From 79ff6822cb52f3e9d757ae2a006279e766b5fac8 Mon Sep 17 00:00:00 2001
From: Wing-Hou Chan <wing@wii.ng>
Date: Sat, 17 May 2025 16:02:22 +0100
Subject: [PATCH] Enable encryption for mobile targets

---
 bindings/c/Cargo.toml                         |  9 +--
 bindings/c/Makefile                           |  3 +-
 libsql-ffi/build.rs                           | 77 +++++++++++++++----
 .../SQLite3MultipleCiphers/CMakeLists.txt     | 18 +++--
 4 files changed, 76 insertions(+), 31 deletions(-)

diff --git a/bindings/c/Cargo.toml b/bindings/c/Cargo.toml
index 162fdcac1d..273b85f0e1 100644
--- a/bindings/c/Cargo.toml
+++ b/bindings/c/Cargo.toml
@@ -13,6 +13,7 @@ cbindgen = "0.24.0"
 [dependencies]
 bytes = "1.5.0"
 lazy_static = "1.4.0"
+libsql = { path = "../../libsql", features = ["encryption"] }
 tokio = { version = "1.29.1", features = [ "rt-multi-thread" ] }
 hyper-rustls = { version = "0.25", features = ["webpki-roots"]}
 tracing = "0.1.40"
@@ -20,14 +21,6 @@ tracing-subscriber = "0.3.18"
 http = "1.1.0"
 anyhow = "1.0.86"
 
-[target.'cfg(not(any(target_os = "ios", target_os = "android")))'.dependencies]
-libsql = { path = "../../libsql", features = ["encryption"] }
-
-# Disable encryption for ios and android targets
-[target.'cfg(any(target_os = "ios", target_os = "android"))'.dependencies]
-libsql = { path = "../../libsql"}
-
-
 # The produced binaries are too large for mobiles
 # When compiling for iOS or Android, you should turn on symbol stripping, lto and cut debug symbols
 # [profile.release]
diff --git a/bindings/c/Makefile b/bindings/c/Makefile
index de0974e5c3..8871689537 100644
--- a/bindings/c/Makefile
+++ b/bindings/c/Makefile
@@ -3,6 +3,7 @@ CFLAGS := -Iinclude
 LDFLAGS := -lm
 ARCHS_IOS = x86_64-apple-ios aarch64-apple-ios aarch64-apple-ios-sim
 ARCHS_ANDROID = aarch64-linux-android armv7-linux-androideabi x86_64-linux-android i686-linux-android
+ANDROID_PLATFORM := 31
 LIB = libsql_experimental.a
 HEADER = libsql.h
 XCFRAMEWORK = libsql.xcframework
@@ -35,7 +36,7 @@ android: $(ARCHS_ANDROID)
 	cp ../../target/i686-linux-android/release/$(LIB) generated/jniLibs/x86/$(LIB)
 
 $(ARCHS_ANDROID): %: 
-	cargo ndk --target $@ --platform 31 build --release
+	ANDROID_PLATFORM=$(ANDROID_PLATFORM) cargo ndk --target $@ --platform $(ANDROID_PLATFORM) build --release
 
 ios: $(XCFRAMEWORK)
 
diff --git a/libsql-ffi/build.rs b/libsql-ffi/build.rs
index 3de70f5e66..fc9c10d4ed 100644
--- a/libsql-ffi/build.rs
+++ b/libsql-ffi/build.rs
@@ -452,7 +452,7 @@ fn build_multiple_ciphers(target: &str, out_path: &Path) {
     let bundled_dir = format!("{out_dir}/sqlite3mc");
     let sqlite3mc_build_dir = env::current_dir().unwrap().join(out_dir).join("sqlite3mc");
 
-    let mut cmake_opts: Vec<&str> = vec![];
+    let mut cmake_opts: Vec<String> = vec![];
 
     let target_postfix = target.to_string().replace("-", "_");
     let cross_cc_var_name = format!("CC_{}", target_postfix);
@@ -462,8 +462,15 @@ fn build_multiple_ciphers(target: &str, out_path: &Path) {
     let cross_cxx_var_name = format!("CXX_{}", target_postfix);
     let cross_cxx = env::var(&cross_cxx_var_name).ok();
 
-    let toolchain_path = sqlite3mc_build_dir.join("toolchain.cmake");
-    let cmake_toolchain_opt = "-DCMAKE_TOOLCHAIN_FILE=toolchain.cmake".to_string();
+    let ndk_cmake_toolchain_path = env::var("CARGO_NDK_CMAKE_TOOLCHAIN_PATH").ok();
+    let toolchain_path = ndk_cmake_toolchain_path
+        .clone()
+        .map(PathBuf::from)
+        .unwrap_or_else(|| sqlite3mc_build_dir.join("toolchain.cmake"));
+    let cmake_toolchain_opt = ndk_cmake_toolchain_path
+        .clone()
+        .map(|path| format!("-DCMAKE_TOOLCHAIN_FILE={}", path))
+        .unwrap_or_else(|| "-DCMAKE_TOOLCHAIN_FILE=toolchain.cmake".to_string());
 
     let mut toolchain_file = OpenOptions::new()
         .create(true)
@@ -493,7 +500,7 @@ fn build_multiple_ciphers(target: &str, out_path: &Path) {
             panic!("Unsupported cross target {}", cc)
         };
 
-        cmake_opts.push(&cmake_toolchain_opt);
+        cmake_opts.push(cmake_toolchain_opt.clone());
         writeln!(toolchain_file, "set(CMAKE_SYSTEM_NAME \"{}\")", system_name).unwrap();
         writeln!(
             toolchain_file,
@@ -508,20 +515,58 @@ fn build_multiple_ciphers(target: &str, out_path: &Path) {
         writeln!(toolchain_file, "set(CMAKE_CXX_COMPILER {})", cxx).unwrap();
     }
 
-    cmake_opts.push("-DCMAKE_BUILD_TYPE=Release");
-    cmake_opts.push("-DSQLITE3MC_STATIC=ON");
-    cmake_opts.push("-DCODEC_TYPE=AES256");
-    cmake_opts.push("-DSQLITE3MC_BUILD_SHELL=OFF");
-    cmake_opts.push("-DSQLITE_SHELL_IS_UTF8=OFF");
-    cmake_opts.push("-DSQLITE_USER_AUTHENTICATION=OFF");
-    cmake_opts.push("-DSQLITE_SECURE_DELETE=OFF");
-    cmake_opts.push("-DSQLITE_ENABLE_COLUMN_METADATA=ON");
-    cmake_opts.push("-DSQLITE_USE_URI=ON");
-    cmake_opts.push("-DCMAKE_POSITION_INDEPENDENT_CODE=ON");
+    cmake_opts.push("-DCMAKE_BUILD_TYPE=Release".to_string());
+    cmake_opts.push("-DSQLITE3MC_STATIC=ON".to_string());
+    cmake_opts.push("-DCODEC_TYPE=AES256".to_string());
+    cmake_opts.push("-DSQLITE3MC_BUILD_SHELL=OFF".to_string());
+    cmake_opts.push("-DSQLITE_SHELL_IS_UTF8=OFF".to_string());
+    cmake_opts.push("-DSQLITE_USER_AUTHENTICATION=OFF".to_string());
+    cmake_opts.push("-DSQLITE_SECURE_DELETE=OFF".to_string());
+    cmake_opts.push("-DSQLITE_ENABLE_COLUMN_METADATA=ON".to_string());
+    cmake_opts.push("-DSQLITE_USE_URI=ON".to_string());
+    cmake_opts.push("-DCMAKE_POSITION_INDEPENDENT_CODE=ON".to_string());
 
     if target.contains("musl") {
-        cmake_opts.push("-DCMAKE_C_FLAGS=\"-U_FORTIFY_SOURCE\" -D_FILE_OFFSET_BITS=32");
-        cmake_opts.push("-DCMAKE_CXX_FLAGS=\"-U_FORTIFY_SOURCE\" -D_FILE_OFFSET_BITS=32");
+        cmake_opts.push("-DCMAKE_C_FLAGS=\"-U_FORTIFY_SOURCE\" -D_FILE_OFFSET_BITS=32".to_string());
+        cmake_opts
+            .push("-DCMAKE_CXX_FLAGS=\"-U_FORTIFY_SOURCE\" -D_FILE_OFFSET_BITS=32".to_string());
+    }
+
+    if target.contains("android") {
+        let android_abi = match target {
+            "aarch64-linux-android" => "arm64-v8a",
+            "armv7-linux-androideabi" => "armeabi-v7a",
+            "i686-linux-android" => "x86",
+            "x86_64-linux-android" => "x86_64",
+            _ => panic!("Unsupported Android target: {}", target),
+        };
+        let android_platform = std::env::var("ANDROID_PLATFORM")
+            .expect("ANDROID_PLATFORM environment variable must be set");
+
+        cmake_opts.push(cmake_toolchain_opt);
+        cmake_opts.push(format!("-DANDROID_ABI={}", android_abi));
+        cmake_opts.push(format!("-DANDROID_PLATFORM=android-{}", android_platform));
+    }
+
+    if target.contains("ios") {
+        cmake_opts.push("-DCMAKE_SYSTEM_NAME=iOS".to_string());
+
+        let (arch, processor, sysroot) = if target.contains("x86_64") {
+            ("x86_64", "x86_64", "iphonesimulator")
+        } else if target.contains("aarch64") {
+            let sysroot = if target.contains("sim") {
+                "iphonesimulator"
+            } else {
+                "iphoneos"
+            };
+            ("arm64", "arm64", sysroot)
+        } else {
+            panic!("Unsupported iOS target: {}", target);
+        };
+
+        cmake_opts.push(format!("-DCMAKE_OSX_ARCHITECTURES={}", arch));
+        cmake_opts.push(format!("-DCMAKE_SYSTEM_PROCESSOR={}", processor));
+        cmake_opts.push(format!("-DCMAKE_OSX_SYSROOT={}", sysroot));
     }
 
     let mut cmake = Command::new("cmake");
diff --git a/libsql-ffi/bundled/SQLite3MultipleCiphers/CMakeLists.txt b/libsql-ffi/bundled/SQLite3MultipleCiphers/CMakeLists.txt
index aa48e789d3..bb55199f94 100644
--- a/libsql-ffi/bundled/SQLite3MultipleCiphers/CMakeLists.txt
+++ b/libsql-ffi/bundled/SQLite3MultipleCiphers/CMakeLists.txt
@@ -273,14 +273,17 @@ if(MSVC)
   )
 endif()
 
-if (CMAKE_SYSTEM_NAME STREQUAL "Linux"
-    OR CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+if (CMAKE_SYSTEM_NAME STREQUAL "Android"
+    OR CMAKE_SYSTEM_NAME STREQUAL "Darwin"
+    OR CMAKE_SYSTEM_NAME STREQUAL "iOS"
+    OR CMAKE_SYSTEM_NAME STREQUAL "Linux")
 
   # Do not set `-maes -msee4.2` when we are on arm which doesn't support
   # this instruction set.
   if (CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64"
+      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm"
       OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64"
-      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm")
+      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "armv7-a")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS}")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
   else()
@@ -293,15 +296,17 @@ if (CMAKE_SYSTEM_NAME STREQUAL "Linux"
     dl
     m
   )
-  if(CMAKE_SYSTEM_NAME STREQUAL "Darwin")
+  if(CMAKE_SYSTEM_NAME STREQUAL "Darwin"
+     OR CMAKE_SYSTEM_NAME STREQUAL "iOS")
     list(APPEND SQLITE3MC_LINK_LIBRARIES "-framework Security")
   endif()
   set(SHARED_LIB_EXPORT_DEFINITION "__attribute__((visibility(\"default\")))")
 else()
   if (CMAKE_C_COMPILER_ID STREQUAL "GNU" AND NOT (
       CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64"
-      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64"
       OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm"
+      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64"
+      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "armv7-a"
   ))
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -msse4.2 -maes")
     set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -msse4.2 -maes")
@@ -311,8 +316,9 @@ endif()
 
 if (CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT (
       CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64"
-      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64"
       OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm"
+      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "arm64"
+      OR CMAKE_SYSTEM_PROCESSOR STREQUAL "armv7-a"
   ))
   set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -msse4.2 -maes -Wno-error=incompatible-function-pointer-types")
   set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -msse4.2 -maes")