051328782d
* Change to support ae-v2 * Add support for AE V2 * Added some descriptions and comments * Fixed PDO pattern matching * Updated key generation scripts * Fixed key script * Fixed char/nchar results, fixed formatting issues * Addressed review comments * Updated key scripts * Debugging aev2 keyword failure * Debugging aev2 keyword failure * Debugging aev2 keyword failure * Debugging aev2 keyword failure * Added skipif to ae v2 keyword test * Addressed review comments * Fixed braces and camel caps * Updated test descriptions * Added detail to test descriptions * Tiny change
72 lines
2.3 KiB
PHP
72 lines
2.3 KiB
PHP
--TEST--
|
|
Test various settings for the ColumnEncryption keyword.
|
|
--DESCRIPTION--
|
|
For AE v2, the Column Encryption keyword must be set to [protocol]/[attestation URL].
|
|
If [protocol] is wrong, connection should fail; if the URL is wrong, connection
|
|
should succeed. This test sets ColumnEncryption to three values:
|
|
1. Random nonsense, which is interpreted as an incorrect protocol
|
|
so connection should fail.
|
|
2. Incorrect protocol with a correct attestation URL, connection should fail.
|
|
3. Correct protocol and incorrect URL, connection should succeed.
|
|
--SKIPIF--
|
|
<?php require("skipif_not_hgs.inc"); ?>
|
|
--FILE--
|
|
<?php
|
|
require_once("MsSetup.inc");
|
|
require_once("AE_v2_values.inc");
|
|
require_once("sqlsrv_AE_functions.inc");
|
|
|
|
// Test with random nonsense. Connection should fail.
|
|
$options = array('database'=>$database,
|
|
'uid'=>$userName,
|
|
'pwd'=>$userPassword,
|
|
'ColumnEncryption'=>"xyz",
|
|
);
|
|
|
|
$conn = sqlsrv_connect($server, $options);
|
|
if (!$conn) {
|
|
$e = sqlsrv_errors();
|
|
checkErrors($e, array('CE400', '0'));
|
|
} else {
|
|
die("Connecting with nonsense should have failed!\n");
|
|
}
|
|
|
|
// Test with incorrect protocol and good attestation URL. Connection should fail.
|
|
// Insert a rogue 'x' into the protocol part of the attestation.
|
|
$comma = strpos($attestation, ',');
|
|
$badProtocol = substr_replace($attestation, 'x', $comma, 0);
|
|
$options = array('database'=>$database,
|
|
'uid'=>$userName,
|
|
'pwd'=>$userPassword,
|
|
'ColumnEncryption'=>$badProtocol,
|
|
);
|
|
|
|
$conn = sqlsrv_connect($server, $options);
|
|
if (!$conn) {
|
|
$e = sqlsrv_errors();
|
|
checkErrors($e, array('CE400', '0'));
|
|
} else {
|
|
die("Connecting with a bad attestation protocol should have failed!\n");
|
|
}
|
|
|
|
// Test with good protocol and incorrect attestation URL. Connection should succeed
|
|
// because the URL is only checked when an enclave computation is attempted.
|
|
$badURL = substr_replace($attestation, 'x', $comma+1, 0);
|
|
$options = array('database'=>$database,
|
|
'uid'=>$userName,
|
|
'pwd'=>$userPassword,
|
|
'ColumnEncryption'=>$badURL,
|
|
);
|
|
|
|
$conn = sqlsrv_connect($server, $options);
|
|
if (!$conn) {
|
|
print_r(sqlsrv_errors());
|
|
die("Connecting with a bad attestation URL should have succeeded!\n");
|
|
}
|
|
|
|
echo "Done.\n";
|
|
|
|
?>
|
|
--EXPECT--
|
|
Done.
|