0

I recently modified my iOS app to enable serialized mode for both a database encrypted using SQLCipher and a non-encrypted database (also SQLite). I also maintain a static sqlite3 connection for each database, and each is only opened once (by simply checking for null values) and shared throughout the lifetime of the app.

The app is required to have a sync-like behavior which will download a ton of records from a remote database at regular intervals using a soap request and update the contents of the local encrypted database. Of course, the person using the app may or may not be updating or reading from the database, depending on what they're doing, so I made the changes mentioned in the above paragraph.

When doing short term testing, there doesn't appear to be any issue with how things work, and I've yet experience any problem.

However, some users are reporting that they've lost access to the encrypted database, and I'm trying to figure out why.

My thoughts are as follows: Methods written by another developer declared all sqlite3_stmt's to be static (I believe this code was in the problematic release). In the past I've noticed crashes when two threads using a particular method run simultaneously. One thread finalizes, modifies or replaces a sqlite3_stmt while another thread is using it. A crash doesn't always occur because he has wrapped most of his SQLite code in try/catch blocks. If it's true that SQLite uses prepare and finalize to implement locking, could the orphaning of sqlite3_stmt's which occurs due to their static nature in this context be putting the database into an inoperable state? For example, when a statement acquires an exclusive lock after being stepped is replaced by an assignment in the same method running in another thread?

I realize that this doesn't necessarily mean that the database will become permanently unusable, but, consider this scenario:

At some point during the app's lifetime it will re-key the encrypted database and that key is stored in another database. Suppose that it successfully re-keys the encrypted database, but then the new key is not stored in the other database because of what I mentioned above. Provided that the database hasn't become corrupted at some point (I'm not really counting on this being the case), this is the only explanation I can come up with for why the user may not be able to use the encrypted database after restarting the iOS app, seeing as the app would be the only one to access the database file.

Being that I can't recreate this issue, I can only speculate about what the reasoning might be. What thoughts do you have? Does this seem like a plausible scenario for something that happens rarely? Do you have another idea of something to look into?

Jayko
  • 3
  • 2

1 Answers1

0

If the database is rekeyed, and the key for the database is not successfully stored in the other database, then it could certainly cause the problem.

Stephen Lombardo
  • 1,503
  • 8
  • 7
  • What do you think about the fifth paragraph? Does this seem like a reasonable explanation for why the key may not be stored in the unencrypted database? – Jayko Dec 31 '13 at 22:18
  • Yes, that is what I was implying. Suppose that at the point in the applications lifitime you rekey the encrypted database. This completes and it is now encrypted with a new key. However, due to the issues you mentioned with static sqlite3 structures, the update of that encryption key in the second database is lost. Now the main database is inaccessible. It's difficult to get any more specific than that without knowing the exact structure of the program, but this is definitely a potential issue. – Stephen Lombardo Jan 02 '14 at 03:12