iOS 15.2 beta 2 (19C5036e) throws "bad parameter or other API misuse (code: 21)" when using SQLCipher Connection.key and Connection.rekey

stephencelis / SQLite.swift

A type-safe, Swift-language layer over SQLite3.

MIT License

9.57k stars 1.55k forks source link

iOS 15.2 beta 2 (19C5036e) throws "bad parameter or other API misuse (code: 21)" when using SQLCipher Connection.key and Connection.rekey #1097

Closed claustrofob closed 2 years ago

claustrofob commented 2 years ago

When trying to encrypt non encrypted db or change the key on an open encrypted db with Connection.rekey or decrypt the encrypted db with Connection.key it throws "bad parameter or other API misuse (code: 21)".

On iOS 15.1 and earlier the same code works fine. Tested on different devices.

SQLite v. 0.13.0 SQLite.swift/SQLCipher v. 0.13.0 SQLCipher 4.4.3, 4.5.0

tomrbn01 commented 2 years ago

Hey, we have same problem https://github.com/sqlcipher/sqlcipher/issues/412

jberkel commented 2 years ago

Strange, that's an error from SQLite. Do you know if it works without SQLite.swift ?

claustrofob commented 2 years ago

I did not check if it works without SQLite.swift. But SQLite.swift definitely works without using key and rekey methods.

nitrag commented 2 years ago

I am having this issue as well.

SQLCipher - 4.4.3 SQLite.swift/SQLCipher - 0.13.0

How much time do we have to patch this before 15.2 release?

jberkel commented 2 years ago

As commented on sqlcipher/sqlcipher#412, it looks like there's a conflict between the bundled version of SQLite and SQLCipher.

claustrofob commented 2 years ago

Tested vanilla SQLCipher v. 4.5.0 with sqlite3_key and sqlite3_rekey. No issues, works good.

jberkel commented 2 years ago

@claustrofob can you post your Podfile?

claustrofob commented 2 years ago

@jberkel

    pod 'SQLite.swift', '~> 0.13.0'
    pod 'SQLite.swift/SQLCipher', '~> 0.13.0'

but I've got my mistake. It must be just subspec:

pod 'SQLite.swift/SQLCipher', '~> 0.13.0'

Now it works. The docs are a bit misleading for me here. Thank you.

nitrag commented 2 years ago

I'm sorry but it's still not working for me even after the subspec:

  - SQLCipher (4.5.0):
    - SQLCipher/standard (= 4.5.0)
  - SQLCipher/common (4.5.0)
  - SQLCipher/standard (4.5.0):
    - SQLCipher/common
  - SQLite.swift (0.13.1):
    - SQLite.swift/standard (= 0.13.1)
  - SQLite.swift/SQLCipher (0.13.1):
    - SQLCipher (>= 4.0.0)
  - SQLite.swift/standard (0.13.1)
  - SQLiteMigrationManager.swift (0.7.0):
    - SQLite.swift (~> 0.13.0)

nitrag commented 2 years ago

Ok it appears that I have resolved it. SQLiteMigrationManager depends upon non-cipher so I had to fork the repo and change the Podspec dependency. Is this resolvable automatically with CocoaPods somehow? Should I open an Issue on SQLiteMigrationManager repo?


Vanilla SQLiteMigrationManager 0.8.0
  - SQLCipher (4.5.0):
    - SQLCipher/standard (= 4.5.0)
  - SQLCipher/common (4.5.0)
  - SQLCipher/standard (4.5.0):
    - SQLCipher/common
  - SQLite.swift (0.13.1):
    - SQLite.swift/standard (= 0.13.1)
  - SQLite.swift/SQLCipher (0.13.1):
    - SQLCipher (>= 4.0.0)
  - SQLite.swift/standard (0.13.1)
  - SQLiteMigrationManager.swift (0.8.0):
    - SQLite.swift (~> 0.13.0)

Forked Repository SQLiteMigrationManager 0.8.0 /w SQLCipher podspec dependency
  - SQLCipher (4.5.0):
    - SQLCipher/standard (= 4.5.0)
  - SQLCipher/common (4.5.0)
  - SQLCipher/standard (4.5.0):
    - SQLCipher/common
  - SQLite.swift/SQLCipher (0.13.1):
    - SQLCipher (>= 4.0.0)
  - SQLiteMigrationManager.swift (0.8.0):
    - SQLite.swift/SQLCipher (~> 0.13.0)

jberkel commented 2 years ago

@nitrag I'm not sure what the best solution here is. Perhaps SQLiteMigrationManager could have a subspec which depends on SQLite.swift/SQLCipher (open an issue/ask over there). Or you could do some trickery in pre_install, to remove the dependency there.

claustrofob commented 2 years ago

Seems like there is an incompatibility between SQLite.swift and SQLite.swift/SQLCipher.

The db encrypted with some key when both specs enabled:

    pod 'SQLite.swift', '~> 0.13.0'
    pod 'SQLite.swift/SQLCipher', '~> 0.13.0'

cannot be decrypted with the same key when only subspec is enabled:

pod 'SQLite.swift/SQLCipher', '~> 0.13.0'

This is a serious problem:

without fix it will stop working with the next ios release
with the fix it breaks db access immediately for current users

Is there any workaround for this?

jberkel commented 2 years ago

@claustrofob please see #1098. Maybe the db wasn't encrypted correctly, the documentation is misleading.

This is a serious problem:

You're using an unsupported configuration (2 specs enabled), don't blame the library for not functioning.

claustrofob commented 2 years ago

@jberkel sure i dont blame the library, that was my mistake. But i guess it might affect other users of the library. So i need to recover from this state somehow.

i would appreciate any idea.

jberkel commented 2 years ago

Sorry, this is not directly related to SQLite.swift, and it sounds like you might have misused SQLite.swift and/or SQLCipher. Closing this.