Skip to content

Commit

Permalink
Add new Attestation Protocol "None" - phase 2 (#1425)
Browse files Browse the repository at this point in the history 
# Conflicts:
#	src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsEnums.cs
  • Loading branch information
@DavoudEshtehari
DavoudEshtehari committed Jan 27, 2022
1 parent 2d74c19 commit 9ac11d3
Show file tree
Hide file tree
Showing 21 changed files with 181 additions and 181 deletions.
2 changes: 1 addition & 1 deletion doc/snippets/Microsoft.Data.SqlClient/SqlConnection.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -527,7 +527,7 @@ End Module
|Application Intent<br /><br /> -or-<br /><br />ApplicationIntent|ReadWrite|Declares the application workload type when connecting to a server. Possible values are `ReadOnly` and `ReadWrite`. For example:<br /><br /> `ApplicationIntent=ReadOnly`<br /><br /> For more information about SqlClient support for Always On Availability Groups, see [SqlClient Support for High Availability, Disaster Recovery](/sql/connect/ado-net/sql/sqlclient-support-high-availability-disaster-recovery).|
|Application Name|N/A|The name of the application. If no application name is provided, 'Framework Microsoft SqlClient Data Provider' when running on .NET Framework and 'Core Microsoft SqlClient Data Provider' otherwise.<br /><br /> An application name can be 128 characters or less.|
|AttachDBFilename<br /><br /> -or-<br /><br /> Extended Properties<br /><br /> -or-<br /><br /> Initial File Name|N/A|The name of the primary database file, including the full path name of an attachable database. AttachDBFilename is only supported for primary data files with an .mdf extension.<br /><br /> If the value of the AttachDBFileName key is specified in the connection string, the database is attached and becomes the default database for the connection.<br /><br /> If this key is not specified and if the database was previously attached, the database will not be reattached. The previously attached database will be used as the default database for the connection.<br /><br /> If this key is specified together with the AttachDBFileName key, the value of this key will be used as the alias. However, if the name is already used in another attached database, the connection will fail.<br /><br /> The path may be absolute or relative by using the DataDirectory substitution string. If DataDirectory is used, the database file must exist within a subdirectory of the directory pointed to by the substitution string. **Note:** Remote server, HTTP, and UNC path names are not supported. <br /><br /> The database name must be specified with the keyword 'database' (or one of its aliases) as in the following:<br /><br /> <code>"AttachDbFileName=&#124;DataDirectory&#124;\data\YourDB.mdf;integrated security=true;database=YourDatabase"</code><br /><br /> An error will be generated if a log file exists in the same directory as the data file and the 'database' keyword is used when attaching the primary data file. In this case, remove the log file. Once the database is attached, a new log file will be automatically generated based on the physical path.|
|Attestation Protocol|N/A|Gets or sets the value of Attestation Protocol.<br /><br />Valid values are:<br />`AAS`<br />`HGS`|
|Attestation Protocol|N/A|Gets or sets the value of Attestation Protocol.<br /><br />Valid values are:<br />`AAS`<br />`HGS`<br />`None`|
|Authentication|N/A|The authentication method used for [Connecting to SQL Database By Using Azure Active Directory Authentication](https://azure.microsoft.com/documentation/articles/sql-database-aad-authentication/#7-connect-to-your-database-by-using-azure-active-directory-identities).<br /><br /> Valid values are:<br /><br /> `Active Directory Integrated`, `Active Directory Interactive`, `Active Directory Password`, `Active Directory Service Principal`, `Active Directory Device Code Flow`, `Active Directory Managed Identity`, `Active Directory MSI`, `Active Directory Default`, `Sql Password`.|
|Column Encryption Setting|disabled|Enables or disables [Always Encrypted](/sql/relational-databases/security/encryption/always-encrypted-database-engine) functionality for the connection. Supported values are: `enabled` and `disabled`|
|Command Timeout|30|The default wait time (in seconds) before terminating the attempt to execute a command and generating an error.<br /><br /> Valid values are greater than or equal to 0 and less than or equal to 2147483647.|
Expand Down
6 changes: 3 additions & 3 deletions doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,10 @@
<summary>Attestation portocol for Azure Attestation Service</summary>
<value>1</value>
</AAS>
<SIM>
<summary>Attestation protocol for Simulator</summary>
<None>
<summary>Attestation protocol for no attestation. Only compatible with Virtualization-based security (VBS) enclaves. An Enclave Attestation Url is not required when using this protocol.</summary>
<value>2</value>
</SIM>
</None>
<HGS>
<summary>Attestation protocol for Host Guardian Service</summary>
<value>3</value>
Expand Down
6 changes: 2 additions & 4 deletions src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -472,10 +472,8 @@ public enum SqlConnectionAttestationProtocol
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/AAS/*' />
AAS = 1,

#if ENCLAVE_SIMULATOR
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/SIM/*' />
SIM = 2,
#endif
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/None/*' />
None = 2,

/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/HGS/*' />
HGS = 3
Expand Down
14 changes: 8 additions & 6 deletions src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlCommand.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,10 +204,9 @@ internal bool IsColumnEncryptionEnabled
}
}

internal bool ShouldUseEnclaveBasedWorkflow
{
get { return !string.IsNullOrWhiteSpace(_activeConnection.EnclaveAttestationUrl) && IsColumnEncryptionEnabled; }
}
internal bool ShouldUseEnclaveBasedWorkflow =>
(!string.IsNullOrWhiteSpace(_activeConnection.EnclaveAttestationUrl) || Connection.AttestationProtocol == SqlConnectionAttestationProtocol.None) &&
IsColumnEncryptionEnabled;

/// <summary>
/// Per-command custom providers. It can be provided by the user and can be set more than once.
Expand Down Expand Up @@ -4211,7 +4210,7 @@ private void ReadDescribeEncryptionParameterResults(SqlDataReader ds, ReadOnlyDi

if (isRequestedByEnclave)
{
if (string.IsNullOrWhiteSpace(this.Connection.EnclaveAttestationUrl))
if (string.IsNullOrWhiteSpace(this.Connection.EnclaveAttestationUrl) && Connection.AttestationProtocol != SqlConnectionAttestationProtocol.None)
{
throw SQL.NoAttestationUrlSpecifiedForEnclaveBasedQuerySpDescribe(this._activeConnection.Parser.EnclaveType);
}
Expand Down Expand Up @@ -4636,8 +4635,11 @@ private void GenerateEnclavePackage()
return;
}

if (string.IsNullOrWhiteSpace(this._activeConnection.EnclaveAttestationUrl))
if (string.IsNullOrWhiteSpace(this._activeConnection.EnclaveAttestationUrl) &&
Connection.AttestationProtocol != SqlConnectionAttestationProtocol.None)
{
throw SQL.NoAttestationUrlSpecifiedForEnclaveBasedQueryGeneratingEnclavePackage(this._activeConnection.Parser.EnclaveType);
}

string enclaveType = this._activeConnection.Parser.EnclaveType;
if (string.IsNullOrWhiteSpace(enclaveType))
Expand Down
6 changes: 2 additions & 4 deletions src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsEnums.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1070,10 +1070,8 @@ public enum SqlConnectionAttestationProtocol
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/AAS/*' />
AAS = 1,

#if ENCLAVE_SIMULATOR
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/SIM/*' />
SIM = 2,
#endif
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/None/*' />
None = 2,

/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/HGS/*' />
HGS = 3
Expand Down
38 changes: 8 additions & 30 deletions src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/TdsParser.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3176,22 +3176,22 @@ private bool TryProcessFeatureExtAck(TdsParserStateObject stateObj)
if (TceVersionSupported < TdsEnums.MIN_TCE_VERSION_WITH_ENCLAVE_SUPPORT)
{
// Check if enclave attestation url was specified and server does not support enclave computations and we aren't going to be routed to another server.
if (!string.IsNullOrWhiteSpace(_connHandler.ConnectionOptions.EnclaveAttestationUrl) && SqlConnectionAttestationProtocol.NotSpecified != attestationProtocol)
if (!string.IsNullOrWhiteSpace(_connHandler.ConnectionOptions.EnclaveAttestationUrl) && attestationProtocol != SqlConnectionAttestationProtocol.NotSpecified)
{
throw SQL.EnclaveComputationsNotSupported();
}
else if (!string.IsNullOrWhiteSpace(_connHandler.ConnectionOptions.EnclaveAttestationUrl))
{
throw SQL.AttestationURLNotSupported();
}
else if (SqlConnectionAttestationProtocol.NotSpecified != _connHandler.ConnectionOptions.AttestationProtocol)
else if (_connHandler.ConnectionOptions.AttestationProtocol != SqlConnectionAttestationProtocol.NotSpecified)
{
throw SQL.AttestationProtocolNotSupported();
}
}

// Check if enclave attestation url was specified and server does not return an enclave type and we aren't going to be routed to another server.
if (!string.IsNullOrWhiteSpace(_connHandler.ConnectionOptions.EnclaveAttestationUrl))
if (!string.IsNullOrWhiteSpace(_connHandler.ConnectionOptions.EnclaveAttestationUrl) || attestationProtocol == SqlConnectionAttestationProtocol.None)
{
if (string.IsNullOrWhiteSpace(EnclaveType))
{
Expand All @@ -3202,7 +3202,7 @@ private bool TryProcessFeatureExtAck(TdsParserStateObject stateObj)
// Check if the attestation protocol is specified and supports the enclave type.
if (SqlConnectionAttestationProtocol.NotSpecified != attestationProtocol && !IsValidAttestationProtocol(attestationProtocol, EnclaveType))
{
throw SQL.AttestationProtocolNotSupportEnclaveType(ConvertAttestationProtocolToString(attestationProtocol), EnclaveType);
throw SQL.AttestationProtocolNotSupportEnclaveType(attestationProtocol.ToString(), EnclaveType);
}
}
}
Expand All @@ -3217,10 +3217,8 @@ private bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol attesta
{
case TdsEnums.ENCLAVE_TYPE_VBS:
if (attestationProtocol != SqlConnectionAttestationProtocol.AAS
#if ENCLAVE_SIMULATOR
&& attestationProtocol != SqlConnectionAttestationProtocol.SIM
#endif
&& attestationProtocol != SqlConnectionAttestationProtocol.HGS)
&& attestationProtocol != SqlConnectionAttestationProtocol.HGS
&& attestationProtocol != SqlConnectionAttestationProtocol.None)
{
return false;
}
Expand All @@ -3229,7 +3227,7 @@ private bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol attesta
case TdsEnums.ENCLAVE_TYPE_SGX:
#if ENCLAVE_SIMULATOR
if (attestationProtocol != SqlConnectionAttestationProtocol.AAS
&& attestationProtocol != SqlConnectionAttestationProtocol.SIM)
&& attestationProtocol != SqlConnectionAttestationProtocol.None)
#else
if (attestationProtocol != SqlConnectionAttestationProtocol.AAS)
#endif
Expand All @@ -3240,7 +3238,7 @@ private bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol attesta

#if ENCLAVE_SIMULATOR
case TdsEnums.ENCLAVE_TYPE_SIMULATOR:
if (attestationProtocol != SqlConnectionAttestationProtocol.SIM)
if (attestationProtocol != SqlConnectionAttestationProtocol.None)
{
return false;
}
Expand All @@ -3254,26 +3252,6 @@ private bool IsValidAttestationProtocol(SqlConnectionAttestationProtocol attesta
return true;
}

private string ConvertAttestationProtocolToString(SqlConnectionAttestationProtocol attestationProtocol)
{
switch (attestationProtocol)
{
case SqlConnectionAttestationProtocol.AAS:
return "AAS";

case SqlConnectionAttestationProtocol.HGS:
return "HGS";

#if ENCLAVE_SIMULATOR
case SqlConnectionAttestationProtocol.SIM:
return "SIM";
#endif

default:
return "NotSpecified";
}
}

private bool TryReadByteString(TdsParserStateObject stateObj, out string value)
{
value = string.Empty;
Expand Down
6 changes: 2 additions & 4 deletions src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -889,10 +889,8 @@ public enum SqlConnectionAttestationProtocol
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/AAS/*' />
AAS = 1,

#if ENCLAVE_SIMULATOR
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/SIM/*' />
SIM = 2,
#endif
/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/None/*' />
None = 2,

/// <include file='../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/HGS/*' />
HGS = 3
Expand Down
14 changes: 8 additions & 6 deletions src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlCommand.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,10 +160,9 @@ internal bool IsColumnEncryptionEnabled
}
}

internal bool ShouldUseEnclaveBasedWorkflow
{
get { return !string.IsNullOrWhiteSpace(_activeConnection.EnclaveAttestationUrl) && IsColumnEncryptionEnabled; }
}
internal bool ShouldUseEnclaveBasedWorkflow =>
(!string.IsNullOrWhiteSpace(_activeConnection.EnclaveAttestationUrl) || Connection.AttestationProtocol == SqlConnectionAttestationProtocol.None) &&
IsColumnEncryptionEnabled;

internal ConcurrentDictionary<int, SqlTceCipherInfoEntry> keysToBeSentToEnclave;
internal bool requiresEnclaveComputations = false;
Expand Down Expand Up @@ -4780,7 +4779,7 @@ private void ReadDescribeEncryptionParameterResults(SqlDataReader ds, ReadOnlyDi

if (isRequestedByEnclave)
{
if (string.IsNullOrWhiteSpace(this.Connection.EnclaveAttestationUrl))
if (string.IsNullOrWhiteSpace(this.Connection.EnclaveAttestationUrl) && Connection.AttestationProtocol != SqlConnectionAttestationProtocol.None)
{
throw SQL.NoAttestationUrlSpecifiedForEnclaveBasedQuerySpDescribe(this._activeConnection.Parser.EnclaveType);
}
Expand Down Expand Up @@ -5244,8 +5243,11 @@ private void GenerateEnclavePackage()
return;
}

if (string.IsNullOrWhiteSpace(this._activeConnection.EnclaveAttestationUrl))
if (string.IsNullOrWhiteSpace(this._activeConnection.EnclaveAttestationUrl) &&
Connection.AttestationProtocol != SqlConnectionAttestationProtocol.None)
{
throw SQL.NoAttestationUrlSpecifiedForEnclaveBasedQueryGeneratingEnclavePackage(this._activeConnection.Parser.EnclaveType);
}

string enclaveType = this._activeConnection.Parser.EnclaveType;
if (string.IsNullOrWhiteSpace(enclaveType))
Expand Down
6 changes: 2 additions & 4 deletions src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/TdsEnums.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1069,10 +1069,8 @@ public enum SqlConnectionAttestationProtocol
/// <include file='..\..\..\..\..\..\..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/AAS/*' />
AAS = 1,

#if ENCLAVE_SIMULATOR
/// <include file='..\..\..\..\..\..\..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/SIM/*' />
SIM = 2,
#endif
/// <include file='../../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/None/*' />
None = 2,

/// <include file='..\..\..\..\..\..\..\doc\snippets\Microsoft.Data.SqlClient\SqlConnectionAttestationProtocol.xml' path='docs/members[@name="SqlConnectionAttestationProtocol"]/HGS/*' />
HGS = 3
Expand Down
Loading

0 comments on commit 9ac11d3

Please sign in to comment.