Diff
Not logged in
HomeFilesLeavesTimelineBranchesTagsTicketsWikiLogin

Differences From:

File src/blob.c part of check-in [054dd31b71] - Use our own isspace() function since the standard-library isspace() sometimes gives incorrect results for non-ASCII characters. by drh on 2008-11-03 21:56:09. [view]

To:

File src/blob.c part of check-in [5468ec7c5e] - Incremental changes toward encrypting sync traffic. The changes are incomplete, but all legacy functionality appears to still works. by drh on 2009-03-26 15:32:43. [view] 
@@ -844,8 +844,120 @@
     blob_reset(&b2);
     blob_reset(&b3);
   }
   printf("ok\n");
+}
+
+/*
+** Do an RC4 encryption/decryption.
+**
+** The key is formed by concatenating zPassword and aNonce and taking
+** the sha1 hash of the result.  The first 1000 bytes of the rc4 bytestream
+** are discarded.  The next nIn bytes of the rc4 bytestream are XORed
+** against aIn and the result is written into aOut.
+*/
+static void rc4_coder(
+  const char *zPassword,   /* The password */
+  const char *aNonce,      /* One-time nonce for this encryption */
+  int nNonce,              /* Number of bytes in the nonce */
+  const char *aIn,         /* Input text */
+  int nIn,                 /* Number of bytes of input text */
+  char *aOut               /* Output text */
+){
+  Blob key;
+  int k;
+  unsigned char i, j, t;
+  unsigned char s[256];
+  unsigned char *pKey;
+  int nKey;
+
+  blob_zero(&key);
+  blob_append(&key, zPassword, -1);
+  blob_append(&key, aNonce, nNonce);
+  sha1sum_blob(&key, &key);
+  pKey = (unsigned char*)key.aData;
+  nKey = key.nUsed;
+
+  /* Key the RC4 codec */
+  for(k=0; k<256; k++) s[k] = k;
+  for(i=j=0, k=0; k<256; k++, i++){
+    j += pKey[i % nKey] + s[i];
+    t = s[i];
+    s[i] = s[j];
+    s[j] = t;
+  }
+  blob_reset(&key);
+
+  /* Skip the first 1000 bytes of output */
+  i = j = 0;
+  for(k=0; k<1000; k++){
+    i++;
+    j += s[i];
+    t = s[i];
+    s[i] = s[j];
+    s[j] = t;
+  }
+
+  /* Encode nIn bytes */
+  for(k=0; k<nIn; k++){
+    i++;
+    j += s[i];
+    t = s[i];
+    s[i] = s[j];
+    s[j] = t;
+    aOut[k] = aIn[k] ^ s[(s[i] + s[j])&255];
+  }
+}
+
+/*
+** Encrypt a blob using RC4.
+**
+** The key is constructed by taking the sha1 hash of the password
+** and a random 20-byte nonce.  This nonce becomes the first 20 bytes
+** of the encrypted output.  The first 1000 bytes of the RC4 byte stream
+** are discarded.  The input is XORed against the remaining RC4 byte stream
+** to generate the rest of the output.
+**
+** Only that portion of pIn beginning at the current cursor location and
+** extending to the end of the blob is encrypted.  Any content of pIn
+** prior to the current cursor position is ignored.
+**
+** Because of the prepended nonce, the output will be 20 bytes larger
+** than the input.
+**
+** pOut should be initialized prior to invoking this routine.  pOut might
+** already contain other content.  The encryption is appended to pOut.
+*/
+void blob_encrypt(Blob *pIn, const char *zPassword, Blob *pOut){
+  unsigned char aNonce[20];
+  unsigned char *aIn;
+  int nIn;
+  unsigned char *aOut;
+
+  sqlite3_randomness(sizeof(aNonce), aNonce);
+  aIn = (unsigned char*)pIn->aData;
+  aIn += pIn->iCursor;
+  nIn = pIn->nUsed - pIn->iCursor;
+  if( nIn<=0 ) return;
+
+}
+
+/*
+** Decrypt a blob.
+**
+** This routine undoes the work of blob_encrypt.  pIn should be a blob
+** that was generated by blob_encrypt.  Assuming the same password is
+** used, the original unencrypted text will be written into pOut.
+**
+** Only that portion of pIn beginning at the current cursor location and
+** extending to the end of the blob is decrypted.  Any content of pIn
+** prior to the current cursor position is ignored.
+**
+** pOut should be initialized prior to invoking this routine.  pOut might
+** already contain other content.  The encryption is appended to pOut.
+*/
+void blob_decrypt(Blob *pIn, const char *zPassword, Blob *pOut){
+  /* TBD... */
 }
 
 #ifdef __MINGW32__
 /*

Fossil version [c0211010a1] 2009-12-13 01:31:36