// When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache.
public override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHellmanCng clientDHKey, string attestationUrl, string servername, out SqlEnclaveSession sqlEnclaveSession, out long counter)
{
sqlEnclaveSession = null;
counter = 0;
try
{
AttestationInfoCacheItem attestationInfoCacheItem = AttestationInfoCache.Remove(Thread.CurrentThread.ManagedThreadId.ToString()) as AttestationInfoCacheItem;
sqlEnclaveSession = GetEnclaveSessionFromCache(servername, attestationUrl, out counter);
if (sqlEnclaveSession == null)
{
if (attestationInfoCacheItem != null)
{
// Deserialize the payload
AttestationInfo info = new AttestationInfo(attestationInfo);
// Verify enclave policy matches expected policy
VerifyEnclavePolicy(info.EnclaveReportPackage);
// Perform Attestation per VSM protocol
VerifyAttestationInfo(attestationUrl, info.HealthReport, info.EnclaveReportPackage);
// Set up shared secret and validate signature
byte[] sharedSecret = GetSharedSecret(info.Identity, info.EnclaveDHInfo, clientDHKey);
// add session to cache
sqlEnclaveSession = AddEnclaveSessionToCache(attestationUrl, servername, sharedSecret, info.SessionId, out counter);
}
else
{
throw new AlwaysEncryptedAttestationException(SR.FailToCreateEnclaveSession);
}
}
}
finally
{
UpdateEnclaveSessionLockStatus(sqlEnclaveSession);
}
}
// When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache.
internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHellman clientDHKey, EnclaveSessionParameters enclaveSessionParameters, byte[] customData, int customDataLength, out SqlEnclaveSession sqlEnclaveSession, out long counter)
{
sqlEnclaveSession = null;
counter = 0;
try
{
ThreadRetryCache.Remove(Thread.CurrentThread.ManagedThreadId.ToString());
sqlEnclaveSession = GetEnclaveSessionFromCache(enclaveSessionParameters, out counter);
if (sqlEnclaveSession == null)
{
if (!string.IsNullOrEmpty(enclaveSessionParameters.AttestationUrl))
{
// Deserialize the payload
AttestationInfo info = new AttestationInfo(attestationInfo);
// Verify enclave policy matches expected policy
VerifyEnclavePolicy(info.EnclaveReportPackage);
// Perform Attestation per VSM protocol
VerifyAttestationInfo(enclaveSessionParameters.AttestationUrl, info.HealthReport, info.EnclaveReportPackage);
// Set up shared secret and validate signature
byte[] sharedSecret = GetSharedSecret(info.Identity, info.EnclaveDHInfo, clientDHKey);
// add session to cache
sqlEnclaveSession = AddEnclaveSessionToCache(enclaveSessionParameters, sharedSecret, info.SessionId, out counter);
}
else
{
throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession);
}
}
}
finally
{
UpdateEnclaveSessionLockStatus(sqlEnclaveSession);
}
}
