Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Start Always Encrypted feature branch #116

Merged
merged 50 commits into from
Aug 10, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
50 commits
Select commit Hold shift + click to select a range
6ce6c4f
add core CEK parameters and types
shueybubbles Jun 7, 2023
1ba7c9a
add column encryption featureext
shueybubbles Jun 7, 2023
67d93fa
Add parsing of always encrypted tokens
shueybubbles Jun 9, 2023
f10e1c3
Merge branch 'main' of https://github.com/microsoft/go-mssqldb into f…
shueybubbles Jun 9, 2023
0cc1a7e
Add skeleton for AE test
shueybubbles Jun 12, 2023
282072d
implement local cert key provider
shueybubbles Jun 14, 2023
bcd9e1c
build fixes
shueybubbles Jun 14, 2023
1c7a2e3
use key providers for decrypt
shueybubbles Jun 14, 2023
fb7a081
refactor packages to avoid cycle
shueybubbles Jun 15, 2023
3083f56
initial code for AE result set query
shueybubbles Jun 22, 2023
fc53c14
skeleton of parameter encryption
shueybubbles Jun 28, 2023
ff797ce
implement EncryptColumnEncryptionKey for local cert
shueybubbles Jun 30, 2023
2e3ec3f
fix query for param encryption data
shueybubbles Jun 30, 2023
0fcb7ea
add cipher data to parameters
shueybubbles Jul 3, 2023
f936d90
Merge branch 'main' of https://github.com/microsoft/go-mssqldb into f…
shueybubbles Jul 5, 2023
2e75557
copy swisscom code locally
shueybubbles Jul 5, 2023
a98b1fd
implement Encrypt
shueybubbles Jul 6, 2023
0dcb602
don't claim to support enclaves
shueybubbles Jul 6, 2023
2346b5d
fix encrypt
shueybubbles Jul 10, 2023
c4bd2b1
close Rows when done
shueybubbles Jul 10, 2023
0d97e9e
fix bulk copy
shueybubbles Jul 10, 2023
954472a
fix return value
shueybubbles Jul 11, 2023
fc4e1d8
fix unnamed params to sprocs
shueybubbles Jul 11, 2023
9c6c679
update readme
shueybubbles Jul 11, 2023
45896d3
Remove allocations from unmarshalRSA
shueybubbles Jul 11, 2023
0dc231b
remove go-winio dependency
shueybubbles Jul 11, 2023
83e98f1
fix Scan to use correct data types
shueybubbles Jul 12, 2023
039dc28
fix encryption of more types
shueybubbles Jul 14, 2023
83edee4
try to fix appveyor build
shueybubbles Jul 17, 2023
0ae9b2d
mute test
shueybubbles Jul 17, 2023
689434d
make cert store provider go1.17+
shueybubbles Jul 17, 2023
396a5dd
fix build directives
shueybubbles Jul 17, 2023
b4ab997
rename files for clarity
shueybubbles Jul 17, 2023
25a5ebf
fix typo
shueybubbles Jul 17, 2023
643b7f1
fix test file directive
shueybubbles Jul 17, 2023
2c946e4
skip windows package get in pipeline
shueybubbles Jul 17, 2023
522314e
fix build
shueybubbles Jul 18, 2023
5c0dfc9
fix build breaks
shueybubbles Jul 18, 2023
44af0a5
update dependencies and min Go version
shueybubbles Jul 19, 2023
3b17cd6
update appveyor
shueybubbles Jul 19, 2023
64a993f
try older appveyor image
shueybubbles Jul 19, 2023
4c42fbf
no race on go 1.20
shueybubbles Jul 19, 2023
e2b1af1
Merge branch 'main' of https://github.com/microsoft/go-mssqldb into f…
shueybubbles Jul 19, 2023
8e171eb
update reviewdog
shueybubbles Jul 19, 2023
e2e907a
fix linter warnings
shueybubbles Jul 19, 2023
a66a566
more linter fixes
shueybubbles Jul 19, 2023
cdaec23
check err in test
shueybubbles Jul 19, 2023
9e0b61e
remove old SQL versions from PR build
shueybubbles Jul 19, 2023
2a41c82
check err in test
shueybubbles Jul 24, 2023
c53676e
fix unit tests
shueybubbles Jul 25, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
implement Encrypt
  • Loading branch information
shueybubbles committed Jul 6, 2023
commit a98b1fd8ef8988107aeffc3688abf007282ae9e0
8 changes: 4 additions & 4 deletions encrypt.go
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ func (s *Stmt) encryptArgs(ctx context.Context, args []namedValue) (encryptedArg
}
paramMap := make(map[string]paramMapEntry)
for _, p := range paramsInfo {
paramMap[p.name] = paramMapEntry{cekInfo[p.cekOrdinal-1], &p}
paramMap[p.name] = paramMapEntry{cekInfo[p.cekOrdinal-1], p}
}
encryptedArgs = make([]namedValue, len(args))
for i, a := range args {
Expand Down Expand Up @@ -225,7 +225,7 @@ func appendPrefixedParameterName(b *strings.Builder, p string) {
}
}

func processDescribeParameterEncryption(rows driver.Rows) (cekInfo []*cekData, paramInfo []parameterEncData, err error) {
func processDescribeParameterEncryption(rows driver.Rows) (cekInfo []*cekData, paramInfo []*parameterEncData, err error) {
cekInfo = make([]*cekData, 0)
values := make([]driver.Value, 9)
qerr := rows.Next(values)
Expand Down Expand Up @@ -255,10 +255,10 @@ func processDescribeParameterEncryption(rows driver.Rows) (cekInfo []*cekData, p
if err != nil {
return
}
paramInfo = make([]parameterEncData, 0)
paramInfo = make([]*parameterEncData, 0)
qerr = rows.Next(values[:6])
for qerr == nil {
paramInfo = append(paramInfo, parameterEncData{ordinal: int(values[0].(int64)),
paramInfo = append(paramInfo, &parameterEncData{ordinal: int(values[0].(int64)),
name: values[1].(string),
algorithm: int(values[2].(int64)),
encType: ColumnEncryptionType(values[3].(int64)),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package algorithms

import (
"bytes"
"crypto/rand"
"fmt"

"github.com/microsoft/go-mssqldb/internal/github.com/swisscom/mssql-always-encrypted/pkg/crypto"
Expand Down Expand Up @@ -48,8 +49,29 @@ func NewAeadAes256CbcHmac256Algorithm(key keys.AeadAes256CbcHmac256, encType enc
return a
}

func (a *AeadAes256CbcHmac256Algorithm) Encrypt(bytes []byte) ([]byte, error) {
panic("implement me")
func (a *AeadAes256CbcHmac256Algorithm) Encrypt(cleartext []byte) ([]byte, error) {
buf := make([]byte, 0)
var iv []byte
if a.deterministic {
iv = crypto.Sha256Hmac(cleartext, a.cek.IvKey())
if len(iv) > a.blockSizeBytes {
iv = iv[:a.blockSizeBytes]
}
} else {
iv = make([]byte, a.blockSizeBytes)
_, err := rand.Read(iv)
if err != nil {
panic(err)
}
}
buf = append(buf, a.algorithmVersion)
authTag := a.prepareAuthTag(iv, cleartext)
buf = append(buf, authTag...)
buf = append(buf, iv...)
aescdbc := crypto.NewAESCbcPKCS5(a.cek.EncryptionKey(), iv)
ciphertext := aescdbc.Encrypt(cleartext)
buf = append(buf, ciphertext...)
return buf, nil
}

func (a *AeadAes256CbcHmac256Algorithm) Decrypt(ciphertext []byte) ([]byte, error) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ import (
// Inspired by: https://gist.github.com/hothero/7d085573f5cb7cdb5801d7adcf66dcf3

type AESCbcPKCS5 struct {
key []byte
iv []byte
block cipher.Block
key []byte
iv []byte
block cipher.Block
}

func NewAESCbcPKCS5(key []byte, iv []byte) AESCbcPKCS5 {
Expand All @@ -25,15 +25,16 @@ func NewAESCbcPKCS5(key []byte, iv []byte) AESCbcPKCS5 {
return a
}

func (a AESCbcPKCS5) Encrypt(cleartext []byte) {
func (a AESCbcPKCS5) Encrypt(cleartext []byte) (cipherText []byte) {
if a.block == nil {
a.initCipher()
}

blockMode := cipher.NewCBCEncrypter(a.block, a.iv)
paddedCleartext := PKCS5Padding(cleartext, blockMode.BlockSize())
var cipherText = make([]byte, 0)
cipherText = make([]byte, len(paddedCleartext))
blockMode.CryptBlocks(cipherText, paddedCleartext)
return
}

func (a AESCbcPKCS5) Decrypt(ciphertext []byte) []byte {
Expand Down
2 changes: 1 addition & 1 deletion mssql.go
Original file line number Diff line number Diff line change
Expand Up @@ -667,7 +667,7 @@ func (s *Stmt) makeRPCParams(args []namedValue, isProc bool) ([]param, []string,
}
params[i+offset].cipherInfo = metadata
params[i+offset].ti.TypeId = typeBigVarBin
params[i+offset].ti.Buffer = encryptedBytes
params[i+offset].buffer = encryptedBytes
params[i+offset].ti.Size = 0
}
decls[i] = fmt.Sprintf("%s %s%s", name, makeDecl(params[i+offset].ti), output)
Expand Down
1 change: 0 additions & 1 deletion rpc.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,6 @@ func sendRpc(buf *tdsBuffer, headers []headerStruct, proc procId, flags uint16,
if err != nil {
return
}
param.tiOriginal.Writer(buf, param.tiOriginal, param.buffer)
if _, err = buf.Write(param.cipherInfo); err != nil {
return
}
Expand Down
2 changes: 1 addition & 1 deletion types.go
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ func readByteLenType(ti *typeInfo, r *tdsBuffer, c *cryptoMetadata) interface{}
default:
badStreamPanicf("Invalid typeid")
}
panic("shoulnd't get here")
panic("shouldn't get here")
}

func writeByteLenType(w io.Writer, ti typeInfo, buf []byte) (err error) {
Expand Down