vapor / sqlite-nio

Non-blocking wrapper for libsqlite3-dev using SwiftNIO
MIT License
62 stars 16 forks source link

Support SQLcipher #72

Open talmeme opened 3 months ago

talmeme commented 3 months ago

SQLcipher is a standalone fork of the SQLite database library that adds 256 bit AES encryption of database files and other security features like:

SQLcipher uses one of CommonCrypto, libtomcrypt, NSS and OpenSSL for crypto functionality.

talmeme commented 3 months ago

I have a working integration, with corresponding SQLite-Kit and Fluent SQLite driver.

And a demo. Tested working on macOS Sonoma aarch64 and Ubuntu 22.04 aarch64 with Swift v5.10.

0xTim commented 3 months ago

If this can be achieved using Swift Crypto we can probably looking at merging it. Otherwise it's probably a no go

talmeme commented 3 months ago

If this can be achieved using Swift Crypto we can probably looking at merging it. Otherwise it's probably a no go

SQLcipher is implemented in C using SQLite's deprecated codec hooks and compiled together with SQLite's C source. This likely precludes using Swift Crypto to implement an SQLcipher crypto provider.

An alternative approach is to use SQLite's VFS mechanism, as is done by SQLite3MultipleCiphers. Not sure how feasible to implement an SQLite VFS in Swift.

0xTim commented 3 months ago

I'll let Gwynne chime in when she's back as she knows this far better than I do. The main issue is the inclusion of a system dependency on tomcrypt which complicates a number of things, including the fact that it hasn't had a release in 6 years and I find it very hard to believe there haven't been any security issues in that time.

OpenSSL is probably the only possibility if we need to link against something, but again, its a bulky library and another dependency that's required regardless of whether you're using it or not

talmeme commented 3 months ago

I agree on tomcrypt. I use it because that's what Skip does, so I started with something known working.

I now see that it is easy to link SQLcipher with OpenSSL. BoringSSL works too, although, as you have mentioned, BoringSSL doesn't have stable API and usually needs to be built from source.

talmeme commented 3 months ago

Updates: