Skip to content

Commit 2c7fc84

Browse files
utelleutelle
committed
Adjust plaintext header size rules
- for sqlcipher the plaintext header size must be a multiple of the AES blocksize (16 bytes) - for legacy chacha20 (resp. sqleet) the plaintext header size can be an arbitrary value greater or equal 0 - for non-legacy chacha20, ascon128, and aegis the plaintext header size can be 0 or a value greater or equal between 24 The upper limit for the plaintext header size is currently 100. In theory, it could be limited by the page size reduced by the number of reserved bytes.
1 parent af670fa commit 2c7fc84

File tree

3 files changed

+34
-13
lines changed

3 files changed

+34
-13
lines changed

src/cipher_chacha20.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -198,7 +198,8 @@ EncryptPageChaCha20Cipher(void* cipher, int page, unsigned char* data, int len,
198198
if (plaintextHeaderSize > 0)
199199
{
200200
usePlaintextHeader = 1;
201-
offset = (plaintextHeaderSize > CIPHER_PAGE1_OFFSET) ? plaintextHeaderSize : CIPHER_PAGE1_OFFSET;
201+
offset = (chacha20Cipher->m_legacy != 0) ? plaintextHeaderSize :
202+
(plaintextHeaderSize > CIPHER_PAGE1_OFFSET) ? plaintextHeaderSize : CIPHER_PAGE1_OFFSET;
202203
}
203204
else
204205
{
@@ -283,7 +284,8 @@ DecryptPageChaCha20Cipher(void* cipher, int page, unsigned char* data, int len,
283284
if (plaintextHeaderSize > 0)
284285
{
285286
usePlaintextHeader = 1;
286-
offset = (plaintextHeaderSize > CIPHER_PAGE1_OFFSET) ? plaintextHeaderSize : CIPHER_PAGE1_OFFSET;
287+
offset = (chacha20Cipher->m_legacy != 0) ? plaintextHeaderSize :
288+
(plaintextHeaderSize > CIPHER_PAGE1_OFFSET) ? plaintextHeaderSize : CIPHER_PAGE1_OFFSET;
287289
}
288290
else
289291
{

src/cipher_config.c

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -178,7 +178,7 @@ sqlite3mc_cipher_name(int cipherIndex)
178178
}
179179

180180
static
181-
int checkParameterValue(const char* paramName, int value)
181+
int checkParameterValue(const char* paramName, int value, const char* cipherName)
182182
{
183183
int ok = 1;
184184
if (sqlite3_stricmp(paramName, "legacy_page_size") == 0 && value > 0)
@@ -187,7 +187,10 @@ int checkParameterValue(const char* paramName, int value)
187187
}
188188
if (ok && sqlite3_stricmp(paramName, "plaintext_header_size") == 0 && value > 0)
189189
{
190-
ok = value % 16 == 0;
190+
if (sqlite3_stricmp(cipherName, "sqlcipher") == 0)
191+
{
192+
ok = value % 16 == 0;
193+
}
191194
}
192195
return ok;
193196
}
@@ -299,7 +302,7 @@ sqlite3mc_config_cipher(sqlite3* db, const char* cipherName, const char* paramNa
299302
if (!hasMinPrefix && !hasMaxPrefix)
300303
{
301304
if (newValue >= 0 && newValue >= param->m_minValue && newValue <= param->m_maxValue &&
302-
checkParameterValue(paramName, newValue))
305+
checkParameterValue(paramName, newValue, cipherName))
303306
{
304307
if (hasDefaultPrefix)
305308
{

src/cipher_sqlcipher.c

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -349,16 +349,24 @@ EncryptPageSQLCipherCipher(void* cipher, int page, unsigned char* data, int len,
349349
int legacy = sqlCipherCipher->m_legacy;
350350
int nReserved = (reserved == 0 && legacy == 0) ? 0 : GetReservedSQLCipherCipher(cipher);
351351
int n = len - nReserved;
352-
int offset = (page == 1) ? (sqlCipherCipher->m_legacy != 0) ? 16 : 24 : 0;
352+
int offset = 0;
353353
int blen;
354354
unsigned char iv[128];
355355
int usePlaintextHeader = 0;
356356

357357
/* Check whether a plaintext header should be used */
358-
if (page == 1 && sqlCipherCipher->m_legacy >= SQLCIPHER_VERSION_4 && sqlCipherCipher->m_plaintextHeaderSize > 0)
358+
if (page == 1)
359359
{
360-
usePlaintextHeader = 1;
361-
offset = sqlCipherCipher->m_plaintextHeaderSize;
360+
int plaintextHeaderSize = sqlCipherCipher->m_plaintextHeaderSize;
361+
offset = (sqlCipherCipher->m_legacy != 0) ? 16 : 24;
362+
if (plaintextHeaderSize > 0)
363+
{
364+
usePlaintextHeader = 1;
365+
if (sqlCipherCipher->m_legacy >= SQLCIPHER_VERSION_4)
366+
{
367+
offset = plaintextHeaderSize;
368+
}
369+
}
362370
}
363371

364372
/* Check whether number of required reserved bytes and actually reserved bytes match */
@@ -423,17 +431,25 @@ DecryptPageSQLCipherCipher(void* cipher, int page, unsigned char* data, int len,
423431
int legacy = sqlCipherCipher->m_legacy;
424432
int nReserved = (reserved == 0 && legacy == 0) ? 0 : GetReservedSQLCipherCipher(cipher);
425433
int n = len - nReserved;
426-
int offset = (page == 1) ? (sqlCipherCipher->m_legacy != 0) ? 16 : 24 : 0;
434+
int offset = 0;
427435
int hmacOk = 1;
428436
int blen;
429437
unsigned char iv[128];
430438
int usePlaintextHeader = 0;
431439

432440
/* Check whether a plaintext header should be used */
433-
if (page == 1 && sqlCipherCipher->m_legacy >= SQLCIPHER_VERSION_4 && sqlCipherCipher->m_plaintextHeaderSize > 0)
441+
if (page == 1)
434442
{
435-
usePlaintextHeader = 1;
436-
offset = sqlCipherCipher->m_plaintextHeaderSize;
443+
int plaintextHeaderSize = sqlCipherCipher->m_plaintextHeaderSize;
444+
offset = (sqlCipherCipher->m_legacy != 0) ? 16 : 24;
445+
if (plaintextHeaderSize > 0)
446+
{
447+
usePlaintextHeader = 1;
448+
if (sqlCipherCipher->m_legacy >= SQLCIPHER_VERSION_4)
449+
{
450+
offset = plaintextHeaderSize;
451+
}
452+
}
437453
}
438454

439455
/* Check whether number of required reserved bytes and actually reserved bytes match */

0 commit comments

Comments
 (0)