Merge pull request #1089 from shiena/sqlcipher/setrekey

praeclarum · web-flow · commit e79dd0e0d4ea · 2024-03-27T14:40:25.000-07:00
Add SetReKey for SQLCipher
diff --git a/src/SQLite.cs b/src/SQLite.cs
@@ -462,7 +462,7 @@ static string Quote (string unsafeString)
 		/// if your database is encrypted.
 		/// This only has an effect if you are using the SQLCipher nuget package.
 		/// </summary>
-		/// <param name="key">Ecryption key plain text that is converted to the real encryption key using PBKDF2 key derivation</param>
+		/// <param name="key">Encryption key plain text that is converted to the real encryption key using PBKDF2 key derivation</param>
 		void SetKey (string key)
 		{
 			if (key == null)
@@ -477,7 +477,7 @@ void SetKey (string key)
 		/// if your database is encrypted.
 		/// This only has an effect if you are using the SQLCipher nuget package.
 		/// </summary>
-		/// <param name="key">256-bit (32 byte) ecryption key data</param>
+		/// <param name="key">256-bit (32 byte) encryption key data</param>
 		void SetKey (byte[] key)
 		{
 			if (key == null)
@@ -488,6 +488,32 @@ void SetKey (byte[] key)
 			ExecuteScalar<string> ("pragma key = \"x'" + s + "'\"");
 		}
 
+		/// <summary>
+		/// Change the encryption key for a SQLCipher database with "pragma rekey = ...".
+		/// </summary>
+		/// <param name="key">Encryption key plain text that is converted to the real encryption key using PBKDF2 key derivation</param>
+		public void SetReKey (string key)
+		{
+			if (key == null)
+				throw new ArgumentNullException(nameof(key));
+			var q = Quote(key);
+			ExecuteScalar<string>("pragma rekey = " + q);
+		}
+
+		/// <summary>
+		/// Change the encryption key for a SQLCipher database.
+		/// </summary>
+		/// <param name="key">256-bit (32 byte) or 384-bit (48 bytes) encryption key data</param>
+		public void SetReKey (byte[] key)
+		{
+			if (key == null)
+				throw new ArgumentNullException(nameof(key));
+			if (key.Length != 32 && key.Length != 48)
+				throw new ArgumentException ("Key must be 32 bytes (256-bit) or 48 bytes (384-bit)", nameof (key));
+			var s = String.Join("", key.Select(x => x.ToString("X2")));
+			ExecuteScalar<string>("pragma rekey = \"x'" + s + "'\"");
+		}
+
 		/// <summary>
 		/// Enable or disable extension loading.
 		/// </summary>
diff --git a/tests/SQLite.Tests/SQLCipherTest.cs b/tests/SQLite.Tests/SQLCipherTest.cs
@@ -148,5 +148,71 @@ public void CheckJournalModeForNonKeyed ()
 				Assert.AreEqual ("wal", db.ExecuteScalar<string> ("PRAGMA journal_mode;"));
 			}
 		}
+
+		[Test]
+		public void ResetStringKey ()
+		{
+			string path;
+
+			var key = "SecretPassword";
+			var reKey = "SecretKey";
+
+			using (var db = new TestDb (key: key)) {
+				db.SetReKey (reKey);
+				path = db.DatabasePath;
+
+				db.CreateTable<TestTable> ();
+				db.Insert (new TestTable { Value = "Hello" });
+			}
+
+			using (var db = new TestDb (path, key: reKey)) {
+				var r = db.Table<TestTable> ().First ();
+
+				Assert.AreEqual ("Hello", r.Value);
+			}
+		}
+
+		[Test]
+		public void ResetByteKey ()
+		{
+			string path;
+
+			var rand = new Random ();
+			var key = new byte[32];
+			rand.NextBytes (key);
+			var reKey = new byte[32];
+			rand.NextBytes (reKey);
+
+			using (var db = new TestDb (key: key)) {
+				db.SetReKey (reKey);
+				path = db.DatabasePath;
+
+				db.CreateTable<TestTable> ();
+				db.Insert (new TestTable { Value = "Hello" });
+			}
+
+			using (var db = new TestDb (path, key: reKey)) {
+				var r = db.Table<TestTable> ().First ();
+
+				Assert.AreEqual ("Hello", r.Value);
+			}
+		}
+
+		[Test]
+		public void ResetBadKey ()
+		{
+			var key = new byte[] { 42 };
+
+			try
+			{
+				using (var db = new TestDb ()) {
+					db.SetReKey (key);
+				}
+
+				Assert.Fail ("Should have thrown");
+			}
+			catch (ArgumentException) {
+			}
+		}
 	}
 }
