From 564d54ec5ea125176a6d02f8daba4f9116ef6053 Mon Sep 17 00:00:00 2001 From: Martin Kleusberg Date: Mon, 25 Mar 2019 18:49:19 +0100 Subject: [PATCH] Use cipher_default_* PRAGMAs when attaching an encrypted database When attaching an SQLCipher encrypted database we need to set the page size, KDF iterations, and HMAC and KDF algorithms. This needs to be done before actually attaching the database but we tried to do it afterwards which silently fails until the first statement is executed on the attached database. This commit modifies the "default" values for these pragmas in order to make sure SQLCipher uses the correct values right at the beginning. See issue #1799. --- src/sqlitedb.cpp | 52 +++++++++++++++++++++++++----------------------- 1 file changed, 27 insertions(+), 25 deletions(-) diff --git a/src/sqlitedb.cpp b/src/sqlitedb.cpp index f6fb4bf2..5363881e 100644 --- a/src/sqlitedb.cpp +++ b/src/sqlitedb.cpp @@ -252,37 +252,39 @@ bool DBBrowserDB::attach(const QString& filePath, QString attach_as) else key = "KEY ''"; + // Only apply cipher settings if the database is encrypted + if(cipherSettings && is_encrypted) + { + if(!executeSQL(QString("PRAGMA cipher_default_page_size = %1").arg(cipherSettings->getPageSize()), false)) + { + QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); + return false; + } + if(!executeSQL(QString("PRAGMA cipher_default_kdf_iter = %1").arg(cipherSettings->getKdfIterations()), false)) + { + QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); + return false; + } + if(!executeSQL(QString("PRAGMA cipher_hmac_algorithm = %1").arg(cipherSettings->getHmacAlgorithm()), false)) + { + QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); + return false; + } + if(!executeSQL(QString("PRAGMA cipher_kdf_algorithm = %1").arg(cipherSettings->getKdfAlgorithm()), false)) + { + QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); + return false; + } + } + if(!executeSQL(QString("ATTACH '%1' AS %2 %3").arg(filePath).arg(sqlb::escapeIdentifier(attach_as)).arg(key), false)) { QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); return false; } - // Only apply cipher settings if the database is encrypted - if(cipherSettings && is_encrypted) - { - if(!executeSQL(QString("PRAGMA %1.cipher_page_size = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getPageSize()), false)) - { - QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); - return false; - } - if(!executeSQL(QString("PRAGMA %1.kdf_iter = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getKdfIterations()), false)) - { - QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); - return false; - } - if(!executeSQL(QString("PRAGMA %1.cipher_hmac_algorithm = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getHmacAlgorithm()), false)) - { - QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); - return false; - } - if(!executeSQL(QString("PRAGMA %1.cipher_kdf_algorithm = %2").arg(sqlb::escapeIdentifier(attach_as)).arg(cipherSettings->getKdfAlgorithm()), false)) - { - QMessageBox::warning(nullptr, qApp->applicationName(), lastErrorMessage); - return false; - } - delete cipherSettings; - } + // Clean up cipher settings + delete cipherSettings; #else // Attach database if(!executeSQL(QString("ATTACH '%1' AS %2").arg(filePath).arg(sqlb::escapeIdentifier(attach_as)), false))