From 3703f3638ee5c83360a2f58e1f5e5d6ebab46520 Mon Sep 17 00:00:00 2001 From: Stephen Lombardo Date: Fri, 24 May 2013 16:17:15 -0400 Subject: [PATCH] rework attach to require explicit key --- src/crypto.c | 17 ++++------------- test/crypto.test | 33 +++++++++++++++++++++++++++------ 2 files changed, 31 insertions(+), 19 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 50213b5..9dc53fb 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -314,8 +314,9 @@ int sqlite3CodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) { sqlite3BtreeSetAutoVacuum(pDb->pBt, SQLITE_DEFAULT_AUTOVACUUM); } sqlite3_mutex_leave(db->mutex); + return SQLITE_OK; } - return SQLITE_OK; + return SQLITE_ERROR; } void sqlite3_activate_see(const char* in) { @@ -409,18 +410,8 @@ int sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey) { void sqlite3CodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) { struct Db *pDb = &db->aDb[nDb]; CODEC_TRACE(("sqlite3CodecGetKey: entered db=%p, nDb=%d\n", db, nDb)); - - if( pDb->pBt ) { - codec_ctx *ctx; - sqlite3pager_get_codec(pDb->pBt->pBt->pPager, (void **) &ctx); - - if(ctx) { /* if the codec has an attached codec_context user the raw key data */ - sqlcipher_codec_get_pass(ctx, zKey, nKey); - } else { - *zKey = NULL; - *nKey = 0; - } - } + *zKey = NULL; + *nKey = 0; } diff --git a/test/crypto.test b/test/crypto.test index e8bbe85..055b2cd 100644 --- a/test/crypto.test +++ b/test/crypto.test @@ -381,9 +381,30 @@ do_test rekey-delete-and-query-wal-3 { db close file delete -force test.db +# attach an encrypted database +# without specifying key, verify it fails +setup test.db "'testkey'" +do_test attach-database-with-default-key { + sqlite_orig db2 test2.db + + execsql { + PRAGMA key = 'testkey'; + CREATE TABLE t2(a,b); + INSERT INTO t2 VALUES ('test1', 'test2'); + } db2 + + catchsql { + ATTACH 'test.db' AS db; + } db2 + +} {1 {unable to open database: test.db}} +db2 close +file delete -force test.db +file delete -force test2.db + # attach an encrypted database # where both database have the same -# key +# key explicitly setup test.db "'testkey'" do_test attach-database-with-same-key { sqlite_orig db2 test2.db @@ -396,7 +417,7 @@ do_test attach-database-with-same-key { execsql { SELECT count(*) FROM t2; - ATTACH 'test.db' AS db; + ATTACH 'test.db' AS db KEY 'testkey'; SELECT count(*) FROM db.t1; } db2 @@ -581,7 +602,7 @@ file delete -force test.db # create an unencrypted database, attach a new encrypted volume # copy data between, verify the encypted database is good afterwards -do_test unencryped-attach { +do_test unencrypted-attach { sqlite_orig db test.db execsql { @@ -1335,7 +1356,7 @@ do_test default-use-hmac-attach { PRAGMA cipher_default_use_hmac = OFF; PRAGMA key = 'testkey'; SELECT count(*) FROM t1; - ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2; + ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey'; SELECT count(*) from db2.t1; PRAGMA cipher_default_use_hmac = ON; } @@ -1352,7 +1373,7 @@ do_test attach-1.1.8-database-from-2.0-fails { catchsql { PRAGMA key = 'testkey'; CREATE table t1(a,b); - ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2; + ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey'; } } {1 {file is encrypted or is not a database}} db close @@ -1376,7 +1397,7 @@ do_test change-default-use-hmac-attach { PRAGMA key = 'testkey'; SELECT count(*) FROM t1; PRAGMA cipher_default_use_hmac = OFF; - ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2; + ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey'; SELECT count(*) from db2.t1; PRAGMA cipher_default_use_hmac = ON; }