/// <summary>
/// Gets the algorithm handle instance for a given algorithm and instantiates it using the provided key and the encryption type.
/// </summary>
/// <param name="key"></param>
/// <param name="type"></param>
/// <param name="algorithmName"></param>
/// <param name="encryptionAlgorithm"></param>
internal void GetAlgorithm(SqlClientSymmetricKey key, byte type, string algorithmName, out SqlClientEncryptionAlgorithm encryptionAlgorithm) {
encryptionAlgorithm = null;
SqlClientEncryptionAlgorithmFactory factory = null;
if (!_encryptionAlgoFactoryList.TryGetValue (algorithmName, out factory)) {
throw SQL.UnknownColumnEncryptionAlgorithm(algorithmName,
SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetRegisteredCipherAlgorithmNames());
}
Debug.Assert (null != factory, "Null Algorithm Factory class detected");
// If the factory exists, following method will Create an algorithm object. If this fails,
// it will raise an exception.
encryptionAlgorithm = factory.Create(key, (SqlClientEncryptionType)type, algorithmName);
}
/// <summary>
/// <para> Decrypts the symmetric key and saves it in metadata. In addition, intializes
/// the SqlClientEncryptionAlgorithm for rapid decryption.</para>
/// </summary>
internal static void DecryptSymmetricKey(SqlCipherMetadata md, string serverName)
{
Debug.Assert(md != null, "md should not be null in DecryptSymmetricKey.");
SqlClientSymmetricKey symKey = null;
SqlEncryptionKeyInfo? encryptionkeyInfoChosen = null;
DecryptSymmetricKey(md.EncryptionInfo, serverName, out symKey, out encryptionkeyInfoChosen);
// Given the symmetric key instantiate a SqlClientEncryptionAlgorithm object and cache it in metadata
md.CipherAlgorithm = null;
SqlClientEncryptionAlgorithm cipherAlgorithm = null;
string algorithmName = ValidateAndGetEncryptionAlgorithmName(md.CipherAlgorithmId, md.CipherAlgorithmName); // may throw
SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetAlgorithm(symKey, md.EncryptionType, algorithmName, out cipherAlgorithm); // will validate algorithm name and type
Debug.Assert(cipherAlgorithm != null);
md.CipherAlgorithm = cipherAlgorithm;
md.EncryptionKeyInfo = encryptionkeyInfoChosen;
return;
}
/// <summary>
/// Encrypt the byte package containing keys with the session key
/// </summary>
/// <param name="bytePackage">byte package containing keys</param>
/// <param name="sessionKey">session key used to encrypt the package</param>
/// <param name="serverName">server hosting the enclave</param>
/// <returns></returns>
private byte[] EncryptBytePackage(byte[] bytePackage, byte[] sessionKey, string serverName)
{
if (sessionKey == null)
{
throw SQL.NullArgumentInternal("sessionKey", ClassName, "EncryptBytePackage");
}
if (sessionKey.Length == 0)
{
throw SQL.EmptyArgumentInternal("sessionKey", ClassName, "EncryptBytePackage");
}
//bytePackage is created internally in this class and is guaranteed to be non null and non empty
try {
SqlClientSymmetricKey symmetricKey = new SqlClientSymmetricKey(sessionKey);
SqlClientEncryptionAlgorithm sqlClientEncryptionAlgorithm =
SqlAeadAes256CbcHmac256Factory.Create(symmetricKey, SqlClientEncryptionType.Randomized,
SqlAeadAes256CbcHmac256Algorithm.AlgorithmName);
return(sqlClientEncryptionAlgorithm.EncryptData(bytePackage));
} catch (Exception e) {
throw SQL.FailedToEncryptRegisterRulesBytePackage(e);
}
}
/// <summary>
/// <para> Decrypts the symmetric key and saves it in metadata. In addition, intializes
/// the SqlClientEncryptionAlgorithm for rapid decryption.</para>
/// </summary>
internal static void DecryptSymmetricKey(SqlCipherMetadata md, string serverName) {
Debug.Assert(serverName != null, @"serverName should not be null in DecryptSymmetricKey.");
Debug.Assert(md != null, "md should not be null in DecryptSymmetricKey.");
Debug.Assert(md.EncryptionInfo.HasValue, "md.EncryptionInfo should not be null in DecryptSymmetricKey.");
Debug.Assert(md.EncryptionInfo.Value.ColumnEncryptionKeyValues != null, "md.EncryptionInfo.ColumnEncryptionKeyValues should not be null in DecryptSymmetricKey.");
SqlClientSymmetricKey symKey = null;
SqlEncryptionKeyInfo? encryptionkeyInfoChosen = null;
SqlSymmetricKeyCache cache = SqlSymmetricKeyCache.GetInstance();
Exception lastException = null;
foreach (SqlEncryptionKeyInfo keyInfo in md.EncryptionInfo.Value.ColumnEncryptionKeyValues) {
try {
if (cache.GetKey(keyInfo, serverName, out symKey)) {
encryptionkeyInfoChosen = keyInfo;
break;
}
} catch (Exception e) {
lastException = e;
}
}
if (null == symKey) {
Debug.Assert (null != lastException, "CEK decryption failed without raising exceptions");
throw lastException;
}
Debug.Assert(encryptionkeyInfoChosen.HasValue, "encryptionkeyInfoChosen must have a value.");
// Given the symmetric key instantiate a SqlClientEncryptionAlgorithm object and cache it in metadata
md.CipherAlgorithm = null;
SqlClientEncryptionAlgorithm cipherAlgorithm = null;
string algorithmName = ValidateAndGetEncryptionAlgorithmName(md.CipherAlgorithmId, md.CipherAlgorithmName); // may throw
SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetAlgorithm(symKey, md.EncryptionType, algorithmName, out cipherAlgorithm); // will validate algorithm name and type
Debug.Assert(cipherAlgorithm != null);
md.CipherAlgorithm = cipherAlgorithm;
md.EncryptionKeyInfo = encryptionkeyInfoChosen;
return;
}
/// <summary>
/// Gets the algorithm handle instance for a given algorithm and instantiates it using the provided key and the encryption type.
/// </summary>
/// <param name="key"></param>
/// <param name="type"></param>
/// <param name="algorithmName"></param>
/// <param name="encryptionAlgorithm"></param>
internal void GetAlgorithm(SqlClientSymmetricKey key, byte type, string algorithmName, out SqlClientEncryptionAlgorithm encryptionAlgorithm)
{
encryptionAlgorithm = null;
SqlClientEncryptionAlgorithmFactory factory = null;
if (!_encryptionAlgoFactoryList.TryGetValue(algorithmName, out factory))
{
throw SQL.UnknownColumnEncryptionAlgorithm(algorithmName,
SqlClientEncryptionAlgorithmFactoryList.GetInstance().GetRegisteredCipherAlgorithmNames());
}
Debug.Assert(null != factory, "Null Algorithm Factory class detected");
// If the factory exists, following method will Create an algorithm object. If this fails,
// it will raise an exception.
encryptionAlgorithm = factory.Create(key, (SqlClientEncryptionType)type, algorithmName);
}