keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
dev
voice-calls-2
voice-calls
authentication
2.5.0
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.2
2.3.1
2.3.0
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.9
2.2.6
2.2.4
2.2.2
2.2.1
2.2.0
2.1.1
2.0.3
2.0.2
2.0.1
2.0.0
1.0.0-alpha.1
audit-2
audit
2.8.0
2.7.4
2.7.3
2.7.2
2.7.1
2.7.0
2.6.3
2.6.2
2.6.1
2.6.0
2.2.8
2.2.7
2.2.5
2.2.3
2.1.0
1.9.7
1.9.6
1.9.5
1.9.4
1.9.3
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.0
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1-beta
1.5.0-beta
1.5.0
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.0-beta
1.4.0
1.3.0-alpha.1
1.3.0
1.2.6
1.2.5
1.2.4
1.2.3
1.2.1
1.2.0-alpha.2
1.2.0-alpha.1
1.2.0
1.13.0
1.12.9
1.12.8
1.12.7
1.12.6
1.12.5
1.12.4
1.12.2
1.12.1
1.11.9
1.11.8
1.11.7
1.11.6
1.11.5
1.11.4
1.11.3
1.11.24
1.11.23
1.11.22
1.11.21
1.11.20
1.11.2
1.11.19
1.11.18
1.11.17
1.11.16
1.11.15
1.11.14
1.11.13
1.11.12
1.11.11
1.11.10
1.11.1
1.11.0
1.10.2
1.10.1
1.10.0
1.1.0-alpha.4
1.1.0-alpha.3
1.1.0-alpha.2
1.1.0-alpha.1
1.1.0
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0-alpha.3
1.0.0-alpha.2
1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5ba5b763e4'
${ noResults }
session-ios/SignalMessaging/utils/OWSDatabaseConverter.m

229 lines
10 KiB
Objective-C
Raw Blame History

//
// Copyright (c) 2018 Open Whisper Systems. All rights reserved.
//
#import "OWSDatabaseConverter.h"
#import <SignalServiceKit/OWSFileSystem.h>
#import <SignalServiceKit/TSStorageManager.h>
NS_ASSUME_NONNULL_BEGIN
@implementation OWSDatabaseConverter
+ (BOOL)doesDatabaseNeedToBeConverted:(NSString *)databaseFilePath
{
if (![[NSFileManager defaultManager] fileExistsAtPath:databaseFilePath]) {
DDLogVerbose(@"%@ Skipping database conversion; no legacy database found.", self.logTag);
return NO;
}
NSError *error;
// We use NSDataReadingMappedAlways instead of NSDataReadingMappedIfSafe because
// we know the database will always exist for the duration of this instance of NSData.
NSData *_Nullable data = [NSData dataWithContentsOfURL:[NSURL fileURLWithPath:databaseFilePath]
options:NSDataReadingMappedAlways
error:&error];
if (!data || error) {
DDLogError(@"%@ Couldn't read legacy database file header.", self.logTag);
// TODO: Make a convenience method (on a category of NSException?) that
// flushes DDLog before raising a terminal exception.
[NSException raise:@"Couldn't read legacy database file header" format:@""];
}
// Pull this constant out so that we can use it in our YapDatabase fork.
const int kSqliteHeaderLength = 32;
NSData *_Nullable headerData = [data subdataWithRange:NSMakeRange(0, kSqliteHeaderLength)];
if (!headerData || headerData.length != kSqliteHeaderLength) {
[NSException raise:@"Database database file header has unexpected length"
format:@"Database database file header has unexpected length: %zd", headerData.length];
}
NSString *kUnencryptedHeader = @"SQLite format 3\0";
NSData *unencryptedHeaderData = [kUnencryptedHeader dataUsingEncoding:NSUTF8StringEncoding];
BOOL isUnencrypted = [unencryptedHeaderData
isEqualToData:[headerData subdataWithRange:NSMakeRange(0, unencryptedHeaderData.length)]];
if (isUnencrypted) {
DDLogVerbose(@"%@ Skipping database conversion; legacy database header already decrypted.", self.logTag);
return NO;
}
return YES;
}
+ (void)convertDatabaseIfNecessary
{
NSString *databaseFilePath = [TSStorageManager legacyDatabaseFilePath];
[self convertDatabaseIfNecessary:databaseFilePath];
}
+ (void)convertDatabaseIfNecessary:(NSString *)databaseFilePath
{
if (![self doesDatabaseNeedToBeConverted:databaseFilePath]) {
return;
}
[self convertDatabase];
}
+ (void)convertDatabase
{
// TODO:
// Hello Matthew,
//
// I hope you're doing well. We've just pushed some changes out to the SQLCipher prerelease branch on GitHub that
// implement the functionality we talked about that add a few new options:
//
// 1. PRAGMA cipher_plaintext_header_size - set or query the number of bytes to be left unencrypted on the start
// of the first page. This pragma would be called after keying the database, but before use. In our testing 32
// works for iOS
// 2. PRAGMA cipher_default_plaintext_header_size - set the "global" default to be used when opening database
// connections
// 3. PRAGMA cipher_salt - set or query the salt for the database
//
// When working with the SQLCipherVsSharedData application, there are two changes required. First, modify
// the Podfile to reference SQLCipher with these changes:
//
// pod 'SQLCipher', :git => 'https://github.com/sqlcipher/sqlcipher.git', :commit => 'd5c2bec'
//
// Next, set the plaintext header size immediately after the key is provided:
//
// int status = sqlite3_exec(db, "PRAGMA cipher_plaintext_header_size = 32;", NULL, NULL, NULL);
//
//
// This should allow the demo app to background correctly.
//
// In practice, for a real application, the other changes we talked about on the phone need occur, i.e. to
// provide the salt to the application explicitly. The application can use a raw key spec, where the 96 hex are
// provide (i.e. 64 hex for the 256 bit key, followed by 32 hex for the 128 bit salt) using explicit BLOB syntax,
// e.g.
//
// x'98483C6EB40B6C31A448C22A66DED3B5E5E8D5119CAC8327B655C8B5C483648101010101010101010101010101010101'
//
// Alternately, the application can use the new cipher_salt PRAGMA to provide 32 hex to use as salt in
// conjunction with a standard derived key, e.g.
//
// PRAGMA cipher_salt = "x'01010101010101010101010101010101'";
//
// Since you mentioned the Signal application is using a derived key, the second option might be easiest. You
// could load the first 16 bytes of the existing file, or query the database using cipher_salt, and then store
// that along side the key in the keychain. Then following migration you can provide both the key and the salt
// explicitly.
//
// With respect to migrating existing databases, it is possible to open a database, set the pragma, modify the
// first page, then checkpoint to ensure that all WAL frames are written back to the main database. This allows
// you to "decrypt" the first part of the header almost instantaneously, without having to re-encrypt all of the
// content. Keep in mind that you'll need to record the salt separately in this case. There are a few examples of
// this in the test cases we wrote up for this new functionality, starting here:
//
// https://github.com/sqlcipher/sqlcipher/blob/d5c2bec7688cef298292906c029d26b2c043219d/test/crypto.test#L2669
//
// I was hoping you could take a look at this new functionality, provide feedback, and perform some initial
// testing on your side. Please let us know if you have any questions, or would like to discuss the specifics of
// implementation further. Thanks!
//
// Cheers,
// Stephen
// - (BOOL)openDatabase
// {
// // Open the database connection.
// //
// // We use SQLITE_OPEN_NOMUTEX to use the multi-thread threading mode,
// // as we will be serializing access to the connection externally.
//
// int flags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_NOMUTEX | SQLITE_OPEN_PRIVATECACHE;
//
// int status = sqlite3_open_v2([databasePath UTF8String], &db, flags, NULL);
// if (status != SQLITE_OK)
// {
// // There are a few reasons why the database might not open.
// // One possibility is if the database file has become corrupt.
//
// // Sometimes the open function returns a db to allow us to query it for the error message.
// // The openConfigCreate block will close it for us.
// if (db) {
// YDBLogError(@"Error opening database: %d %s", status, sqlite3_errmsg(db));
// }
// else {
// YDBLogError(@"Error opening database: %d", status);
// }
//
// return NO;
// }
// // Add a busy handler if we are in multiprocess mode
// if (options.enableMultiProcessSupport) {
// sqlite3_busy_handler(db, connectionBusyHandler, (__bridge void *)(self));
// }
//
// return YES;
// }
//
//
//
//#ifdef SQLITE_HAS_CODEC
// /**
// * Configures database encryption via SQLCipher.
// **/
// - (BOOL)configureEncryptionForDatabase:(sqlite3 *)sqlite
// {
// if (options.cipherKeyBlock)
// {
// NSData *keyData = options.cipherKeyBlock();
//
// if (keyData == nil)
// {
// NSAssert(NO, @"YapDatabaseOptions.cipherKeyBlock cannot return nil!");
// return NO;
// }
//
// //Setting the PBKDF2 default iteration number (this will have effect next time database is opened)
// if (options.cipherDefaultkdfIterNumber > 0) {
// char *errorMsg;
// NSString *pragmaCommand = [NSString stringWithFormat:@"PRAGMA cipher_default_kdf_iter = %lu",
// (unsigned long)options.cipherDefaultkdfIterNumber]; if (sqlite3_exec(sqlite, [pragmaCommand
// UTF8String], NULL, NULL, &errorMsg) != SQLITE_OK)
// {
// YDBLogError(@"failed to set database cipher_default_kdf_iter: %s", errorMsg);
// return NO;
// }
// }
//
// //Setting the PBKDF2 iteration number
// if (options.kdfIterNumber > 0) {
// char *errorMsg;
// NSString *pragmaCommand = [NSString stringWithFormat:@"PRAGMA kdf_iter = %lu", (unsigned
// long)options.kdfIterNumber]; if (sqlite3_exec(sqlite, [pragmaCommand UTF8String], NULL, NULL,
// &errorMsg) != SQLITE_OK)
// {
// YDBLogError(@"failed to set database kdf_iter: %s", errorMsg);
// return NO;
// }
// }
//
// //Setting the encrypted database page size
// if (options.cipherPageSize > 0) {
// char *errorMsg;
// NSString *pragmaCommand = [NSString stringWithFormat:@"PRAGMA cipher_page_size = %lu", (unsigned
// long)options.cipherPageSize]; if (sqlite3_exec(sqlite, [pragmaCommand UTF8String], NULL, NULL,
// &errorMsg) != SQLITE_OK)
// {
// YDBLogError(@"failed to set database cipher_page_size: %s", errorMsg);
// return NO;
// }
// }
//
// int status = sqlite3_key(sqlite, [keyData bytes], (int)[keyData length]);
// if (status != SQLITE_OK)
// {
// YDBLogError(@"Error setting SQLCipher key: %d %s", status, sqlite3_errmsg(sqlite));
// return NO;
// }
// }
//
// return YES;
// }
//#endif
}
@end
NS_ASSUME_NONNULL_END
Reference in New Issue View Git Blame Copy Permalink