 +800,7 @@ sqlite3mc_initialize(const char* arg) return rc; } -void +SQLITE_PRIVATE void sqlite3mc_shutdown(void) { sqlite3mc_vfs_shutdown(); diff --git a/src/sqlite3mc_version.h b/src/sqlite3mc_version.h index 530299c..11d6b60 100644 --- a/src/sqlite3mc_version.h +++ b/src/sqlite3mc_version.h @@ -14,8 +14,8 @@ #define SQLITE3MC_VERSION_MAJOR 1 #define SQLITE3MC_VERSION_MINOR 8 -#define SQLITE3MC_VERSION_RELEASE 5 +#define SQLITE3MC_VERSION_RELEASE 6 #define SQLITE3MC_VERSION_SUBRELEASE 0 -#define SQLITE3MC_VERSION_STRING "SQLite3 Multiple Ciphers 1.8.5" +#define SQLITE3MC_VERSION_STRING "SQLite3 Multiple Ciphers 1.8.6" #endif /* SQLITE3MC_VERSION_H_ */ diff --git a/src/sqlite3mc_vfs.c b/src/sqlite3mc_vfs.c index c126af4..34cc184 100644 --- a/src/sqlite3mc_vfs.c +++ b/src/sqlite3mc_vfs.c @@ -310,8 +310,9 @@ SQLITE_PRIVATE int sqlite3mcIsBackupSupported(sqlite3* pSrc, const char* zSrc, s Codec* codecDest = sqlite3mcGetCodec(pDest, zDest); if (codecSrc && codecDest) { - /* Both databases have a codec */ + /* Both databases have a codec, are encrypted, and have the same page size */ ok = sqlite3mcIsEncrypted(codecSrc) && sqlite3mcIsEncrypted(codecDest) && + (sqlite3mcGetPageSizeReadCipher(codecSrc) == sqlite3mcGetPageSizeWriteCipher(codecDest)) && (sqlite3mcGetReadReserved(codecSrc) == sqlite3mcGetWriteReserved(codecDest)); } else diff --git a/src/sqlite3mc_vfs.h b/src/sqlite3mc_vfs.h index 847dc6a..1626545 100644 --- a/src/sqlite3mc_vfs.h +++ b/src/sqlite3mc_vfs.h @@ -16,6 +16,7 @@ extern "C" { #ifndef SQLITE_PRIVATE #define SQLITE_PRIVATE #endif + SQLITE_PRIVATE int sqlite3mcCheckVfs(const char* zVfs); SQLITE_API int sqlite3mc_vfs_create(const char* zVfsReal, int makeDefault);