Use SecRandomCopyBytes (#43)

README.md

@@ -14,14 +14,14 @@
 ![badge-platform-android]
 ![badge-platform-jvm]
 ![badge-platform-ios]
+![badge-platform-tvos]
+![badge-platform-watchos]
 ![badge-support-apple-silicon]
 <!--
 ![badge-platform-js]
 ![badge-platform-js-node]
 ![badge-platform-linux]
 ![badge-platform-macos]
-![badge-platform-tvos]
-![badge-platform-watchos]
 ![badge-platform-wasm]
 ![badge-platform-windows]
 ![badge-support-android-native]

build-logic/src/main/kotlin/-KmpConfigurationExtension.kt

@@ -42,21 +42,14 @@ fun KmpConfigurationExtension.configureShared(
 //        macosX64()
 //        mingwX64()
 
-        // tvOS/watchOS cannot be enabled currently.
-        // SQLite3MultipleCiphers getrandom functionality
-        // does not account for them and will use syscall
-        // to obtain securely random bytes which is unavailable
-        // at runtime.
-        //
-        // See: https://github.com/utelle/SQLite3MultipleCiphers/issues/118
-//        tvosArm64()
-//        tvosX64()
-//        tvosSimulatorArm64()
-//
-//        watchosX64()
-//        watchosArm32()
-//        watchosArm64()
-//        watchosSimulatorArm64()
+        tvosArm64()
+        tvosX64()
+        tvosSimulatorArm64()
+
+        watchosX64()
+        watchosArm32()
+        watchosArm64()
+        watchosSimulatorArm64()
 
         common {
             sourceSetTest {

external/patches/0001-Add-user-group-ids-to-docker-build.patch

@@ -1,7 +1,7 @@
 From f48a0b85a97e90761e1aaf5123533b950e2d4ac6 Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:00:34 -0400
-Subject: [PATCH 01/10] Add user/group ids to docker build
+Subject: [PATCH 01/11] Add user/group ids to docker build
 
 ---
  Makefile | 17 ++++++++++-------

external/patches/0002-Disable-double-quoted-strings.patch

@@ -1,7 +1,7 @@
 From 51801b11c49b000db19291a5a798394be4288af2 Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:01:03 -0400
-Subject: [PATCH 02/10] Disable double-quoted strings
+Subject: [PATCH 02/11] Disable double-quoted strings
 
 ---
  Makefile                                    | 1 +

external/patches/0003-Remove-JDBC-extensions.patch

@@ -1,7 +1,7 @@
 From 6bca68bba88e182cac3fe0318d11c0dceee260b0 Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:01:51 -0400
-Subject: [PATCH 03/10] Remove JDBC extensions
+Subject: [PATCH 03/11] Remove JDBC extensions
 
 ---
  Makefile | 12 +-----------

external/patches/0004-Delete-native-libs.patch

@@ -1,7 +1,7 @@
 From fc518c327bc5732707f58934d455980c9428d9b3 Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:02:15 -0400
-Subject: [PATCH 04/10] Delete native libs
+Subject: [PATCH 04/11] Delete native libs
 
 ---
  .../native/FreeBSD/aarch64/libsqlitejdbc.so   | Bin 1142104 -> 0 bytes

external/patches/0005-Add-Linux-Musl-definitions.patch

@@ -1,7 +1,7 @@
 From 7a96e0c2c8dd64fb3a6abf10291eccc7bce2e65e Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:02:35 -0400
-Subject: [PATCH 05/10] Add Linux-Musl definitions
+Subject: [PATCH 05/11] Add Linux-Musl definitions
 
 ---
  Makefile.common | 23 ++++++++++++++++++++++-

external/patches/0006-Disable-win-arm-freebsd-targets-for-make-native-all.patch

@@ -1,7 +1,7 @@
 From df46ca3834d4a7961c4274c349b838fc5553008b Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:03:00 -0400
-Subject: [PATCH 06/10] Disable win-arm/freebsd targets for make:native-all
+Subject: [PATCH 06/11] Disable win-arm/freebsd targets for make:native-all
 
 ---
  Makefile | 2 +-

external/patches/0007-Disable-mac-shared-lib-adhoc-signing.patch

@@ -1,7 +1,7 @@
 From 1ee4edae69387e544c7e5d8d6c04412635681307 Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:03:20 -0400
-Subject: [PATCH 07/10] Disable mac shared lib adhoc signing
+Subject: [PATCH 07/11] Disable mac shared lib adhoc signing
 
 ---
  Makefile | 2 +-

external/patches/0008-Pin-dockcross-image-versions.patch

@@ -1,7 +1,7 @@
 From 7512d0bac400405b345149c111e5b7564f890694 Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:03:40 -0400
-Subject: [PATCH 08/10] Pin dockcross image versions
+Subject: [PATCH 08/11] Pin dockcross image versions
 
 ---
  docker/dockcross-android-arm    | 2 +-

external/patches/0009-Use-Ubuntu-16.04-to-build-linux32-64.patch

@@ -1,7 +1,7 @@
 From d345ab34a140e2723c17348fcb98cae2be7684da Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:04:06 -0400
-Subject: [PATCH 09/10] Use Ubuntu 16.04 to build linux32/64
+Subject: [PATCH 09/11] Use Ubuntu 16.04 to build linux32/64
 
 ---
  Makefile | 4 ++--

external/patches/0010-Configure-build-to-use-SQLite3MultipleCiphers.patch

@@ -1,7 +1,7 @@
 From e52914bf7a4c45c891cd67737a418a727ff712c2 Mon Sep 17 00:00:00 2001
 From: Matthew Nelson <[email protected]>
 Date: Sat, 30 Sep 2023 15:05:38 -0400
-Subject: [PATCH 10/10] Configure build to use SQLite3MultipleCiphers
+Subject: [PATCH 10/11] Configure build to use SQLite3MultipleCiphers
 
 ---
  Makefile                                 | 21 +++++++++--------

external/patches/0011-Replace-getentropy-with-SecRandomCopyBytes.patch

@@ -0,0 +1,79 @@
+From fe1b0ba82601a96d8df1bf32594446894e59d6a6 Mon Sep 17 00:00:00 2001
+From: Matthew Nelson <[email protected]>
+Date: Sun, 1 Oct 2023 21:37:22 -0400
+Subject: [PATCH 11/11] Replace getentropy with SecRandomCopyBytes
+
+---
+ Makefile                 |  1 +
+ Makefile.common          |  6 +++---
+ sec_random_copy_bytes.sh | 22 ++++++++++++++++++++++
+ 3 files changed, 26 insertions(+), 3 deletions(-)
+ create mode 100755 sec_random_copy_bytes.sh
+
+diff --git a/Makefile b/Makefile
+index 8be8f89..23b00d5 100644
+--- a/Makefile
++++ b/Makefile
+@@ -39,6 +39,7 @@ $(SQLITE_UNPACKED): $(SQLITE_ARCHIVE)
+ 	unzip -qo $< -d $(TARGET)/tmp.$(version)
+ 	(mv $(TARGET)/tmp.$(version)/$(SQLITE_AMAL_PREFIX) $(TARGET) && rmdir $(TARGET)/tmp.$(version)) || mv $(TARGET)/tmp.$(version)/ $(TARGET)/$(SQLITE_AMAL_PREFIX)
+ 	touch $@
++    $(shell ./sec_random_copy_bytes.sh)
+
+
+ $(TARGET)/common-lib/org/sqlite/%.class: src/main/java/org/sqlite/%.java
+diff --git a/Makefile.common b/Makefile.common
+index e992cb2..9f692d2 100644
+--- a/Makefile.common
++++ b/Makefile.common
+@@ -220,8 +220,8 @@ MAC_SDK := /Developer/SDKs/MacOSX10.10.sdk
+ ifeq ($(wildcard MAC_SDK),)
+ 	MAC_SDK := /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk
+ endif
+-Mac-x86_64_CCFLAGS    := -I$(MAC_SDK)/System/Library/Frameworks/JavaVM.framework/Headers -Ilib/inc_mac -Os -fPIC -mmacosx-version-min=10.6 -fvisibility=hidden -Wno-implicit-function-declaration -msse4.2 -maes
+-Mac-x86_64_LINKFLAGS := -dynamiclib 
++Mac-x86_64_CCFLAGS    := -I$(MAC_SDK)/System/Library/Frameworks/JavaVM.framework/Headers -Ilib/inc_mac -Os -fPIC -mmacosx-version-min=10.7 -fvisibility=hidden -Wno-implicit-function-declaration -msse4.2 -maes
++Mac-x86_64_LINKFLAGS := -dynamiclib -framework Security
+ Mac-x86_64_LIBNAME   := libsqlitejdbc.dylib
+ Mac-x86_64_SQLITE_FLAGS  := 
+
+@@ -231,7 +231,7 @@ Mac-aarch64_CC        := $(CROSS_PREFIX)clang
+ Mac-aarch64_STRIP     := $(CROSS_PREFIX)strip -x
+ MAC_SDK := /usr/osxcross/SDK/MacOSX11.3.sdk
+ Mac-aarch64_CCFLAGS    := -I$(MAC_SDK)/System/Library/Frameworks/JavaVM.framework/Headers -Ilib/inc_mac -Os -fPIC -mmacosx-version-min=10.9 -fvisibility=hidden -Wno-implicit-function-declaration
+-Mac-aarch64_LINKFLAGS  := -dynamiclib
++Mac-aarch64_LINKFLAGS  := -dynamiclib -framework Security
+ Mac-aarch64_LIBNAME    := libsqlitejdbc.dylib
+ Mac-aarch64_SQLITE_FLAGS := 
+
+diff --git a/sec_random_copy_bytes.sh b/sec_random_copy_bytes.sh
+new file mode 100755
+index 0000000..3da9bd6
+--- /dev/null
++++ b/sec_random_copy_bytes.sh
+@@ -0,0 +1,22 @@
++#!/usr/bin/env bash
++
++# Replaces the implementation of
++#
++#     static size_t entropy(void* buf, size_t n)
++#
++# for Darwin with usage of SecRandomCopyBytes
++#
++# See https://github.com/utelle/SQLite3MultipleCiphers/issues/118
++# See https://github.com/toxicity-io/sqlite-mc/issues/39
++
++readonly DIR_SCRIPT=$( cd "$( dirname "$0" )" >/dev/null && pwd )
++
++DIR_AMAL=
++for DIR_AMAL in "$DIR_SCRIPT/target/sqlite-amalgamation-"*; do
++  break
++done
++
++sed -iv 's|#if defined(__APPLE__) && defined(__MAC_10_12) && !defined(__IPHONE_OS_VERSION_MIN_REQUIRED)|#if defined(__APPLE__)|' "$DIR_AMAL/sqlite3mc_amalgamation.c"
++sed -iv 's|#include <sys/random.h>|#include <Security/SecRandom.h>|' "$DIR_AMAL/sqlite3mc_amalgamation.c"
++sed -iv 's|#if defined(__APPLE__) && defined(__MAC_10_12) && __MAC_OS_X_VERSION_MAX_ALLOWED >= __MAC_10_12|#if defined(__APPLE__)|' "$DIR_AMAL/sqlite3mc_amalgamation.c"
++sed -iv 's|  if (getentropy(buf, n) == 0)|  if (SecRandomCopyBytes(kSecRandomDefault, n, (uint8_t*) buf) == 0)|' "$DIR_AMAL/sqlite3mc_amalgamation.c"
+-- 
+2.34.1
+

gradle.properties

@@ -10,6 +10,7 @@ kotlin.mpp.commonizerLogLevel=info
 kotlin.mpp.enableCInteropCommonization=true
 kotlin.native.cacheKind.iosX64=none
 kotlin.native.cacheKind.linuxX64=none
+kotlin.native.cacheKind.tvosX64=none
 kotlin.native.ignoreDisabledTargets=true
 
 SONATYPE_HOST=S01

gradle/libs.versions.toml

@@ -4,7 +4,7 @@ androidx-test-runner = "1.5.2"
 
 encoding = "2.0.0"
 
-gradle-android = "8.0.2"
+gradle-android = "8.1.2"
 gradle-binary-compat = "0.13.2"
 gradle-cklib = "0.2.4"
 gradle-kmp-configuration = "0.1.4"

library/driver-test/build.gradle.kts

@@ -14,6 +14,7 @@
  * limitations under the License.
  **/
 import app.cash.sqldelight.gradle.SqlDelightExtension
+import org.jetbrains.kotlin.gradle.plugin.mpp.KotlinNativeTarget
 
 plugins {
     id("configuration")
@@ -58,6 +59,14 @@ kmpConfiguration {
             extensions.configure<SqlDelightExtension>("sqldelight") {
                 linkSqlite.set(false)
 
+                // TODO: Gradle Plugin (Issue #18)
+                targets.filterIsInstance<KotlinNativeTarget>()
+                    .filter { it.konanTarget.family.isAppleFamily }
+                    .flatMap { it.binaries }
+                    .forEach { compilationUnit ->
+                        compilationUnit.linkerOpts("-framework", "Security")
+                    }
+
                 databases {
                     create("TestDatabase") {
                         packageName.set("io.toxicity.sqlite.mc.driver.test")

library/driver-test/src/commonTest/kotlin/io/toxicity/sqlite/mc/driver/test/RekeyTest.kt

@@ -24,6 +24,7 @@ import kotlinx.coroutines.runBlocking
 import kotlin.test.Test
 import kotlin.test.assertEquals
 import kotlin.test.assertFailsWith
+import kotlin.time.Duration.Companion.seconds
 
 abstract class RekeyTest: TestHelperNonEphemeral() {
 
@@ -58,7 +59,7 @@ abstract class RekeyTest: TestHelperNonEphemeral() {
             testLogger("RUN - ${i++}")
 
             // db files automatically delete once runMCDriverTest completes.
-            runDriverTest(key1, filesystem) { factory, driver ->
+            runDriverTest(key1, filesystem, timeout = 20.seconds) { factory, driver ->
                 val expected = "4314tlkjansd"
                 driver.upsert("key", expected)
                 assertEquals(expected, driver.get("key"))
@@ -78,7 +79,8 @@ abstract class RekeyTest: TestHelperNonEphemeral() {
     @Test
     open fun givenConfig_whenMigrations_thenRekeyedToNewestEncryptionConfig() = runDriverTest(
         key = keyPassphrase,
-        filesystem = { encryption { chaCha20 { sqleet() } } }
+        filesystem = { encryption { chaCha20 { sqleet() } } },
+        timeout = 25.seconds,
     ) { factory1, driver ->
         val dbName = factory1.config.dbName
 

library/driver-test/src/commonTest/kotlin/io/toxicity/sqlite/mc/driver/test/helper/TestHelperNonEphemeral.kt

@@ -29,6 +29,8 @@ import okio.FileSystem
 import okio.IOException
 import okio.Path.Companion.toPath
 import kotlin.random.Random
+import kotlin.time.Duration
+import kotlin.time.Duration.Companion.seconds
 
 internal expect fun filesystem(): FileSystem
 
@@ -39,8 +41,9 @@ abstract class TestHelperNonEphemeral: TestHelperBase() {
         // pass null to use in memory db
         filesystem: (FilesystemConfig.Builder.() -> Unit) = {},
         testLogger: ((String) -> Unit)? = this.testLogger,
+        timeout: Duration = 10.seconds,
         block: suspend TestScope.(factory: SQLiteMCDriver.Factory, driver: SQLiteMCDriver) -> Unit
-    ): TestResult = runTest {
+    ): TestResult = runTest(timeout = timeout) {
         val dbName = Random.Default.nextBytes(32).encodeToString(Base16) + ".db"
 
         deleteDatabaseFiles(dbName)