/// <summary>
/// Gets the algorithm handle instance for a given algorithm and instantiates it using the provided key and the encryption type.
/// </summary>
/// <param name="key"></param>
/// <param name="type"></param>
/// <param name="algorithmName"></param>
/// <param name="encryptionAlgorithm"></param>
internal void GetAlgorithm(SqlClientSymmetricKey key, byte type, string algorithmName, out SqlClientEncryptionAlgorithm encryptionAlgorithm)
{
encryptionAlgorithm = null;
SqlClientEncryptionAlgorithmFactory factory = null;
if (!_encryptionAlgoFactoryList.TryGetValue(algorithmName, out factory))
{
throw SQL.UnknownColumnEncryptionAlgorithm(algorithmName,
SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetRegisteredCipherAlgorithmNames());
}
Debug.Assert(null != factory, "Null Algorithm Factory class detected");
// If the factory exists, following method will Create an algorithm object. If this fails,
// it will raise an exception.
encryptionAlgorithm = factory.Create(key, (SqlClientEncryptionType)type, algorithmName);
}
/// <summary>
/// Return the algorithm name mapped to an Id.
/// </summary>
/// <param name="cipherAlgorithmId"></param>
/// <returns></returns>
private static string ValidateAndGetEncryptionAlgorithmName (byte cipherAlgorithmId, string cipherAlgorithmName) {
if (TdsEnums.CustomCipherAlgorithmId == cipherAlgorithmId) {
if (null == cipherAlgorithmName) {
throw SQL.NullColumnEncryptionAlgorithm(SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetRegisteredCipherAlgorithmNames());
}
return cipherAlgorithmName;
}
else if (TdsEnums.AEAD_AES_256_CBC_HMAC_SHA256 == cipherAlgorithmId) {
return SqlAeadAes256CbcHmac256Algorithm.AlgorithmName;
}
else if (TdsEnums.AES_256_CBC == cipherAlgorithmId) {
return SqlAes256CbcAlgorithm.AlgorithmName;
}
else {
throw SQL.UnknownColumnEncryptionAlgorithmId(cipherAlgorithmId, GetRegisteredCipherAlgorithmIds());
}
}
/// <summary>
/// <para> Decrypts the symmetric key and saves it in metadata. In addition, intializes
/// the SqlClientEncryptionAlgorithm for rapid decryption.</para>
/// </summary>
internal static void DecryptSymmetricKey(SqlCipherMetadata md, string serverName)
{
Debug.Assert(md != null, "md should not be null in DecryptSymmetricKey.");
SqlClientSymmetricKey symKey = null;
SqlEncryptionKeyInfo? encryptionkeyInfoChosen = null;
DecryptSymmetricKey(md.EncryptionInfo, serverName, out symKey, out encryptionkeyInfoChosen);
// Given the symmetric key instantiate a SqlClientEncryptionAlgorithm object and cache it in metadata
md.CipherAlgorithm = null;
SqlClientEncryptionAlgorithm cipherAlgorithm = null;
string algorithmName = ValidateAndGetEncryptionAlgorithmName(md.CipherAlgorithmId, md.CipherAlgorithmName); // may throw
SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetAlgorithm(symKey, md.EncryptionType, algorithmName, out cipherAlgorithm); // will validate algorithm name and type
Debug.Assert(cipherAlgorithm != null);
md.CipherAlgorithm = cipherAlgorithm;
md.EncryptionKeyInfo = encryptionkeyInfoChosen;
return;
}
/// <summary>
/// <para> Decrypts the symmetric key and saves it in metadata. In addition, intializes
/// the SqlClientEncryptionAlgorithm for rapid decryption.</para>
/// </summary>
internal static void DecryptSymmetricKey(SqlCipherMetadata md, string serverName) {
Debug.Assert(serverName != null, @"serverName should not be null in DecryptSymmetricKey.");
Debug.Assert(md != null, "md should not be null in DecryptSymmetricKey.");
Debug.Assert(md.EncryptionInfo.HasValue, "md.EncryptionInfo should not be null in DecryptSymmetricKey.");
Debug.Assert(md.EncryptionInfo.Value.ColumnEncryptionKeyValues != null, "md.EncryptionInfo.ColumnEncryptionKeyValues should not be null in DecryptSymmetricKey.");
SqlClientSymmetricKey symKey = null;
SqlEncryptionKeyInfo? encryptionkeyInfoChosen = null;
SqlSymmetricKeyCache cache = SqlSymmetricKeyCache.GetInstance();
Exception lastException = null;
foreach (SqlEncryptionKeyInfo keyInfo in md.EncryptionInfo.Value.ColumnEncryptionKeyValues) {
try {
if (cache.GetKey(keyInfo, serverName, out symKey)) {
encryptionkeyInfoChosen = keyInfo;
break;
}
} catch (Exception e) {
lastException = e;
}
}
if (null == symKey) {
Debug.Assert (null != lastException, "CEK decryption failed without raising exceptions");
throw lastException;
}
Debug.Assert(encryptionkeyInfoChosen.HasValue, "encryptionkeyInfoChosen must have a value.");
// Given the symmetric key instantiate a SqlClientEncryptionAlgorithm object and cache it in metadata
md.CipherAlgorithm = null;
SqlClientEncryptionAlgorithm cipherAlgorithm = null;
string algorithmName = ValidateAndGetEncryptionAlgorithmName(md.CipherAlgorithmId, md.CipherAlgorithmName); // may throw
SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetAlgorithm(symKey, md.EncryptionType, algorithmName, out cipherAlgorithm); // will validate algorithm name and type
Debug.Assert(cipherAlgorithm != null);
md.CipherAlgorithm = cipherAlgorithm;
md.EncryptionKeyInfo = encryptionkeyInfoChosen;
return;
}
