Skip to content

Commit

Permalink
Fix | AE enclave retry logic not working for async queries (dotnet#1988)
Browse files Browse the repository at this point in the history
  • Loading branch information
David-Engel authored and kant2002 committed Jun 29, 2023
1 parent a6adc94 commit 5c4b007
Show file tree
Hide file tree
Showing 14 changed files with 294 additions and 111 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,28 +20,29 @@ the enclave attestation protocol as well as the logic for creating and caching e
<param name="enclaveAttestationInfo">The information the provider uses to attest the enclave and generate a symmetric key for the session. The format of this information is specific to the enclave attestation protocol.</param>
<param name="clientDiffieHellmanKey">A Diffie-Hellman algorithm object that encapsulates a client-side key pair.</param>
<param name="enclaveSessionParameters">The set of parameters required for an enclave session.</param>
<param name="customData">The set of extra data needed for attestating the enclave.</param>
<param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
<param name="customData">The set of extra data needed for attesting the enclave.</param>
<param name="customDataLength">The length of the extra data needed for attesting the enclave.</param>
<param name="sqlEnclaveSession">The requested enclave session or <see langword="null" /> if the provider doesn't implement session caching.</param>
<param name="counter">A counter that the enclave provider is expected to increment each time SqlClient retrieves the session from the cache. The purpose of this field is to prevent replay attacks.</param>
<summary>When overridden in a derived class, performs enclave attestation, generates a symmetric key for the session, creates a an enclave session and stores the session information in the cache.</summary>
<remarks>To be added.</remarks>
</CreateEnclaveSession>
<GetAttestationParameters>
<param name="attestationUrl">The endpoint of an attestation service for attesting the enclave.</param>
<param name="customData">A set of extra data needed for attestating the enclave.</param>
<param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
<param name="customData">A set of extra data needed for attesting the enclave.</param>
<param name="customDataLength">The length of the extra data needed for attesting the enclave.</param>
<summary>Gets the information that SqlClient subsequently uses to initiate the process of attesting the enclave and to establish a secure session with the enclave.</summary>
<returns>The information SqlClient subsequently uses to initiate the process of attesting the enclave and to establish a secure session with the enclave.</returns>
<remarks>To be added.</remarks>
</GetAttestationParameters>
<GetEnclaveSession>
<param name="enclaveSessionParameters">The set of parameters required for enclave session.</param>
<param name="generateCustomData"><see langword="true" /> to indicate that a set of extra data needs to be generated for attestation; otherwise, <see langword="false" />.</param>
<param name="isRetry">Indicates if this is a retry from a failed call.</param>
<param name="sqlEnclaveSession">When this method returns, the requested enclave session or <see langword="null" /> if the provider doesn't implement session caching. This parameter is treated as uninitialized.</param>
<param name="counter">A counter that the enclave provider is expected to increment each time SqlClient retrieves the session from the cache. The purpose of this field is to prevent replay attacks.</param>
<param name="customData">A set of extra data needed for attestating the enclave.</param>
<param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
<param name="customData">A set of extra data needed for attesting the enclave.</param>
<param name="customDataLength">The length of the extra data needed for attesting the enclave.</param>
<summary>When overridden in a derived class, looks up an existing enclave session information in the enclave session cache. If the enclave provider doesn't implement enclave session caching, this method is expected to return <see langword="null" /> in the <paramref name="sqlEnclaveSession" /> parameter.
</summary>
<remarks>To be added.</remarks>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ internal abstract partial class SqlColumnEncryptionEnclaveProvider
/// <param name="enclaveAttestationInfo">The information the provider uses to attest the enclave and generate a symmetric key for the session. The format of this information is specific to the enclave attestation protocol.</param>
/// <param name="clientDiffieHellmanKey">A Diffie-Hellman algorithm object encapsulating a client-side key pair.</param>
/// <param name="enclaveSessionParameters">The set of parameters required for enclave session.</param>
/// <param name="customData">The set of extra data needed for attestating the enclave.</param>
/// <param name="customDataLength">The length of the extra data needed for attestating the enclave.</param>
/// <param name="customData">The set of extra data needed for attesting the enclave.</param>
/// <param name="customDataLength">The length of the extra data needed for attesting the enclave.</param>
/// <param name="sqlEnclaveSession">The requested enclave session or null if the provider does not implement session caching.</param>
/// <param name="counter">A counter that the enclave provider is expected to increment each time SqlClient retrieves the session from the cache. The purpose of this field is to prevent replay attacks.</param>
internal abstract void CreateEnclaveSession(byte[] enclaveAttestationInfo, ECDiffieHellman clientDiffieHellmanKey, EnclaveSessionParameters enclaveSessionParameters, byte[] customData, int customDataLength,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ namespace Microsoft.Data.SqlClient
internal abstract partial class SqlColumnEncryptionEnclaveProvider
{
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionEnclaveProvider.xml' path='docs/members[@name="SqlColumnEncryptionEnclaveProvider"]/GetEnclaveSession/*'/>
internal abstract void GetEnclaveSession(EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, out SqlEnclaveSession sqlEnclaveSession, out long counter, out byte[] customData, out int customDataLength);
internal abstract void GetEnclaveSession(EnclaveSessionParameters enclaveSessionParameters, bool generateCustomData, bool isRetry, out SqlEnclaveSession sqlEnclaveSession, out long counter, out byte[] customData, out int customDataLength);

/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionEnclaveProvider.xml' path='docs/members[@name="SqlColumnEncryptionEnclaveProvider"]/GetAttestationParameters/*'/>
internal abstract SqlEnclaveAttestationParameters GetAttestationParameters(string attestationUrl, byte[] customData, int customDataLength);
Expand Down
Loading

0 comments on commit 5c4b007

Please sign in to comment.