Add a simple test for encryption

2025-12-18 00:54:19 +01:00 · 2025-08-13 11:42:06 +05:30
parent fc3b76de1b
commit eb45a156fc
4 changed files with 78 additions and 0 deletions
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -38,6 +38,8 @@ jobs:
          python-version: "3.10"
      - name: Build
        run: cargo build --verbose
+      - name: Test Encryption
+        run: cargo test --features encryption --color=always --test integration_tests query_processing::encryption
      - name: Test
        env:
          RUST_LOG: ${{ runner.debug && 'turso_core::storage=trace' || '' }}
--- a/tests/Cargo.toml
+++ b/tests/Cargo.toml
@@ -32,3 +32,6 @@ zerocopy = "0.8.26"
 test-log = { version = "0.2.17", features = ["trace"] }
 tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
 tracing = "0.1.41"
+
+[features]
+encryption = ["turso_core/encryption"]
--- a/tests/integration/query_processing/encryption.rs
+++ b/tests/integration/query_processing/encryption.rs
@@ -0,0 +1,70 @@
+use crate::common::{do_flush, TempDatabase};
+use crate::query_processing::test_write_path::{run_query, run_query_on_row};
+use rand::{rng, RngCore};
+use std::panic;
+use turso_core::Row;
+
+#[test]
+fn test_per_page_encryption() -> anyhow::Result<()> {
+    let _ = env_logger::try_init();
+    let db_name = format!("test-{}.db", rng().next_u32());
+    let tmp_db = TempDatabase::new(&db_name, false);
+    let db_path = tmp_db.path.clone();
+
+    {
+        let conn = tmp_db.connect_limbo();
+        run_query(
+            &tmp_db,
+            &conn,
+            "PRAGMA key = 'super secret key for encryption';",
+        )?;
+        run_query(
+            &tmp_db,
+            &conn,
+            "CREATE TABLE test (id INTEGER PRIMARY KEY, value TEXT);",
+        )?;
+        run_query(
+            &tmp_db,
+            &conn,
+            "INSERT INTO test (value) VALUES ('Hello, World!')",
+        )?;
+        let mut row_count = 0;
+        run_query_on_row(&tmp_db, &conn, "SELECT * FROM test", |row: &Row| {
+            assert_eq!(row.get::<i64>(0).unwrap(), 1);
+            assert_eq!(row.get::<String>(1).unwrap(), "Hello, World!");
+            row_count += 1;
+        })?;
+        assert_eq!(row_count, 1);
+        do_flush(&conn, &tmp_db)?;
+    }
+
+    {
+        // this should panik because we should not be able to access the encrypted database
+        // without the key
+        let conn = tmp_db.connect_limbo();
+        let should_panic = panic::catch_unwind(panic::AssertUnwindSafe(|| {
+            run_query_on_row(&tmp_db, &conn, "SELECT * FROM test", |_: &Row| {}).unwrap();
+        }));
+        assert!(
+            should_panic.is_err(),
+            "should panic when accessing encrypted DB without key"
+        );
+    }
+
+    {
+        // let's test the existing db with the key
+        let existing_db = TempDatabase::new_with_existent(&db_path, false);
+        let conn = existing_db.connect_limbo();
+        run_query(
+            &existing_db,
+            &conn,
+            "PRAGMA key = 'super secret key for encryption';",
+        )?;
+        run_query_on_row(&existing_db, &conn, "SELECT * FROM test", |row: &Row| {
+            assert_eq!(row.get::<i64>(0).unwrap(), 1);
+            assert_eq!(row.get::<String>(1).unwrap(), "Hello, World!");
+        })?;
+    }
+
+    Ok(())
+}
--- a/tests/integration/query_processing/mod.rs
+++ b/tests/integration/query_processing/mod.rs
@@ -4,3 +4,6 @@ mod test_write_path;

 mod test_multi_thread;
 mod test_transactions;
+
+#[cfg(feature = "encryption")]
+mod encryption;