should be it

2025-10-24 19:21:19 -05:00
parent a4b23fc57c
commit f09560c7b1
14047 changed files with 3161551 additions and 1 deletions
--- a/external/duckdb/test/sql/copy/encryption/different_aes_ciphers.test
+++ b/external/duckdb/test/sql/copy/encryption/different_aes_ciphers.test
@@ -0,0 +1,85 @@
+# name: test/sql/copy/encryption/different_aes_ciphers.test
+# group: [encryption]
+
+statement ok
+PRAGMA enable_verification
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY '');
+----
+Binder Error: Not a valid key. A key cannot be empty
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER 'random');
+----
+Binder Error: "random" is not a valid cipher. Try 'GCM' or 'CTR'.
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER '');
+----
+Binder Error: "" is not a valid cipher. Try 'GCM' or 'CTR'.
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER 42);
+----
+Binder Error: "42" is not a valid cipher. Try 'GCM' or 'CTR'.
+
+foreach cipher GCM CTR
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted_${cipher}.duckdb' AS encrypted_${cipher} (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER '${cipher}');
+
+query I
+select encrypted from duckdb_databases() where database_name = 'encrypted_${cipher}' and cipher='${cipher}';
+----
+true
+
+endloop
+
+
+# we can create a database with a specific cipher (CTR)
+statement ok
+ATTACH '__TEST_DIR__/encrypted_default_cipher.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER 'CTR');
+
+statement ok
+create table encrypted.fuu as select 42;
+
+statement ok
+DETACH encrypted
+
+# we can open it again by specifying that same cipher again
+statement ok
+ATTACH '__TEST_DIR__/encrypted_default_cipher.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER 'CTR');
+
+query I
+FROM encrypted.fuu
+----
+42
+
+statement ok
+DETACH encrypted
+
+# or open it without specifying the cipher, it will be read from file
+statement ok
+ATTACH '__TEST_DIR__/encrypted_default_cipher.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+query I
+FROM encrypted.fuu
+----
+42
+
+statement ok
+DETACH encrypted
+
+# but it will fail if we specify the wrong one
+statement error
+ATTACH '__TEST_DIR__/encrypted_default_cipher.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER 'GCM');
+----
+with a different cipher (GCM) than the one used to create it (CTR)
+
+
+# CBC is disabled (for now)
+statement error
+ATTACH '__TEST_DIR__/CBC.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf', ENCRYPTION_CIPHER 'CBC');
+----
+CBC encryption is disabled
--- a/external/duckdb/test/sql/copy/encryption/encrypted_to_unencrypted.test_slow
+++ b/external/duckdb/test/sql/copy/encryption/encrypted_to_unencrypted.test_slow
@@ -0,0 +1,50 @@
+# name: test/sql/copy/encryption/encrypted_to_unencrypted.test_slow
+# group: [encryption]
+
+require skip_reload
+
+require tpch
+
+statement ok
+PRAGMA enable_verification
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted.duckdb' as unencrypted;
+
+statement ok
+USE encrypted;
+
+statement ok
+CALL dbgen(sf=0.01);
+
+statement ok
+COPY FROM DATABASE encrypted to unencrypted;
+
+statement ok
+USE memory;
+
+statement ok
+DETACH unencrypted
+
+statement ok
+DETACH encrypted
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted.duckdb' AS unencrypted;
+
+query I
+SELECT l_suppkey FROM unencrypted.lineitem limit 10;
+----
+93
+75
+38
+48
+23
+10
+33
+19
+70
+60
--- a/external/duckdb/test/sql/copy/encryption/encryption_storage_versions.test
+++ b/external/duckdb/test/sql/copy/encryption/encryption_storage_versions.test
@@ -0,0 +1,143 @@
+# name: test/sql/copy/encryption/encryption_storage_versions.test
+# group: [encryption]
+
+statement ok
+PRAGMA enable_verification
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted.duckdb' as unencrypted;
+
+statement ok
+ATTACH '__TEST_DIR__/v_0_10_2.duckdb' as v_0_10_2 (STORAGE_VERSION 'v0.10.2');
+
+statement  ok
+CREATE OR REPLACE TABLE unencrypted.tbl AS SELECT * FROM range(10) t(i);
+
+statement  ok
+CREATE OR REPLACE TABLE v_0_10_2.tbl AS SELECT * FROM range(10) t(i);
+
+query I
+SELECT SUM(i) FROM unencrypted.tbl
+----
+45
+
+query I
+SELECT SUM(i) FROM v_0_10_2.tbl
+----
+45
+
+statement ok
+DETACH unencrypted
+
+statement ok
+DETACH v_0_10_2
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted_v2.duckdb' AS encrypted_v2 (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/v_0_10_2.duckdb' as v_0_10_2;
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted.duckdb' as unencrypted;
+
+# copy from unencrypted to encrypted
+statement ok
+COPY FROM DATABASE unencrypted TO encrypted;
+
+# copy from version 0.10.2 to an encrypted db
+statement ok
+COPY FROM DATABASE v_0_10_2 TO encrypted_v2;
+
+statement ok
+DETACH unencrypted
+
+statement ok
+DETACH v_0_10_2
+
+statement ok
+DETACH encrypted
+
+statement ok
+DETACH encrypted_v2
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted_v2.duckdb' AS encrypted_v2 (ENCRYPTION_KEY 'asdf');
+
+# check if we can read the encrypted data
+query I
+SELECT SUM(i) FROM encrypted.tbl
+----
+45
+
+# check if we can read the encrypted data from the original v0.10.2 db
+query I
+SELECT SUM(i) FROM encrypted_v2.tbl
+----
+45
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted_new.duckdb' as unencrypted_new;
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted_v_1_2_0.duckdb' as unencrypted_v_1_2_0 (STORAGE_VERSION 'v1.2.0');
+
+# copy encrypted db to unencrypted database
+statement ok
+COPY FROM DATABASE encrypted TO unencrypted_new;
+
+# copy encrypted db to unencrypted database with v1.2.0 storage version
+statement ok
+COPY FROM DATABASE encrypted_v2 TO unencrypted_v_1_2_0;
+
+statement ok
+DETACH unencrypted_new
+
+statement ok
+DETACH encrypted
+
+statement ok
+DETACH encrypted_v2
+
+statement ok
+DETACH unencrypted_v_1_2_0
+
+# we should not be able to open an unencrypted db with an encryption key
+statement error
+ATTACH '__TEST_DIR__/unencrypted_v_1_2_0.duckdb' AS unencrypted_v_1_2_0 (ENCRYPTION_KEY 'asdf');
+----
+not encrypted
+
+# we cannot open this db with a lower (< v1.2.0) storage version
+statement error
+ATTACH '__TEST_DIR__/unencrypted_v_1_2_0.duckdb' AS unencrypted_v_1_2_0 (STORAGE_VERSION 'v1.0.0');
+----
+The storage version of an existing database cannot be lowered
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted_v_1_2_0.duckdb' AS unencrypted_v_1_2_0;
+
+# check if it is the correct storage version
+query I
+SELECT tags['storage_version'] FROM duckdb_databases() WHERE database_name='unencrypted_v_1_2_0'
+----
+v1.2.0+
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted_new.duckdb' AS unencrypted_new;
+
+query I
+SELECT SUM(i) FROM unencrypted_v_1_2_0.tbl;
+----
+45
+
+query I
+SELECT SUM(i) FROM unencrypted_new.tbl;
+----
+45
--- a/external/duckdb/test/sql/copy/encryption/multiple_encrypted_databases.test_slow
+++ b/external/duckdb/test/sql/copy/encryption/multiple_encrypted_databases.test_slow
@@ -0,0 +1,163 @@
+# name: test/sql/copy/encryption/multiple_encrypted_databases.test_slow
+# group: [encryption]
+
+require skip_reload
+
+require tpch
+
+statement ok
+PRAGMA enable_verification
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted2.duckdb' as encrypted2 (ENCRYPTION_KEY 'xxxx');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted3.duckdb' as encrypted3 (ENCRYPTION_KEY 'e8f2a36455d84f8a3cb94780c2f4dd5c5b4ab1ff42d67c0b6f9c9a90e771c158');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted4.duckdb' as encrypted4 (ENCRYPTION_KEY 'asdf');
+
+statement ok
+USE encrypted;
+
+statement ok
+CALL dbgen(sf=0.01);
+
+statement ok
+USE encrypted2;
+
+statement ok
+CALL dbgen(sf=0.01);
+
+statement ok
+USE encrypted3;
+
+statement ok
+CALL dbgen(sf=0.01);
+
+statement ok
+USE encrypted4;
+
+statement ok
+CALL dbgen(sf=0.01);
+
+statement ok
+USE memory;
+
+statement ok
+DETACH encrypted
+
+statement ok
+DETACH encrypted2
+
+statement ok
+DETACH encrypted3
+
+statement ok
+DETACH encrypted4
+
+statement error
+ATTACH '__TEST_DIR__/encrypted2.duckdb' AS encrypted2 (ENCRYPTION_KEY 'asdf');
+----
+Wrong encryption key used to open the database file
+
+statement error
+ATTACH '__TEST_DIR__/encrypted3.duckdb' AS encrypted3 (ENCRYPTION_KEY 'asdf');
+----
+Wrong encryption key used to open the database file
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'xxxx');
+----
+Wrong encryption key used to open the database file
+
+statement error
+ATTACH '__TEST_DIR__/encrypted3.duckdb' AS encrypted3 (ENCRYPTION_KEY 'xxxx');
+----
+Wrong encryption key used to open the database file
+
+statement error
+ATTACH '__TEST_DIR__/encrypted4.duckdb' AS encrypted4 (ENCRYPTION_KEY 'xxxx');
+----
+Wrong encryption key used to open the database file
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'e8f2a36455d84f8a3cb94780c2f4dd5c5b4ab1ff42d67c0b6f9c9a90e771c158');
+----
+Wrong encryption key used to open the database file
+
+statement error
+ATTACH '__TEST_DIR__/encrypted2.duckdb' AS encrypted2 (ENCRYPTION_KEY 'e8f2a36455d84f8a3cb94780c2f4dd5c5b4ab1ff42d67c0b6f9c9a90e771c158');
+----
+Wrong encryption key used to open the database file
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted2.duckdb' AS encrypted2 (ENCRYPTION_KEY 'xxxx');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted3.duckdb' AS encrypted3 (ENCRYPTION_KEY 'e8f2a36455d84f8a3cb94780c2f4dd5c5b4ab1ff42d67c0b6f9c9a90e771c158');
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted4.duckdb' AS encrypted4 (ENCRYPTION_KEY 'asdf');
+
+query I
+SELECT l_suppkey FROM encrypted.lineitem limit 10;
+----
+93
+75
+38
+48
+23
+10
+33
+19
+70
+60
+
+query I
+SELECT l_suppkey FROM encrypted2.lineitem limit 10;
+----
+93
+75
+38
+48
+23
+10
+33
+19
+70
+60
+
+query I
+SELECT l_suppkey FROM encrypted3.lineitem limit 10;
+----
+93
+75
+38
+48
+23
+10
+33
+19
+70
+60
+
+query I
+SELECT l_suppkey FROM encrypted4.lineitem limit 10;
+----
+93
+75
+38
+48
+23
+10
+33
+19
+70
+60
--- a/external/duckdb/test/sql/copy/encryption/reencrypt.test_slow
+++ b/external/duckdb/test/sql/copy/encryption/reencrypt.test_slow
@@ -0,0 +1,65 @@
+# name: test/sql/copy/encryption/reencrypt.test_slow
+# group: [encryption]
+
+require skip_reload
+
+require tpch
+
+statement ok
+PRAGMA enable_verification
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/reencrypted.duckdb' as reencrypted (ENCRYPTION_KEY 'xxxx');
+
+statement ok
+USE encrypted;
+
+statement ok
+CALL dbgen(sf=0.01);
+
+statement ok
+COPY FROM DATABASE encrypted to reencrypted;
+
+statement ok
+USE memory;
+
+statement ok
+DETACH reencrypted
+
+statement ok
+DETACH encrypted
+
+statement error
+ATTACH '__TEST_DIR__/reencrypted.duckdb' AS reencrypted;
+----
+
+statement ok
+ATTACH '__TEST_DIR__/reencrypted.duckdb' AS reencrypted (ENCRYPTION_KEY 'xxxx');
+
+statement ok
+DETACH reencrypted
+
+statement error
+ATTACH '__TEST_DIR__/reencrypted.duckdb' AS reencrypted (ENCRYPTION_KEY 'asdf');
+----
+Wrong encryption key used to open the database file
+
+statement ok
+ATTACH '__TEST_DIR__/reencrypted.duckdb' AS reencrypted (ENCRYPTION_KEY 'xxxx');
+
+query I
+SELECT l_suppkey FROM reencrypted.lineitem limit 10;
+----
+93
+75
+38
+48
+23
+10
+33
+19
+70
+60
--- a/external/duckdb/test/sql/copy/encryption/tpch_sf1_encrypted.test_slow
+++ b/external/duckdb/test/sql/copy/encryption/tpch_sf1_encrypted.test_slow
@@ -0,0 +1,50 @@
+# name: test/sql/copy/encryption/tpch_sf1_encrypted.test_slow
+# description: Test TPC-H SF1
+# group: [encryption]
+
+require tpch
+
+statement ok
+pragma verify_external
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+USE encrypted;
+
+statement ok
+CALL dbgen(sf=1);
+
+statement ok
+CHECKPOINT;
+
+statement ok
+USE memory;
+
+statement ok
+DETACH encrypted;
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+USE encrypted;
+
+loop i 1 9
+
+query I
+PRAGMA tpch(${i})
+----
+<FILE>:extension/tpch/dbgen/answers/sf1/q0${i}.csv
+
+endloop
+
+loop i 10 23
+
+query I
+PRAGMA tpch(${i})
+----
+<FILE>:extension/tpch/dbgen/answers/sf1/q${i}.csv
+
+endloop
--- a/external/duckdb/test/sql/copy/encryption/unencrypted_to_encrypted.test
+++ b/external/duckdb/test/sql/copy/encryption/unencrypted_to_encrypted.test
@@ -0,0 +1,53 @@
+# name: test/sql/copy/encryption/unencrypted_to_encrypted.test
+# group: [encryption]
+
+require skip_reload
+
+require tpch
+
+statement ok
+PRAGMA enable_verification
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted.duckdb' as unencrypted;
+
+statement ok
+USE unencrypted;
+
+statement ok
+CALL dbgen(sf=0.01);
+
+statement ok
+COPY FROM DATABASE unencrypted to encrypted;
+
+statement ok
+ATTACH '__TEST_DIR__/not_relevant.duckdb' AS other;
+
+statement ok
+USE other;
+
+statement ok
+DETACH unencrypted
+
+statement ok
+DETACH encrypted
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+query I
+SELECT l_suppkey FROM encrypted.lineitem limit 10;
+----
+93
+75
+38
+48
+23
+10
+33
+19
+70
+60
--- a/external/duckdb/test/sql/copy/encryption/unencrypted_to_encrypted_direct_query.test
+++ b/external/duckdb/test/sql/copy/encryption/unencrypted_to_encrypted_direct_query.test
@@ -0,0 +1,29 @@
+# name: test/sql/copy/encryption/unencrypted_to_encrypted_direct_query.test
+# group: [encryption]
+
+require skip_reload
+
+require tpch
+
+statement ok
+PRAGMA enable_verification
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+ATTACH '__TEST_DIR__/unencrypted.duckdb' as unencrypted;
+
+statement ok
+USE unencrypted;
+
+statement ok
+CREATE OR REPLACE TABLE unencrypted.tbl AS SELECT * FROM range(10) t(i);
+
+statement ok
+COPY FROM DATABASE unencrypted to encrypted;
+
+query I
+SELECT SUM(i) FROM encrypted.tbl;
+----
+45
--- a/external/duckdb/test/sql/copy/encryption/write_encrypted_database.test
+++ b/external/duckdb/test/sql/copy/encryption/write_encrypted_database.test
@@ -0,0 +1,38 @@
+# name: test/sql/copy/encryption/write_encrypted_database.test
+# group: [encryption]
+
+require skip_reload
+
+statement ok
+PRAGMA enable_verification
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+statement ok
+CREATE OR REPLACE TABLE encrypted.tbl AS SELECT * FROM range(10) t(i);
+
+query I
+SELECT SUM(i) FROM encrypted.tbl
+----
+45
+
+statement ok
+DETACH encrypted
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted;
+----
+
+statement error
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'xxxxx');
+----
+IO Error: Wrong encryption key used to open the database file
+
+statement ok
+ATTACH '__TEST_DIR__/encrypted.duckdb' AS encrypted (ENCRYPTION_KEY 'asdf');
+
+query I
+SELECT SUM(i) FROM encrypted.tbl
+----
+45