diff options
| -rw-r--r-- | src/leap/soledad/backends/sqlcipher.py | 28 | 
1 files changed, 24 insertions, 4 deletions
| diff --git a/src/leap/soledad/backends/sqlcipher.py b/src/leap/soledad/backends/sqlcipher.py index b910d879..5825b844 100644 --- a/src/leap/soledad/backends/sqlcipher.py +++ b/src/leap/soledad/backends/sqlcipher.py @@ -25,9 +25,23 @@ with the exception of the following statements:    * PRAGMA cipher_use_hmac    * PRAGMA cipher_default_use_mac -These statements were introduced for backwards compatibility with SLCipher 1.1 -databases, so we do not implement them as all our SQLCipher databases handled -by Soledad are created with SQLCipher >= 2.0. +SQLCipher 2.0 introduced a per-page HMAC to validate that the page data has +not be tampered with. By default, when creating or opening a database using +SQLCipher 2, SQLCipher will attempt to use an HMAC check. This change in +database format means that SQLCipher 2 can't operate on version 1.1.x +databases by default. Thus, in order to provide backward compatibility with +SQLCipher 1.1.x, PRAGMA cipher_use_hmac can be used to disable the HMAC +functionality on specific databases. + +In some very specific cases, it is not possible to call PRAGMA cipher_use_hmac +as one of the first operations on a database. An example of this is when +trying to ATTACH a 1.1.x database to the main database. In these cases PRAGMA +cipher_default_use_hmac can be used to globally alter the default use of HMAC +when opening a database. + +So, as the statements above were introduced for backwards compatibility with +SLCipher 1.1 databases, we do not implement them as all SQLCipher databases +handled by Soledad should be created by SQLCipher >= 2.0.  """  import os @@ -441,7 +455,9 @@ class SQLCipherDatabase(sqlite_backend.SQLitePartialExpandDatabase):          The key itself can be a passphrase, which is converted to a key using          PBKDF2 key derivation. The result is used as the encryption key for -        the database. +        the database. By using this method, there is no way to alter the KDF; +        if you want to do so you should use a raw key instead and derive the +        key using your own KDF.          @param db_handle: A handle to the SQLCipher database.          @type db_handle: pysqlcipher.Connection @@ -478,6 +494,10 @@ class SQLCipherDatabase(sqlite_backend.SQLitePartialExpandDatabase):          operation. It is possible to change this, though not generally          recommended, using PRAGMA cipher. +        SQLCipher makes direct use of libssl, so all cipher options available +        to libssl are also available for use with SQLCipher. See `man enc` for +        OpenSSL's supported ciphers. +          Implementation Notes:          * PRAGMA cipher must be called after PRAGMA key and before the first | 
