Skip to content

Merge | SqlCommand Encryption Methods #3676

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 25 commits into
base: main
Choose a base branch
from
+1,654 −2,704
Open

Merge | SqlCommand Encryption Methods #3676

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
08f86b6
Merge test behavior overrides
benrr101 Sep 4, 2025
9063c0b
Create encryption partial - the reader partial is getting too big.
benrr101 Sep 4, 2025
85bda18
Merge GetParameterEncryptionDataReader from netcore, update netfx to …
benrr101 Sep 4, 2025
45e568b
Merge GetParameterEncryptionDataReaderAsync from netcore, update netf…
benrr101 Sep 4, 2025
cc242fb
Factor out the second result set read for ReadDescribeEncryptionParam…
benrr101 Sep 5, 2025
d1fbee0
Factor out ReadDescribeEncryptionParameterResults1 from ReadDescribeE…
benrr101 Sep 5, 2025
04ea706
Factor out ReadDescribeEncryptionParameterResults3 from ReadDescribeE…
benrr101 Sep 5, 2025
70ba99f
Repeat factoring out in netcore
benrr101 Sep 5, 2025
db8bd2a
Executive decision: removing debug-only row count - it's to make sure…
benrr101 Sep 5, 2025
2f870c2
Merge ReadDescribeEncryptionParameterResults
benrr101 Sep 5, 2025
31662a0
Merge ShouldCacheEncryptinMetadata, keysToBeSentToEnclave and require…
benrr101 Sep 8, 2025
ee8ce4c
Merge enclavePackage, enclaveAttestationParameters, customData, custo…
benrr101 Sep 8, 2025
ee295ee
Merge ShouldUseEnclaveBasedWorkflow, _customColumnEncryptionKeyStoreP…
benrr101 Sep 8, 2025
cfd3353
Merge _sqlRPCParameterEncryptionRegArray, _currentlyExecutingDescribe…
benrr101 Sep 8, 2025
cd5ce3f
Merge InvalidateEnclaveession, GetEnclaveSessionParameters
benrr101 Sep 8, 2025
f4046b5
Merge ValidateCustomProviders
benrr101 Sep 8, 2025
e0656c3
Merge ResetEncryptionState()
benrr101 Sep 8, 2025
cb34479
Merge PrepareTransparentEncryptionFinallyBlock
benrr101 Sep 8, 2025
6b82413
Merge _rowsAffectedBySpDescribeParameterEncryption and RowsAffectedBy…
benrr101 Sep 9, 2025
588a724
Merge SetColumnEncryptionSetting and _wasBatchModeColumnEncryptionSet…
benrr101 Sep 9, 2025
016756b
Merge GetColumnEncryptionCustomKeyProvidersNames and TryGetColumnEncr…
benrr101 Sep 9, 2025
5bc19f9
Merge TryFetchInputParameterEncryptionInfo
benrr101 Sep 9, 2025
06e0bf1
Merge PrepareDescribeParameterEncryptionRequest
benrr101 Sep 10, 2025
db8b2e7
Merge ClearDescribeParameterEncryptionRequests
benrr101 Sep 11, 2025
0b683cc
Merge _rpcForEncryption, BuildStoredProcedureStatementForColumnEncryp…
benrr101 Sep 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
137 changes: 0 additions & 137 deletions src/Microsoft.Data.SqlClient/netcore/src/Microsoft/Data/SqlClient/SqlCommand.netcore.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -921,143 +921,6 @@ private void CheckNotificationStateAndAutoEnlist()
}
}

/// <summary>
/// Constructs the sp_describe_parameter_encryption request with the values from the original RPC call.
/// Prototype for &lt;sp_describe_parameter_encryption&gt; is
/// exec sp_describe_parameter_encryption @tsql=N'[SQL Statement]', @params=N'@p1 varbinary(256)'
/// </summary>
/// <param name="originalRpcRequest"></param>
/// <param name="describeParameterEncryptionRequest"></param>
/// <param name="attestationParameters"></param>
private void PrepareDescribeParameterEncryptionRequest(_SqlRPC originalRpcRequest, ref _SqlRPC describeParameterEncryptionRequest, byte[] attestationParameters = null)
{
Debug.Assert(originalRpcRequest != null);

// Construct the RPC request for sp_describe_parameter_encryption
// sp_describe_parameter_encryption always has 2 parameters (stmt, paramlist).
// sp_describe_parameter_encryption can have an optional 3rd parameter (attestationParameters), used to identify and execute attestation protocol
GetRPCObject(attestationParameters == null ? 2 : 3, 0, ref describeParameterEncryptionRequest, forSpDescribeParameterEncryption: true);
describeParameterEncryptionRequest.rpcName = "sp_describe_parameter_encryption";

// Prepare @tsql parameter
string text;

// In _batchRPCMode, The actual T-SQL query is in the first parameter and not present as the rpcName, as is the case with non-_batchRPCMode.
if (_batchRPCMode)
{
Debug.Assert(originalRpcRequest.systemParamCount > 0,
"originalRpcRequest didn't have at-least 1 parameter in BatchRPCMode, in PrepareDescribeParameterEncryptionRequest.");
text = (string)originalRpcRequest.systemParams[0].Value;
//@tsql
SqlParameter tsqlParam = describeParameterEncryptionRequest.systemParams[0];
tsqlParam.SqlDbType = ((text.Length << 1) <= TdsEnums.TYPE_SIZE_LIMIT) ? SqlDbType.NVarChar : SqlDbType.NText;
tsqlParam.Value = text;
tsqlParam.Size = text.Length;
tsqlParam.Direction = ParameterDirection.Input;
}
else
{
text = originalRpcRequest.rpcName;
if (CommandType == CommandType.StoredProcedure)
{
// For stored procedures, we need to prepare @tsql in the following format
// N'EXEC sp_name @param1=@param1, @param1=@param2, ..., @paramN=@paramN'
describeParameterEncryptionRequest.systemParams[0] = BuildStoredProcedureStatementForColumnEncryption(text, originalRpcRequest.userParams);
}
else
{
//@tsql
SqlParameter tsqlParam = describeParameterEncryptionRequest.systemParams[0];
tsqlParam.SqlDbType = ((text.Length << 1) <= TdsEnums.TYPE_SIZE_LIMIT) ? SqlDbType.NVarChar : SqlDbType.NText;
tsqlParam.Value = text;
tsqlParam.Size = text.Length;
tsqlParam.Direction = ParameterDirection.Input;
}
}

Debug.Assert(text != null, "@tsql parameter is null in PrepareDescribeParameterEncryptionRequest.");
string parameterList = null;

// In BatchRPCMode, the input parameters start at parameters[1]. parameters[0] is the T-SQL statement. rpcName is sp_executesql.
// And it is already in the format expected out of BuildParamList, which is not the case with Non-BatchRPCMode.
if (_batchRPCMode)
{
// systemParamCount == 2 when user parameters are supplied to BuildExecuteSql
if (originalRpcRequest.systemParamCount > 1)
{
parameterList = (string)originalRpcRequest.systemParams[1].Value;
}
}
else
{
// Prepare @params parameter
// Need to create new parameters as we cannot have the same parameter being part of two SqlCommand objects
SqlParameterCollection tempCollection = new SqlParameterCollection();

if (originalRpcRequest.userParams != null)
{
for (int i = 0; i < originalRpcRequest.userParams.Count; i++)
{
SqlParameter param = originalRpcRequest.userParams[i];
SqlParameter paramCopy = new SqlParameter(
param.ParameterName,
param.SqlDbType,
param.Size,
param.Direction,
param.Precision,
param.Scale,
param.SourceColumn,
param.SourceVersion,
param.SourceColumnNullMapping,
param.Value,
param.XmlSchemaCollectionDatabase,
param.XmlSchemaCollectionOwningSchema,
param.XmlSchemaCollectionName
);
paramCopy.CompareInfo = param.CompareInfo;
paramCopy.TypeName = param.TypeName;
paramCopy.UdtTypeName = param.UdtTypeName;
paramCopy.IsNullable = param.IsNullable;
paramCopy.LocaleId = param.LocaleId;
paramCopy.Offset = param.Offset;

tempCollection.Add(paramCopy);
}
}

Debug.Assert(_stateObj == null, "_stateObj should be null at this time, in PrepareDescribeParameterEncryptionRequest.");
Debug.Assert(_activeConnection != null, "_activeConnection should not be null at this time, in PrepareDescribeParameterEncryptionRequest.");
TdsParser tdsParser = null;

if (_activeConnection.Parser != null)
{
tdsParser = _activeConnection.Parser;
if ((tdsParser == null) || (tdsParser.State == TdsParserState.Broken) || (tdsParser.State == TdsParserState.Closed))
{
// Connection's parser is null as well, therefore we must be closed
throw ADP.ClosedConnectionError();
}
}

parameterList = BuildParamList(tdsParser, tempCollection, includeReturnValue: true);
}

SqlParameter paramsParam = describeParameterEncryptionRequest.systemParams[1];
paramsParam.SqlDbType = ((parameterList.Length << 1) <= TdsEnums.TYPE_SIZE_LIMIT) ? SqlDbType.NVarChar : SqlDbType.NText;
paramsParam.Size = parameterList.Length;
paramsParam.Value = parameterList;
paramsParam.Direction = ParameterDirection.Input;

if (attestationParameters != null)
{
SqlParameter attestationParametersParam = describeParameterEncryptionRequest.systemParams[2];
attestationParametersParam.SqlDbType = SqlDbType.VarBinary;
attestationParametersParam.Size = attestationParameters.Length;
attestationParametersParam.Value = attestationParameters;
attestationParametersParam.Direction = ParameterDirection.Input;
}
}

private Task<T> RegisterForConnectionCloseNotification<T>(Task<T> outerTask)
{
SqlConnection connection = _activeConnection;
Expand Down
137 changes: 0 additions & 137 deletions src/Microsoft.Data.SqlClient/netfx/src/Microsoft/Data/SqlClient/SqlCommand.netfx.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -916,143 +916,6 @@ static internal string SqlNotificationContext()
return (System.Runtime.Remoting.Messaging.CallContext.GetData("MS.SqlDependencyCookie") as string);
}

/// <summary>
/// Constructs the sp_describe_parameter_encryption request with the values from the original RPC call.
/// Prototype for &lt;sp_describe_parameter_encryption&gt; is
/// exec sp_describe_parameter_encryption @tsql=N'[SQL Statement]', @params=N'@p1 varbinary(256)'
/// </summary>
/// <param name="originalRpcRequest"></param>
/// <param name="describeParameterEncryptionRequest"></param>
/// <param name="attestationParameters"></param>
private void PrepareDescribeParameterEncryptionRequest(_SqlRPC originalRpcRequest, ref _SqlRPC describeParameterEncryptionRequest, byte[] attestationParameters = null)
{
Debug.Assert(originalRpcRequest != null);

// Construct the RPC request for sp_describe_parameter_encryption
// sp_describe_parameter_encryption always has 2 parameters (stmt, paramlist).
// sp_describe_parameter_encryption can have an optional 3rd parameter (attestationParameters), used to identify and execute attestation protocol
GetRPCObject(attestationParameters == null ? 2 : 3, 0, ref describeParameterEncryptionRequest, forSpDescribeParameterEncryption: true);
describeParameterEncryptionRequest.rpcName = "sp_describe_parameter_encryption";

// Prepare @tsql parameter
string text;

// In _batchRPCMode, The actual T-SQL query is in the first parameter and not present as the rpcName, as is the case with non-_batchRPCMode.
if (_batchRPCMode)
{
Debug.Assert(originalRpcRequest.systemParamCount > 0,
"originalRpcRequest didn't have at-least 1 parameter in BatchRPCMode, in PrepareDescribeParameterEncryptionRequest.");
text = (string)originalRpcRequest.systemParams[0].Value;
//@tsql
SqlParameter tsqlParam = describeParameterEncryptionRequest.systemParams[0];
tsqlParam.SqlDbType = ((text.Length << 1) <= TdsEnums.TYPE_SIZE_LIMIT) ? SqlDbType.NVarChar : SqlDbType.NText;
tsqlParam.Value = text;
tsqlParam.Size = text.Length;
tsqlParam.Direction = ParameterDirection.Input;
}
else
{
text = originalRpcRequest.rpcName;
if (CommandType == CommandType.StoredProcedure)
{
// For stored procedures, we need to prepare @tsql in the following format
// N'EXEC sp_name @param1=@param1, @param1=@param2, ..., @paramN=@paramN'
describeParameterEncryptionRequest.systemParams[0] = BuildStoredProcedureStatementForColumnEncryption(text, originalRpcRequest.userParams);
}
else
{
//@tsql
SqlParameter tsqlParam = describeParameterEncryptionRequest.systemParams[0];
tsqlParam.SqlDbType = ((text.Length << 1) <= TdsEnums.TYPE_SIZE_LIMIT) ? SqlDbType.NVarChar : SqlDbType.NText;
tsqlParam.Value = text;
tsqlParam.Size = text.Length;
tsqlParam.Direction = ParameterDirection.Input;
}
}

Debug.Assert(text != null, "@tsql parameter is null in PrepareDescribeParameterEncryptionRequest.");
string parameterList = null;

// In BatchRPCMode, the input parameters start at parameters[1]. parameters[0] is the T-SQL statement. rpcName is sp_executesql.
// And it is already in the format expected out of BuildParamList, which is not the case with Non-BatchRPCMode.
if (_batchRPCMode)
{
// systemParamCount == 2 when user parameters are supplied to BuildExecuteSql
if (originalRpcRequest.systemParamCount > 1)
{
parameterList = (string)originalRpcRequest.systemParams[1].Value;
}
}
else
{
// Prepare @params parameter
// Need to create new parameters as we cannot have the same parameter being part of two SqlCommand objects
SqlParameterCollection tempCollection = new SqlParameterCollection();

if (originalRpcRequest.userParams != null)
{
for (int i = 0; i < originalRpcRequest.userParams.Count; i++)
{
SqlParameter param = originalRpcRequest.userParams[i];
SqlParameter paramCopy = new SqlParameter(
param.ParameterName,
param.SqlDbType,
param.Size,
param.Direction,
param.Precision,
param.Scale,
param.SourceColumn,
param.SourceVersion,
param.SourceColumnNullMapping,
param.Value,
param.XmlSchemaCollectionDatabase,
param.XmlSchemaCollectionOwningSchema,
param.XmlSchemaCollectionName
);
paramCopy.CompareInfo = param.CompareInfo;
paramCopy.TypeName = param.TypeName;
paramCopy.UdtTypeName = param.UdtTypeName;
paramCopy.IsNullable = param.IsNullable;
paramCopy.LocaleId = param.LocaleId;
paramCopy.Offset = param.Offset;

tempCollection.Add(paramCopy);
}
}

Debug.Assert(_stateObj == null, "_stateObj should be null at this time, in PrepareDescribeParameterEncryptionRequest.");
Debug.Assert(_activeConnection != null, "_activeConnection should not be null at this time, in PrepareDescribeParameterEncryptionRequest.");
TdsParser tdsParser = null;

if (_activeConnection.Parser != null)
{
tdsParser = _activeConnection.Parser;
if ((tdsParser == null) || (tdsParser.State == TdsParserState.Broken) || (tdsParser.State == TdsParserState.Closed))
{
// Connection's parser is null as well, therefore we must be closed
throw ADP.ClosedConnectionError();
}
}

parameterList = BuildParamList(tdsParser, tempCollection, includeReturnValue: true);
}

SqlParameter paramsParam = describeParameterEncryptionRequest.systemParams[1];
paramsParam.SqlDbType = ((parameterList.Length << 1) <= TdsEnums.TYPE_SIZE_LIMIT) ? SqlDbType.NVarChar : SqlDbType.NText;
paramsParam.Size = parameterList.Length;
paramsParam.Value = parameterList;
paramsParam.Direction = ParameterDirection.Input;

if (attestationParameters != null)
{
SqlParameter attestationParametersParam = describeParameterEncryptionRequest.systemParams[2];
attestationParametersParam.SqlDbType = SqlDbType.VarBinary;
attestationParametersParam.Size = attestationParameters.Length;
attestationParametersParam.Value = attestationParameters;
attestationParametersParam.Direction = ParameterDirection.Input;
}
}

private Task<T> RegisterForConnectionCloseNotification<T>(Task<T> outterTask)
{
SqlConnection connection = _activeConnection;
Expand Down
Loading