/// <summary> /// <para> Decrypts the symmetric key and saves it in metadata. /// </summary> internal static void DecryptSymmetricKey(SqlTceCipherInfoEntry?sqlTceCipherInfoEntry, string serverName, out SqlClientSymmetricKey sqlClientSymmetricKey, out SqlEncryptionKeyInfo?encryptionkeyInfoChosen) { Debug.Assert(serverName != null, @"serverName should not be null in DecryptSymmetricKey."); Debug.Assert(sqlTceCipherInfoEntry.HasValue, "sqlTceCipherInfoEntry should not be null in DecryptSymmetricKey."); Debug.Assert(sqlTceCipherInfoEntry.Value.ColumnEncryptionKeyValues != null, "sqlTceCipherInfoEntry.ColumnEncryptionKeyValues should not be null in DecryptSymmetricKey."); sqlClientSymmetricKey = null; encryptionkeyInfoChosen = null; Exception lastException = null; SqlSymmetricKeyCache cache = SqlSymmetricKeyCache.GetInstance(); foreach (SqlEncryptionKeyInfo keyInfo in sqlTceCipherInfoEntry.Value.ColumnEncryptionKeyValues) { try { if (cache.GetKey(keyInfo, serverName, out sqlClientSymmetricKey)) { encryptionkeyInfoChosen = keyInfo; break; } } catch (Exception e) { lastException = e; } } if (null == sqlClientSymmetricKey) { Debug.Assert(null != lastException, "CEK decryption failed without raising exceptions"); throw lastException; } Debug.Assert(encryptionkeyInfoChosen.HasValue, "encryptionkeyInfoChosen must have a value."); }
/// <summary> /// <para> Decrypts the symmetric key and saves it in metadata. In addition, intializes /// the SqlClientEncryptionAlgorithm for rapid decryption.</para> /// </summary> internal static void DecryptSymmetricKey(SqlCipherMetadata md, string serverName) { Debug.Assert(serverName != null, @"serverName should not be null in DecryptSymmetricKey."); Debug.Assert(md != null, "md should not be null in DecryptSymmetricKey."); Debug.Assert(md.EncryptionInfo.HasValue, "md.EncryptionInfo should not be null in DecryptSymmetricKey."); Debug.Assert(md.EncryptionInfo.Value.ColumnEncryptionKeyValues != null, "md.EncryptionInfo.ColumnEncryptionKeyValues should not be null in DecryptSymmetricKey."); SqlClientSymmetricKey symKey = null; SqlEncryptionKeyInfo? encryptionkeyInfoChosen = null; SqlSymmetricKeyCache cache = SqlSymmetricKeyCache.GetInstance(); Exception lastException = null; foreach (SqlEncryptionKeyInfo keyInfo in md.EncryptionInfo.Value.ColumnEncryptionKeyValues) { try { if (cache.GetKey(keyInfo, serverName, out symKey)) { encryptionkeyInfoChosen = keyInfo; break; } } catch (Exception e) { lastException = e; } } if (null == symKey) { Debug.Assert (null != lastException, "CEK decryption failed without raising exceptions"); throw lastException; } Debug.Assert(encryptionkeyInfoChosen.HasValue, "encryptionkeyInfoChosen must have a value."); // Given the symmetric key instantiate a SqlClientEncryptionAlgorithm object and cache it in metadata md.CipherAlgorithm = null; SqlClientEncryptionAlgorithm cipherAlgorithm = null; string algorithmName = ValidateAndGetEncryptionAlgorithmName(md.CipherAlgorithmId, md.CipherAlgorithmName); // may throw SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetAlgorithm(symKey, md.EncryptionType, algorithmName, out cipherAlgorithm); // will validate algorithm name and type Debug.Assert(cipherAlgorithm != null); md.CipherAlgorithm = cipherAlgorithm; md.EncryptionKeyInfo = encryptionkeyInfoChosen; return; }