Clean up codec API and enabled codec support by default. Remove dbToConn as it prevents Conn garbage collection.

Author: mxk

go1/sqlite3/codec.go

@@ -4,6 +4,10 @@
 
 package sqlite3
 
+/*
+#include "sqlite3.h"
+#include "lib/codec.h"
+*/
 import "C"
 
 import (
@@ -12,34 +16,48 @@ import (
 	"unsafe"
 )
 
-// CodecFunc is a callback function invoked by SQLite when a key is specified
-// for an attached database. It returns the Codec implementation that will be
-// used to encode and decode all database and journal pages. Returning (nil, OK)
-// disables the codec. A result code other than OK indicates an error.
-type CodecFunc func(di DbInfo, key []byte) (ci Codec, rc int)
-
-// DbInfo describes the database to which a codec is being attached.
-type DbInfo interface {
-	Path() string  // Full path to the database file
-	Name() string  // Database name as it is known to SQLite (e.g. "main")
-	PageSize() int // Current page size
-	Reserve() int  // Current number of bytes reserved in each page
+// CodecFunc is a codec initialization function registered for a specific key
+// prefix via RegisterCodec. It is called when a key with a matching prefix is
+// specified for an attached database. It returns the Codec implementation that
+// should be used to encode and decode all database and journal pages. Returning
+// (nil, nil) disables the codec.
+type CodecFunc func(ctx *CodecCtx, key []byte) (Codec, *Error)
+
+// CodecCtx describes the database to which a codec is being attached.
+type CodecCtx struct {
+	Path     string // Full path to the database file
+	Name     string // Database name as it is known to SQLite (e.g. "main")
+	PageSize int    // Current page size in bytes
+	Reserve  int    // Current number of bytes reserved in each page
+	Fixed    bool   // True if the PageSize and Reserve values cannot be changed
+}
+
+// newCodecCtx converts the C CodecCtx struct into its Go representation.
+func newCodecCtx(ctx *C.CodecCtx) *CodecCtx {
+	return &CodecCtx{
+		Path:     C.GoString(ctx.zPath),
+		Name:     C.GoString(ctx.zName),
+		PageSize: int(ctx.nBuf),
+		Reserve:  int(ctx.nRes),
+		Fixed:    ctx.fixed != 0,
+	}
 }
 
 // Codec is the interface used to encode/decode database and journal pages as
 // they are written to and read from the disk.
 //
 // The op value passed to Encode and Decode methods identifies the operation
-// being performed. It is undocumented and changed meanings over time (the codec
-// API was introduced in 2004), but is believed to be a bitmask of the following
-// values:
+// being performed. It is undocumented and changed meanings over time since the
+// codec API was first introduced in 2004. It is believed to be a bitmask of the
+// following values:
 //
 // 	1 = journal page, not set for WAL, always set when decoding
 // 	2 = disk I/O, always set
 // 	4 = encode
 //
 // In the current implementation, op is always 3 when decoding, 6 when encoding
-// for the database file or the WAL, and 7 when encoding for the journal.
+// for the database file or the WAL, and 7 when encoding for the journal. Search
+// lib/sqlite3.c for "CODEC1" and "CODEC2" for more information.
 type Codec interface {
 	// Reserve returns the number of bytes that should be reserved for the codec
 	// at the end of each page. The upper limit is 255 (32 if the page size is
@@ -51,151 +69,107 @@ type Codec interface {
 	// buffer.
 	Resize(pageSize, reserve int)
 
-	// Encode returns an encoded copy of a page or nil to indicate an error. The
-	// original page may be returned without making a copy, but it must never be
-	// modified. The codec is allowed to reuse a single buffer of identical size
-	// for encoding. Bytes 16 through 23 of page 1 cannot be encoded.
-	Encode(page []byte, pageNum uint32, op int) []byte
+	// Encode returns an encoded copy of a page. The data outside of the reserve
+	// area in the original page must not be modified. The codec can either copy
+	// this data into a buffer for encoding or return the original page without
+	// making any changes. Bytes 16 through 23 of page 1 cannot be encoded. Any
+	// non-nil error will be interpreted by SQLite as a NOMEM condition. This is
+	// a limitation of underlying C API.
+	Encode(page []byte, pageNum uint32, op int) ([]byte, *Error)
 
-	// Decode decodes the page in-place. Bytes 16 through 23 of page 1 must be
-	// left at their original values. It returns true on success and false on
-	// error, which will be interpreted by SQLite as a NOMEM condition.
-	Decode(page []byte, pageNum uint32, op int) bool
+	// Decode decodes the page in-place, but it may use the encode buffer as
+	// scratch space. Bytes 16 through 23 of page 1 must be left at their
+	// original values. Any non-nil error will be interpreted by SQLite as a
+	// NOMEM condition. This is a limitation of underlying C API.
+	Decode(page []byte, pageNum uint32, op int) *Error
 
 	// Key returns the original key that was used to initialize the codec. Some
 	// implementations may be better off returning nil or a fake value. Search
 	// lib/sqlite3.c for "sqlite3CodecGetKey" to see how the key is used.
 	Key() []byte
 
-	// FastRekey returns true if the codec can change the database key by
-	// updating just the first page.
-	FastRekey() bool
-
 	// Free releases codec resources when the pager is destroyed or when the
 	// codec attachment fails.
 	Free()
 }
 
-// Codec registry.
+// Codec registry and state reference maps.
 var (
-	codecReg map[string]CodecFunc
-	codecMu  sync.Mutex
+	codecReg   map[string]CodecFunc
+	codecState map[*codec]struct{}
+	codecMu    sync.Mutex
 )
 
-// RegisterCodec associates CodecFunc f with the given key prefix. Connections
-// using the default codec handler will call f when a key is provided in the
-// format "<keyPrefix>:<...>".
-func RegisterCodec(keyPrefix string, f CodecFunc) {
+// RegisterCodec adds a new codec to the internal registry. Function f will be
+// called when a key in the format "<name>:<...>" is provided to an attached
+// database.
+func RegisterCodec(name string, f CodecFunc) {
 	codecMu.Lock()
 	defer codecMu.Unlock()
-	if codecReg != nil {
-		codecReg[keyPrefix] = f
-	} else {
-		codecReg = map[string]CodecFunc{keyPrefix: f}
+	if f == nil {
+		delete(codecReg, name)
+		return
 	}
+	if codecReg == nil {
+		codecReg = make(map[string]CodecFunc, 8)
+	}
+	codecReg[name] = f
 }
 
-// defaultCodecFunc is used by all new connections to select a codec constructor
-// from the registry based on the key prefix.
-func defaultCodecFunc(di DbInfo, key []byte) (ci Codec, rc int) {
+// getCodec returns the CodecFunc for the given key.
+func getCodec(key []byte) CodecFunc {
 	i := bytes.IndexByte(key, ':')
 	if i == -1 {
-		i = 0
-	}
-	if f := getCodecFunc(bstr(key[:i])); f != nil {
-		return f(di, key)
+		i = len(key)
 	}
-	return nil, ERROR
-}
-
-// getCodecFunc returns the CodecFunc for the given key prefix.
-func getCodecFunc(keyPrefix string) CodecFunc {
 	codecMu.Lock()
 	defer codecMu.Unlock()
-	if codecReg != nil {
-		return codecReg[keyPrefix]
+	if codecReg == nil {
+		return nil
 	}
-	return nil
+	return codecReg[bstr(key[:i])]
 }
 
-// codecState keeps a reference to all active codec wrappers to prevent them
-// from being garbage collected.
-var codecState = make(map[*codec]struct{})
-
 // codec is a wrapper around the actual Codec interface. It keeps track of the
 // current page size in order to convert page pointers into byte slices.
 type codec struct {
 	Codec
 	pageSize C.int
 }
 
-// dbInfo is the default DbInfo implementation.
-type dbInfo struct {
-	zPath    *C.char
-	zName    *C.char
-	path     string
-	name     string
-	pageSize int
-	reserve  int
-}
-
-func (di *dbInfo) Path() string {
-	if di.zPath != nil {
-		di.path = C.GoString(di.zPath)
-		di.zPath = nil
-	}
-	return di.path
-}
-
-func (di *dbInfo) Name() string {
-	if di.zName != nil {
-		di.name = C.GoString(di.zName)
-		di.zName = nil
-	}
-	return di.name
-}
-
-func (di *dbInfo) PageSize() int { return di.pageSize }
-func (di *dbInfo) Reserve() int  { return di.reserve }
-
 //export go_codec_init
-func go_codec_init(db unsafe.Pointer, zPath, zName *C.char, nBuf, nRes C.int,
-	pKey unsafe.Pointer, nKey C.int, pCodec *unsafe.Pointer, nNewRes *C.int,
-) C.int {
-	c := dbToConn[db]
-	if c == nil || c.db == nil || c.codec == nil {
-		return OK
-	}
-	di := &dbInfo{
-		zPath:    zPath,
-		zName:    zName,
-		pageSize: int(nBuf),
-		reserve:  int(nRes),
+func go_codec_init(ctx *C.CodecCtx, pCodec *unsafe.Pointer, pzErrMsg **C.char) C.int {
+	cf := getCodec(goBytes(ctx.pKey, ctx.nKey))
+	if cf == nil {
+		*pzErrMsg = C.CString("codec not found")
+		return ERROR
 	}
-	var key []byte
-	if nKey > 0 {
-		key = C.GoBytes(pKey, nKey)
+	ci, err := cf(newCodecCtx(ctx), C.GoBytes(ctx.pKey, ctx.nKey))
+	if err != nil && err.rc != OK {
+		if ci != nil {
+			ci.Free()
+		}
+		if err.msg != "" {
+			*pzErrMsg = C.CString(err.msg)
+		}
+		return C.int(err.rc)
 	}
-	ci, rc := c.codec(di, key)
 	if ci != nil {
-		cs := &codec{ci, nBuf}
-		codecState[cs] = struct{}{}
+		cs := &codec{ci, ctx.nBuf}
 		*pCodec = unsafe.Pointer(cs)
-		*nNewRes = C.int(ci.Reserve())
+		codecMu.Lock()
+		defer codecMu.Unlock()
+		if codecState == nil {
+			codecState = make(map[*codec]struct{}, 8)
+		}
+		codecState[cs] = struct{}{}
 	}
-	*di = dbInfo{}
-	return C.int(rc)
+	return OK
 }
 
-//export go_codec_exec
-func go_codec_exec(pCodec, pData unsafe.Pointer, pgno uint32, op C.int) unsafe.Pointer {
-	cs := (*codec)(pCodec)
-	if page := goBytes(pData, cs.pageSize); op&4 != 0 {
-		return cBytes(cs.Encode(page, pgno, int(op)))
-	} else if cs.Decode(page, pgno, int(op)) {
-		return pData
-	}
-	return nil
+//export go_codec_reserve
+func go_codec_reserve(pCodec unsafe.Pointer) C.int {
+	return C.int((*codec)(pCodec).Reserve())
 }
 
 //export go_codec_resize
@@ -205,6 +179,22 @@ func go_codec_resize(pCodec unsafe.Pointer, nBuf, nRes C.int) {
 	cs.Resize(int(nBuf), int(nRes))
 }
 
+//export go_codec_exec
+func go_codec_exec(pCodec, pData unsafe.Pointer, pgno uint32, op C.int) unsafe.Pointer {
+	cs := (*codec)(pCodec)
+	page := goBytes(pData, cs.pageSize)
+	var err *Error
+	if op&4 == 0 {
+		err = cs.Decode(page, pgno, int(op))
+	} else {
+		page, err = cs.Encode(page, pgno, int(op))
+	}
+	if err == nil {
+		return cBytes(page)
+	}
+	return nil // Can't do anything with the error at the moment
+}
+
 //export go_codec_get_key
 func go_codec_get_key(pCodec unsafe.Pointer, pKey *unsafe.Pointer, nKey *C.int) {
 	if key := (*codec)(pCodec).Key(); len(key) > 0 {
@@ -216,7 +206,9 @@ func go_codec_get_key(pCodec unsafe.Pointer, pKey *unsafe.Pointer, nKey *C.int)
 //export go_codec_free
 func go_codec_free(pCodec unsafe.Pointer) {
 	cs := (*codec)(pCodec)
+	codecMu.Lock()
 	delete(codecState, cs)
+	codecMu.Unlock()
 	cs.Free()
 	cs.Codec = nil
 }

go1/sqlite3/doc.go

@@ -134,7 +134,7 @@ Database Names
 Methods that require a database name as one of the arguments (e.g. Conn.Path())
 expect the symbolic name by which the database is known to the connection, not a
 path to a file. Valid database names are "main", "temp", or a name specified
-after the AS keyword in an ATTACH statement.
+after the AS clause in an ATTACH statement.
 
 Callbacks
 
@@ -147,27 +147,30 @@ interactions with Conn, Stmt, and other related objects within the handler.
 
 Codecs and Encryption
 
-WARNING: Codec support is unstable and is disabled by default. Uncomment "#cgo
-CFLAGS: -DSQLITE_HAS_CODEC=1" in sqlite3.go and rebuild the package to enable
-it.
-
-SQLite has an undocumented codec API to modify database and journal pages as
-they are written to and read from the disk. It operates between the pager and
-the VFS layers. The SQLite Encryption Extension (SEE) uses this API to encrypt
-database contents. Consider purchasing a SEE license if you require
+SQLite has an undocumented codec API, which operates between the pager and VFS
+layers, and is used by the SQLite Encryption Extension (SEE) to encrypt database
+and journal contents. Consider purchasing a SEE license if you require
 production-quality encryption support (http://www.hwaci.com/sw/sqlite/see.html).
 
-This package exposes the codec API so that it can be implemented in Go using the
-native crypto/* packages. See the Codec interface and CodecFunc for more
-information. This package does not and will not perform any actual encryption
-itself to avoid introducing crypto dependencies.
+This package has an experimental API (read: unstable, may eat your data) for
+writing codecs in Go. The "codec" subpackage provides additional documentation
+and several existing codec implementations.
+
+Codecs are registered via the RegisterCodec function for a specific key prefix.
+For example, the "aes-hmac" codec is initialized when a key in the format
+"aes-hmac:<...>" is provided to an attached database. The key format after the
+first colon is codec-specific. See CodecFunc for more information.
 
-A codec cannot be used for memory or temporary databases. Once the database is
-created (after the first CREATE TABLE statement), the page size and the reserved
-space at the end of each page can no longer be changed. Using "PRAGMA
-page_size=N; VACUUM;" will not work. Online backups will fail unless the
+The codec API has several limitations. Codecs cannot be used for in-memory or
+temporary databases. Once a database is created, the page size and the amount of
+reserved space at the end of each page cannot be changed (i.e. "PRAGMA
+page_size=N; VACUUM;" will not work). Online backups will fail unless the
 destination database has the same page size and reserve values. Bytes 16 through
-23 of page 1 (the database header) cannot be altered, so it is technically
-possible to identify encrypted SQLite databases.
+23 of page 1 (the database header, see http://www.sqlite.org/fileformat2.html)
+cannot be altered, so it is always possible to identify encrypted SQLite
+databases.
+
+The rekey function is currently not implemented. The key can only be changed via
+the backup API or by dumping and restoring the database contents.
 */
 package sqlite3