Skip to content

Commit 42e655b

Browse files
sjlombardosjlombardo
committed
normalize attach behavior when key is not yet derived
1 parent e72b34b commit 42e655b

2 files changed

Lines changed: 67 additions & 3 deletions

File tree

src/crypto.c

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -813,10 +813,12 @@ void sqlite3CodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) {
813813
codec_ctx *ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
814814

815815
if(ctx) {
816-
if(sqlcipher_codec_get_store_pass(ctx) == 1) {
816+
/* pass back the keyspec from the codec, unless PRAGMA cipher_store_pass
817+
is set or keyspec has not yet been derived, in which case pass
818+
back the password key material */
819+
sqlcipher_codec_get_keyspec(ctx, zKey, nKey);
820+
if(sqlcipher_codec_get_store_pass(ctx) == 1 || *zKey == NULL) {
817821
sqlcipher_codec_get_pass(ctx, zKey, nKey);
818-
} else {
819-
sqlcipher_codec_get_keyspec(ctx, zKey, nKey);
820822
}
821823
} else {
822824
*zKey = NULL;

test/sqlcipher-core.test

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,68 @@ db2 close
225225
file delete -force test.db
226226
file delete -force test2.db
227227

228+
# attach an empty encrypted database as the first op
229+
# on a keyed database and verify different
230+
# salts but same keys (because derivation of the key spec
231+
# has not occured yet)
232+
setup test.db "'testkey'"
233+
do_test attach-empty-database-with-default-key-first-op {
234+
sqlite_orig db test.db
235+
set rc {}
236+
237+
execsql {
238+
PRAGMA key='testkey';
239+
ATTACH DATABASE 'test2.db' AS test;
240+
CREATE TABLE test.t1(a,b);
241+
INSERT INTO test.t1 SELECT * FROM t1;
242+
DETACH DATABASE test;
243+
}
244+
245+
sqlite_orig db2 test2.db
246+
247+
lappend rc [execsql {
248+
PRAGMA key='testkey';
249+
SELECT count(*) FROM t1;
250+
} db2]
251+
252+
lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
253+
} {1 0}
254+
db close
255+
db2 close
256+
file delete -force test.db
257+
file delete -force test2.db
258+
259+
# attach an empty encrypted database
260+
# on a keyed database when PRAGMA cipher_store_pass = 1
261+
# and verify different salts
262+
setup test.db "'testkey'"
263+
do_test attach-empty-database-with-cipher-store-pass {
264+
sqlite_orig db test.db
265+
set rc {}
266+
267+
execsql {
268+
PRAGMA key='testkey';
269+
PRAGMA cipher_store_pass = 1;
270+
INSERT INTO t1(a,b) VALUES (1,2);
271+
ATTACH DATABASE 'test2.db' AS test;
272+
CREATE TABLE test.t1(a,b);
273+
INSERT INTO test.t1 SELECT * FROM t1;
274+
DETACH DATABASE test;
275+
}
276+
277+
sqlite_orig db2 test2.db
278+
279+
lappend rc [execsql {
280+
PRAGMA key='testkey';
281+
SELECT count(*) FROM t1;
282+
} db2]
283+
lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
284+
} {2 0}
285+
db close
286+
db2 close
287+
file delete -force test.db
288+
file delete -force test2.db
289+
228290
# attach an encrypted database
229291
# without specifying key, verify it attaches
230292
# correctly when PRAGMA cipher_store_pass = 1

0 commit comments

Comments
 (0)