306 lines
11 KiB
C
306 lines
11 KiB
C
/******************************************************************************
|
|
Example application for demonstration of custom keystore provider usage
|
|
|
|
Windows: compile with cl /MD ksp_app.c /link odbc32.lib /out:ksp_app.exe
|
|
Linux/mac: compile with gcc -o ksp_app -fshort-wchar ksp_app.c -lodbc -ldl
|
|
|
|
usage: kspapp connstr
|
|
|
|
******************************************************************************/
|
|
|
|
#define KSPNAME L"MyCustomKSPName"
|
|
#define PROV_ENCRYPT_KEY "LPKCWVD07N3RG98J0MBLG4H2" /* this can be any character string */
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#ifdef _WIN32
|
|
#include <windows.h>
|
|
#else
|
|
#define __stdcall
|
|
#include <dlfcn.h>
|
|
#endif
|
|
#include <sql.h>
|
|
#include <sqlext.h>
|
|
#include "msodbcsql.h"
|
|
|
|
enum job {
|
|
set_up = 0,
|
|
clean_up = 1
|
|
};
|
|
|
|
/* Convenience functions */
|
|
|
|
int checkRC(SQLRETURN rc, char *msg, int ret, SQLHANDLE h, SQLSMALLINT ht) {
|
|
if (rc == SQL_ERROR) {
|
|
fprintf(stderr, "Error occurred upon %s\n", msg);
|
|
if (h) {
|
|
SQLSMALLINT i = 0;
|
|
SQLSMALLINT outlen = 0;
|
|
char errmsg[1024];
|
|
while ((rc = SQLGetDiagField(
|
|
ht, h, ++i, SQL_DIAG_MESSAGE_TEXT, errmsg, sizeof(errmsg), &outlen)) == SQL_SUCCESS
|
|
|| rc == SQL_SUCCESS_WITH_INFO) {
|
|
fprintf(stderr, "Err#%d: %s\n", i, errmsg);
|
|
}
|
|
}
|
|
if (ret)
|
|
exit(ret);
|
|
return 0;
|
|
}
|
|
else if (rc == SQL_SUCCESS_WITH_INFO && h) {
|
|
SQLSMALLINT i = 0;
|
|
SQLSMALLINT outlen = 0;
|
|
char errmsg[1024];
|
|
printf("Success with info for %s:\n", msg);
|
|
while ((rc = SQLGetDiagField(
|
|
ht, h, ++i, SQL_DIAG_MESSAGE_TEXT, errmsg, sizeof(errmsg), &outlen)) == SQL_SUCCESS
|
|
|| rc == SQL_SUCCESS_WITH_INFO) {
|
|
fprintf(stderr, "Msg#%d: %s\n", i, errmsg);
|
|
}
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
void postKspError(CEKEYSTORECONTEXT *ctx, const wchar_t *msg, ...) {
|
|
if (msg > (wchar_t*)65535)
|
|
wprintf(L"Provider emitted message: %s\n", msg);
|
|
else
|
|
wprintf(L"Provider emitted message ID %d\n", msg);
|
|
}
|
|
|
|
int setKSPLibrary(SQLHSTMT stmt) {
|
|
unsigned char CEK[32];
|
|
unsigned char *ECEK;
|
|
unsigned short ECEKlen;
|
|
unsigned char foundProv = 0;
|
|
int i;
|
|
#ifdef _WIN32
|
|
HMODULE hProvLib;
|
|
#else
|
|
void *hProvLib;
|
|
#endif
|
|
CEKEYSTORECONTEXT ctx = {0};
|
|
CEKEYSTOREPROVIDER **ppKsp, *pKsp;
|
|
int(__stdcall *pEncryptCEK)(CEKEYSTORECONTEXT *, errFunc *, unsigned char *, unsigned short, unsigned char **, unsigned short *);
|
|
|
|
/* Load the provider library */
|
|
#ifdef _WIN32
|
|
if (!(hProvLib = LoadLibrary("myKSP.dll"))) {
|
|
#else
|
|
if (!(hProvLib = dlopen("./myKSP.so", RTLD_NOW))) {
|
|
#endif
|
|
fprintf(stderr, "Error loading KSP library\n");
|
|
return 2;
|
|
}
|
|
#ifdef _WIN32
|
|
if (!(ppKsp = (CEKEYSTOREPROVIDER**)GetProcAddress(hProvLib, "CEKeystoreProvider"))) {
|
|
#else
|
|
if (!(ppKsp = (CEKEYSTOREPROVIDER**)dlsym(hProvLib, "CEKeystoreProvider"))) {
|
|
#endif
|
|
fprintf(stderr, "The export CEKeystoreProvider was not found in the KSP library\n");
|
|
return 3;
|
|
}
|
|
while (pKsp = *ppKsp++) {
|
|
if (!memcmp(KSPNAME, pKsp->Name, sizeof(KSPNAME))) {
|
|
foundProv = 1;
|
|
break;
|
|
}
|
|
}
|
|
if (! foundProv) {
|
|
fprintf(stderr, "Could not find provider in the library\n");
|
|
return 4;
|
|
}
|
|
|
|
if (pKsp->Init && !pKsp->Init(&ctx, postKspError)) {
|
|
fprintf(stderr, "Could not initialize provider\n");
|
|
return 5;
|
|
}
|
|
#ifdef _WIN32
|
|
if (!(pEncryptCEK = (LPVOID)GetProcAddress(hProvLib, "KeystoreEncrypt"))) {
|
|
#else
|
|
if (!(pEncryptCEK = dlsym(hProvLib, "KeystoreEncrypt"))) {
|
|
#endif
|
|
fprintf(stderr, "The export KeystoreEncrypt was not found in the KSP library\n");
|
|
return 6;
|
|
}
|
|
if (!pKsp->Write) {
|
|
fprintf(stderr, "Provider does not support configuration\n");
|
|
return 7;
|
|
}
|
|
|
|
/* Configure the provider with the key */
|
|
if (!pKsp->Write(&ctx, postKspError, PROV_ENCRYPT_KEY, strlen(PROV_ENCRYPT_KEY))) {
|
|
fprintf(stderr, "Error writing to KSP\n");
|
|
return 8;
|
|
}
|
|
|
|
/* Generate a CEK and encrypt it with the provider */
|
|
srand(time(0) ^ getpid());
|
|
for (i = 0; i < sizeof(CEK); i++)
|
|
CEK[i] = rand();
|
|
|
|
if (!pEncryptCEK(&ctx, postKspError, CEK, sizeof(CEK), &ECEK, &ECEKlen)) {
|
|
fprintf(stderr, "Error encrypting CEK\n");
|
|
return 9;
|
|
}
|
|
|
|
/* Create a CMK definition on the server */
|
|
{
|
|
static char cmkSql[] = "CREATE COLUMN MASTER KEY CustomCMK WITH ("
|
|
"KEY_STORE_PROVIDER_NAME = 'MyCustomKSPName',"
|
|
"KEY_PATH = 'TheOneAndOnlyKey')";
|
|
printf("Create CMK: %s\n", cmkSql);
|
|
SQLExecDirect(stmt, cmkSql, SQL_NTS);
|
|
}
|
|
|
|
/* Create a CEK definition on the server */
|
|
{
|
|
const char cekSqlBefore[] = "CREATE COLUMN ENCRYPTION KEY CustomCEK WITH VALUES ("
|
|
"COLUMN_MASTER_KEY = CustomCMK,"
|
|
"ALGORITHM = 'none',"
|
|
"ENCRYPTED_VALUE = 0x";
|
|
char *cekSql = malloc(sizeof(cekSqlBefore) + 2 * ECEKlen + 2); /* 1 for ')', 1 for null terminator */
|
|
strcpy(cekSql, cekSqlBefore);
|
|
for (i = 0; i < ECEKlen; i++)
|
|
sprintf(cekSql + sizeof(cekSqlBefore) - 1 + 2 * i, "%02x", ECEK[i]);
|
|
strcat(cekSql, ")");
|
|
printf("Create CEK: %s\n", cekSql);
|
|
SQLExecDirect(stmt, cekSql, SQL_NTS);
|
|
free(cekSql);
|
|
#ifdef _WIN32
|
|
LocalFree(ECEK);
|
|
#else
|
|
free(ECEK);
|
|
#endif
|
|
}
|
|
|
|
#ifdef _WIN32
|
|
FreeLibrary(hProvLib);
|
|
#else
|
|
dlclose(hProvLib);
|
|
#endif
|
|
|
|
return 0;
|
|
}
|
|
|
|
void populateTestTable(SQLHDBC dbc, SQLHSTMT stmt)
|
|
{
|
|
SQLRETURN rc;
|
|
int i, j;
|
|
|
|
/* Create a table with encrypted columns */
|
|
{
|
|
static char *tableSql = "CREATE TABLE CustomKSPTestTable ("
|
|
"c1 int,"
|
|
"c2 varchar(255) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = CustomCEK, ENCRYPTION_TYPE = DETERMINISTIC, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256'),"
|
|
"c3 char(5) COLLATE Latin1_General_BIN2 ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = CustomCEK, ENCRYPTION_TYPE = DETERMINISTIC, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256'),"
|
|
"c4 date ENCRYPTED WITH (COLUMN_ENCRYPTION_KEY = CustomCEK, ENCRYPTION_TYPE = Randomized, ALGORITHM = 'AEAD_AES_256_CBC_HMAC_SHA_256'))";
|
|
printf("Create table: %s\n", tableSql);
|
|
SQLExecDirect(stmt, tableSql, SQL_NTS);
|
|
}
|
|
|
|
/* Load provider into the ODBC Driver and configure it */
|
|
{
|
|
unsigned char ksd[sizeof(CEKEYSTOREDATA) + sizeof(PROV_ENCRYPT_KEY) - 1];
|
|
CEKEYSTOREDATA *pKsd = (CEKEYSTOREDATA*)ksd;
|
|
pKsd->name = L"MyCustomKSPName";
|
|
pKsd->dataSize = sizeof(PROV_ENCRYPT_KEY) - 1;
|
|
memcpy(pKsd->data, PROV_ENCRYPT_KEY, sizeof(PROV_ENCRYPT_KEY) - 1);
|
|
#ifdef _WIN32
|
|
rc = SQLSetConnectAttr(dbc, SQL_COPT_SS_CEKEYSTOREPROVIDER, "myKSP.dll", SQL_NTS);
|
|
#else
|
|
rc = SQLSetConnectAttr(dbc, SQL_COPT_SS_CEKEYSTOREPROVIDER, "./myKSP.so", SQL_NTS);
|
|
#endif
|
|
checkRC(rc, "Loading KSP into ODBC Driver", 7, dbc, SQL_HANDLE_DBC);
|
|
rc = SQLSetConnectAttr(dbc, SQL_COPT_SS_CEKEYSTOREDATA, (SQLPOINTER)pKsd, SQL_IS_POINTER);
|
|
checkRC(rc, "Configuring the KSP", 7, dbc, SQL_HANDLE_DBC);
|
|
}
|
|
|
|
/* Insert some data */
|
|
{
|
|
int c1;
|
|
char c2[256];
|
|
char c3[6];
|
|
SQL_DATE_STRUCT date;
|
|
SQLLEN cbdate;
|
|
rc = SQLBindParameter(stmt, 1, SQL_PARAM_INPUT, SQL_C_LONG, SQL_INTEGER, 0, 0, &c1, 0, 0);
|
|
checkRC(rc, "Binding parameters for insert", 9, stmt, SQL_HANDLE_STMT);
|
|
rc = SQLBindParameter(stmt, 2, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_VARCHAR, 255, 0, c2, 255, 0);
|
|
checkRC(rc, "Binding parameters for insert", 9, stmt, SQL_HANDLE_STMT);
|
|
rc = SQLBindParameter(stmt, 3, SQL_PARAM_INPUT, SQL_C_CHAR, SQL_CHAR, 5, 0, c3, 5, 0);
|
|
checkRC(rc, "Binding parameters for insert", 9, stmt, SQL_HANDLE_STMT);
|
|
checkRC(rc, "Binding parameters for insert", 9, stmt, SQL_HANDLE_STMT);
|
|
cbdate = sizeof(SQL_DATE_STRUCT);
|
|
rc = SQLBindParameter(stmt, 4, SQL_PARAM_INPUT, SQL_C_TYPE_DATE, SQL_TYPE_DATE, 10, 0, &date, 0, &cbdate);
|
|
checkRC(rc, "Binding parameters for insert", 9, stmt, SQL_HANDLE_STMT);
|
|
|
|
date.year = 2017;
|
|
date.month = 8;
|
|
for (i = 0; i < 10; i++) {
|
|
date.day = i + 10;
|
|
|
|
c1 = i * 10 + i + 1;
|
|
sprintf(c2, "Sample data %d for column 2", i);
|
|
for (j = 0; j < 3; j++) {
|
|
c3[j] = 'a' + i + j;
|
|
}
|
|
c3[3] = '\0';
|
|
rc = SQLExecDirect(stmt, "INSERT INTO CustomKSPTestTable (c1, c2, c3, c4) values (?, ?, ?, ?)", SQL_NTS);
|
|
checkRC(rc, "Inserting rows query", 10, stmt, SQL_HANDLE_STMT);
|
|
}
|
|
printf("(Encrypted) data has been inserted into CustomKSPTestTable. You may inspect the data now.\n");
|
|
}
|
|
|
|
}
|
|
|
|
int main(int argc, char **argv) {
|
|
char sqlbuf[1024];
|
|
SQLHENV env;
|
|
SQLHDBC dbc;
|
|
SQLHSTMT stmt;
|
|
SQLRETURN rc;
|
|
int i;
|
|
char connStr[1024];
|
|
enum job task;
|
|
|
|
if (argc < 6) {
|
|
fprintf(stderr, "usage: kspapp job server database uid pwd\n");
|
|
return 1;
|
|
}
|
|
|
|
task = atoi(argv[1]);
|
|
|
|
sprintf(connStr, "DRIVER={ODBC Driver 17 for SQL Server};SERVER=%s;ColumnEncryption=Enabled;DATABASE=%s;UID=%s;PWD=%s", argv[2], argv[3], argv[4], argv[5]);
|
|
|
|
/* Connect to Server */
|
|
rc = SQLAllocHandle(SQL_HANDLE_ENV, NULL, &env);
|
|
checkRC(rc, "allocating environment handle", 2, 0, 0);
|
|
rc = SQLSetEnvAttr(env, SQL_ATTR_ODBC_VERSION, (SQLPOINTER)SQL_OV_ODBC3, 0);
|
|
checkRC(rc, "setting ODBC version to 3.0", 3, env, SQL_HANDLE_ENV);
|
|
rc = SQLAllocHandle(SQL_HANDLE_DBC, env, &dbc);
|
|
checkRC(rc, "allocating connection handle", 4, env, SQL_HANDLE_ENV);
|
|
rc = SQLDriverConnect(dbc, 0, connStr, strlen(connStr), NULL, 0, NULL, SQL_DRIVER_NOPROMPT);
|
|
checkRC(rc, "connecting to data source", 5, dbc, SQL_HANDLE_DBC);
|
|
rc = SQLAllocHandle(SQL_HANDLE_STMT, dbc, &stmt);
|
|
checkRC(rc, "allocating statement handle", 6, dbc, SQL_HANDLE_DBC);
|
|
|
|
if (task == set_up) {
|
|
printf("Setting up KSP...\n");
|
|
setKSPLibrary(stmt);
|
|
populateTestTable(dbc, stmt);
|
|
}
|
|
else if (task == clean_up) {
|
|
printf("Cleaning up KSP...\n");
|
|
|
|
SQLExecDirect(stmt, "DROP TABLE CustomKSPTestTable", SQL_NTS);
|
|
SQLExecDirect(stmt, "DROP COLUMN ENCRYPTION KEY CustomCEK", SQL_NTS);
|
|
SQLExecDirect(stmt, "DROP COLUMN MASTER KEY CustomCMK", SQL_NTS);
|
|
printf("Removed table, CEK, and CMK\n");
|
|
}
|
|
|
|
SQLDisconnect(dbc);
|
|
SQLFreeHandle(SQL_HANDLE_DBC, dbc);
|
|
SQLFreeHandle(SQL_HANDLE_ENV, env);
|
|
return 0;
|
|
}
|