// When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache. public override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHellmanCng clientDHKey, string attestationUrl, string servername, out SqlEnclaveSession sqlEnclaveSession, out long counter) { sqlEnclaveSession = null; counter = 0; try { AttestationInfoCacheItem attestationInfoCacheItem = AttestationInfoCache.Remove(Thread.CurrentThread.ManagedThreadId.ToString()) as AttestationInfoCacheItem; sqlEnclaveSession = GetEnclaveSessionFromCache(servername, attestationUrl, out counter); if (sqlEnclaveSession == null) { if (attestationInfoCacheItem != null) { // Deserialize the payload AttestationInfo info = new AttestationInfo(attestationInfo); // Verify enclave policy matches expected policy VerifyEnclavePolicy(info.EnclaveReportPackage); // Perform Attestation per VSM protocol VerifyAttestationInfo(attestationUrl, info.HealthReport, info.EnclaveReportPackage); // Set up shared secret and validate signature byte[] sharedSecret = GetSharedSecret(info.Identity, info.EnclaveDHInfo, clientDHKey); // add session to cache sqlEnclaveSession = AddEnclaveSessionToCache(attestationUrl, servername, sharedSecret, info.SessionId, out counter); } else { throw new AlwaysEncryptedAttestationException(SR.FailToCreateEnclaveSession); } } } finally { UpdateEnclaveSessionLockStatus(sqlEnclaveSession); } }
// When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache. internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHellman clientDHKey, EnclaveSessionParameters enclaveSessionParameters, byte[] customData, int customDataLength, out SqlEnclaveSession sqlEnclaveSession, out long counter) { sqlEnclaveSession = null; counter = 0; try { ThreadRetryCache.Remove(Thread.CurrentThread.ManagedThreadId.ToString()); sqlEnclaveSession = GetEnclaveSessionFromCache(enclaveSessionParameters, out counter); if (sqlEnclaveSession == null) { if (!string.IsNullOrEmpty(enclaveSessionParameters.AttestationUrl)) { // Deserialize the payload AttestationInfo info = new AttestationInfo(attestationInfo); // Verify enclave policy matches expected policy VerifyEnclavePolicy(info.EnclaveReportPackage); // Perform Attestation per VSM protocol VerifyAttestationInfo(enclaveSessionParameters.AttestationUrl, info.HealthReport, info.EnclaveReportPackage); // Set up shared secret and validate signature byte[] sharedSecret = GetSharedSecret(info.Identity, info.EnclaveDHInfo, clientDHKey); // add session to cache sqlEnclaveSession = AddEnclaveSessionToCache(enclaveSessionParameters, sharedSecret, info.SessionId, out counter); } else { throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession); } } } finally { UpdateEnclaveSessionLockStatus(sqlEnclaveSession); } }