From 42e655bf35a4e84e21392210f9e8c8d463d440db Mon Sep 17 00:00:00 2001
From: Stephen Lombardo <sjlombardo@zetetic.net>
Date: Tue, 15 Jan 2019 13:15:51 -0500
Subject: [PATCH] normalize attach behavior when key is not yet derived

---
 src/crypto.c             |  8 ++++--
 test/sqlcipher-core.test | 62 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 67 insertions(+), 3 deletions(-)

diff --git a/src/crypto.c b/src/crypto.c
index 392f9941..69a9853b 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -813,10 +813,12 @@ void sqlite3CodecGetKey(sqlite3* db, int nDb, void **zKey, int *nKey) {
     codec_ctx *ctx = (codec_ctx*) sqlite3PagerGetCodec(pDb->pBt->pBt->pPager);
     
     if(ctx) {
-      if(sqlcipher_codec_get_store_pass(ctx) == 1) {
+      /* pass back the keyspec from the codec, unless PRAGMA cipher_store_pass
+         is set or keyspec has not yet been derived, in which case pass
+         back the password key material */
+      sqlcipher_codec_get_keyspec(ctx, zKey, nKey);
+      if(sqlcipher_codec_get_store_pass(ctx) == 1 || *zKey == NULL) {
         sqlcipher_codec_get_pass(ctx, zKey, nKey);
-      } else {
-        sqlcipher_codec_get_keyspec(ctx, zKey, nKey);
       }
     } else {
       *zKey = NULL;
diff --git a/test/sqlcipher-core.test b/test/sqlcipher-core.test
index 90bb3d36..224bd596 100644
--- a/test/sqlcipher-core.test
+++ b/test/sqlcipher-core.test
@@ -225,6 +225,68 @@ db2 close
 file delete -force test.db
 file delete -force test2.db
 
+# attach an empty encrypted database as the first op
+# on a keyed database and verify different 
+# salts but same keys (because derivation of the key spec
+# has not occured yet)
+setup test.db "'testkey'"
+do_test attach-empty-database-with-default-key-first-op {
+  sqlite_orig db test.db
+  set rc {}
+
+  execsql {
+    PRAGMA  key='testkey';
+    ATTACH DATABASE 'test2.db' AS test;
+    CREATE TABLE test.t1(a,b);
+    INSERT INTO test.t1 SELECT * FROM t1;
+    DETACH DATABASE test;
+  }
+
+  sqlite_orig db2 test2.db
+
+  lappend rc [execsql {
+    PRAGMA  key='testkey';
+    SELECT count(*) FROM t1;
+  } db2]
+
+  lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
+} {1 0}
+db close
+db2 close
+file delete -force test.db
+file delete -force test2.db
+
+# attach an empty encrypted database 
+# on a keyed database when PRAGMA cipher_store_pass = 1
+# and verify different salts
+setup test.db "'testkey'"
+do_test attach-empty-database-with-cipher-store-pass {
+  sqlite_orig db test.db
+  set rc {}
+
+  execsql {
+    PRAGMA  key='testkey';
+    PRAGMA cipher_store_pass = 1;
+    INSERT INTO t1(a,b) VALUES (1,2);
+    ATTACH DATABASE 'test2.db' AS test;
+    CREATE TABLE test.t1(a,b);
+    INSERT INTO test.t1 SELECT * FROM t1;
+    DETACH DATABASE test;
+  }
+
+  sqlite_orig db2 test2.db
+
+  lappend rc [execsql {
+    PRAGMA  key='testkey';
+    SELECT count(*) FROM t1;
+  } db2]
+  lappend rc [string equal [hexio_read test.db 0 16] [hexio_read test2.db 0 16]]
+} {2 0}
+db close
+db2 close
+file delete -force test.db
+file delete -force test2.db
+
 # attach an encrypted database
 # without specifying key, verify it attaches
 # correctly when PRAGMA cipher_store_pass = 1