/// <summary>
/// Create a new enclave session
/// </summary>
/// <param name="attestationProtocol">attestation protocol</param>
/// <param name="enclaveType">enclave type</param>
/// <param name="serverName">servername</param>
/// <param name="attestationUrl">attestation url for attestation service endpoint</param>
/// <param name="attestationInfo">attestation info from SQL Server</param>
/// <param name="attestationParameters">attestation parameters</param>
/// <param name="customData">A set of extra data needed for attestating the enclave.</param>
/// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string attestationUrl,
byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength)
{
lock (_lock)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
long counter;
SqlEnclaveSession sqlEnclaveSession = null;
byte[] dummyCustomData = null;
int dummyCustomDataLength;
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, attestationUrl, false, out sqlEnclaveSession, out counter, out dummyCustomData, out dummyCustomDataLength);
if (sqlEnclaveSession != null)
{
return;
}
sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(attestationInfo, attestationParameters.ClientDiffieHellmanKey, attestationUrl, serverName, customData, customDataLength, out sqlEnclaveSession, out counter);
if (sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, attestationUrl);
}
}
}
private SqlColumnEncryptionEnclaveProvider GetEnclaveProvider(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = null;
if (!EnclaveProviders.TryGetValue(attestationProtocol, out sqlColumnEncryptionEnclaveProvider))
{
switch (attestationProtocol)
{
case SqlConnectionAttestationProtocol.AAS:
AzureAttestationEnclaveProvider azureAttestationEnclaveProvider = new AzureAttestationEnclaveProvider();
EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)azureAttestationEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol];
break;
case SqlConnectionAttestationProtocol.HGS:
HostGuardianServiceEnclaveProvider hostGuardianServiceEnclaveProvider = new HostGuardianServiceEnclaveProvider();
EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)hostGuardianServiceEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol];
break;
default:
break;
}
}
if (sqlColumnEncryptionEnclaveProvider == null)
{
throw SQL.EnclaveProviderNotFound(enclaveType, ConvertAttestationProtocolToString(attestationProtocol));
}
return(sqlColumnEncryptionEnclaveProvider);
}
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out long counter, out byte[] customData, out int customDataLength, bool throwIfNull)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(enclaveSessionParameters, generateCustomData, out sqlEnclaveSession, out counter, out customData, out customDataLength);
if (throwIfNull && sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveSessionParameters.AttestationUrl);
}
}
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string enclaveAttestationUrl, out SqlEnclaveSession sqlEnclaveSession, out long counter, bool throwIfNull)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, enclaveAttestationUrl, out sqlEnclaveSession, out counter);
if (throwIfNull && sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveAttestationUrl);
}
}
/// <summary>
/// Lookup SqlColumnEncryptionEnclaveProvider for a given SqlColumnEncryptionEnclaveProviderName
/// </summary>
/// <param name="SqlColumnEncryptionEnclaveProviderName"></param>
/// <returns>SqlColumnEncryptionEnclaveProvider for a give sqlColumnEncryptionEnclaveProviderName if found, else returns null</returns>
public SqlColumnEncryptionEnclaveProvider GetSqlColumnEncryptionEnclaveProvider(string SqlColumnEncryptionEnclaveProviderName)
{
if (string.IsNullOrEmpty(SqlColumnEncryptionEnclaveProviderName))
{
throw SQL.SqlColumnEncryptionEnclaveProviderNameCannotBeEmpty();
}
SqlColumnEncryptionEnclaveProviderName = SqlColumnEncryptionEnclaveProviderName.ToLowerInvariant();
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = null;
_enclaveProviders.TryGetValue(SqlColumnEncryptionEnclaveProviderName, out sqlColumnEncryptionEnclaveProvider);
return(sqlColumnEncryptionEnclaveProvider);
}
/// <summary>
/// Create a new enclave session
/// </summary>
/// <param name="enclaveType">enclave type</param>
/// <param name="serverName">servername</param>
/// <param name="attestationUrl">attestation url for attestation service endpoint</param>
/// <param name="attestationInfo">attestation info from SQL Server</param>
/// <param name="attestationParameters">attestation parameters</param>
internal void CreateEnclaveSession(string enclaveType, string serverName, string attestationUrl,
byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters)
{
lock (_lock) {
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(enclaveType);
long counter;
SqlEnclaveSession sqlEnclaveSession = null;
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, attestationUrl, out sqlEnclaveSession, out counter);
if (sqlEnclaveSession != null)
{
return;
}
sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(attestationInfo, attestationParameters.ClientDiffieHellmanKey, attestationUrl, serverName, out sqlEnclaveSession, out counter);
if (sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, attestationUrl);
}
}
}
/// <summary>
/// Create a new enclave session
/// </summary>
/// <param name="attestationProtocol">attestation protocol</param>
/// <param name="enclaveType">enclave type</param>
/// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param>
/// <param name="attestationInfo">attestation info from SQL Server</param>
/// <param name="attestationParameters">attestation parameters</param>
/// <param name="customData">A set of extra data needed for attestating the enclave.</param>
/// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters,
byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength)
{
lock (_lock)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(
enclaveSessionParameters,
generateCustomData: false,
sqlEnclaveSession: out SqlEnclaveSession sqlEnclaveSession,
counter: out _,
customData: out _,
customDataLength: out _
);
if (sqlEnclaveSession != null)
{
return;
}
sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(
attestationInfo,
attestationParameters.ClientDiffieHellmanKey,
enclaveSessionParameters,
customData,
customDataLength,
out sqlEnclaveSession,
counter: out _
);
if (sqlEnclaveSession == null)
{
throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, enclaveSessionParameters.AttestationUrl);
}
}
}
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlEnclaveSession enclaveSession)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.InvalidateEnclaveSession(enclaveSessionParameters, enclaveSession);
}
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string attestationUrl, byte[] customData, int customDataLength)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters(attestationUrl, customData, customDataLength));
}
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string EnclaveAttestationUrl, SqlEnclaveSession enclaveSession)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
sqlColumnEncryptionEnclaveProvider.InvalidateEnclaveSession(serverName, EnclaveAttestationUrl, enclaveSession);
}
internal SqlEnclaveAttestationParameters GetAttestationParameters(string enclaveType, string serverName, string enclaveAttestationUrl)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(enclaveType);
return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters());
}
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType)
{
SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType);
return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters());
}
