dprevot/php-sqlsrv
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
php-sqlsrv/test/functional/sqlsrv/sqlsrv_aev2_ce_enabled.phpt
David Puglielli 051328782d
Always Encrypted v2 support (#1045) 
* Change to support ae-v2

* Add support for AE V2

* Added some descriptions and comments

* Fixed PDO pattern matching

* Updated key generation scripts

* Fixed key script

* Fixed char/nchar results, fixed formatting issues

* Addressed review comments

* Updated key scripts

* Debugging aev2 keyword failure

* Debugging aev2 keyword failure

* Debugging aev2 keyword failure

* Debugging aev2 keyword failure

* Added skipif to ae v2 keyword test

* Addressed review comments

* Fixed braces and camel caps

* Updated test descriptions

* Added detail to test descriptions

* Tiny change
2019-10-31 16:55:36 -07:00

114 lines
4.5 KiB
PHP
Raw Blame History

--TEST--
Try re-encrypting a table with ColumnEncryption set to 'enabled', which should fail.
--DESCRIPTION--
This test cycles through $encryptionTypes and $keys, creating an encrypted table
each time, then cycles through $targetTypes and $targetKeys to try re-encrypting
the table with different combinations of enclave-enabled and non-enclave keys
and encryption types.
The sequence of operations is the following:
1. Connect with correct attestation information.
2. Create an encrypted table with two columns for each AE-supported data type, one encrypted and one not encrypted.
3. Insert some data.
4. Disconnect and reconnect with ColumnEncryption set to 'enabled'.
5. Test comparison and pattern matching by comparing the results for the encrypted and non-encrypted columns.
Equality should work with deterministic encryption as in AE v1, but other computations should fail.
6. Try re-encrypting the table. This should fail.
--SKIPIF--
<?php require("skipif_not_hgs.inc"); ?>
--FILE--
<?php
require_once("MsSetup.inc");
require_once("AE_v2_values.inc");
require_once("sqlsrv_AE_functions.inc");
$initialAttestation = $attestation;
// Create a table for each key and encryption type, re-encrypt using each
// combination of target key and target encryption
foreach ($keys as $key) {
foreach ($encryptionTypes as $encryptionType) {
// $count is used to ensure we only run testCompare and
// testPatternMatch once for the initial table
$count = 0;
foreach ($targetKeys as $targetKey) {
foreach ($targetTypes as $targetType) {
$conn = connect($server, $initialAttestation);
// Create an encrypted table
$createQuery = constructAECreateQuery($tableName, $dataTypes, $colNames, $colNamesAE, $slength, $key, $encryptionType);
$insertQuery = constructInsertQuery($tableName, $dataTypes, $colNames, $colNamesAE);
$stmt = sqlsrv_query($conn, "DROP TABLE IF EXISTS $tableName");
$stmt = sqlsrv_query($conn, $createQuery);
if(!$stmt)
{
print_r(editErrors(sqlsrv_errors()));
die("Table creation failed!");
}
insertValues($conn, $insertQuery, $dataTypes, $testValues);
unset($conn);
// Reconnect with ColumnEncryption set to 'enabled'
$newAttestation = 'enabled';
$conn = connect($server, $newAttestation);
if ($count == 0) {
testCompare($conn, $tableName, $comparisons, $dataTypes, $colNames, $thresholds, $length, $key, $encryptionType, 'enabled');
testPatternMatch($conn, $tableName, $patterns, $dataTypes, $colNames, $key, $encryptionType, 'enabled');
}
++$count;
if ($key == $targetKey and $encryptionType == $targetType) {
continue;
}
$alterQuery = constructAlterQuery($tableName, $colNamesAE, $dataTypes, $targetKey, $targetType, $slength);
// Split the data type array, because for some reason we get an error
// if the query is too long (>2000 characters)
$splitDataTypes = array_chunk($dataTypes, 5);
$encryptionFailed = false;
foreach ($splitDataTypes as $split) {
$alterQuery = constructAlterQuery($tableName, $colNamesAE, $split, $targetKey, $targetType, $slength);
$stmt = sqlsrv_query($conn, $alterQuery);
if(!$stmt) {
if (!isEnclaveEnabled($key) or !isEnclaveEnabled($targetKey)) {
$e = sqlsrv_errors();
checkErrors($e, array('42000', '33543'));
$encryptionFailed = true;
continue;
} else {
$e = sqlsrv_errors();
checkErrors($e, array('42000', '33546'));
$encryptionFailed = true;
continue;
}
continue;
} else {
die("Encrypting should have failed with key $targetKey and encryption type $encryptionType!\n");
}
}
if ($encryptionFailed) {
continue;
}
}
}
}
}
echo "Done.\n";
?>
--EXPECT--
Done.
Reference in a new issue View git blame Copy permalink