int sqlite3CodecAttach(sqlite3 *db, int nDb, const void *zKey, int nKey) { BOTANSQLITE_TRACE("sqlite3CodecAttach"); void *pCodec = NULL; if (!zKey || nKey <= 0) { Pager *pager = sqlite3BtreePager(db->aDb[nDb].pBt); // No key specified, could mean either use the main db's encryption or no encryption if (nDb != 0 && nKey < 0) { // Is an attached database, therefore use the key of main database, if main database is encrypted void *pMainCodec = sqlite3PagerGetCodec(sqlite3BtreePager(db->aDb[0].pBt)); if (pMainCodec) { pCodec = InitializeFromOtherCodec(pMainCodec, db); sqlite3PagerSetCodec( pager, Codec, CodecSizeChange, PagerFreeCodec, pCodec); } } else { // No encryption requested sqlite3PagerSetCodec(pager, NULL, NULL, NULL, NULL); } } else { // Key specified, setup encryption key for database pCodec = InitializeNewCodec(db); assert(nKey >= 0); SetWriteKey(pCodec, (const char*) zKey, (size_t) nKey); if (HandleError(pCodec)) { DeleteCodec(pCodec); return SQLITE_ERROR; } SetReadIsWrite(pCodec); sqlite3PagerSetCodec( sqlite3BtreePager(db->aDb[nDb].pBt), Codec, CodecSizeChange, PagerFreeCodec, pCodec); } if (HandleError(pCodec)) return SQLITE_ERROR; return SQLITE_OK; }
int sqlite3CodecAttach(sqlite3 *db, int nDb, const void *zKey, int nKey) { void *pCodec; if (zKey == NULL || nKey <= 0) { // No key specified, could mean either use the main db's encryption or no encryption if (nDb != 0 && nKey < 0) { //Is an attached database, therefore use the key of main database, if main database is encrypted void *pMainCodec = sqlite3PagerGetCodec(sqlite3BtreePager(db->aDb[0].pBt)); if (pMainCodec != NULL) { pCodec = InitializeFromOtherCodec(pMainCodec, db); sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt), sqlite3Codec, sqlite3CodecSizeChange, sqlite3PagerFreeCodec, pCodec); } } } else { // Key specified, setup encryption key for database pCodec = InitializeNewCodec(db); GenerateWriteKey(pCodec, (const char*) zKey, nKey); SetReadIsWrite(pCodec); sqlite3PagerSetCodec(sqlite3BtreePager(db->aDb[nDb].pBt), sqlite3Codec, sqlite3CodecSizeChange, sqlite3PagerFreeCodec, pCodec); } if (HandleError(pCodec)) return SQLITE_ERROR; return SQLITE_OK; }
int sqlite3_rekey(sqlite3 *db, const void *zKey, int nKey) { BOTANSQLITE_TRACE("sqlite3_rekey"); // Changes the encryption key for an existing database. int rc = SQLITE_ERROR; Btree *pbt = db->aDb[0].pBt; Pager *pPager = sqlite3BtreePager(pbt); void *pCodec = sqlite3PagerGetCodec(pPager); if ((!zKey || nKey <= 0) && !pCodec) { // Database not encrypted and key not specified. Do nothing return SQLITE_OK; } if (!pCodec) { // Database not encrypted, but key specified. Encrypt database pCodec = InitializeNewCodec(db); assert(nKey >= 0); SetWriteKey(pCodec, (const char*) zKey, (size_t) nKey); if (HandleError(pCodec)) { DeleteCodec(pCodec); return SQLITE_ERROR; } sqlite3PagerSetCodec(pPager, Codec, CodecSizeChange, PagerFreeCodec, pCodec); } else if (!zKey || nKey <= 0) { // Database encrypted, but key not specified. Decrypt database // Keep read key, drop write key DropWriteKey(pCodec); } else { // Database encrypted and key specified. Re-encrypt database with new key // Keep read key, change write key to new key assert(nKey >= 0); SetWriteKey(pCodec, (const char*) zKey, (size_t) nKey); if (HandleError(pCodec)) return SQLITE_ERROR; } // Start transaction rc = sqlite3BtreeBeginTrans(pbt, 1); if (rc == SQLITE_OK) { // Rewrite all pages using the new encryption key (if specified) int nPageCount = -1; sqlite3PagerPagecount(pPager, &nPageCount); Pgno nPage = (Pgno) nPageCount; Pgno nSkip = PAGER_MJ_PGNO(pPager); DbPage *pPage; Pgno n; for (n = 1; rc == SQLITE_OK && n <= nPage; n++) { if (n == nSkip) continue; rc = sqlite3PagerGet(pPager, n, &pPage, 0); if (rc == SQLITE_OK) { rc = sqlite3PagerWrite(pPage); sqlite3PagerUnref(pPage); } else { sqlite3ErrorWithMsg(db, SQLITE_ERROR, "%s", "Error while rekeying database page. Transaction Canceled."); } } } else { sqlite3ErrorWithMsg(db, SQLITE_ERROR, "%s", "Error beginning rekey transaction. Make sure that the current encryption key is correct."); } if (rc == SQLITE_OK) { // All good, commit rc = sqlite3BtreeCommit(pbt); if (rc == SQLITE_OK) { //Database rekeyed and committed successfully, update read key if (HasWriteKey(pCodec)) { SetReadIsWrite(pCodec); } else //No write key == no longer encrypted { sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL); } } else { //FIXME: can't trigger this, not sure if rollback is needed, reference implementation didn't rollback sqlite3ErrorWithMsg(db, SQLITE_ERROR, "%s", "Could not commit rekey transaction."); } } else { // Rollback, rekey failed sqlite3BtreeRollback(pbt, SQLITE_ERROR, 0); // go back to read key if (HasReadKey(pCodec)) { SetWriteIsRead(pCodec); } else //Database wasn't encrypted to start with { sqlite3PagerSetCodec(pPager, NULL, NULL, NULL, NULL); } } return rc; }