File: db_encrypt.c

package info (click to toggle)
db5.3 5.3.28%2Bdfsg1-0.5
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 158,360 kB
  • sloc: ansic: 448,411; java: 111,824; tcl: 80,544; sh: 44,326; cs: 33,697; cpp: 21,604; perl: 14,557; xml: 10,799; makefile: 4,077; yacc: 1,003; awk: 965; sql: 801; erlang: 342; python: 216; php: 24; asm: 14
file content (102 lines) | stat: -rw-r--r-- 2,843 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
/*-
 * See the file LICENSE for redistribution information.
 *
 * Copyright (c) 2010, 2013 Oracle and/or its affiliates.  All rights reserved.
 */

/*
 * This file implements SQLite encryption using the Berkeley DB encryption
 * algorithms.
 */
#include "sqliteInt.h"
#include "btreeInt.h"
#include <db.h>

#ifdef SQLITE_HAS_CODEC
void sqlite3CodecGetKey(sqlite3*, int, void**, int*);

#define	pDbEnv		(pBt->dbenv)

/*
 * sqlite3_key() is called only to set the encryption key for the "main"
 * backend database, that is db->aDb[0].  The encryption key for attached
 * databases is set directly via sqlite3CodecAttach().
 */
int sqlite3_key(sqlite3 *db, const void *key, int nkey) {
	return sqlite3CodecAttach(db, 0, key, nkey);
}

int sqlite3_rekey(sqlite3 *db, const void *key, int nkey) {
	return 0;
}

void sqlite3_activate_see(const char *zPassPhrase) {
	  return;
}

/*
 * Used by the ATTACH command and by sqlite3_key, set the encryption key for the
 * backend-th database, where "main" is 0, "temp" is 1 and each additional
 * ATTACH-ed database file is 2, 3, 4, ...
 */
int sqlite3CodecAttach(sqlite3 *db, int backend, const void *key, int nkey) {
	struct BtShared *pBt;
	int ret;

	assert(db->aDb[backend].pBt != NULL);
	pBt = db->aDb[backend].pBt->pBt;

	/*
	 * An empty key means no encryption.  Also, don't try to encrypt an
	 * environment that's already been opened.  Don't encrypt an in-mem db
	 * since it will never be written to disk.
	 */
	if (nkey == 0 || pBt->env_opened || pBt->dbStorage != DB_STORE_NAMED)
		return dberr2sqlite(0, db->aDb[backend].pBt);

	sqlite3_mutex_enter(db->mutex);

	/*
	 * SQLite and BDB have slightly different semantics for the key.
	 * SQLite's key is a string of bytes whose length is specified
	 * separately, while BDB takes a NULL terminated string.  We need to
	 * ensure the key is NULL terminated before passing to BDB, but we can't
	 * modify the given key, so we have to make a copy.  BDB will make its
	 * own copy of the key, it's safe to free keystring after
	 * the set_encrypt call.
	 */
	if (pBt->encrypt_pwd != NULL)
		CLEAR_PWD(pBt);

	if ((pBt->encrypt_pwd = malloc((size_t)nkey + 1)) == NULL) {
		ret = ENOMEM;
		goto err;
	}

	memcpy(pBt->encrypt_pwd, key, nkey);
	/*
	 * We allocate nkey + 1 bytes, but will only clear nkey bytes to
	 * preserve the terminating NULL.
	 */
	pBt->encrypt_pwd_len = nkey;
	pBt->encrypt_pwd[nkey] = '\0';

	ret = pDbEnv->set_encrypt(pDbEnv, pBt->encrypt_pwd, DB_ENCRYPT_AES);

	pBt->encrypted = 1;

err:	sqlite3_mutex_leave(db->mutex);

	return dberr2sqlite(ret, db->aDb[backend].pBt);
}

/*
 * Get the current key of the given database.
 */
void sqlite3CodecGetKey(sqlite3 *db, int backend, void **keyp, int *nkeyp) {
	*keyp = db->aDb[backend].pBt->pBt->encrypt_pwd;
	*nkeyp = db->aDb[backend].pBt->pBt->encrypt_pwd_len;
	return;
}

#endif