/// <summary> /// Create a new enclave session /// </summary> /// <param name="attestationProtocol">attestation protocol</param> /// <param name="enclaveType">enclave type</param> /// <param name="serverName">servername</param> /// <param name="attestationUrl">attestation url for attestation service endpoint</param> /// <param name="attestationInfo">attestation info from SQL Server</param> /// <param name="attestationParameters">attestation parameters</param> /// <param name="customData">A set of extra data needed for attestating the enclave.</param> /// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param> internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string attestationUrl, byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength) { lock (_lock) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); long counter; SqlEnclaveSession sqlEnclaveSession = null; byte[] dummyCustomData = null; int dummyCustomDataLength; sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, attestationUrl, false, out sqlEnclaveSession, out counter, out dummyCustomData, out dummyCustomDataLength); if (sqlEnclaveSession != null) { return; } sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(attestationInfo, attestationParameters.ClientDiffieHellmanKey, attestationUrl, serverName, customData, customDataLength, out sqlEnclaveSession, out counter); if (sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, attestationUrl); } } }
private SqlColumnEncryptionEnclaveProvider GetEnclaveProvider(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = null; if (!EnclaveProviders.TryGetValue(attestationProtocol, out sqlColumnEncryptionEnclaveProvider)) { switch (attestationProtocol) { case SqlConnectionAttestationProtocol.AAS: AzureAttestationEnclaveProvider azureAttestationEnclaveProvider = new AzureAttestationEnclaveProvider(); EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)azureAttestationEnclaveProvider; sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol]; break; case SqlConnectionAttestationProtocol.HGS: HostGuardianServiceEnclaveProvider hostGuardianServiceEnclaveProvider = new HostGuardianServiceEnclaveProvider(); EnclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)hostGuardianServiceEnclaveProvider; sqlColumnEncryptionEnclaveProvider = EnclaveProviders[attestationProtocol]; break; default: break; } } if (sqlColumnEncryptionEnclaveProvider == null) { throw SQL.EnclaveProviderNotFound(enclaveType, ConvertAttestationProtocolToString(attestationProtocol)); } return(sqlColumnEncryptionEnclaveProvider); }
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out long counter, out byte[] customData, out int customDataLength, bool throwIfNull) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(enclaveSessionParameters, generateCustomData, out sqlEnclaveSession, out counter, out customData, out customDataLength); if (throwIfNull && sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveSessionParameters.AttestationUrl); } }
private void GetEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string enclaveAttestationUrl, out SqlEnclaveSession sqlEnclaveSession, out long counter, bool throwIfNull) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, enclaveAttestationUrl, out sqlEnclaveSession, out counter); if (throwIfNull && sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionDuringQueryExecution(enclaveType, enclaveAttestationUrl); } }
/// <summary> /// Lookup SqlColumnEncryptionEnclaveProvider for a given SqlColumnEncryptionEnclaveProviderName /// </summary> /// <param name="SqlColumnEncryptionEnclaveProviderName"></param> /// <returns>SqlColumnEncryptionEnclaveProvider for a give sqlColumnEncryptionEnclaveProviderName if found, else returns null</returns> public SqlColumnEncryptionEnclaveProvider GetSqlColumnEncryptionEnclaveProvider(string SqlColumnEncryptionEnclaveProviderName) { if (string.IsNullOrEmpty(SqlColumnEncryptionEnclaveProviderName)) { throw SQL.SqlColumnEncryptionEnclaveProviderNameCannotBeEmpty(); } SqlColumnEncryptionEnclaveProviderName = SqlColumnEncryptionEnclaveProviderName.ToLowerInvariant(); SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = null; _enclaveProviders.TryGetValue(SqlColumnEncryptionEnclaveProviderName, out sqlColumnEncryptionEnclaveProvider); return(sqlColumnEncryptionEnclaveProvider); }
/// <summary> /// Create a new enclave session /// </summary> /// <param name="enclaveType">enclave type</param> /// <param name="serverName">servername</param> /// <param name="attestationUrl">attestation url for attestation service endpoint</param> /// <param name="attestationInfo">attestation info from SQL Server</param> /// <param name="attestationParameters">attestation parameters</param> internal void CreateEnclaveSession(string enclaveType, string serverName, string attestationUrl, byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters) { lock (_lock) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(enclaveType); long counter; SqlEnclaveSession sqlEnclaveSession = null; sqlColumnEncryptionEnclaveProvider.GetEnclaveSession(serverName, attestationUrl, out sqlEnclaveSession, out counter); if (sqlEnclaveSession != null) { return; } sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession(attestationInfo, attestationParameters.ClientDiffieHellmanKey, attestationUrl, serverName, out sqlEnclaveSession, out counter); if (sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, attestationUrl); } } }
/// <summary> /// Create a new enclave session /// </summary> /// <param name="attestationProtocol">attestation protocol</param> /// <param name="enclaveType">enclave type</param> /// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param> /// <param name="attestationInfo">attestation info from SQL Server</param> /// <param name="attestationParameters">attestation parameters</param> /// <param name="customData">A set of extra data needed for attestating the enclave.</param> /// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param> internal void CreateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, byte[] attestationInfo, SqlEnclaveAttestationParameters attestationParameters, byte[] customData, int customDataLength) { lock (_lock) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.GetEnclaveSession( enclaveSessionParameters, generateCustomData: false, sqlEnclaveSession: out SqlEnclaveSession sqlEnclaveSession, counter: out _, customData: out _, customDataLength: out _ ); if (sqlEnclaveSession != null) { return; } sqlColumnEncryptionEnclaveProvider.CreateEnclaveSession( attestationInfo, attestationParameters.ClientDiffieHellmanKey, enclaveSessionParameters, customData, customDataLength, out sqlEnclaveSession, counter: out _ ); if (sqlEnclaveSession == null) { throw SQL.NullEnclaveSessionReturnedFromProvider(enclaveType, enclaveSessionParameters.AttestationUrl); } } }
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, EnclaveSessionParameters enclaveSessionParameters, SqlEnclaveSession enclaveSession) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.InvalidateEnclaveSession(enclaveSessionParameters, enclaveSession); }
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string attestationUrl, byte[] customData, int customDataLength) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters(attestationUrl, customData, customDataLength)); }
internal void InvalidateEnclaveSession(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType, string serverName, string EnclaveAttestationUrl, SqlEnclaveSession enclaveSession) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); sqlColumnEncryptionEnclaveProvider.InvalidateEnclaveSession(serverName, EnclaveAttestationUrl, enclaveSession); }
internal SqlEnclaveAttestationParameters GetAttestationParameters(string enclaveType, string serverName, string enclaveAttestationUrl) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(enclaveType); return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters()); }
internal SqlEnclaveAttestationParameters GetAttestationParameters(SqlConnectionAttestationProtocol attestationProtocol, string enclaveType) { SqlColumnEncryptionEnclaveProvider sqlColumnEncryptionEnclaveProvider = GetEnclaveProvider(attestationProtocol, enclaveType); return(sqlColumnEncryptionEnclaveProvider.GetAttestationParameters()); }