Fix for cipher_migrate on passphrases longer than 64 characters and raw keys

developernotes · developernotes · commit bba319a716a7 · 2013-12-06T11:03:50.000-06:00
diff --git a/src/crypto_impl.c b/src/crypto_impl.c
@@ -995,14 +995,14 @@ int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
     char *attach_command = sqlite3_mprintf("ATTACH DATABASE '%s-migrated' as migrate KEY '%q';",
                                             db_filename, key);
 
-    int rc = sqlcipher_check_connection(db_filename, key, key_sz, "", &user_version);
+    int rc = sqlcipher_check_connection(db_filename, key, ctx->read_ctx->pass_sz, "", &user_version);
     if(rc == SQLITE_OK){
       CODEC_TRACE(("No upgrade required - exiting\n"));
       goto exit;
     }
     
     // Version 2 - check for 4k with hmac format 
-    rc = sqlcipher_check_connection(db_filename, key, key_sz, pragma_4k_kdf_iter, &user_version);
+    rc = sqlcipher_check_connection(db_filename, key, ctx->read_ctx->pass_sz, pragma_4k_kdf_iter, &user_version);
     if(rc == SQLITE_OK) {
       CODEC_TRACE(("Version 2 format found\n"));
       upgrade_4k_format = 1;
@@ -1011,7 +1011,7 @@ int sqlcipher_codec_ctx_migrate(codec_ctx *ctx) {
     // Version 1 - check both no hmac and 4k together
     pragma_1x_and_4k = sqlite3_mprintf("%s%s", pragma_hmac_off,
                                              pragma_4k_kdf_iter);
-    rc = sqlcipher_check_connection(db_filename, key, key_sz, pragma_1x_and_4k, &user_version);
+    rc = sqlcipher_check_connection(db_filename, key, ctx->read_ctx->pass_sz, pragma_1x_and_4k, &user_version);
     sqlite3_free(pragma_1x_and_4k);
     if(rc == SQLITE_OK) {
       CODEC_TRACE(("Version 1 format found\n"));
diff --git a/test/crypto.test b/test/crypto.test
@@ -2162,6 +2162,42 @@ file delete -force test.db
 file delete -force test2.db
 file delete -force test3.db
 
+do_test can-migrate-with-keys-longer-than-64-characters {
+    sqlite_orig db test.db
+    execsql {
+        PRAGMA key = "012345678901234567890123456789012345678901234567890123456789012345";
+        PRAGMA kdf_iter = 4000;
+        PRAGMA user_version = 5;
+    }
+    db close
+    sqlite_orig db test.db
+    execsql {
+                PRAGMA key = "012345678901234567890123456789012345678901234567890123456789012345";
+        PRAGMA cipher_migrate;
+        PRAGMA user_version;
+    }
+} {0 5}
+db close
+file delete -force test.db
+
+do_test can-migrate-with-raw-hex-key {
+    sqlite_orig db test.db
+    execsql {
+        PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
+        PRAGMA kdf_iter = 4000;
+        PRAGMA cipher_use_hmac = off;
+        PRAGMA user_version = 5;
+    }
+    db close
+    sqlite_orig db test.db
+    execsql {
+                PRAGMA key = "x'2DD29CA851E7B56E4697B0E1F08507293D761A05CE4D1B628663F411A8086D99'";
+        PRAGMA cipher_migrate;
+        PRAGMA user_version;
+    }
+} {0 5}
+db close
+file delete -force test.db
 
 sqlite3_test_control_pending_byte $old_pending_byte
 finish_test
