test_encryption_rejects_plaintext.js

Enable keyboard shortcuts

/* Any copyright is dedicated to the Public Domain.

   http://creativecommons.org/publicdomain/zero/1.0/ */

"use strict";

// Bug 1996558: verifies the SQLite at-rest encryption "fail-closed" contract.

// When encryption is enabled, an in-profile database that is NOT encrypted

// (e.g. a plaintext database carried in from a non-encrypting build) must be

// refused rather than silently opened as plaintext or recreated -- there is no

// plaintext->encrypted migration by design. With encryption disabled the same

// database opens normally. This is the positive counterpart to the migration

// fixture tests, which ship plaintext databases and are therefore run with

// encryption off.

const { Sqlite } = ChromeUtils.importESModule(

  "resource://gre/modules/Sqlite.sys.mjs"

);

add_task(async function test_encryption_rejects_foreign_plaintext_database() {

  let encryptionEnabled = Services.prefs.getBoolPref(

    "security.storage.encryption.sqlite.enabled",

    false

);

  // Create and populate a plaintext database OUTSIDE the profile. Out-of-profile

  // databases are always opened as plaintext, even when encryption is enabled,

  // so this is a genuine non-encrypted database. do_get_tempdir() is distinct

  // from the profile directory.

  let plaintextPath = PathUtils.join(

    do_get_tempdir().path,

    "foreign-plaintext.sqlite"

);

  let inProfilePath = PathUtils.join(

    PathUtils.profileDir,

    "foreign-plaintext.sqlite"

);

  registerCleanupFunction(async () => {

    await IOUtils.remove(plaintextPath, { ignoreAbsent: true });

    await IOUtils.remove(inProfilePath, { ignoreAbsent: true });

});

  await IOUtils.remove(plaintextPath, { ignoreAbsent: true });

  let src = await Sqlite.openConnection({ path: plaintextPath });

  await src.execute("CREATE TABLE t (x INTEGER)");

  await src.execute("INSERT INTO t (x) VALUES (1)");

  await src.close();

  // Move the plaintext database into the profile.

  Assert.ok(

    !(await IOUtils.exists(inProfilePath)),

    "The in-profile database should not exist yet"

);

  await IOUtils.copy(plaintextPath, inProfilePath);

  if (encryptionEnabled) {

    // Fail-closed: the encrypting build must refuse the unencrypted in-profile

    // database rather than open it as plaintext or recreate it.

    await Assert.rejects(

      Sqlite.openConnection({ path: inProfilePath }),

      /NS_ERROR_FAILURE/,

      "An encrypting build refuses a plaintext in-profile database"

);

  } else {

    // With encryption off the database opens normally as plaintext.

    let conn = await Sqlite.openConnection({ path: inProfilePath });

    let rows = await conn.execute("SELECT x FROM t");

    Assert.equal(rows.length, 1, "Plaintext database is readable when off");

    Assert.equal(rows[0].getResultByName("x"), 1, "Row value is correct");

    await conn.close();

});