Replaced system SQLite with SQLCipher to support encrypted database

2025-06-07 18:11:17 +03:00
parent f4198d62a7
commit 177d74700f
534 changed files with 362771 additions and 21 deletions
--- a/Sources/DataLiteC/libtomcrypt/pk/asn1/pkcs8/pkcs8_decode_flexi.c
+++ b/Sources/DataLiteC/libtomcrypt/pk/asn1/pkcs8/pkcs8_decode_flexi.c
@@ -0,0 +1,106 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
+/* SPDX-License-Identifier: Unlicense */
+#include "tomcrypt_private.h"
+
+#ifdef LTC_PKCS_8
+
+/**
+   PKCS#8 decrypt if necessary & flexi-decode
+
+   @param in            Pointer to the ASN.1 encoded input data
+   @param inlen         Length of the input data
+   @param pwd           Pointer to the password that was used when encrypting
+   @param pwdlen        Length of the password
+   @param decoded_list  Pointer to a pointer for the flexi-decoded list
+   @return CRYPT_OK on success
+*/
+int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
+                       const password_ctx   *pw_ctx,
+                             ltc_asn1_list **decoded_list)
+{
+   unsigned long len = inlen;
+   unsigned long dec_size;
+   unsigned char *dec_data = NULL;
+   ltc_asn1_list *l = NULL;
+   int err;
+   pbes_arg pbes;
+
+   LTC_ARGCHK(in           != NULL);
+   LTC_ARGCHK(decoded_list != NULL);
+
+   XMEMSET(&pbes, 0, sizeof(pbes));
+
+   *decoded_list = NULL;
+   if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) {
+      /* the following "if" detects whether it is encrypted or not */
+      /* PKCS8 Setup
+       *  0:d=0  hl=4 l= 380 cons: SEQUENCE
+       *  4:d=1  hl=2 l=  78 cons:   SEQUENCE
+       *  6:d=2  hl=2 l=   9 prim:     OBJECT             :OID indicating PBES1 or PBES2 (== *lalgoid)
+       * 17:d=2  hl=2 l=  65 cons:     SEQUENCE
+       *     Stuff in between is dependent on whether it's PBES1 or PBES2
+       * 84:d=1  hl=4 l= 296 prim:   OCTET STRING         :bytes (== encrypted data)
+       */
+      if (l->type == LTC_ASN1_SEQUENCE &&
+          LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) &&
+          LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
+          LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) &&
+          LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) {
+         ltc_asn1_list *lalgoid = l->child->child;
+
+         if ((pw_ctx == NULL) || (pw_ctx->callback == NULL)) {
+            err = CRYPT_PW_CTX_MISSING;
+            goto LBL_DONE;
+         }
+
+         if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) {
+            /* Successfully extracted PBES1 parameters */
+         } else if (pbes2_extract(lalgoid, &pbes) == CRYPT_OK) {
+            /* Successfully extracted PBES2 parameters */
+         } else {
+            /* unsupported encryption */
+            err = CRYPT_INVALID_PACKET;
+            goto LBL_DONE;
+         }
+
+         if (pw_ctx->callback(&pbes.pw.pw, &pbes.pw.l, pw_ctx->userdata)) {
+            err = CRYPT_ERROR;
+            goto LBL_DONE;
+         }
+
+         pbes.enc_data = l->child->next;
+
+         dec_size = pbes.enc_data->size;
+         if ((dec_data = XMALLOC(dec_size)) == NULL) {
+            err = CRYPT_MEM;
+            goto LBL_DONE;
+         }
+
+         if ((err = pbes_decrypt(&pbes, dec_data, &dec_size)) != CRYPT_OK) goto LBL_DONE;
+
+         der_free_sequence_flexi(l);
+         l = NULL;
+         err = der_decode_sequence_flexi(dec_data, &dec_size, &l);
+         if (err != CRYPT_OK) goto LBL_DONE;
+         *decoded_list = l;
+      }
+      else {
+         /* not encrypted */
+         err = CRYPT_OK;
+         *decoded_list = l;
+      }
+      /* Set l to NULL so it won't be free'd */
+      l = NULL;
+   }
+
+LBL_DONE:
+   if (dec_data) {
+      zeromem(dec_data, dec_size);
+      XFREE(dec_data);
+   }
+   password_free(&pbes.pw, pw_ctx);
+   if (l) der_free_sequence_flexi(l);
+   return err;
+}
+
+#endif