diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
index 5b808d9b78..d905ad16a9 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
+++ b/src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj
@@ -488,6 +488,9 @@
Microsoft\Data\SqlClient\VirtualSecureModeEnclaveProvider.cs
+
+ Microsoft\Data\SqlClient\NoneAttestationEnclaveProvider.cs
+
Microsoft\Data\SqlClient\VirtualSecureModeEnclaveProviderBase.cs
@@ -507,9 +510,6 @@
-
-
-
Resources\StringsHelper.NetCore.cs
@@ -558,7 +558,6 @@
Microsoft\Data\SqlClient\SqlSequentialStream.cs
-
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
index df8e73b2d3..44fa3e0f15 100644
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
+++ b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj
@@ -165,6 +165,9 @@
Microsoft\Data\SqlClient\AzureAttestationBasedEnclaveProvider.cs
+
+ Microsoft\Data\SqlClient\NoneAttestationEnclaveProvider.cs
+
Microsoft\Data\SqlClient\EnclaveDelegate.cs
@@ -629,9 +632,6 @@
-
-
-
diff --git a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SimulatorEnclaveProvider.cs b/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SimulatorEnclaveProvider.cs
deleted file mode 100644
index 9a8550934c..0000000000
--- a/src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SimulatorEnclaveProvider.cs
+++ /dev/null
@@ -1,114 +0,0 @@
-// Licensed to the .NET Foundation under one or more agreements.
-// The .NET Foundation licenses this file to you under the MIT license.
-// See the LICENSE file in the project root for more information.
-
-using System;
-using System.Collections.Generic;
-using System.Diagnostics;
-using System.Linq;
-using System.Runtime.Caching;
-using System.Security.Cryptography;
-using System.Text;
-using System.Threading;
-using System.Threading.Tasks;
-using System.Collections.Concurrent;
-
-namespace Microsoft.Data.SqlClient
-{
- internal class SimulatorEnclaveProvider : EnclaveProviderBase
- {
- private static readonly int EnclaveSessionHandleSize = 8;
-
- // When overridden in a derived class, looks up an existing enclave session information in the enclave session cache.
- // If the enclave provider doesn't implement enclave session caching, this method is expected to return null in the sqlEnclaveSession parameter.
- internal override void GetEnclaveSession(EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out long counter, out byte[] customData, out int customDataLength)
- {
- GetEnclaveSessionHelper(enclaveSessionParameters, false, out sqlEnclaveSession, out counter, out customData, out customDataLength);
- }
-
- // Gets the information that SqlClient subsequently uses to initiate the process of attesting the enclave and to establish a secure session with the enclave.
- internal override SqlEnclaveAttestationParameters GetAttestationParameters(string attestationUrl, byte[] customData, int customDataLength)
- {
- ECDiffieHellmanCng clientDHKey = new ECDiffieHellmanCng(384);
- clientDHKey.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash;
- clientDHKey.HashAlgorithm = CngAlgorithm.Sha256;
-
- return new SqlEnclaveAttestationParameters(2, new byte[] { }, clientDHKey);
- }
-
- // When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache.
- internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHellman clientDHKey, EnclaveSessionParameters enclaveSessionParameters, byte[] customData, int customDataLength, out SqlEnclaveSession sqlEnclaveSession, out long counter)
- {
- ////for simulator: enclave does not send public key, and sends an empty attestation info
- //// The only non-trivial content it sends is the session setup info (DH pubkey of enclave)
-
- sqlEnclaveSession = null;
- counter = 0;
- try
- {
- ThreadRetryCache.Remove(Thread.CurrentThread.ManagedThreadId.ToString());
- sqlEnclaveSession = GetEnclaveSessionFromCache(enclaveSessionParameters, out counter);
-
- if (sqlEnclaveSession == null)
- {
- if (!string.IsNullOrEmpty(enclaveSessionParameters.AttestationUrl))
- {
- ////Read AttestationInfo
- int attestationInfoOffset = 0;
- uint sizeOfTrustedModuleAttestationInfoBuffer = BitConverter.ToUInt32(attestationInfo, attestationInfoOffset);
- attestationInfoOffset += sizeof(UInt32);
- int sizeOfTrustedModuleAttestationInfoBufferInt = checked((int)sizeOfTrustedModuleAttestationInfoBuffer);
- Debug.Assert(sizeOfTrustedModuleAttestationInfoBuffer == 0);
-
- ////read secure session info
- uint sizeOfSecureSessionInfoResponse = BitConverter.ToUInt32(attestationInfo, attestationInfoOffset);
- attestationInfoOffset += sizeof(UInt32);
-
- byte[] enclaveSessionHandle = new byte[EnclaveSessionHandleSize];
- Buffer.BlockCopy(attestationInfo, attestationInfoOffset, enclaveSessionHandle, 0, EnclaveSessionHandleSize);
- attestationInfoOffset += EnclaveSessionHandleSize;
-
- uint sizeOfTrustedModuleDHPublicKeyBuffer = BitConverter.ToUInt32(attestationInfo, attestationInfoOffset);
- attestationInfoOffset += sizeof(UInt32);
- uint sizeOfTrustedModuleDHPublicKeySignatureBuffer = BitConverter.ToUInt32(attestationInfo, attestationInfoOffset);
- attestationInfoOffset += sizeof(UInt32);
- int sizeOfTrustedModuleDHPublicKeyBufferInt = checked((int)sizeOfTrustedModuleDHPublicKeyBuffer);
-
- byte[] trustedModuleDHPublicKey = new byte[sizeOfTrustedModuleDHPublicKeyBuffer];
- Buffer.BlockCopy(attestationInfo, attestationInfoOffset, trustedModuleDHPublicKey, 0,
- sizeOfTrustedModuleDHPublicKeyBufferInt);
- attestationInfoOffset += sizeOfTrustedModuleDHPublicKeyBufferInt;
-
- byte[] trustedModuleDHPublicKeySignature = new byte[sizeOfTrustedModuleDHPublicKeySignatureBuffer];
- Buffer.BlockCopy(attestationInfo, attestationInfoOffset, trustedModuleDHPublicKeySignature, 0,
- checked((int)sizeOfTrustedModuleDHPublicKeySignatureBuffer));
-
- byte[] sharedSecret;
- using ECDiffieHellman ecdh = KeyConverter.CreateECDiffieHellmanFromPublicKeyBlob(trustedModuleDHPublicKey);
- sharedSecret = KeyConverter.DeriveKey(clientDHKey, ecdh.PublicKey);
- long sessionId = BitConverter.ToInt64(enclaveSessionHandle, 0);
- sqlEnclaveSession = AddEnclaveSessionToCache(enclaveSessionParameters, sharedSecret, sessionId, out counter);
- }
- else
- {
- throw new AlwaysEncryptedAttestationException(Strings.FailToCreateEnclaveSession);
- }
- }
- }
- finally
- {
- UpdateEnclaveSessionLockStatus(sqlEnclaveSession);
- }
- }
-
- ///
- /// When overridden in a derived class, looks up and evicts an enclave session from the enclave session cache, if the provider implements session caching.
- ///
- /// The set of parameters required for enclave session.
- /// The session to be invalidated.
- internal override void InvalidateEnclaveSession(EnclaveSessionParameters enclaveSessionParameters, SqlEnclaveSession enclaveSessionToInvalidate)
- {
- InvalidateEnclaveSessionHelper(enclaveSessionParameters, enclaveSessionToInvalidate);
- }
- }
-}
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs
index d08db25036..0e891924fb 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/AzureAttestationBasedEnclaveProvider.cs
@@ -49,7 +49,7 @@ internal class AzureAttestationEnclaveProvider : EnclaveProviderBase
{
#region Constants
private const int DiffieHellmanKeySize = 384;
- private const int AzureBasedAttestationProtocolId = 1;
+ private const int AzureBasedAttestationProtocolId = (int)SqlConnectionAttestationProtocol.AAS;
private const int SigningKeyRetryInSec = 3;
#endregion
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/EnclaveDelegate.Crypto.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/EnclaveDelegate.Crypto.cs
index bf8786ef7d..fdd2812d1b 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/EnclaveDelegate.Crypto.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/EnclaveDelegate.Crypto.cs
@@ -103,8 +103,8 @@ private SqlColumnEncryptionEnclaveProvider GetEnclaveProvider(SqlConnectionAttes
#if ENCLAVE_SIMULATOR
case SqlConnectionAttestationProtocol.SIM:
- SimulatorEnclaveProvider simulatorEnclaveProvider = new SimulatorEnclaveProvider();
- s_enclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)simulatorEnclaveProvider;
+ NoneAttestationEnclaveProvider noneAttestationEnclaveProvider = new NoneAttestationEnclaveProvider();
+ s_enclaveProviders[attestationProtocol] = (SqlColumnEncryptionEnclaveProvider)noneAttestationEnclaveProvider;
sqlColumnEncryptionEnclaveProvider = s_enclaveProviders[attestationProtocol];
break;
#endif
diff --git a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SimulatorEnclaveProvider.NetCoreApp.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs
similarity index 86%
rename from src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SimulatorEnclaveProvider.NetCoreApp.cs
rename to src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs
index fdf6d67d54..ff36d1604c 100644
--- a/src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SimulatorEnclaveProvider.NetCoreApp.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/NoneAttestationEnclaveProvider.cs
@@ -3,21 +3,17 @@
// See the LICENSE file in the project root for more information.
using System;
-using System.Collections.Generic;
using System.Diagnostics;
-using System.Linq;
-using System.Runtime.Caching;
using System.Security.Cryptography;
-using System.Text;
using System.Threading;
-using System.Threading.Tasks;
-using System.Collections.Concurrent;
namespace Microsoft.Data.SqlClient
{
- internal class SimulatorEnclaveProvider : EnclaveProviderBase
+ internal class NoneAttestationEnclaveProvider : EnclaveProviderBase
{
private static readonly int EnclaveSessionHandleSize = 8;
+ private const int DiffieHellmanKeySize = 384;
+ private const int NoneAttestationProtocolId = 2;
// When overridden in a derived class, looks up an existing enclave session information in the enclave session cache.
// If the enclave provider doesn't implement enclave session caching, this method is expected to return null in the sqlEnclaveSession parameter.
@@ -29,18 +25,15 @@ internal override void GetEnclaveSession(EnclaveSessionParameters enclaveSession
// Gets the information that SqlClient subsequently uses to initiate the process of attesting the enclave and to establish a secure session with the enclave.
internal override SqlEnclaveAttestationParameters GetAttestationParameters(string attestationUrl, byte[] customData, int customDataLength)
{
- // The key derivation function and hash algorithm name are specified when key derivation is performed
- ECDiffieHellman clientDHKey = ECDiffieHellman.Create();
- clientDHKey.KeySize = 384;
-
- return new SqlEnclaveAttestationParameters(2, new byte[] { }, clientDHKey);
+ ECDiffieHellman clientDHKey = KeyConverter.CreateECDiffieHellman(DiffieHellmanKeySize);
+ return new SqlEnclaveAttestationParameters(NoneAttestationProtocolId, Array.Empty(), clientDHKey);
}
- // When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache.
+ // When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates an enclave session and stores the session information in the cache.
internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHellman clientDHKey, EnclaveSessionParameters enclaveSessionParameters, byte[] customData, int customDataLength, out SqlEnclaveSession sqlEnclaveSession, out long counter)
{
- ////for simulator: enclave does not send public key, and sends an empty attestation info
- //// The only non-trivial content it sends is the session setup info (DH pubkey of enclave)
+ // for None attestation: enclave does not send public key, and sends an empty attestation info
+ // The only non-trivial content it sends is the session setup info (DH pubkey of enclave)
sqlEnclaveSession = null;
counter = 0;
@@ -53,14 +46,14 @@ internal override void CreateEnclaveSession(byte[] attestationInfo, ECDiffieHell
{
if (!string.IsNullOrEmpty(enclaveSessionParameters.AttestationUrl))
{
- ////Read AttestationInfo
+ // Read AttestationInfo
int attestationInfoOffset = 0;
uint sizeOfTrustedModuleAttestationInfoBuffer = BitConverter.ToUInt32(attestationInfo, attestationInfoOffset);
attestationInfoOffset += sizeof(UInt32);
int sizeOfTrustedModuleAttestationInfoBufferInt = checked((int)sizeOfTrustedModuleAttestationInfoBuffer);
Debug.Assert(sizeOfTrustedModuleAttestationInfoBuffer == 0);
- ////read secure session info
+ // read secure session info
uint sizeOfSecureSessionInfoResponse = BitConverter.ToUInt32(attestationInfo, attestationInfoOffset);
attestationInfoOffset += sizeof(UInt32);
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
index f71047d965..6c940e3749 100644
--- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
+++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/VirtualSecureModeEnclaveProviderBase.cs
@@ -22,7 +22,7 @@ internal abstract class VirtualizationBasedSecurityEnclaveProviderBase : Enclave
#region Constants
private const int DiffieHellmanKeySize = 384;
- private const int VsmHGSProtocolId = 3;
+ private const int VsmHGSProtocolId = (int)SqlConnectionAttestationProtocol.HGS;
// ENCLAVE_IDENTITY related constants
private static readonly EnclaveIdentity ExpectedPolicy = new EnclaveIdentity()
@@ -95,7 +95,7 @@ internal override void GetEnclaveSession(EnclaveSessionParameters enclaveSession
internal override SqlEnclaveAttestationParameters GetAttestationParameters(string attestationUrl, byte[] customData, int customDataLength)
{
ECDiffieHellman clientDHKey = KeyConverter.CreateECDiffieHellman(DiffieHellmanKeySize);
- return new SqlEnclaveAttestationParameters(VsmHGSProtocolId, new byte[] { }, clientDHKey);
+ return new SqlEnclaveAttestationParameters(VsmHGSProtocolId, Array.Empty(), clientDHKey);
}
// When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache.