mirror of
https://github.com/aljazceru/turso.git
synced 2025-12-25 03:54:21 +01:00
8665d76c2e
This patch improves the encryption module: 1. Previously, we did not use the first 100 bytes in encryption. This patch uses that portion as associated data, for protection against tampering and corruption 2. Once the page 1 encrypted, on disk we store a special Turso header (the first 16 bytes). During decryption we replace this with standard SQLite's header (`"SQLite format 3\000"`). So that the upper layers (B Tree or in Sync APIs) operate on the existing SQLite page expectations. The format is: ``` /// Turso Header (16 bytes) /// ┌─────────┬───────┬────────┬──────────────────┐ /// │ │ │ │ │ /// │ Turso │Version│ Cipher │ Unused │ /// │ (5) │ (1) │ (1) │ (9 bytes) │ /// │ │ │ │ │ /// └─────────┴───────┴────────┴──────────────────┘ /// 0-4 5 6 7-15 /// /// Standard SQLite Header: "SQLite format 3\0" (16 bytes) /// ↓ /// Turso Encrypted Header: "Turso" + Version + Cipher ID + Unused ``` Reviewed-by: Nikita Sivukhin (@sivukhin) Reviewed-by: bit-aloo (@Shourya742) Closes #3358