/ Check-in [231832c4]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | zonefile
Files: files | file ages | folders
SHA3-256:231832c4cb15862e61dfcc00fba9ab78ca7e2442a0d4aa1a98a191f5f8b4cff3
User & Date: dan 2018-02-26 07:58:39
Context
2018-02-27
14:26
Have the zonefile extension use binary instead of text keys. check-in: 39a4267f user: dan tags: zonefile
2018-02-26
07:58
Add extra parameter to zonefileCodecCreate() to indicate whether the new object will be used for mock-encryption or mock-decryption. check-in: 231832c4 user: dan tags: zonefile
2018-02-24
08:26
Test edge cases in the zonefile module. Fix a broken error message in the same. check-in: 1764ade2 user: dan tags: zonefile
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to ext/zonefile/zonefile.c.

101
102
103
104
105
106
107

108
109
110
111
112
113
114
115
116
117
118

119
120
121
122
123
124
125
...
129
130
131
132
133
134
135

136
137
138
139
140
141
142
...
148
149
150
151
152
153
154

155
156
157
158
159
160
161
...
172
173
174
175
176
177
178

179
180
181
182
183
184
185
...
189
190
191
192
193
194
195

196
197
198
199
200
201
202
....
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
....
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
** implementations of the following type and functions that support the
** mock encryption method "xor" only are provided. Alternatively, the
** application may append a more functional implementation of the following 
** type and functions to this file before compiling it with
** SQLITE_HAVE_ZONEFILE_CODEC defined.
*/
typedef struct ZonefileCodec ZonefileCodec;

static int zonefileCodecCreate(int,unsigned char*,int,ZonefileCodec**,char**);
static int zonefileCodecNonceSize(ZonefileCodec*);
static void zonefileCodecEncode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDecode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDestroy(ZonefileCodec*);

#ifndef SQLITE_HAVE_ZONEFILE_CODEC
typedef struct ZonefileCodec ZonefileCodec;

struct ZonefileCodec {
  u8 aKey[16];

};

/* Create a new encryption module instance using algorithm iAlg.
**
**   iAlg==1   AES128 CTR
**   iAlg==2   AES128 CBC
**   iAlg==3   AES256 CTR
................................................................................
** If the requested algorithm is not available, the routine returns
** a NULL pointer.  NULL is also returned on a OOM error.
**
** Use zonefileCodecDestroy() to reclaim memory.
*/
static int zonefileCodecCreate(
  int iAlg, 

  unsigned char *pKey, int nKey, 
  ZonefileCodec **pp, 
  char **pzErr
){
  ZonefileCodec *pRet;
  int rc = SQLITE_OK;
  
................................................................................
    if( pRet==0 ){
      rc = SQLITE_NOMEM;
    }else{
      int i;
      for(i=0; i<sizeof(pRet->aKey); i++){
        pRet->aKey[i] = pKey[i % nKey];
      }

    }
  }

  return rc;
}

/* Return the size of the nonce used for the given encryption module */
................................................................................
*/
static void zonefileCodecEncode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn];

  sqlite3_randomness(16, aNonce);
  for(i=0; i<nIn; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Decrypt in-place.
................................................................................
*/
static void zonefileCodecDecode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn-16];

  for(i=0; i<nIn-16; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Destroy an encryption module.
** It is harmless to pass in a NULL pointer.
................................................................................
    zJson = (const char*)sqlite3_value_text(objv[2]);
  }
  if( zonefileGetParams(pCtx, zJson, &sParam) ) return;

  if( sParam.encryptionType!=0 ){
    int n = strlen(sParam.encryptionKey);
    rc = zonefileCodecCreate(
        sParam.encryptionType, (u8*)sParam.encryptionKey, n, &pCodec, &zErr
    );
    if( rc!=SQLITE_OK ){
      if( zErr ){
        sqlite3_result_error(pCtx, zErr, -1);
      }else{
        sqlite3_result_error_code(pCtx, rc);
      }
................................................................................
    if( rc==SQLITE_OK && hdr.encryptionType ){
      const char *z = 0;
      int n = zonefileKeyFind(pTab->pGlobal, pTab->zDb, pTab->zName, iFile, &z);
      if( n==0 ){
        zErr = sqlite3_mprintf("missing encryption key for file \"%s\"", zFile);
        rc = SQLITE_ERROR;
      }else{
        rc = zonefileCodecCreate(hdr.encryptionType, (u8*)z, n, &pCodec, &zErr);
      }
    }

    /* Read some data into memory. */
    if( rc==SQLITE_OK ){
      int szFrame = sqlite3_column_int(pCsr->pSelect, 3);








>
|










>







 







>







 







>







 







>







 







>







 







|







 







|







101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
...
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
...
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
...
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
...
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
....
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
....
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
** implementations of the following type and functions that support the
** mock encryption method "xor" only are provided. Alternatively, the
** application may append a more functional implementation of the following 
** type and functions to this file before compiling it with
** SQLITE_HAVE_ZONEFILE_CODEC defined.
*/
typedef struct ZonefileCodec ZonefileCodec;
static int zonefileCodecCreate(
    int,int,unsigned char*,int,ZonefileCodec**,char**);
static int zonefileCodecNonceSize(ZonefileCodec*);
static void zonefileCodecEncode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDecode(ZonefileCodec*, unsigned char*, int);
static void zonefileCodecDestroy(ZonefileCodec*);

#ifndef SQLITE_HAVE_ZONEFILE_CODEC
typedef struct ZonefileCodec ZonefileCodec;

struct ZonefileCodec {
  u8 aKey[16];
  int bEncrypt;                   /* Second parameter passed to Create() */
};

/* Create a new encryption module instance using algorithm iAlg.
**
**   iAlg==1   AES128 CTR
**   iAlg==2   AES128 CBC
**   iAlg==3   AES256 CTR
................................................................................
** If the requested algorithm is not available, the routine returns
** a NULL pointer.  NULL is also returned on a OOM error.
**
** Use zonefileCodecDestroy() to reclaim memory.
*/
static int zonefileCodecCreate(
  int iAlg, 
  int bEncrypt,                   /* True for encryption, zero for decryption */
  unsigned char *pKey, int nKey, 
  ZonefileCodec **pp, 
  char **pzErr
){
  ZonefileCodec *pRet;
  int rc = SQLITE_OK;
  
................................................................................
    if( pRet==0 ){
      rc = SQLITE_NOMEM;
    }else{
      int i;
      for(i=0; i<sizeof(pRet->aKey); i++){
        pRet->aKey[i] = pKey[i % nKey];
      }
      pRet->bEncrypt = bEncrypt;
    }
  }

  return rc;
}

/* Return the size of the nonce used for the given encryption module */
................................................................................
*/
static void zonefileCodecEncode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn];
  assert( pCodec->bEncrypt );
  sqlite3_randomness(16, aNonce);
  for(i=0; i<nIn; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Decrypt in-place.
................................................................................
*/
static void zonefileCodecDecode(
  ZonefileCodec *pCodec, 
  unsigned char *pIn, int nIn
){
  int i;
  u8 *aNonce = &pIn[nIn-16];
  assert( pCodec->bEncrypt==0 );
  for(i=0; i<nIn-16; i++){
    pIn[i] = pIn[i] ^ aNonce[i%16] ^ pCodec->aKey[i%16];
  }
}

/* Destroy an encryption module.
** It is harmless to pass in a NULL pointer.
................................................................................
    zJson = (const char*)sqlite3_value_text(objv[2]);
  }
  if( zonefileGetParams(pCtx, zJson, &sParam) ) return;

  if( sParam.encryptionType!=0 ){
    int n = strlen(sParam.encryptionKey);
    rc = zonefileCodecCreate(
        sParam.encryptionType, 1, (u8*)sParam.encryptionKey, n, &pCodec, &zErr
    );
    if( rc!=SQLITE_OK ){
      if( zErr ){
        sqlite3_result_error(pCtx, zErr, -1);
      }else{
        sqlite3_result_error_code(pCtx, rc);
      }
................................................................................
    if( rc==SQLITE_OK && hdr.encryptionType ){
      const char *z = 0;
      int n = zonefileKeyFind(pTab->pGlobal, pTab->zDb, pTab->zName, iFile, &z);
      if( n==0 ){
        zErr = sqlite3_mprintf("missing encryption key for file \"%s\"", zFile);
        rc = SQLITE_ERROR;
      }else{
        rc = zonefileCodecCreate(hdr.encryptionType, 0, (u8*)z,n,&pCodec,&zErr);
      }
    }

    /* Read some data into memory. */
    if( rc==SQLITE_OK ){
      int szFrame = sqlite3_column_int(pCsr->pSelect, 3);

Changes to ext/zonefile/zonefile1.test.

622
623
624
625
626
627
628






629
630
631
set i 0
foreach id {1 2 3 2 3 1} {
  do_execsql_test 11.1.$i {
    SELECT data.v=nm.v FROM data,nm WHERE data.k=$id AND nm.k=$id
  } 1
  incr i
}







finish_test








>
>
>
>
>
>



622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
set i 0
foreach id {1 2 3 2 3 1} {
  do_execsql_test 11.1.$i {
    SELECT data.v=nm.v FROM data,nm WHERE data.k=$id AND nm.k=$id
  } 1
  incr i
}

if {[file exists /dev/null]} {
  do_catchsql_test 11.2 {
    INSERT INTO nm_files(filename) VALUES('/dev/null');
  } {1 {failed to read zonefile header from file "/dev/null"}}
}

finish_test