File: SqlAeadAes256CbcHmac256EncryptionKey.cs

package info (click to toggle)
mono 6.12.0.199%2Bdfsg-6
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 1,296,836 kB
  • sloc: cs: 11,181,803; xml: 2,850,076; ansic: 699,709; cpp: 123,344; perl: 59,361; javascript: 30,841; asm: 21,853; makefile: 20,405; sh: 15,009; python: 4,839; pascal: 925; sql: 859; sed: 16; php: 1
file content (128 lines) | stat: -rw-r--r-- 5,290 bytes parent folder | download | duplicates (7) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
//------------------------------------------------------------------------------
// <copyright file="SqlAeadAes256CbcHmac256EncryptionKey.cs" company="Microsoft">
//     Copyright (c) Microsoft Corporation.  All rights reserved.
// </copyright>
// <owner current="true" primary="true">balnee</owner>
// <owner current="true" primary="false">krishnib</owner>
//------------------------------------------------------------------------------
namespace System.Data.SqlClient 
{
    using System;
    using System.Data.SqlClient;
    using System.Text;

    /// <summary>
    /// Encryption key class containing 4 keys. This class is used by SqlAeadAes256CbcHmac256Algorithm and SqlAes256CbcAlgorithm
    /// 1) root key - Main key that is used to derive the keys used in the encryption algorithm
    /// 2) encryption key - A derived key that is used to encrypt the plain text and generate cipher text
    /// 3) mac_key - A derived key that is used to compute HMAC of the cipher text
    /// 4) iv_key - A derived key that is used to generate a synthetic IV from plain text data.
    /// </summary>
    internal class SqlAeadAes256CbcHmac256EncryptionKey : SqlClientSymmetricKey 
    {
        /// <summary>
        /// Key size in bits
        /// </summary>
        internal const int KeySize = 256;

        /// <summary>
        /// Encryption Key Salt format. This is used to derive the encryption key from the root key.
        /// </summary>
        private const string _encryptionKeySaltFormat = @"Microsoft SQL Server cell encryption key with encryption algorithm:{0} and key length:{1}";

        /// <summary>
        /// MAC Key Salt format. This is used to derive the MAC key from the root key.
        /// </summary>
        private const string _macKeySaltFormat = @"Microsoft SQL Server cell MAC key with encryption algorithm:{0} and key length:{1}";

        /// <summary>
        /// IV Key Salt format. This is used to derive the IV key from the root key. This is only used for Deterministic encryption.
        /// </summary>
        private const string _ivKeySaltFormat = @"Microsoft SQL Server cell IV key with encryption algorithm:{0} and key length:{1}";

        /// <summary>
        /// Encryption Key
        /// </summary>
        private readonly SqlClientSymmetricKey _encryptionKey;

        /// <summary>
        /// MAC key
        /// </summary>
        private readonly SqlClientSymmetricKey _macKey;

        /// <summary>
        /// IV Key
        /// </summary>
        private readonly SqlClientSymmetricKey _ivKey;

        /// <summary>
        /// The name of the algorithm this key will be used with.
        /// </summary>
        private readonly string _algorithmName;

        /// <summary>
        /// Derives all the required keys from the given root key
        /// </summary>
        /// <param name="rootKey">Root key used to derive all the required derived keys</param>
        internal SqlAeadAes256CbcHmac256EncryptionKey(byte[] rootKey, string algorithmName): base(rootKey) 
        {
            _algorithmName = algorithmName;

            int keySizeInBytes = KeySize / 8;

            // Key validation
            if (rootKey.Length != keySizeInBytes) 
            {
                throw SQL.InvalidKeySize(_algorithmName,
                                         rootKey.Length,
                                         keySizeInBytes);
            }

            // Derive keys from the root key
            //
            // Derive encryption key
            string encryptionKeySalt = string.Format(_encryptionKeySaltFormat,
                                                    _algorithmName,
                                                    KeySize);
            byte[] buff1 = new byte[keySizeInBytes];
            SqlSecurityUtility.GetHMACWithSHA256(Encoding.Unicode.GetBytes(encryptionKeySalt), RootKey, buff1);
            _encryptionKey = new SqlClientSymmetricKey(buff1);

            // Derive mac key
            string macKeySalt = string.Format(_macKeySaltFormat, _algorithmName, KeySize);
            byte[] buff2 = new byte[keySizeInBytes];
            SqlSecurityUtility.GetHMACWithSHA256(Encoding.Unicode.GetBytes(macKeySalt),RootKey,buff2);
            _macKey = new SqlClientSymmetricKey(buff2);

            // Derive iv key
            string ivKeySalt = string.Format(_ivKeySaltFormat, _algorithmName, KeySize);
            byte[] buff3 = new byte[keySizeInBytes];
            SqlSecurityUtility.GetHMACWithSHA256(Encoding.Unicode.GetBytes(ivKeySalt),RootKey,buff3);
            _ivKey = new SqlClientSymmetricKey(buff3);
        }

        /// <summary>
        /// Encryption key should be used for encryption and decryption
        /// </summary>
        internal byte[] EncryptionKey 
        {
            get { return _encryptionKey.RootKey; }
        }

        /// <summary>
        /// MAC key should be used to compute and validate HMAC
        /// </summary>
        internal byte[] MACKey 
        {
            get { return _macKey.RootKey; }
        }

        /// <summary>
        /// IV key should be used to compute synthetic IV from a given plain text
        /// </summary>
        internal byte[] IVKey 
        {
            get { return _ivKey.RootKey; }
        }
    }
}