raise error when trying to rekey unencrypted database, or use an empty key

sjlombardo · sjlombardo · commit 48ae31693ab3 · 2023-08-16T14:52:46.000-04:00
diff --git a/src/crypto.c b/src/crypto.c
@@ -971,7 +971,7 @@ int sqlite3_rekey_v2(sqlite3 *db, const char *zDb, const void *pKey, int nKey) {
       if(ctx == NULL) { 
         /* there was no codec attached to this database, so this should do nothing! */ 
         sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3_rekey_v2: no codec attached to db, exiting");
-        return SQLITE_OK;
+        return SQLITE_MISUSE;
       }
 
       sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlite3_rekey_v2: entering database mutex %p", db->mutex);
diff --git a/src/pragma.c b/src/pragma.c
@@ -2621,6 +2621,12 @@ void sqlite3Pragma(
         sqlite3VdbeSetNumCols(v, 1);
         sqlite3VdbeSetColName(v, 0, COLNAME_NAME, "ok", SQLITE_STATIC);
         returnSingleText(v, "ok");
+      } else {
+        sqlite3ErrorMsg(pParse, "An error occurred with PRAGMA key or rekey. "
+                                "PRAGMA key requires a key of one or more characters. "
+                                "PRAGMA rekey can only be run on an existing encrypted database. "
+                                "Use sqlcipher_export() and ATTACH to convert encrypted/plaintext databases.");
+        goto pragma_out;
       }
     }
     break;
diff --git a/test/sqlcipher-core.test b/test/sqlcipher-core.test
@@ -877,6 +877,19 @@ do_test test_flags_combo {
 } {0 5 0}
 db close
 
+# test empty key
+# it should raise an error
+do_test empty-key {
+  sqlite_orig db test.db
+
+  catchsql {
+    PRAGMA key = '';
+  }
+
+} {1 {An error occurred with PRAGMA key or rekey. PRAGMA key requires a key of one or more characters. PRAGMA rekey can only be run on an existing encrypted database. Use sqlcipher_export() and ATTACH to convert encrypted/plaintext databases.}}
+db close
+file delete -force test.db
+
 # configure URI filename support
 # create a new encrypted database with the key via parameter
 # close database
diff --git a/test/sqlcipher-rekey.test b/test/sqlcipher-rekey.test
@@ -38,72 +38,20 @@ set testdir [file dirname $argv0]
 source $testdir/tester.tcl
 source $testdir/sqlcipher.tcl
 
-# Test rekey as first operation on an empty database. should be a no-op
-do_test rekey-as-first-op {
+# Test rekey as first operation on an empty database
+# it should raise an error
+do_test rekey-as-first-op-on-empty {
   sqlite_orig db test.db
 
-  execsql {
+  catchsql {
     PRAGMA rekey = 'testkey';
-    CREATE table t1(a,b);
-    BEGIN;
-  }
-
-  for {set i 1} {$i<=100} {incr i} {
-    set r [expr {int(rand()*500000)}]
-    execsql "INSERT INTO t1 VALUES($i,'value $r');" 
   }
 
-  execsql {
-    COMMIT;
-  } 
-
-  db close
-  sqlite_orig db test.db
-
-  execsql {
-    PRAGMA rekey = 'testkey';
-    SELECT count(*) FROM t1;
-  }
-
-} {ok 100}
+} {1 {An error occurred with PRAGMA key or rekey. PRAGMA key requires a key of one or more characters. PRAGMA rekey can only be run on an existing encrypted database. Use sqlcipher_export() and ATTACH to convert encrypted/plaintext databases.}}
 db close
 file delete -force test.db
 
-# Test rekey as first operation follwed by key
-do_test rekey-then-key-as-first-ops {
-  sqlite_orig db test.db
-
-  execsql {
-    PRAGMA rekey = '1234';
-    PRAGMA key = 'testkey';
-    CREATE table t1(a,b);
-    BEGIN;
-  }
-
-  for {set i 1} {$i<=100} {incr i} {
-    set r [expr {int(rand()*500000)}]
-    execsql "INSERT INTO t1 VALUES($i,'value $r');" 
-  }
-
-  execsql {
-    COMMIT;
-  } 
-
-  db close
-  sqlite_orig db test.db
-
-  execsql {
-    PRAGMA rekey = '4321';
-    PRAGMA key = 'testkey';
-    SELECT count(*) FROM t1;
-  }
-
-} {ok ok 100}
-db close
-file delete -force test.db
-
-
-# test a rekey operation as the first op on a database
+# test a rekey operation as the first op on an existing database
 # then test that now the new key opens the database
 # now close database re-open with new key
 setup test.db "'testkey'"

Original file line number	Diff line number	Diff line change
`@@ -971,7 +971,7 @@ int sqlite3_rekey_v2(sqlite3 db, const char zDb, const void *pKey, int nKey) {`
`971`	`971`	`if(ctx == NULL) {`
`972`	`972`	`/* there was no codec attached to this database, so this should do nothing! */`
`973`	`973`	`sqlcipher_log(SQLCIPHER_LOG_ERROR, "sqlite3_rekey_v2: no codec attached to db, exiting");`
`974`		`- return SQLITE_OK;`
	`974`	`+ return SQLITE_MISUSE;`
`975`	`975`	`}`
`976`	`976`
`977`	`977`	`sqlcipher_log(SQLCIPHER_LOG_TRACE, "sqlite3_rekey_v2: entering database mutex %p", db->mutex);`
Original file line number	Diff line number	Diff line change
`@@ -2621,6 +2621,12 @@ void sqlite3Pragma(`
`2621`	`2621`	`sqlite3VdbeSetNumCols(v, 1);`
`2622`	`2622`	`sqlite3VdbeSetColName(v, 0, COLNAME_NAME, "ok", SQLITE_STATIC);`
`2623`	`2623`	`returnSingleText(v, "ok");`
	`2624`	`+ } else {`
	`2625`	`+ sqlite3ErrorMsg(pParse, "An error occurred with PRAGMA key or rekey. "`
	`2626`	`+ "PRAGMA key requires a key of one or more characters. "`
	`2627`	`+ "PRAGMA rekey can only be run on an existing encrypted database. "`
	`2628`	`+ "Use sqlcipher_export() and ATTACH to convert encrypted/plaintext databases.");`
	`2629`	`+ goto pragma_out;`
`2624`	`2630`	`}`
`2625`	`2631`	`}`
`2626`	`2632`	`break;`