fix: update extension to 0.2.2

indutny-signal · indutny-signal · commit ee6c652c6bf6 · 2025-08-15T10:36:07.000-07:00
diff --git a/deps/extension/Cargo.lock b/deps/extension/Cargo.lock
diff --git a/deps/extension/Cargo.toml b/deps/extension/Cargo.toml
@@ -5,7 +5,7 @@
 
 [package]
 name = "signal-sqlcipher-extension"
-version = "0.2.1"
+version = "0.2.2"
 edition = "2021"
 license = "AGPL-3.0-only"
 
@@ -23,6 +23,7 @@ cbc = "0.1.2"
 hmac = "0.12.1"
 pbkdf2 = "0.12.2"
 rand_core = { version = "0.6.4", "default-features" = false, features = ["getrandom"] }
+sha1 = { version = "0.10.6", "default-features" = false }
 sha2 = { version = "0.10.8", "default-features" = false }
 signal-tokenizer = { git = "https://github.com/signalapp/Signal-FTS5-Extension" }
 
diff --git a/deps/extension/src/lib.rs b/deps/extension/src/lib.rs
@@ -10,6 +10,7 @@ use core::ffi::{c_char, c_int, c_uchar, c_void};
 use hmac::{Hmac, Mac};
 use pbkdf2::pbkdf2_hmac;
 use rand_core::{OsRng, RngCore};
+use sha1::Sha1;
 use sha2::Sha512;
 
 pub use signal_tokenizer;
@@ -70,6 +71,7 @@ extern "C" fn random(_ctx: *mut c_void, buf: *mut c_void, length: c_int) -> c_in
 extern "C" fn get_hmac_sz(_ctx: *mut c_void, algorithm: c_int) -> c_int {
     match algorithm {
         SQLCIPHER_HMAC_SHA512 => 64,
+        SQLCIPHER_HMAC_SHA1 => 20,
         _ => 0,
     }
 }
@@ -85,9 +87,6 @@ extern "C" fn hmac(
     in2_sz: c_int,
     out: *mut c_uchar,
 ) -> c_int {
-    if algorithm != SQLCIPHER_HMAC_SHA512 {
-        return SQLITE_ERROR;
-    }
     if hmac_key.is_null() || in1.is_null() || out.is_null() {
         return SQLITE_ERROR;
     }
@@ -99,16 +98,34 @@ extern "C" fn hmac(
         Some(unsafe { core::slice::from_raw_parts(in2 as *mut c_uchar, in2_sz as usize) })
     };
 
-    let Ok(mut mac) = Hmac::<Sha512>::new_from_slice(key) else {
-        return SQLITE_ERROR;
-    };
-    mac.update(in1);
-    if let Some(in2) = in2 {
-        mac.update(in2);
-    }
-    let digest = mac.finalize().into_bytes();
-    unsafe {
-        out.copy_from(digest.as_ptr(), digest.len());
+    match algorithm {
+        SQLCIPHER_HMAC_SHA512 => {
+            let Ok(mut mac) = Hmac::<Sha512>::new_from_slice(key) else {
+                return SQLITE_ERROR;
+            };
+            mac.update(in1);
+            if let Some(in2) = in2 {
+                mac.update(in2);
+            }
+            let digest = mac.finalize().into_bytes();
+            unsafe {
+                out.copy_from(digest.as_ptr(), digest.len());
+            };
+        }
+        SQLCIPHER_HMAC_SHA1 => {
+            let Ok(mut mac) = Hmac::<Sha1>::new_from_slice(key) else {
+                return SQLITE_ERROR;
+            };
+            mac.update(in1);
+            if let Some(in2) = in2 {
+                mac.update(in2);
+            }
+            let digest = mac.finalize().into_bytes();
+            unsafe {
+                out.copy_from(digest.as_ptr(), digest.len());
+            };
+        }
+        _ => return SQLITE_ERROR,
     };
     SQLITE_OK
 }
@@ -124,16 +141,21 @@ extern "C" fn pbkdf(
     key_sz: c_int,
     key: *mut c_uchar,
 ) -> c_int {
-    if algorithm != SQLCIPHER_PBKDF2_HMAC_SHA512 {
-        return SQLITE_ERROR;
-    }
     if pass.is_null() || salt.is_null() || key.is_null() {
         return SQLITE_ERROR;
     }
     let password = unsafe { core::slice::from_raw_parts(pass as *const c_uchar, pass_sz as usize) };
     let salt = unsafe { core::slice::from_raw_parts(salt as *const c_uchar, salt_sz as usize) };
     let buf = unsafe { core::slice::from_raw_parts_mut(key as *mut c_uchar, key_sz as usize) };
-    pbkdf2_hmac::<Sha512>(password, salt, workfactor as u32, buf);
+    match algorithm {
+        SQLCIPHER_PBKDF2_HMAC_SHA512 => {
+            pbkdf2_hmac::<Sha512>(password, salt, workfactor as u32, buf);
+        }
+        SQLCIPHER_PBKDF2_HMAC_SHA1 => {
+            pbkdf2_hmac::<Sha1>(password, salt, workfactor as u32, buf);
+        }
+        _ => return SQLITE_ERROR,
+    };
     SQLITE_OK
 }
 
diff --git a/deps/extension/src/sqlcipher.rs b/deps/extension/src/sqlcipher.rs
@@ -10,6 +10,10 @@ use core::ffi::{c_char, c_int, c_uchar, c_void};
 pub const SQLCIPHER_HMAC_SHA512: c_int = 2;
 pub const SQLCIPHER_PBKDF2_HMAC_SHA512: c_int = 2;
 
+// Legacy encryption primitives
+pub const SQLCIPHER_HMAC_SHA1: c_int = 0;
+pub const SQLCIPHER_PBKDF2_HMAC_SHA1: c_int = 0;
+
 pub const CIPHER_ENCRYPT: c_int = 1;
 
 #[repr(C)]
