/// <summary> /// Encrypt the byte package containing keys with the session key /// </summary> /// <param name="bytePackage">byte package containing keys</param> /// <param name="sessionKey">session key used to encrypt the package</param> /// <param name="serverName">server hosting the enclave</param> /// <returns></returns> private byte[] EncryptBytePackage(byte[] bytePackage, byte[] sessionKey, string serverName) { if (sessionKey == null) { throw SQL.NullArgumentInternal("sessionKey", ClassName, "EncryptBytePackage"); } if (sessionKey.Length == 0) { throw SQL.EmptyArgumentInternal("sessionKey", ClassName, "EncryptBytePackage"); } //bytePackage is created internally in this class and is guaranteed to be non null and non empty try { SqlClientSymmetricKey symmetricKey = new SqlClientSymmetricKey(sessionKey); SqlClientEncryptionAlgorithm sqlClientEncryptionAlgorithm = SqlAeadAes256CbcHmac256Factory.Create(symmetricKey, SqlClientEncryptionType.Randomized, SqlAeadAes256CbcHmac256Algorithm.AlgorithmName); return(sqlClientEncryptionAlgorithm.EncryptData(bytePackage)); } catch (Exception e) { throw SQL.FailedToEncryptRegisterRulesBytePackage(e); } }
/// <summary> /// <para> Decrypts the symmetric key and saves it in metadata. In addition, initializes /// the SqlClientEncryptionAlgorithm for rapid decryption.</para> /// </summary> internal static void DecryptSymmetricKey(SqlCipherMetadata md, SqlConnection connection, SqlCommand command) { Debug.Assert(md is not null, "md should not be null in DecryptSymmetricKey."); SqlClientSymmetricKey symKey = null; SqlEncryptionKeyInfo encryptionkeyInfoChosen = null; DecryptSymmetricKey(md.EncryptionInfo, out symKey, out encryptionkeyInfoChosen, connection, command); // Given the symmetric key instantiate a SqlClientEncryptionAlgorithm object and cache it in metadata md.CipherAlgorithm = null; SqlClientEncryptionAlgorithm cipherAlgorithm = null; string algorithmName = ValidateAndGetEncryptionAlgorithmName(md.CipherAlgorithmId, md.CipherAlgorithmName); // may throw SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetAlgorithm(symKey, md.EncryptionType, algorithmName, out cipherAlgorithm); // will validate algorithm name and type Debug.Assert(cipherAlgorithm is not null); md.CipherAlgorithm = cipherAlgorithm; md.EncryptionKeyInfo = encryptionkeyInfoChosen; return; }
/// <summary> /// Gets the algorithm handle instance for a given algorithm and instantiates it using the provided key and the encryption type. /// </summary> /// <param name="key"></param> /// <param name="type"></param> /// <param name="algorithmName"></param> /// <param name="encryptionAlgorithm"></param> internal void GetAlgorithm(SqlClientSymmetricKey key, byte type, string algorithmName, out SqlClientEncryptionAlgorithm encryptionAlgorithm) { encryptionAlgorithm = null; SqlClientEncryptionAlgorithmFactory factory = null; if (!_encryptionAlgoFactoryList.TryGetValue(algorithmName, out factory)) { throw SQL.UnknownColumnEncryptionAlgorithm(algorithmName, SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetRegisteredCipherAlgorithmNames()); } Debug.Assert(null != factory, "Null Algorithm Factory class detected"); // If the factory exists, following method will Create an algorithm object. If this fails, // it will raise an exception. encryptionAlgorithm = factory.Create(key, (SqlClientEncryptionType)type, algorithmName); }