dprevot/php-sqlsrv
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Updated keys and certificates for AE tests with secure enclave (#1122)

Browse source
This commit is contained in:
Jenny Tam 2020-04-16 13:45:39 -07:00 committed by GitHub
parent 55e1715f76
commit 93b6237f9e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 21 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
test/functional/pdo_sqlsrv/skipif_not_hgs.inc
View file

@ -9,6 +9,10 @@ if (!extension_loaded("pdo_sqlsrv")) {
require_once('MsSetup.inc');
if ($attestation == 'TARGET_ATTESTATION') {
die("skip Not set up for testing with secure enclave.");
}
$conn = new PDO("sqlsrv:server = $server", $uid, $pwd);
if (!$conn) {
die("skip Could not connect during SKIPIF.");

BIN
test/functional/setup/AEV2Cert.pfx
View file

Binary file not shown.

20
test/functional/setup/ae_keys.sql
View file

@ -34,19 +34,21 @@ CREATE COLUMN MASTER KEY [CMK-win-enclave]
WITH
(
KEY_STORE_PROVIDER_NAME = N'MSSQL_CERTIFICATE_STORE',
KEY_PATH = N'CurrentUser/My/D9C0572FA54B221D6591C473BAEA53FE61AAC854',
ENCLAVE_COMPUTATIONS (SIGNATURE = 0xA1150DE565E9C132D2AAB8FF8B228EAA8DA804F250B5B422874CB608A3B274DDE523E71B655A3EFC6C3018B632701E9205BAD80C178614E1FE821C6807B0E70BCF11168FC4B202638905C5F016EDBADACA23C696B79772C56825F36EB8C0366B130C91D85362E560C9D2FDD20DCAE99619256045CA2725DEC9E0C115CAEB9EA686CCB0DE0D53D2056C01752B17B634FC6DBB51EA043F607349489722DB8A086CBC876649284A8352822DD22B328E7BA3D671CCDF54CDAAF61DFD6AF2EAAC14E03897324234AB103C45AB48131C1CD19040782359FC920A0AF61BA9842ADFB76C3196CBC6EB9C0A679926ED63E092B7C8643232C97A64C7F918104C210787A56F)
KEY_PATH = N'CurrentUser/My/FADD52207E002EDDEE832B12E281EA280F2EFBCB',
ENCLAVE_COMPUTATIONS (SIGNATURE = 0x89DB5211D883466A978299CD9AE176E25C3465EDB6FA42571E17AC38D9ED63D436CD476D5436AD1514BAE7C9E185EB421E9C5BA3905721CD453899604140A3DE5E5080693E7CCD61360E5E168290498EE86EFABD5D2B56D9F5676173E6164D5F195EE3321DEE003568C25FE5B5470B3EE5C699F1280B1397C90E411A86E62F165F1ED74987C571A3BB1CCB909B69210A38DBE1D3826F0153F1DEFD7454C0F218853480C636D428FA42FE688FB93E34CEAABD70AC66DCF329C0FE4503738EFD24E920524D8040F493ADC6A4E21F017231B787942B68C825879025019D4F6EC9919EFC73504D764D16E4F808FECBFDF6F5456247DB8904F9B77BA0C32CB4403AE1)
)
GO
CREATE COLUMN MASTER KEY [CMK-win-noenclave]
WITH
(
KEY_STORE_PROVIDER_NAME = N'MSSQL_CERTIFICATE_STORE',
KEY_PATH = N'CurrentUser/My/D9C0572FA54B221D6591C473BAEA53FE61AAC854'
KEY_PATH = N'CurrentUser/My/FADD52207E002EDDEE832B12E281EA280F2EFBCB'
)
GO
/* Now we can create the Column Encryption Keys */
/* ENCRYPTED_VALUE is generated by SSMS and it is always the same if the same Certificate is imported */
CREATE COLUMN ENCRYPTION KEY [AEColumnKey]
@ -66,33 +68,37 @@ WITH VALUES
(
COLUMN_MASTER_KEY = [CMK-win-enclave],
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F0064003900630030003500370032006600610035003400620032003200310064003600350039003100630034003700330062006100650061003500330066006500360031006100610063003800350034007382EDDDE3FFCE076D5715B6BBBD22EA64E665899BEFAAD5B329F218EE30BE9F789EB98717B6FD9E50AE496AC9FEED962B23442D4FD3FBFEC9C9B65F40A3BCEC7CFAC198F4CAEE8A255F67988289EF050F9F75D0287F3DF9A9FDA0C674E48DF2CB13298AAAD039930DD909EEE71682CC8A90202D3F2A1F1037BB20B1954C8B6A11F05D104CA9DAF1561C6B2F9DBB08BCE17244157B751C02FC1730E387F372C31327F2834D19AF626D0B46B152615F05FA2F3566350312CDE6DE1160B3C1D0FD35FAF13891C04711DF184DA501AA51D16BF009EA71A2D28E201804C6F8F9100E90234923B2713EA7988861FBA4E292E5518FFC02CCBD2513EDA871F6E03ECDDD309619557277C10A07906E55BA3F59A6A18834B4CD5185DA4B4574A18B8B1AC53A2C36B033D7A72443F1438E76E37306A1F92AC30BC751F6D7ED1633FEE807440E1D6096C53C5E3E33828C9C59E8761E5BAD341C6D9E2BD1F2B5C3992666620CAA38C4645C154976EF62AE80161A9F7700C96875A72995E1C585918B28F65060F1B8B96417328F6DEDFCA79ED9F01EAB19FF4E3163F9963BA26E9B58031A04320CC73702A6ED438513E0F8ABA1966B53114038CC587050F90D9CD0F9E26CA9749723ABA85CF31F963A5E85E04993B2B2869725E734BE8FCFD30A801825582730B49C00A2058C02D3312D6D8E82078FF4F77C5FF9CE6E9D140F1A4517635AB784
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F0066006100640064003500320032003000370065003000300032006500640064006500650038003300320062003100320065003200380031006500610032003800300066003200650066006200630062000D9BC8E2315C6D3F7BCB6D7578C2072E9482635E9E16B9AF3875846A6C4328541BEE6520BF99D012B34455102D8E23965B991AA0CE03A7E624FEFF87E0C082685960C81C9703DDD35089A2D86952120ABD82CEAA40B6071C3C8E36B597B6B09E44630ECE41F24A4DE26F0C583C5FF077898682106D64D710F4967B6E0705D5C5F436D1AF234BFD93F0F9104D88F2577B07C250003EB85F1D6AAE661AF70D72D80CDDA68B189B5718C34F00A5AFC47D59AFBB025F5FE3822BEC8D40C2D2EADCEAD3AB5C534E6B683B19B6F08E555396CDDD71AE0571939CB54BAFD6ED31DA6316EBF5F8330574EB9168D6E326D6DC003A1F65223C16DAD4C9CFD852E3016C04B9CBB9C7BFCFC9417441721C73E81B5C46252C5759CC835637335E2A1B70BEAD0DFF49561190D6B54E3B8AD669E64D4295294CD0A2BD4279395215CD0932F2951EE2748E697D5DDFBF45D4681B20728C0D0A1CE137F9C531EBFC84994CE071B54464A5BDF6AFC038C7D65A1E1D4B392216556B267CFBAAA86A9DD8BB70D0A727EE2B2242BC2C6B29DD09FAECEE6349AE67734C8E56B04A84D51EB74F5278205438EAADBBD59D4FD7F8FC7456EB59101841B7AE8D1851EF481FA37D3255E24BDB1305D380A6044595CE23D07D8F2A07B8862E77C5D4EAEC66886B297B4B4B26670629CC524031C50E9990054A9144975D6C88CBAD7FE41D0367B965FFBEF322BE6A
)
GO
CREATE COLUMN ENCRYPTION KEY [CEK-win-enclave2]
WITH VALUES
(
COLUMN_MASTER_KEY = [CMK-win-enclave],
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F0064003900630030003500370032006600610035003400620032003200310064003600350039003100630034003700330062006100650061003500330066006500360031006100610063003800350034006B4D40ABF0975AF7C5CA7D1F4345DE437318556F5A2380DCFE4AB792DC3A424EABC80EA24EE850FACD94F04809C8B32674C6FF2D966FA7F9F9E522990E5F5011515BA4B7EF3603619D8A4BF46AA9B769A8A4417462C4B0303F995F04964A2E328A503D87CD1AB85ECFCB8241D0C815540989DC33E58EDCCBAFF0753E196813E3FCCC5A3C9E4277DD528AE276F1F795973A4DF8D1BB3B1F405B5F35A6A583F0BB86BAD7FCADC1FCF6B14B602890109360FAB67D6A27DE542AE87784C40FEB9071AC34C4C40C92A6C153A4A38B6DA3AD48ED39E32D6D161ACE7EFE516B414139A831D878C13FF178649823C4EFDC8E5DB4C02F2147CC76965C01C2F3624EB809FD4F5C2E291056077B1ABEFF1F5001C1F4248704C7C70CF63DA1EBC2FEC4A3DF919BA4F6B465819BC4587599C2E7499CDE62D7C335CE7BBCFC72242A8F41C1B5C94DEB0A9AF49B723759A8CD9751EE70DDEBAFA1957382287F621790543841EBCCA0007BA030CAF29E9FBF8CEB4FEC88673F47B5EC3B5F759BBDD8ED2EAF572711D78286E4294B89FF6EBFEE4968B4596AF3B5C34985F28E886F6C211F385326F10ED62602007589FC494372902FB32B0E3D67A8C64F43A87B06EE9F2CF074EB6F3EC7A431733EDA8745051B7A4AA4C020797A9492E6A3BA643D031E491497BF17539993871085AC249D0AD82203CD442F69D6C686D26F4D17BA46B69D3CB7E395
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F0066006100640064003500320032003000370065003000300032006500640064006500650038003300320062003100320065003200380031006500610032003800300066003200650066006200630062007F99C7C6F2E645A99AF68A4233CF78024AD556E6BD32776F51D163D091A4F3E9350FB8A524E6201588A4BEB95418A95F5E7D62B1AC9C71CCD75E88FE1838BA0C3DC60DCA01171CFDBFAB77567BB63D5BE5387C796F95559EE2C0A78C94456C8A584B5391C05CA145715D0024B2D0DD3D1C9E44D924466978A180AFA3EB6CF64DB44B022CF5033BAAB4A7DF3D67A8ED9EFB979C18D6EAC8B9B415491BF6F7F86E2844D0DCC5484D24830D2BD8DAB7B7B98F0F3DF47980131CC1BCFE7A8D76559BA9E8833B4779A08BFB65F45EDB6B3922A466BD3D2643C235CB0EB80B94B125E7C14711403D58F3D2F80336F65C8782F0C6F3D4494D40F99D770560673466D9362EC476D9F917F37C28C8ED15AF05C8F10B70D33D2A2646DA206873D34A6D89482C65D3793274EC2981A96BF927C22717078DFCFD6EAFDCCC0E274386A11101739B7DDEE8085BCD8381866696160969C5CCBE11520766FAC6EA187D51FC6ED8B7EA73D65BE8B25A124DD69000F4691BD63CAEAC33C71C12A5796DFC15E0BDBDB889E65AA8EBC9D5C11A9DF58A3BF36A9AE5DAEA8FB92AA68500FAC69FC85FEF8AFE0AD5CDF9C4C6D5915532620BEE1A5F77F2A574C374704C60096D4252405971C40A82AEF54F56AF924C7CC18395A22838D07014AF5585DA7EE248AAAB4C4FDA6BC187515C5D1DA0FC3BB05ABC9F98EE32575B17FEA7F2C0ED256D9FD1A68F0C
)
GO
CREATE COLUMN ENCRYPTION KEY [CEK-win-noenclave]
WITH VALUES
(
COLUMN_MASTER_KEY = [CMK-win-noenclave],
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F00640039006300300035003700320066006100350034006200320032003100640036003500390031006300340037003300620061006500610035003300660065003600310061006100630038003500340042DC7A3AAAD184E01288C0913EFB6FEC6167CD8EA08A5F46ADCCC34D3AA6A1BDDDA15EA3DD219ED8795AB05C0111E48EA35A82ADDF2A206FACBBF4FD73D01C004DF627012D3950FEBCA4BBEDBDF97BA77033728D8873BA81E1C7BDCBE04BB3AA7EB42A1EDDBEF9B1CA9477ADA33F76711FEDF782CA1BD3C0104FDEB9E0D66DFCEC7D3C236906481B44F04457549658635322447742FB00B6D6F36A7CFCC56BB39F7280736BC25FD499F9CBA2F63CE11D53E536FD4A266929E06CF2BDBAF229894A77EDE140323B674ECF28C58C3E0B6C2E9407AD1A26776CB55D68B8286F64787CE5A468CFA27295D6069EFA5D65CD9A04602E861F4504F2611AAE6A8ADE33038A2BECE8BD7CF5B48567C217E324F11935C552FD25FE1FEFB152684BD1B3F8EB70EC9F6439340CE82CD8E74DD5986A6C4F9E8336ED4AC804FAD800A3EA324F78DCE37832035C3DC92782A06150916D01322A80767D1A36D7A8D9BCF6727DCE6AC67A168FA8B8B5032E60DCB178B21A860F2D98BE09DA9BA5DCCBD0D339369FF3C50C7993463372CF5B1DA9FAA12CD16E76F5961C01EADC5804C7F22227E2095BAD0F90A47B6330B1B43407E01DE5B61CEBD542A93797428AD84376E9362EADE6DDD103B9EC96E616A2ECED7D1D665B5B872E77FC024AD92AB4A8335D12D41BDD152790E87590798C1005956F9F92D4DD0C1C9852D147F7CB55B3224DE8EF593F
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F00660061006400640035003200320030003700650030003000320065006400640065006500380033003200620031003200650032003800310065006100320038003000660032006500660062006300620019FA28795E9865B2FFE247F6405EA11CAE7FA8374FBF69B2C9BC6D4296D4EF2710D491CE9C00B29B837C9B2D70B1466E12E3448D27F473153E1CED638B1BBA980B3E14E173BD53C8A29DFA7EAC21F5F7E4E9DEFFD0023205593F13EE0DDEFA3E7772729E50C227668EE383A58A037766824E05EE608D47E9818893A8770427F847B97FBDC97AFEFBC1495C894538B7604E192332AAA4C19E1CD253AACA972989B46480681411AE8773E834254F618FD5AB5BBB961C7774A1A85332AD028056DADAA9785E092E9DB50A7D6CEB305CD1C3740265BDB55633D9FA0005A0DE3CABF65797B01F7B3CA9DA6B34C958565166D2B3C771233BB376A2F0E0D1BBC508DA117AA0F3EB25925C9C4B26A2FDD3F13792807067F088E9AAB442368D15B13E1138C715958505DD16F388A0476C29F6B04E8789CC396B54C95ED05F8F093A14B800DB7CB04F14732B96A06A7DB4FA81791FC0D5BA45562DA56B90E9A77A72588FAB71ED85F0358CAB2A45F4FBAFF031F44A6993F34B52CF119828989BCA2A802AABE5C3B5D6215F0BDB9F557AB13F2B61C6116D2F721E86D6BF0E100720EC6903417F0A00E57801DDE5B488829CB7DE0203D7CEE7689C7416796A5F3A33765D9F30904C180972E27A4DDAD67BF197DC9A8D4C7D53AF64FA306E012FD014CFF8923DB6E5B164E626D5B0282CEF968C3C00926BAD3928EE33B3414B79A758973B946B
)
GO
CREATE COLUMN ENCRYPTION KEY [CEK-win-noenclave2]
WITH VALUES
(
COLUMN_MASTER_KEY = [CMK-win-noenclave],
ALGORITHM = 'RSA_OAEP',
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F0064003900630030003500370032006600610035003400620032003200310064003600350039003100630034003700330062006100650061003500330066006500360031006100610063003800350034009014CD16FC878CEA2DE91C8C681AE86C7C062D8BD88C4CEE501A89FEAC47356D7181644A350F72B5F6023DA2B9E26C5A2522C08B1910D390068CF26794F4BA7B0298A6676B4DC6DED913E3B077B56224D2E1A3FE4EF33F58FE44CFC3DD67E54FB15BE8E29ABAF8357F378FBEDA3EBF9868A54746074D5E0E798047867E1ABD39AD0645BB8E071C72BFC37C007CBFC58F5690A5253F444E77169B2FE92FD95897A412B2078DA3804A00723D6DF824FCA527208A1DFB377B5BA16B620213F8252E10E7D7A3719A3FBB2F7A8189792B0BCF737236963C7DDCA6366F7B04F127925A1F8DDBB1B5A01D280BD300ECA3B1F31F24C8A0D517AE7BCBC3233A24E83B70A334754098DE373A1C027A4D09BB1D26C930E7501EB02464C519D19CFA0B296238AF11638C2E0688C7599E3DB1714AACF4EBFCEF63E1EE521A8E38E3BEFD4EF4991A15E8DD5CFD94E58E68754F3E90BC117025C01562F6440417A42612BE9C8871A18108CBE3E96DA7E35C45171C03E1DFBB3CA1E35A6D322F2D5B79E2BF2A07F14136DA4A768E08E2A7F1A42E04B717CB6AE3D1A3FA0EACCFC9CEC27DB53761E13DE1F55B410A65FB441D50CF8B2153B64925B1CEBDE062B5CAF4C99C41FED6836327037C46515710F16DC611305A0EBA1943A9BA5CC6889626990879713E9C95BB54D6A8A3C1C05A10AFE142B2487A1F0A07B57841E940CC9816E3F43CAE3CB7
ENCRYPTED_VALUE = 0x016E000001630075007200720065006E00740075007300650072002F006D0079002F006600610064006400350032003200300037006500300030003200650064006400650065003800330032006200310032006500320038003100650061003200380030006600320065006600620063006200A422FBB5D90C0158A6F93B8BB8430C50B75FC7495D93B9A725D6BA845A21C7B59EA5D5232ED15016B410BA30520D03ACDF712085F1210196A909EFED0EC9E3DEA0C094CC0E01D7DDFD62387573372D277D2A3B0C3CA52C1D703B0EA4A6AE879D306BB1D065392C6431FA36B7AF71F69481CF5DEB38BDC48694A10C737F35C857F240AD12BF13E3A59ED86531C6DB5BC24CA5F0E84EF131D7306B0E510DE59DBCA64EE48A33745B228346240CA929430409A199C1CAB8B09968E69841004989452AC03932FCB5873C9E13F2663FD28084DC606DB936D0C78845428C9A2A9268C22F9ABD4F3D90D75BA9DE89B9C50FB24969BF184D2ADE0DCBD0E7829B7068C4C01E1A864ECFBBA4FC1394751B132C3E8E5A18637F727963730CEAE5FB9B775D544BA2CB43750C706A8A17CBABF8520C78189B093FF01940B24F3AF02B0BA15BD0A6F193EB2CE8503DDDCFD1FAD3763A5A6CA008470AAAF563E06BF86B995A86DF378E9EC0D4212331C51891BB1B0FCE2781DD2918A3B48D220800BAAB3CA52F6CD733AD54FF3D81AD4AC713F72A704BD5036561DBD43C6C9CDACB99C68F34796CFD3D2E41F6649147EF1AECC9153F7BABAD3D3FCCC5E5B921A4C25443CA0D8EAB9D7C09F8779B6EDAA6095E5492878316769AC4B0D77244DF4E88D5849D95990DD349887DF64DFC0C9BDB4AD2D74D6E75F5D2FEF37AF1FFA404F156DB66E9770F
)
GO

4
test/functional/sqlsrv/skipif_not_hgs.inc
View file

@ -9,6 +9,10 @@ if (!extension_loaded("sqlsrv")) {
require_once("MsSetup.inc");
if ($attestation == 'TARGET_ATTESTATION') {
die("skip Not set up for testing with secure enclave.");
}
$connectionInfo = array("UID"=>$userName, "PWD"=>$userPassword);
$conn = sqlsrv_connect($server, $connectionInfo);