| blob | da28d56b1184a1a2a6e09dd6680e100de14991ac |
1 # SQLCipher
2 # codec.test developed by Stephen Lombardo (Zetetic LLC)
3 # sjlombardo at zetetic dot net
4 # http://zetetic.net
5 #
6 # Copyright (c) 2018, ZETETIC LLC
7 # Redistribution and use in source and binary forms, with or without
8 # modification, are permitted provided that the following conditions are met:
9 # * Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # * Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
14 # * Neither the name of the ZETETIC LLC nor the
15 # names of its contributors may be used to endorse or promote products
16 # derived from this software without specific prior written permission.
17 #
18 # THIS SOFTWARE IS PROVIDED BY ZETETIC LLC ''AS IS'' AND ANY
19 # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
21 # DISCLAIMED. IN NO EVENT SHALL ZETETIC LLC BE LIABLE FOR ANY
22 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
25 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
27 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #
29 # This file implements regression tests for SQLite library. The
30 # focus of this script is testing code cipher features.
31 #
32 # NOTE: tester.tcl has overridden the definition of sqlite3 to
33 # automatically pass in a key value. Thus tests in this file
34 # should explicitly close and open db with sqlite_orig in order
35 # to bypass default key assignment.
37 set testdir [file dirname $argv0]
38 source $testdir/tester.tcl
39 source $testdir/sqlcipher.tcl
41 # The database is initially empty.
42 # set an hex key create some basic data
43 # create table and insert operations should work
44 # close database, open it again with the same
45 # hex key. verify that the table is readable
46 # and the data just inserted is visible
47 setup test.db "\"x'98483C6EB40B6C31A448C22A66DED3B5E5E8D5119CAC8327B655C8B5C4836481'\""
48 do_test will-open-with-correct-raw-key {
49 sqlite_orig db test.db
50 execsql {
51 PRAGMA key = "x'98483C6EB40B6C31A448C22A66DED3B5E5E8D5119CAC8327B655C8B5C4836481'";
52 SELECT name FROM sqlite_schema WHERE type='table';
53 SELECT * from t1;
54 }
55 } {ok t1 test1 test2}
56 db close
57 file delete -force test.db
59 # set an encryption key (non-hex) and create some basic data
60 # create table and insert operations should work
61 # close database, open it again with the same
62 # key. verify that the table is readable
63 # and the data just inserted is visible
64 setup test.db "'testkey'"
65 do_test will-open-with-correct-derived-key {
67 sqlite_orig db test.db
68 execsql {
69 PRAGMA key = 'testkey';
70 SELECT name FROM sqlite_schema WHERE type='table';
71 SELECT * from t1;
72 }
73 } {ok t1 test1 test2}
74 db close
75 file delete -force test.db
77 # set an encryption key (non-hex) and create
78 # temp tables, verify you can read from
79 # sqlite_temp_master
80 setup test.db "'testkey'"
81 do_test test-temp-master {
82 sqlite_orig db test.db
83 execsql {
84 PRAGMA key = 'testkey';
85 CREATE TEMPORARY TABLE temp_t1(a,b);
86 INSERT INTO temp_t1(a,b) VALUES ('test1', 'test2');
87 SELECT name FROM sqlite_temp_master WHERE type='table';
88 SELECT * from temp_t1;
89 }
90 } {ok temp_t1 test1 test2}
91 db close
92 file delete -force test.db
94 # verify that a when a standard database is encrypted the first
95 # 16 bytes are not "SQLite format 3\0"
96 do_test test-sqlcipher-header-overwrite {
97 sqlite_orig db test.db
98 execsql {
99 PRAGMA key = 'test';
100 CREATE TABLE t1(a,b);
101 }
102 db close
103 set header [hexio_read test.db 0 16]
104 string equal $header "53514C69746520666F726D6174203300"
105 } {0}
106 file delete -force test.db
108 # open the database and try to read from it without
109 # providing a passphrase. verify that the
110 # an error is returned from the library
111 setup test.db "'testkey'"
112 do_test wont-open-without-key {
113 sqlite_orig db test.db
114 catchsql {
115 SELECT name FROM sqlite_schema WHERE type='table';
116 }
117 } {1 {file is not a database}}
118 db close
119 file delete -force test.db
121 # open the database and try to set an invalid
122 # passphrase. verify that an error is returned
123 # and that data couldn't be read
124 setup test.db "'testkey'"
125 do_test wont-open-with-invalid-derived-key {
126 sqlite_orig db test.db
127 catchsql {
128 PRAGMA key = 'testkey2';
129 SELECT name FROM sqlite_schema WHERE type='table';
130 }
131 } {1 {file is not a database}}
132 db close
133 file delete -force test.db
135 # open the database and try to set an invalid
136 # hex key. verify that an error is returned
137 # and that data couldn't be read
138 setup test.db "'testkey'"
139 do_test wont-open-with-invalid-raw-key {
140 sqlite_orig db test.db
141 catchsql {
142 PRAGMA key = "x'98483C6EB40B6C31A448C22A66DED3B5E5E8D5119CAC8327B655C8B5C4836480'";
143 SELECT name FROM sqlite_schema WHERE type='table';
144 }
145 } {1 {file is not a database}}
146 db close
147 file delete -force test.db
149 # test a large number of inserts in a transaction to a memory database
150 do_test memory-database {
151 sqlite_orig db :memory:
152 execsql {
153 PRAGMA key = 'testkey3';
154 BEGIN;
155 CREATE TABLE t2(a,b);
156 }
157 for {set i 1} {$i<=25000} {incr i} {
158 set r [expr {int(rand()*500000)}]
159 execsql "INSERT INTO t2 VALUES($i,$r);"
160 }
161 execsql {
162 COMMIT;
163 SELECT count(*) FROM t2;
164 DELETE FROM t2;
165 SELECT count(*) FROM t2;
166 }
167 } {25000 0}
168 db close
170 # test a large number of inserts in a transaction for multiple pages
171 do_test multi-page-database {
172 sqlite_orig db test.db
173 execsql {
174 PRAGMA key = 'testkey';
175 CREATE TABLE t2(a,b);
176 BEGIN;
177 }
178 for {set i 1} {$i<=25000} {incr i} {
179 set r [expr {int(rand()*500000)}]
180 execsql "INSERT INTO t2 VALUES($i,$r);"
181 }
182 execsql {
183 COMMIT;
184 SELECT count(*) FROM t2;
185 }
186 } {25000}
187 db close
188 file delete -force test.db
190 # attach an encrypted database
191 # without specifying key, verify it fails
192 # even if the source passwords are the same
193 # because the kdf salts are different
194 setup test.db "'testkey'"
195 do_test attach-database-with-default-key {
196 sqlite_orig db2 test2.db
197 execsql {
198 PRAGMA key = 'testkey';
199 PRAGMA cipher_add_random = "x'deadbaad'";
200 CREATE TABLE t2(a,b);
201 INSERT INTO t2 VALUES ('test1', 'test2');
202 } db2
204 lappend rc [catchsql {
205 ATTACH 'test.db' AS db;
206 } db2]
208 lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
210 } {{1 {file is not a database}} 0}
211 db2 close
212 file delete -force test.db
213 file delete -force test2.db
215 # attach an empty encrypted database
216 # without specifying key, verify the database has the same
217 # salt and as the original
218 setup test.db "'testkey'"
219 do_test attach-empty-database-with-default-key {
220 sqlite_orig db test.db
221 set rc {}
223 execsql {
224 PRAGMA key='testkey';
225 INSERT INTO t1(a,b) values (1,2);
226 ATTACH DATABASE 'test2.db' AS test;
227 CREATE TABLE test.t1(a,b);
228 INSERT INTO test.t1 SELECT * FROM t1;
229 DETACH DATABASE test;
230 }
232 sqlite_orig db2 test2.db
234 lappend rc [execsql {
235 PRAGMA key='testkey';
236 SELECT count(*) FROM t1;
237 } db2]
238 lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
239 } {{ok 2} 1}
240 db close
241 db2 close
242 file delete -force test.db
243 file delete -force test2.db
245 # attach an empty encrypted database as the first op
246 # on a keyed database and verify different
247 # salts but same keys (because derivation of the key spec
248 # has not occured yet)
249 setup test.db "'testkey'"
250 do_test attach-empty-database-with-default-key-first-op {
251 sqlite_orig db test.db
252 set rc {}
254 execsql {
255 PRAGMA key='testkey';
256 ATTACH DATABASE 'test2.db' AS test;
257 CREATE TABLE test.t1(a,b);
258 INSERT INTO test.t1 SELECT * FROM t1;
259 DETACH DATABASE test;
260 }
262 sqlite_orig db2 test2.db
264 lappend rc [execsql {
265 PRAGMA key='testkey';
266 SELECT count(*) FROM t1;
267 } db2]
269 lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
270 } {{ok 1} 0}
271 db close
272 db2 close
273 file delete -force test.db
274 file delete -force test2.db
276 # attach an empty encrypted database
277 # on a keyed database when PRAGMA cipher_store_pass = 1
278 # and verify different salts
279 setup test.db "'testkey'"
280 do_test attach-empty-database-with-cipher-store-pass {
281 sqlite_orig db test.db
282 set rc {}
284 execsql {
285 PRAGMA key='testkey';
286 PRAGMA cipher_store_pass = 1;
287 INSERT INTO t1(a,b) VALUES (1,2);
288 ATTACH DATABASE 'test2.db' AS test;
289 CREATE TABLE test.t1(a,b);
290 INSERT INTO test.t1 SELECT * FROM t1;
291 DETACH DATABASE test;
292 }
294 sqlite_orig db2 test2.db
296 lappend rc [execsql {
297 PRAGMA key='testkey';
298 SELECT count(*) FROM t1;
299 } db2]
300 lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
301 } {{ok 2} 0}
302 db close
303 db2 close
304 file delete -force test.db
305 file delete -force test2.db
307 # attach an encrypted database
308 # without specifying key, verify it attaches
309 # correctly when PRAGMA cipher_store_pass = 1
310 # is set
311 do_test attach-database-with-default-key-using-cipher-store-pass {
312 sqlite_orig db1 test.db
313 execsql {
314 PRAGMA key = 'testkey';
315 CREATE TABLE t1(a,b);
316 INSERT INTO t1(a,b) VALUES('foo', 'bar');
317 } db1
318 db1 close
320 sqlite_orig db2 test2.db
321 execsql {
322 PRAGMA key = 'testkey';
323 CREATE TABLE t2(a,b);
324 INSERT INTO t2 VALUES ('test1', 'test2');
325 } db2
326 db2 close
328 sqlite_orig db1 test.db
329 execsql {
330 PRAGMA key = 'testkey';
331 PRAGMA cipher_store_pass = 1;
332 ATTACH DATABASE 'test2.db' as db2;
333 SELECT sqlcipher_export('db2');
334 DETACH DATABASE db2;
335 } db1
336 db1 close
338 sqlite_orig db2 test2.db
339 execsql {
340 PRAGMA key = 'testkey';
341 SELECT * FROM t1;
342 } db2
344 } {ok foo bar}
345 db2 close
346 file delete -force test.db
347 file delete -force test2.db
349 # attach an encrypted database
350 # where both database have the same
351 # key explicitly and verify they have different
352 # salt values
353 setup test.db "'testkey'"
354 do_test attach-database-with-same-key {
355 sqlite_orig db2 test2.db
357 set rc {}
359 execsql {
360 PRAGMA key = 'testkey';
361 CREATE TABLE t2(a,b);
362 INSERT INTO t2 VALUES ('test1', 'test2');
363 } db2
365 lappend rc [execsql {
366 SELECT count(*) FROM t2;
367 ATTACH 'test.db' AS db KEY 'testkey';
368 SELECT count(*) FROM db.t1;
369 } db2]
371 lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
372 } {{1 1} 0}
373 db2 close
374 file delete -force test.db
375 file delete -force test2.db
377 # attach an encrypted database
378 # where databases have different keys
379 setup test.db "'testkey'"
380 do_test attach-database-with-different-keys {
381 sqlite_orig db2 test2.db
383 execsql {
384 PRAGMA key = 'testkey2';
385 CREATE TABLE t2(a,b);
386 INSERT INTO t2 VALUES ('test1', 'test2');
387 } db2
389 execsql {
390 ATTACH 'test.db' AS db KEY 'testkey';
391 SELECT count(*) FROM db.t1;
392 SELECT count(*) FROM t2;
393 } db2
395 } {1 1}
396 db2 close
397 file delete -force test.db
398 file delete -force test2.db
400 # test locking across multiple handles
401 setup test.db "'testkey'"
402 do_test locking-across-multiple-handles-start {
403 sqlite_orig db test.db
405 execsql {
406 PRAGMA key = 'testkey';
407 BEGIN EXCLUSIVE;
408 INSERT INTO t1 VALUES(1,2);
409 }
411 sqlite_orig dba test.db
412 catchsql {
413 PRAGMA key = 'testkey';
414 SELECT count(*) FROM t1;
415 } dba
417 } {1 {database is locked}}
419 do_test locking-accross-multiple-handles-finish {
420 execsql {
421 COMMIT;
422 }
424 execsql {
425 SELECT count(*) FROM t1;
426 } dba
427 } {2}
428 db close
429 dba close
430 file delete -force test.db
432 # alter schema
433 setup test.db "'testkey'"
434 do_test alter-schema {
435 sqlite_orig db test.db
436 execsql {
437 PRAGMA key = 'testkey';
438 ALTER TABLE t1 ADD COLUMN c;
439 INSERT INTO t1 VALUES (1,2,3);
440 INSERT INTO t1 VALUES (1,2,4);
441 CREATE TABLE t1a (a);
442 INSERT INTO t1a VALUES ('teststring');
443 }
444 db close
446 sqlite_orig db test.db
447 execsql {
448 PRAGMA key = 'testkey';
449 SELECT count(*) FROM t1 WHERE a IS NOT NULL;
450 SELECT count(*) FROM t1 WHERE c IS NOT NULL;
451 SELECT * FROM t1a;
452 }
454 } {ok 3 2 teststring}
455 db close
456 file delete -force test.db
458 # test alterations of KDF iterations and ciphers
459 # rekey then add
460 setup test.db "'testkey'"
461 do_test verify-errors-for-rekey-kdf-and-cipher-changes {
462 sqlite_orig db test.db
463 execsql {
464 PRAGMA key = 'testkey';
465 PRAGMA rekey_kdf_iter = 1000;
466 PRAGMA rekey_cipher = 'aes-256-ecb';
467 }
468 } {ok {PRAGMA rekey_kdf_iter is no longer supported.} {PRAGMA rekey_cipher is no longer supported.}}
469 db close
470 file delete -force test.db
473 setup test.db "'testkey'"
474 do_test verify-errors-for-cipher-change {
475 sqlite_orig db test.db
476 execsql {
477 PRAGMA key = 'testkey';
478 PRAGMA cipher = 'aes-256-ecb';
479 }
480 } {ok {PRAGMA cipher is no longer supported.}}
481 db close
482 file delete -force test.db
485 # 1. create a database with a custom page size,
486 # 2. create table and insert operations should work
487 # 3. close database, open it again with the same
488 # key and page size
489 # 4. verify that the table is readable
490 # and the data just inserted is visible
491 do_test custom-pagesize {
492 sqlite_orig db test.db
494 execsql {
495 PRAGMA key = 'testkey';
496 PRAGMA cipher_page_size = 8192;
497 CREATE table t1(a,b);
498 BEGIN;
499 }
501 for {set i 1} {$i<=1000} {incr i} {
502 set r [expr {int(rand()*500000)}]
503 execsql "INSERT INTO t1 VALUES($i,'value $r');"
504 }
506 execsql {
507 COMMIT;
508 }
510 db close
511 sqlite_orig db test.db
513 execsql {
514 PRAGMA key = 'testkey';
515 PRAGMA cipher_page_size = 8192;
516 SELECT count(*) FROM t1;
517 }
519 } {ok 1000}
520 db close
522 # open the database with the default page size
523 ## and verfiy that it is not readable
524 do_test custom-pagesize-must-match {
525 sqlite_orig db test.db
526 catchsql {
527 PRAGMA key = 'testkey';
528 SELECT name FROM sqlite_schema WHERE type='table';
529 }
530 } {1 {file is not a database}}
531 db close
532 file delete -force test.db
535 # 1. create a database with WAL journal mode
536 # 2. create table and insert operations should work
537 # 3. close database, open it again
538 # 4. verify that the table is present, readable, and that
539 # the journal mode is WAL
540 do_test journal-mode-wal {
541 sqlite_orig db test.db
543 execsql {
544 PRAGMA key = 'testkey';
545 PRAGMA journal_mode = WAL;
546 CREATE table t1(a,b);
547 BEGIN;
548 }
550 for {set i 1} {$i<=1000} {incr i} {
551 set r [expr {int(rand()*500000)}]
552 execsql "INSERT INTO t1 VALUES($i,'value $r');"
553 }
555 execsql {
556 COMMIT;
557 }
559 db close
560 sqlite_orig db test.db
562 execsql {
563 PRAGMA key = 'testkey';
564 SELECT count(*) FROM t1;
565 PRAGMA journal_mode;
566 }
568 } {ok 1000 wal}
569 db close
570 file delete -force test.db
572 setup test.db "'testkey'"
573 do_test multiple-key-calls-safe-1 {
574 sqlite_orig db test.db
575 execsql {
576 PRAGMA key = 'testkey';
577 PRAGMA cache_size = 0;
578 SELECT name FROM sqlite_schema WHERE type='table';
579 }
580 } {ok t1}
582 do_test multiple-key-calls-safe-2 {
583 catchsql {
584 PRAGMA key = 'wrong key';
585 SELECT name FROM sqlite_schema WHERE type='table';
586 }
587 } {1 {file is not a database}}
589 do_test multiple-key-calls-safe-3 {
590 execsql {
591 PRAGMA key = 'testkey';
592 SELECT name FROM sqlite_schema WHERE type='table';
593 }
594 } {ok t1}
596 db close
597 file delete -force test.db
599 # 1. create a database with a custom hmac kdf iteration count,
600 # 2. create table and insert operations should work
601 # 3. close database, open it again with the same
602 # key and hmac kdf iteration count
603 # 4. verify that the table is readable
604 # and the data just inserted is visible
605 do_test custom-hmac-kdf-iter {
606 sqlite_orig db test.db
608 execsql {
609 PRAGMA key = 'testkey';
610 PRAGMA kdf_iter = 10;
611 CREATE table t1(a,b);
612 BEGIN;
613 }
615 for {set i 1} {$i<=1000} {incr i} {
616 set r [expr {int(rand()*500000)}]
617 execsql "INSERT INTO t1 VALUES($i,'value $r');"
618 }
620 execsql {
621 COMMIT;
622 }
624 db close
625 sqlite_orig db test.db
627 execsql {
628 PRAGMA key = 'testkey';
629 PRAGMA kdf_iter = 10;
630 SELECT count(*) FROM t1;
631 }
633 } {ok 1000}
634 db close
636 # open the database with the default hmac
637 # kdf iteration count
638 # to verify that it is not readable
639 do_test custom-hmac-kdf-iter-must-match {
640 sqlite_orig db test.db
641 catchsql {
642 PRAGMA key = 'testkey';
643 SELECT name FROM sqlite_schema WHERE type='table';
644 }
645 } {1 {file is not a database}}
646 db close
647 file delete -force test.db
649 # open the database and turn on auto_vacuum
650 # then insert a bunch of data, delete it
651 # and verify that the file has become smaller
652 # but can still be opened with the proper
653 # key
654 do_test auto-vacuum {
655 sqlite_orig db test.db
656 set rc {}
658 execsql {
659 PRAGMA key = 'testkey';
660 PRAGMA auto_vacuum=FULL;
661 CREATE table t1(a,b);
662 BEGIN;
663 }
665 for {set i 1} {$i<=10000} {incr i} {
666 set r [expr {int(rand()*500000)}]
667 execsql "INSERT INTO t1 VALUES($i,'value $r');"
668 }
670 lappend rc [execsql {
671 COMMIT;
672 SELECT count(*) FROM t1;
673 }]
675 # grab current size of file
676 set sz [file size test.db]
678 # delete some records, and verify
679 # autovacuum removes them
680 execsql {
681 DELETE FROM t1 WHERE rowid > 5000;
682 }
684 db close
686 # grab new file size, post
687 # autovacuum
688 set sz2 [file size test.db]
690 # verify that the new size is
691 # smaller than the old size
692 if {$sz > $sz2} { lappend rc true }
694 sqlite_orig db test.db
696 lappend rc [execsql {
697 PRAGMA key = 'testkey';
698 SELECT count(*) FROM t1;
699 }]
701 } {10000 true {ok 5000}}
702 db close
703 file delete -force test.db
705 # test kdf_iter and other pragmas
706 # before a key is set. Verify that they
707 # are no-ops
708 do_test cipher-options-before-keys {
709 sqlite_orig db test.db
711 execsql {
712 PRAGMA kdf_iter = 1000;
713 PRAGMA cipher_page_size = 8192;
714 PRAGMA cipher_use_hmac = OFF;
715 PRAGMA key = 'testkey';
716 CREATE table t1(a,b);
717 INSERT INTO t1 VALUES(1,2);
718 }
719 db close
721 sqlite_orig db test.db
723 execsql {
724 PRAGMA key = 'testkey';
725 SELECT count(*) FROM t1;
726 }
728 } {ok 1}
729 db close
730 file delete -force test.db
732 # verify memory security behavior
733 # initially should report OFF
734 # then enable, check that it is ON
735 # try to turn if off, but verify that it
736 # can't be unset.
737 do_test verify-memory-security {
738 sqlite_orig db test.db
739 execsql {
740 PRAGMA cipher_memory_security;
741 PRAGMA cipher_memory_security = ON;
742 PRAGMA cipher_memory_security;
743 PRAGMA cipher_memory_security = OFF;
744 PRAGMA cipher_memory_security;
745 }
746 } {0 1 1}
747 db close
748 file delete -force test.db
750 # create two new database files, write to each
751 # and verify that they have different (i.e. random)
752 # salt values
753 do_test test-random-salt {
754 sqlite_orig db test.db
755 sqlite_orig db2 test2.db
756 execsql {
757 PRAGMA key = 'test';
758 CREATE TABLE t1(a,b);
759 INSERT INTO t1(a,b) VALUES (1,2);
760 }
761 execsql {
762 PRAGMA key = 'test';
763 CREATE TABLE t1(a,b);
764 INSERT INTO t1(a,b) VALUES (1,2);
765 } db2
766 db close
767 db2 close
768 string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]
769 } {0}
770 file delete -force test.db
771 file delete -force test2.db
773 # test scenario where multiple handles are opened
774 # to a file that does not exist, where both handles
775 # use the same key
776 do_test multiple-handles-same-key-and-salt {
777 sqlite_orig db test.db
778 sqlite_orig dba test.db
780 execsql {
781 PRAGMA key = 'testkey';
782 }
783 execsql {
784 PRAGMA key = 'testkey';
785 } dba
787 execsql {
788 CREATE TABLE t1(a,b);
789 INSERT INTO t1 VALUES(1,2);
790 }
792 execsql {
793 SELECT count(*) FROM t1;
794 }
795 execsql {
796 SELECT count(*) FROM t1;
797 } dba
799 } {1}
800 db close
801 dba close
802 file delete -force test.db
804 do_test test_flags_fail_encrypt {
805 sqlite_orig db :memory:
806 execsql {
807 PRAGMA cipher_test;
808 PRAGMA cipher_test_on = fail_encrypt;
809 PRAGMA cipher_test;
810 PRAGMA cipher_test_off = fail_encrypt;
811 PRAGMA cipher_test;
812 }
813 } {0 1 0}
814 db close
816 do_test test_flags_fail_decrypt {
817 sqlite_orig db :memory:
818 execsql {
819 PRAGMA cipher_test;
820 PRAGMA cipher_test_on = fail_decrypt;
821 PRAGMA cipher_test;
822 PRAGMA cipher_test_off = fail_decrypt;
823 PRAGMA cipher_test;
824 }
825 } {0 2 0}
826 db close
828 do_test test_flags_fail_migrate {
829 sqlite_orig db :memory:
830 execsql {
831 PRAGMA cipher_test;
832 PRAGMA cipher_test_on = fail_migrate;
833 PRAGMA cipher_test;
834 PRAGMA cipher_test_off = fail_migrate;
835 PRAGMA cipher_test;
836 }
837 } {0 4 0}
838 db close
840 do_test test_flags_combo {
841 sqlite_orig db :memory:
842 execsql {
843 PRAGMA cipher_test;
844 PRAGMA cipher_test_on = fail_encrypt;
845 PRAGMA cipher_test_on = fail_migrate;
846 PRAGMA cipher_test;
847 PRAGMA cipher_test_off = fail_encrypt;
848 PRAGMA cipher_test_off = fail_migrate;
849 PRAGMA cipher_test;
850 }
851 } {0 5 0}
852 db close
854 # configure URI filename support
855 # create a new encrypted database with the key via parameter
856 # close database
857 # open normally providing key via pragma verify
858 # correct key works
859 sqlite3_shutdown
860 sqlite3_config_uri 1
861 do_test uri-key {
862 sqlite_orig db file:test.db?a=a&key=testkey&c=c
864 execsql {
865 CREATE TABLE t1(a,b);
866 INSERT INTO t1 VALUES(1,2);
867 }
869 db close
870 sqlite_orig db test.db
872 catchsql {
873 PRAGMA key = 'testkey';
874 SELECT count(*) FROM t1;
875 }
877 db close
878 sqlite_orig db test.db
880 execsql {
881 PRAGMA key = 'testkey';
882 SELECT count(*) FROM t1;
883 }
885 } {ok 1}
886 db close
888 # verify wrong key fails
889 do_test uri-key-2 {
890 sqlite_orig db test.db
891 catchsql {
892 PRAGMA key = 'test';
893 SELECT count(*) FROM t1;
894 }
895 } {1 {file is not a database}}
896 db close
897 file delete -force test.db
898 sqlite3_shutdown
899 sqlite3_config_uri 0
901 finish_test