rework attach to require explicit key

2025-02-23 17:28:17 +00:00 · 2013-05-24 16:17:15 -04:00 · 2013-05-24 16:17:15 -04:00 · 3703f3638e
commit 3703f3638e
parent ed1e161168
2 changed files with 31 additions and 19 deletions
--- a/src/crypto.c
+++ b/src/crypto.c
@ -314,8 +314,9 @@ int sqlite3CodecAttach(sqlite3* db, int nDb, const void *zKey, int nKey) {
      sqlite3BtreeSetAutoVacuum(pDb->pBt, SQLITE_DEFAULT_AUTOVACUUM);
    }
    sqlite3_mutex_leave(db->mutex);
-  }
    return SQLITE_OK;
+  }
+  return SQLITE_ERROR;
 }

 void sqlite3_activate_see(const char* in) {
@ -409,18 +410,8 @@ int sqlite3_rekey(sqlite3 *db, const void *pKey, int nKey) {
 void sqlite3CodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) {
  struct Db *pDb = &db->aDb[nDb];
  CODEC_TRACE(("sqlite3CodecGetKey: entered db=%p, nDb=%d\n", db, nDb));
-  
-  if( pDb->pBt ) {
-    codec_ctx *ctx;
-    sqlite3pager_get_codec(pDb->pBt->pBt->pPager, (void **) &ctx);
-
-    if(ctx) { /* if the codec has an attached codec_context user the raw key data */
-      sqlcipher_codec_get_pass(ctx, zKey, nKey);
-    } else {
  *zKey = NULL;
  *nKey = 0;
-    }
-  }
 }


--- a/test/crypto.test
+++ b/test/crypto.test
@ -381,9 +381,30 @@ do_test rekey-delete-and-query-wal-3 {
 db close
 file delete -force test.db

+# attach an encrypted database
+# without specifying key, verify it fails
+setup test.db "'testkey'"
+do_test attach-database-with-default-key {
+  sqlite_orig db2 test2.db
+
+  execsql {
+    PRAGMA key = 'testkey';
+    CREATE TABLE t2(a,b);
+    INSERT INTO t2 VALUES ('test1', 'test2'); 
+  } db2
+ 
+  catchsql {
+    ATTACH 'test.db' AS db;
+  } db2
+
+} {1 {unable to open database: test.db}}
+db2 close
+file delete -force test.db
+file delete -force test2.db
+
 # attach an encrypted database
 # where both database have the same
-# key
+# key explicitly
 setup test.db "'testkey'"
 do_test attach-database-with-same-key {
  sqlite_orig db2 test2.db
@ -396,7 +417,7 @@ do_test attach-database-with-same-key {
 
  execsql {
    SELECT count(*) FROM t2;
-    ATTACH 'test.db' AS db;
+    ATTACH 'test.db' AS db KEY 'testkey';
    SELECT count(*) FROM db.t1;
  } db2

@ -581,7 +602,7 @@ file delete -force test.db

 # create an unencrypted database, attach a new encrypted volume
 # copy data between, verify the encypted database is good afterwards
-do_test unencryped-attach {
+do_test unencrypted-attach {
  sqlite_orig db test.db

  execsql {
@ -1335,7 +1356,7 @@ do_test default-use-hmac-attach {
    PRAGMA cipher_default_use_hmac = OFF;
    PRAGMA key = 'testkey';
    SELECT count(*) FROM t1;
-    ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2;
+    ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey';
    SELECT count(*) from db2.t1;
    PRAGMA cipher_default_use_hmac = ON;
  } 
@ -1352,7 +1373,7 @@ do_test attach-1.1.8-database-from-2.0-fails {
  catchsql {
    PRAGMA key = 'testkey';
    CREATE table t1(a,b);
-    ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2;
+    ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey';
  } 
 } {1 {file is encrypted or is not a database}}
 db close
@ -1376,7 +1397,7 @@ do_test change-default-use-hmac-attach {
    PRAGMA key = 'testkey';
    SELECT count(*) FROM t1;
    PRAGMA cipher_default_use_hmac = OFF;
-    ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2;
+    ATTACH 'sqlcipher-1.1.8-testkey.db' AS db2 KEY 'testkey';
    SELECT count(*) from db2.t1;
    PRAGMA cipher_default_use_hmac = ON;
  }