Add new cipher scheme AEGIS and other changes

SQLite3 Multiple Ciphers 2.0.0 supports the new cipher scheme AEGIS. Support for it was added to wxSQLite3. The upstream SQLite project is about to remove support for the User Authentication extension completely, beginning with version 3.48.0, which will be released in January 2025. Support for this extension in wxSQLite3 has been disabled.
utelle · Dec 31, 2024 · 5c698ac · 5c698ac
1 parent c231fdb
commit 5c698ac
Show file tree

Hide file tree

Showing 10 changed files with 42,845 additions and 904 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- Upgrade to SQLite3 Multiple Ciphers version 2.0.0 (SQLite version 3.47.2)
+- Removed support for User Authentication extension
+- Added new cipher scheme AEGIS
+
 ## [4.9.12] - 2024-10-22
 
 - Upgrade to SQLite3 Multiple Ciphers version 1.9.0 (SQLite version 3.47.0)

diff --git a/configure.ac b/configure.ac
@@ -4,7 +4,7 @@ dnl Copyright (C) 2017-2024 Ulrich Telle <ulrich@telle-online.de>, Vadim Zeitlin
 dnl
 dnl This file is covered by the same licence as the entire wxSQLite3 package.
 
-AC_INIT([wxsqlite3], [4.9.12], [ulrich@telle-online.de])
+AC_INIT([wxsqlite3], [4.10.0], [ulrich@telle-online.de])
 
 dnl This is the version tested with, might work with earlier ones.
 AC_PREREQ([2.69])
@@ -91,14 +91,24 @@ AC_ARG_WITH([ascon128],
 AS_IF([test "x$with_ascon128" = xno],
     [AC_DEFINE([WXSQLITE3_HAVE_CIPHER_ASCON128], [0], [Define if you have Ascon 128 disabled])])
 
+AC_ARG_WITH([aegis],
+    [AS_HELP_STRING([--without-aegis],
+        [Disable support for Aegis Encryption])],
+    [],
+    [with_aegis=yes])
+
+AS_IF([test "x$with_aegis" = xno],
+    [AC_DEFINE([WXSQLITE3_HAVE_CIPHER_AEGIS], [0], [Define if you have Aegis disabled])])
+
 AC_ARG_ENABLE(codec,
     [  --enable-codec[=<codec type>] Specify the codec type:
                               aes128: AES 128 Bit CBC Encryption
                               aes256: AES 256 Bit CBC Encryption
                               chacha20 [default]: ChaCha20-Poly1305 Encryption
                               sqlcipher: SQLCipher Encryption
                               rc4: RC4 Encryption
-                              ascon128: Ascon 128 Encryption],
+                              ascon128: Ascon 128 Encryption
+                              aegis: Aegis Encryption],
       [if   test "x$enableval" = "xaes128" && test "x$with_aes128cbc" = xyes ; then
         codec_type=CODEC_TYPE_AES128
       elif test "x$enableval" = "xaes256" && test "x$with_aes256cbc" = xyes ; then
@@ -111,6 +121,8 @@ AC_ARG_ENABLE(codec,
         codec_type=CODEC_TYPE_RC4
       elif test "x$enableval" = "xascon128" && test "x$with_ascon128" = xyes ; then
         codec_type=CODEC_TYPE_ASCON128
+      elif test "x$enableval" = "xaegis" && test "x$with_aegis" = xyes ; then
+        codec_type=CODEC_TYPE_AEGIS
       else
         echo
         echo "Error!"
@@ -125,7 +137,8 @@ AS_IF([test "x$with_aes128cbc" = xno &&
        test "x$with_chacha20" = xno &&
        test "x$with_sqlcipher" = xno &&
        test "x$with_rc4" = xno &&
-       test "x$with_ascon128" = xno],
+       test "x$with_ascon128" = xno &&
+       test "x$with_aegis" = xno],
        [AC_DEFINE([WXSQLITE3_HAVE_CODEC], [0], [All ciphers disabled so encryption is disabled])])
 
 dnl We only need the libraries above for the main library itself, but the

diff --git a/include/wx/wxsqlite3.h b/include/wx/wxsqlite3.h
@@ -3,7 +3,7 @@
 ** Purpose:     wxWidgets wrapper around the SQLite3 embedded database library.
 ** Author:      Ulrich Telle
 ** Created:     2005-07-14
-** Copyright:   (c) 2005-2023 Ulrich Telle
+** Copyright:   (c) 2005-2024 Ulrich Telle
 ** License:     LGPL-3.0+ WITH WxWindows-exception-3.1
 */
 
@@ -39,7 +39,8 @@ enum wxSQLite3CipherType
   WXSQLITE_CIPHER_CHACHA20,
   WXSQLITE_CIPHER_SQLCIPHER,
   WXSQLITE_CIPHER_RC4,
-  WXSQLITE_CIPHER_ASCON128
+  WXSQLITE_CIPHER_ASCON128,
+  WXSQLITE_CIPHER_AEGIS
 };
 
 #define WXSQLITE_ERROR 1000
@@ -1290,6 +1291,105 @@ class WXDLLIMPEXP_SQLITE3 wxSQLite3CipherAscon128 : public wxSQLite3Cipher
   int  m_kdfIter;  ///< Iteration count for KDF function
 };
 
+/// Cipher class representing Aegis encryption with Ascon tag
+class WXDLLIMPEXP_SQLITE3 wxSQLite3CipherAegis : public wxSQLite3Cipher
+{
+public:
+  /// Constructor
+  wxSQLite3CipherAegis();
+
+  /// Copy constructor
+  wxSQLite3CipherAegis(const wxSQLite3CipherAegis& cipher);
+
+  /// Destructor
+  virtual ~wxSQLite3CipherAegis();
+
+  /// Initialize the cipher instance based on global default settings
+  /**
+  * The parameters of the cipher instance are initialize with the global default settings of the associated cipher type.
+  * \return true if the cipher instance could be initialized successfully, false otherwise
+  */
+  virtual bool InitializeFromGlobalDefault();
+
+  /// Initialize the cipher instance based on current settings
+  /**
+  * The parameters of the cipher instance are initialize with the current settings of the associated cipher type
+  * as defined in the given database connection.
+  * \param db database instance representing a database connection
+  * \return true if the cipher instance could be initialized successfully, false otherwise
+  */
+  virtual bool InitializeFromCurrent(wxSQLite3Database& db);
+
+  /// Initialize the cipher instance based on current default settings
+  /**
+  * The parameters of the cipher instance are initialize with the current default settings of the associated cipher type
+  * as defined in the given database connection.
+  * \param db database instance representing a database connection
+  * \return true if the cipher instance could be initialized successfully, false otherwise
+  */
+  virtual bool InitializeFromCurrentDefault(wxSQLite3Database& db);
+
+  /// Apply the cipher parameters to a database connection
+  /**
+  * The parameters of the cipher instance are applied to the given database connection.
+  * \param db database instance representing a database connection
+  * \return true if the cipher parameters could be applied successfully, false otherwise
+  */
+  virtual bool Apply(wxSQLite3Database& db) const;
+  virtual bool Apply(void* dbHandle) const;
+
+#if 0
+  // Currently no legacy mode available
+  /// Set legacy mode
+  void SetLegacy(bool legacy) { m_legacy = legacy; }
+
+  /// Get legacy mode
+  bool GetLegacy() const { return m_legacy; }
+#endif
+
+  /// Set number of iterations of KDF function for ordinary key
+  void SetIterCount(int iterCount) { m_tcost = iterCount; }
+
+  /// Get number of iterations of KDF function for ordinary key
+  int GetIterCount() const { return m_tcost; }
+
+  /// Set size of memory in kB of KDF function for ordinary key
+  void SetMemorySize(int memSize) { m_mcost = memSize; }
+
+  /// Get size of memory in kB of KDF function for ordinary key
+  int GetMemorySize() const { return m_mcost; }
+
+  /// Set number of threads of KDF function for ordinary key
+  void SetThreadCount(int threads) { m_pcost = threads; }
+
+  /// Get number of threads of KDF function for ordinary key
+  int GetThreadCount() const { return m_pcost; }
+
+  /// Aegis algorithm types
+  enum Algorithm
+  {
+    ALGORITHM_AEGIS_128L = 1,
+    ALGORITHM_AEGIS_128X2,
+    ALGORITHM_AEGIS_128X4,
+    ALGORITHM_AEGIS_256,
+    ALGORITHM_AEGIS_256X2,
+    ALGORITHM_AEGIS_256X4
+  };
+
+  /// Set Aegis algorithm to be used for encryption
+  void SetAlgorithm(Algorithm algorithm) { m_algorithm = algorithm; }
+
+  /// Get Aegis algorithm used for encryption
+  Algorithm GetAlgorithm() const { return m_algorithm; }
+
+private:
+  bool m_legacy;  ///< Flag for legacy mode
+  int  m_tcost;   ///< Time cost (number of iterations) for KDF function
+  int  m_mcost;   ///< Amount of memory in kB for KDF function
+  int  m_pcost;   ///< Parallelism (number of threads) for KDF function
+  Algorithm m_algorithm; ///< Aegis algorithm to be used for encryption
+};
+
 
 /// Interface for a user defined hook function
 /**

diff --git a/include/wx/wxsqlite3_version.h b/include/wx/wxsqlite3_version.h
@@ -13,9 +13,9 @@
 #define WXSQLITE3_VERSION_H_
 
 #define WXSQLITE3_MAJOR_VERSION      4
-#define WXSQLITE3_MINOR_VERSION      9
-#define WXSQLITE3_RELEASE_NUMBER     12
+#define WXSQLITE3_MINOR_VERSION      10
+#define WXSQLITE3_RELEASE_NUMBER     0
 #define WXSQLITE3_SUBRELEASE_NUMBER  0
-#define WXSQLITE3_VERSION_STRING     "wxSQLite3 4.9.12"
+#define WXSQLITE3_VERSION_STRING     "wxSQLite3 4.10.0"
 
 #endif // WXSQLITE3_VERSION_H_
diff --git a/include/wx/wxsqlite3def.h b/include/wx/wxsqlite3def.h
@@ -46,6 +46,14 @@
 
 <dl>
 
+<dt><b>4.10.0</b> - <i>December 2024</i></dt>
+<dd>
+Upgrade to <i>SQLite3 Multiple Ciphers version 2.0.0 (SQLite version 3.47.2)</i><br>
+Removed <i>User Authentication</i> extension<br>
+Added new cipher scheme AEGIS
+
+</dd>
+
 <dt><b>4.9.12</b> - <i>October 2024</i></dt>
 <dd>
 Upgrade to <i>SQLite3 Multiple Ciphers version 1.9.0 (SQLite version 3.47.0)</i>

diff --git a/samples/minimal.cpp b/samples/minimal.cpp
@@ -4,7 +4,7 @@
 **              This example is based on the CppSQLite example.
 ** Author:      Ulrich Telle
 ** Created:     2005-07-14
-** Copyright:   (c) 2005-2018 Ulrich Telle
+** Copyright:   (c) 2005-2024 Ulrich Telle
 ** License:     LGPL-3.0+ WITH WxWindows-exception-3.1
 */
 
@@ -123,69 +123,6 @@ static void testTransaction()
 	clearDB(db);
 }
 
-static void testUserAuthentication()
-{
-  wxString testDBName = wxGetCwd() + wxS("/test3.db");
-  if (wxFileExists(testDBName))
-  {
-    wxRemoveFile(testDBName);
-  }
-  wxSQLite3Database* db = new wxSQLite3Database();
-  try
-  {
-    db->Open(testDBName);
-    db->UserAdd(wxS("testuser"), wxS("testpswd"), true);
-    cout << "User authentication enabled for database using 'testuser'." << endl;
-    if (db->UserLogin(wxS("sampleuser"), wxS("samplepswd")))
-    {
-      cout << "'sampleuser' successfully logged in, but this shouldn't happen due to enabled user authentication." << endl;
-    }
-    else
-    {
-      cout << "Login of 'sampleuser' rejected." << endl;
-    }
-    if (db->UserLogin(wxS("testuser"), wxS("testpswd")))
-    {
-      cout << "Login of 'testuser' succeeded." << endl;
-      db->ExecuteUpdate(wxS("CREATE TABLE test (col1 INTEGER)"));
-      db->ExecuteUpdate(wxS("INSERT INTO test (col1) VALUES (2)"));
-      db->UserAdd(wxS("myuser"), wxS("mypswd"), false);
-      cout << "Added 'myuser' without privileges." << endl;
-      if (db->UserIsPrivileged(wxS("myuser")))
-      {
-        cout << "'myuser' is privileged." << endl;
-      }
-      else
-      {
-        cout << "'myuser' is NOT privileged." << endl;
-      }
-      db->UserChange(wxS("myuser"), wxS("mypswd"), true);
-      cout << "Make 'myuser' privileged." << endl;
-      if (db->UserIsPrivileged(wxS("myuser")))
-      {
-        cout << "'myuser' is now privileged." << endl;
-      }
-      else
-      {
-        cout << "'myuser' is still NOT privileged." << endl;
-      }
-      db->UserDelete(wxS("myuser"));
-      cout << "'myuser' deleted." << endl;
-    }
-    else
-    {
-      cout << "Login of 'testuser' failed unexpectedly." << endl;
-    }
-    db->Close();
-  }
-  catch (wxSQLite3Exception& e)
-  {
-    cerr << e.GetErrorCode() << ":" << (const char*)(e.GetMessage().mb_str()) << endl;
-  }
-
-  delete db;
-}
-
 // User defined aggregate function
 class MyAggregateFunction : public wxSQLite3AggregateFunction
 {
@@ -864,12 +801,6 @@ int Minimal::OnRun()
     cout << endl << "Test of RAII transactions" << endl;
     testTransaction();
 
-    if (wxSQLite3Database::HasUserAuthenticationSupport())
-    {
-      cout << endl << "Test of user authentication" << endl;
-      testUserAuthentication();
-    }
-
     // Test accessing encrypted database files (currently SQLCipher only)
     TestCiphers();