From 8352517ac1a5691b19fd0020972951a1446ff91c Mon Sep 17 00:00:00 2001 From: Mohsen Rajabi Date: Tue, 18 Jan 2022 09:01:36 +0330 Subject: [PATCH 1/5] --- .../src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs | 6 +++--- .../tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs | 4 ++-- .../AlwaysEncrypted/TestFixtures/DatabaseHelper.cs | 4 ++-- .../TestFixtures/Setup/ColumnEncryptionKey.cs | 8 +++++--- .../tests/tools/TDS/TDS.Servers/GenericTDSServer.cs | 7 +++++-- .../tools/TDS/TDS/Login7/TDSLogin7FedAuthOptionToken.cs | 7 +++++-- 6 files changed, 22 insertions(+), 14 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs index 4dabe4351d..945c7c4d86 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs @@ -65,8 +65,8 @@ internal static string GetSHA256Hash(byte[] input) /// A byte array containing cryptographically generated random bytes internal static void GenerateRandomBytes(byte[] randomBytes) { - RandomNumberGenerator rng = RandomNumberGenerator.Create(); - rng.GetBytes(randomBytes); + using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + rng.GetBytes(randomBytes); } /// @@ -367,7 +367,7 @@ internal static void VerifyColumnMasterKeySignature(string keyStoreName, string GetListOfProviderNamesThatWereSearched(connection, command)); } - if (ShouldUseInstanceLevelProviderFlow(keyStoreName,connection, command)) + if (ShouldUseInstanceLevelProviderFlow(keyStoreName, connection, command)) { isValidSignature = provider.VerifyColumnMasterKeyMetadata(keyPath, isEnclaveEnabled, CMKSignature); } diff --git a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs index 9f858a0fca..067de127ad 100644 --- a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs +++ b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs @@ -95,8 +95,8 @@ internal static byte[] GenerateRandomBytes(int length) { // Generate random bytes cryptographically. byte[] randomBytes = new byte[length]; - RandomNumberGenerator rng = RandomNumberGenerator.Create(); - rng.GetBytes(randomBytes); + using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + rng.GetBytes(randomBytes); return randomBytes; } diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs index cd39d56b3c..3f7a7f0c5b 100644 --- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs +++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs @@ -174,8 +174,8 @@ internal static byte[] GenerateRandomBytes(int length) { // Generate random bytes cryptographically. byte[] randomBytes = new byte[length]; - RandomNumberGenerator rng = RandomNumberGenerator.Create(); - rng.GetBytes(randomBytes); + using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + rng.GetBytes(randomBytes); return randomBytes; } diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/Setup/ColumnEncryptionKey.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/Setup/ColumnEncryptionKey.cs index 19a2d2149c..521328bad5 100644 --- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/Setup/ColumnEncryptionKey.cs +++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/Setup/ColumnEncryptionKey.cs @@ -60,9 +60,11 @@ public static byte[] GenerateRandomBytes(int length) { // Generate random bytes cryptographically. byte[] randomBytes = new byte[length]; - RandomNumberGenerator rng = RandomNumberGenerator.Create(); - rng.GetBytes(randomBytes); - + using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + { + rng.GetBytes(randomBytes); + } + return randomBytes; } diff --git a/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.Servers/GenericTDSServer.cs b/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.Servers/GenericTDSServer.cs index 421e3b275a..535304964d 100644 --- a/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.Servers/GenericTDSServer.cs +++ b/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS.Servers/GenericTDSServer.cs @@ -739,8 +739,11 @@ protected virtual TDSMessageCollection CheckTDSVersion(ITDSServerSession session private byte[] _GenerateRandomBytes(int count) { byte[] randomBytes = new byte[count]; - RandomNumberGenerator rng = RandomNumberGenerator.Create(); - rng.GetBytes(randomBytes); + using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + { + rng.GetBytes(randomBytes); + } + return randomBytes; } diff --git a/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS/Login7/TDSLogin7FedAuthOptionToken.cs b/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS/Login7/TDSLogin7FedAuthOptionToken.cs index 412664ae1a..4583601fd8 100644 --- a/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS/Login7/TDSLogin7FedAuthOptionToken.cs +++ b/src/Microsoft.Data.SqlClient/tests/tools/TDS/TDS/Login7/TDSLogin7FedAuthOptionToken.cs @@ -366,8 +366,11 @@ private bool ReadSecurityTokenLogin(Stream source, uint optionDataLength) private byte[] _GenerateRandomBytes(int count) { byte[] randomBytes = new byte[count]; - RandomNumberGenerator rng = RandomNumberGenerator.Create(); - rng.GetBytes(randomBytes); + using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + { + rng.GetBytes(randomBytes); + } + return randomBytes; } } From 4741ee8119f8e2b0633f80c4311e92b5800aff04 Mon Sep 17 00:00:00 2001 From: Mohsen Rajabi Date: Tue, 18 Jan 2022 09:39:54 +0330 Subject: [PATCH 2/5] --- .../tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs index 8d66060684..0edea247b2 100644 --- a/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs +++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs @@ -7,6 +7,7 @@ using System.IO; using Microsoft.Data.SqlClient.Server; + [Serializable] [SqlUserDefinedType(Format.UserDefined, IsByteOrdered = false, MaxByteSize = 500)] public class Address : INullable, IBinarySerialize From 07aa90d961855e28904c5f467ed287ab8b16ec17 Mon Sep 17 00:00:00 2001 From: Mohsen Rajabi Date: Fri, 28 Jan 2022 17:17:47 +0330 Subject: [PATCH 3/5] --- .../src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs | 2 ++ .../tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs | 2 ++ .../ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs | 2 ++ 3 files changed, 6 insertions(+) diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs index 945c7c4d86..ced6e62755 100644 --- a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs +++ b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs @@ -66,7 +66,9 @@ internal static string GetSHA256Hash(byte[] input) internal static void GenerateRandomBytes(byte[] randomBytes) { using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + { rng.GetBytes(randomBytes); + } } /// diff --git a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs index 067de127ad..d91a15dee8 100644 --- a/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs +++ b/src/Microsoft.Data.SqlClient/tests/FunctionalTests/AlwaysEncryptedTests/Utility.cs @@ -96,7 +96,9 @@ internal static byte[] GenerateRandomBytes(int length) // Generate random bytes cryptographically. byte[] randomBytes = new byte[length]; using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + { rng.GetBytes(randomBytes); + } return randomBytes; } diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs index 3f7a7f0c5b..9cea6b8239 100644 --- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs +++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/TestFixtures/DatabaseHelper.cs @@ -175,7 +175,9 @@ internal static byte[] GenerateRandomBytes(int length) // Generate random bytes cryptographically. byte[] randomBytes = new byte[length]; using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) + { rng.GetBytes(randomBytes); + } return randomBytes; } From 70c85067307bf772fa6c0aac3ae36d73458ad27c Mon Sep 17 00:00:00 2001 From: Mohsen Rajabi Date: Fri, 28 Jan 2022 18:14:27 +0330 Subject: [PATCH 4/5] --- .../tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs index 22d2e0b4c1..01057ebb2e 100644 --- a/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs +++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/UdtTest/UDTs/Address/Address.cs @@ -11,7 +11,6 @@ using Microsoft.Data.SqlClient.Server; #endif - [Serializable] [SqlUserDefinedType(Format.UserDefined, IsByteOrdered = false, MaxByteSize = 500)] public class Address : INullable, IBinarySerialize From f15f60397218efe8dde215a25b19efb50c3a42fd Mon Sep 17 00:00:00 2001 From: Mohsen Rajabi Date: Tue, 8 Mar 2022 21:52:03 +0330 Subject: [PATCH 5/5] --- .../AlwaysEncrypted/ExceptionTestAKVStore.cs | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs index 389efad48d..6cb20a4351 100644 --- a/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs +++ b/src/Microsoft.Data.SqlClient/tests/ManualTests/AlwaysEncrypted/ExceptionTestAKVStore.cs @@ -218,22 +218,24 @@ public void AkvStoreProviderVerifyFunctionWithInvalidSignature(bool fEnclaveEnab Buffer.BlockCopy(cmkSignature, 0, tamperedCmkSignature, 0, tamperedCmkSignature.Length); // Corrupt one byte at a time 10 times - RandomNumberGenerator rng = RandomNumberGenerator.Create(); - byte[] randomIndexInCipherText = new byte[1]; - for (int i = 0; i < 10; i++) + using (RandomNumberGenerator rng = RandomNumberGenerator.Create()) { - Assert.True(fixture.AkvStoreProvider.VerifyColumnMasterKeyMetadata(DataTestUtility.AKVUrl, allowEnclaveComputations: fEnclaveEnabled, signature: tamperedCmkSignature), @"tamperedCmkSignature before tampering should be verified without any problems."); + byte[] randomIndexInCipherText = new byte[1]; + for (int i = 0; i < 10; i++) + { + Assert.True(fixture.AkvStoreProvider.VerifyColumnMasterKeyMetadata(DataTestUtility.AKVUrl, allowEnclaveComputations: fEnclaveEnabled, signature: tamperedCmkSignature), @"tamperedCmkSignature before tampering should be verified without any problems."); - int startingByteIndex = 0; - rng.GetBytes(randomIndexInCipherText); + int startingByteIndex = 0; + rng.GetBytes(randomIndexInCipherText); - tamperedCmkSignature[startingByteIndex + randomIndexInCipherText[0]] = (byte)(cmkSignature[startingByteIndex + randomIndexInCipherText[0]] + 1); + tamperedCmkSignature[startingByteIndex + randomIndexInCipherText[0]] = (byte)(cmkSignature[startingByteIndex + randomIndexInCipherText[0]] + 1); - // Expect failed verification for invalid signature bytes - Assert.False(fixture.AkvStoreProvider.VerifyColumnMasterKeyMetadata(DataTestUtility.AKVUrl, allowEnclaveComputations: fEnclaveEnabled, signature: tamperedCmkSignature)); + // Expect failed verification for invalid signature bytes + Assert.False(fixture.AkvStoreProvider.VerifyColumnMasterKeyMetadata(DataTestUtility.AKVUrl, allowEnclaveComputations: fEnclaveEnabled, signature: tamperedCmkSignature)); - // Fix up the corrupted byte - tamperedCmkSignature[startingByteIndex + randomIndexInCipherText[0]] = cmkSignature[startingByteIndex + randomIndexInCipherText[0]]; + // Fix up the corrupted byte + tamperedCmkSignature[startingByteIndex + randomIndexInCipherText[0]] = cmkSignature[startingByteIndex + randomIndexInCipherText[0]]; + } } }