tedious-fabric 1.0.0

package/lib/always-encrypted/aead-aes-256-cbc-hmac-algorithm.js

@@ -0,0 +1,82 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.algorithmName = exports.AeadAes256CbcHmac256Algorithm = void 0;
+var _types = require("./types");
+var _crypto = require("crypto");
+var _aeadAes256CbcHmacEncryptionKey = require("./aead-aes-256-cbc-hmac-encryption-key");
+// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.
+// Copyright (c) 2019 Microsoft Corporation
+
+const algorithmName = exports.algorithmName = 'AEAD_AES_256_CBC_HMAC_SHA256';
+const algorithmVersion = 0x1;
+const blockSizeInBytes = 16;
+class AeadAes256CbcHmac256Algorithm {
+  constructor(columnEncryptionKey, encryptionType) {
+    this.keySizeInBytes = _aeadAes256CbcHmacEncryptionKey.keySize / 8;
+    this.version = Buffer.from([algorithmVersion]);
+    this.versionSize = Buffer.from([1]);
+    this.minimumCipherTextLengthInBytesNoAuthenticationTag = 1 + blockSizeInBytes + blockSizeInBytes;
+    this.minimumCipherTextLengthInBytesWithAuthenticationTag = this.minimumCipherTextLengthInBytesNoAuthenticationTag + this.keySizeInBytes;
+    this.columnEncryptionkey = columnEncryptionKey;
+    this.isDeterministic = encryptionType === _types.SQLServerEncryptionType.Deterministic;
+  }
+  encryptData(plaintText) {
+    let iv;
+    if (this.isDeterministic === true) {
+      const hmacIv = (0, _crypto.createHmac)('sha256', this.columnEncryptionkey.getIvKey());
+      hmacIv.update(plaintText);
+      iv = hmacIv.digest().slice(0, blockSizeInBytes);
+    } else {
+      iv = (0, _crypto.randomBytes)(blockSizeInBytes);
+    }
+    const encryptCipher = (0, _crypto.createCipheriv)('aes-256-cbc', this.columnEncryptionkey.getEncryptionKey(), iv);
+    const encryptedBuffer = Buffer.concat([encryptCipher.update(plaintText), encryptCipher.final()]);
+    const authenticationTag = this._prepareAuthenticationTag(iv, encryptedBuffer, 0, encryptedBuffer.length);
+    return Buffer.concat([Buffer.from([algorithmVersion]), authenticationTag, iv, encryptedBuffer]);
+  }
+  decryptData(cipherText) {
+    const iv = Buffer.alloc(blockSizeInBytes);
+    const minimumCiperTextLength = this.minimumCipherTextLengthInBytesWithAuthenticationTag;
+    if (cipherText.length < minimumCiperTextLength) {
+      throw new Error(`Specified ciphertext has an invalid size of ${cipherText.length} bytes, which is below the minimum ${minimumCiperTextLength} bytes required for decryption.`);
+    }
+    let startIndex = 0;
+    if (cipherText[0] !== algorithmVersion) {
+      throw new Error(`The specified ciphertext's encryption algorithm version ${Buffer.from([cipherText[0]]).toString('hex')} does not match the expected encryption algorithm version ${algorithmVersion}.`);
+    }
+    startIndex += 1;
+    let authenticationTagOffset = 0;
+    authenticationTagOffset = startIndex;
+    startIndex += this.keySizeInBytes;
+    cipherText.copy(iv, 0, startIndex, startIndex + iv.length);
+    startIndex += iv.length;
+    const cipherTextOffset = startIndex;
+    const cipherTextCount = cipherText.length - startIndex;
+    const authenticationTag = this._prepareAuthenticationTag(iv, cipherText, cipherTextOffset, cipherTextCount);
+    if (0 !== authenticationTag.compare(cipherText, authenticationTagOffset, Math.min(authenticationTagOffset + cipherTextCount, authenticationTagOffset + authenticationTag.length), 0, Math.min(cipherTextCount, authenticationTag.length))) {
+      throw new Error('Specified ciphertext has an invalid authentication tag.');
+    }
+    let plainText;
+    const decipher = (0, _crypto.createDecipheriv)('aes-256-cbc', this.columnEncryptionkey.getEncryptionKey(), iv);
+    try {
+      plainText = decipher.update(cipherText.slice(cipherTextOffset, cipherTextOffset + cipherTextCount));
+      plainText = Buffer.concat([plainText, decipher.final()]);
+    } catch (error) {
+      throw new Error(`Internal error while decryption: ${error.message}`);
+    }
+    return plainText;
+  }
+  _prepareAuthenticationTag(iv, cipherText, offset, length) {
+    const hmac = (0, _crypto.createHmac)('sha256', this.columnEncryptionkey.getMacKey());
+    hmac.update(this.version);
+    hmac.update(iv);
+    hmac.update(cipherText.slice(offset, offset + length));
+    hmac.update(this.versionSize);
+    return hmac.digest();
+  }
+}
+exports.AeadAes256CbcHmac256Algorithm = AeadAes256CbcHmac256Algorithm;
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJfdHlwZXMiLCJyZXF1aXJlIiwiX2NyeXB0byIsIl9hZWFkQWVzMjU2Q2JjSG1hY0VuY3J5cHRpb25LZXkiLCJhbGdvcml0aG1OYW1lIiwiZXhwb3J0cyIsImFsZ29yaXRobVZlcnNpb24iLCJibG9ja1NpemVJbkJ5dGVzIiwiQWVhZEFlczI1NkNiY0htYWMyNTZBbGdvcml0aG0iLCJjb25zdHJ1Y3RvciIsImNvbHVtbkVuY3J5cHRpb25LZXkiLCJlbmNyeXB0aW9uVHlwZSIsImtleVNpemVJbkJ5dGVzIiwia2V5U2l6ZSIsInZlcnNpb24iLCJCdWZmZXIiLCJmcm9tIiwidmVyc2lvblNpemUiLCJtaW5pbXVtQ2lwaGVyVGV4dExlbmd0aEluQnl0ZXNOb0F1dGhlbnRpY2F0aW9uVGFnIiwibWluaW11bUNpcGhlclRleHRMZW5ndGhJbkJ5dGVzV2l0aEF1dGhlbnRpY2F0aW9uVGFnIiwiY29sdW1uRW5jcnlwdGlvbmtleSIsImlzRGV0ZXJtaW5pc3RpYyIsIlNRTFNlcnZlckVuY3J5cHRpb25UeXBlIiwiRGV0ZXJtaW5pc3RpYyIsImVuY3J5cHREYXRhIiwicGxhaW50VGV4dCIsIml2IiwiaG1hY0l2IiwiY3JlYXRlSG1hYyIsImdldEl2S2V5IiwidXBkYXRlIiwiZGlnZXN0Iiwic2xpY2UiLCJyYW5kb21CeXRlcyIsImVuY3J5cHRDaXBoZXIiLCJjcmVhdGVDaXBoZXJpdiIsImdldEVuY3J5cHRpb25LZXkiLCJlbmNyeXB0ZWRCdWZmZXIiLCJjb25jYXQiLCJmaW5hbCIsImF1dGhlbnRpY2F0aW9uVGFnIiwiX3ByZXBhcmVBdXRoZW50aWNhdGlvblRhZyIsImxlbmd0aCIsImRlY3J5cHREYXRhIiwiY2lwaGVyVGV4dCIsImFsbG9jIiwibWluaW11bUNpcGVyVGV4dExlbmd0aCIsIkVycm9yIiwic3RhcnRJbmRleCIsInRvU3RyaW5nIiwiYXV0aGVudGljYXRpb25UYWdPZmZzZXQiLCJjb3B5IiwiY2lwaGVyVGV4dE9mZnNldCIsImNpcGhlclRleHRDb3VudCIsImNvbXBhcmUiLCJNYXRoIiwibWluIiwicGxhaW5UZXh0IiwiZGVjaXBoZXIiLCJjcmVhdGVEZWNpcGhlcml2IiwiZXJyb3IiLCJtZXNzYWdlIiwib2Zmc2V0IiwiaG1hYyIsImdldE1hY0tleSJdLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9hbHdheXMtZW5jcnlwdGVkL2FlYWQtYWVzLTI1Ni1jYmMtaG1hYy1hbGdvcml0aG0udHMiXSwic291cmNlc0NvbnRlbnQiOlsiLy8gVGhpcyBjb2RlIGlzIGJhc2VkIG9uIHRoZSBgbXNzcWwtamRiY2AgbGlicmFyeSBwdWJsaXNoZWQgdW5kZXIgdGhlIGNvbmRpdGlvbnMgb2YgTUlUIGxpY2Vuc2UuXG4vLyBDb3B5cmlnaHQgKGMpIDIwMTkgTWljcm9zb2Z0IENvcnBvcmF0aW9uXG5cbmltcG9ydCB7IHR5cGUgRW5jcnlwdGlvbkFsZ29yaXRobSwgU1FMU2VydmVyRW5jcnlwdGlvblR5cGUgfSBmcm9tICcuL3R5cGVzJztcbmltcG9ydCB7IGNyZWF0ZUhtYWMsIHJhbmRvbUJ5dGVzLCBjcmVhdGVDaXBoZXJpdiwgY3JlYXRlRGVjaXBoZXJpdiB9IGZyb20gJ2NyeXB0byc7XG5pbXBvcnQgeyBBZWFkQWVzMjU2Q2JjSG1hYzI1NkVuY3J5cHRpb25LZXksIGtleVNpemUgfSBmcm9tICcuL2FlYWQtYWVzLTI1Ni1jYmMtaG1hYy1lbmNyeXB0aW9uLWtleSc7XG5cbmV4cG9ydCBjb25zdCBhbGdvcml0aG1OYW1lID0gJ0FFQURfQUVTXzI1Nl9DQkNfSE1BQ19TSEEyNTYnO1xuY29uc3QgYWxnb3JpdGhtVmVyc2lvbiA9IDB4MTtcbmNvbnN0IGJsb2NrU2l6ZUluQnl0ZXMgPSAxNjtcblxuZXhwb3J0IGNsYXNzIEFlYWRBZXMyNTZDYmNIbWFjMjU2QWxnb3JpdGhtIGltcGxlbWVudHMgRW5jcnlwdGlvbkFsZ29yaXRobSB7XG4gIGRlY2xhcmUgcHJpdmF0ZSBjb2x1bW5FbmNyeXB0aW9ua2V5OiBBZWFkQWVzMjU2Q2JjSG1hYzI1NkVuY3J5cHRpb25LZXk7XG4gIGRlY2xhcmUgcHJpdmF0ZSBpc0RldGVybWluaXN0aWM6IGJvb2xlYW47XG4gIGRlY2xhcmUgcHJpdmF0ZSBrZXlTaXplSW5CeXRlczogbnVtYmVyO1xuICBkZWNsYXJlIHByaXZhdGUgdmVyc2lvbjogQnVmZmVyO1xuICBkZWNsYXJlIHByaXZhdGUgdmVyc2lvblNpemU6IEJ1ZmZlcjtcbiAgZGVjbGFyZSBwcml2YXRlIG1pbmltdW1DaXBoZXJUZXh0TGVuZ3RoSW5CeXRlc05vQXV0aGVudGljYXRpb25UYWc6IG51bWJlcjtcbiAgZGVjbGFyZSBwcml2YXRlIG1pbmltdW1DaXBoZXJUZXh0TGVuZ3RoSW5CeXRlc1dpdGhBdXRoZW50aWNhdGlvblRhZzogbnVtYmVyO1xuXG4gIGNvbnN0cnVjdG9yKGNvbHVtbkVuY3J5cHRpb25LZXk6IEFlYWRBZXMyNTZDYmNIbWFjMjU2RW5jcnlwdGlvbktleSwgZW5jcnlwdGlvblR5cGU6IFNRTFNlcnZlckVuY3J5cHRpb25UeXBlKSB7XG4gICAgdGhpcy5rZXlTaXplSW5CeXRlcyA9IGtleVNpemUgLyA4O1xuICAgIHRoaXMudmVyc2lvbiA9IEJ1ZmZlci5mcm9tKFthbGdvcml0aG1WZXJzaW9uXSk7XG4gICAgdGhpcy52ZXJzaW9uU2l6ZSA9IEJ1ZmZlci5mcm9tKFsxXSk7XG4gICAgdGhpcy5taW5pbXVtQ2lwaGVyVGV4dExlbmd0aEluQnl0ZXNOb0F1dGhlbnRpY2F0aW9uVGFnID0gMSArIGJsb2NrU2l6ZUluQnl0ZXMgKyBibG9ja1NpemVJbkJ5dGVzO1xuICAgIHRoaXMubWluaW11bUNpcGhlclRleHRMZW5ndGhJbkJ5dGVzV2l0aEF1dGhlbnRpY2F0aW9uVGFnID0gdGhpcy5taW5pbXVtQ2lwaGVyVGV4dExlbmd0aEluQnl0ZXNOb0F1dGhlbnRpY2F0aW9uVGFnICsgdGhpcy5rZXlTaXplSW5CeXRlcztcbiAgICB0aGlzLmNvbHVtbkVuY3J5cHRpb25rZXkgPSBjb2x1bW5FbmNyeXB0aW9uS2V5O1xuXG4gICAgdGhpcy5pc0RldGVybWluaXN0aWMgPSBlbmNyeXB0aW9uVHlwZSA9PT0gU1FMU2VydmVyRW5jcnlwdGlvblR5cGUuRGV0ZXJtaW5pc3RpYztcbiAgfVxuXG4gIGVuY3J5cHREYXRhKHBsYWludFRleHQ6IEJ1ZmZlcik6IEJ1ZmZlciB7XG4gICAgbGV0IGl2OiBCdWZmZXI7XG5cbiAgICBpZiAodGhpcy5pc0RldGVybWluaXN0aWMgPT09IHRydWUpIHtcbiAgICAgIGNvbnN0IGhtYWNJdiA9IGNyZWF0ZUhtYWMoJ3NoYTI1NicsIHRoaXMuY29sdW1uRW5jcnlwdGlvbmtleS5nZXRJdktleSgpKTtcbiAgICAgIGhtYWNJdi51cGRhdGUocGxhaW50VGV4dCk7XG4gICAgICBpdiA9IGhtYWNJdi5kaWdlc3QoKS5zbGljZSgwLCBibG9ja1NpemVJbkJ5dGVzKTtcbiAgICB9IGVsc2Uge1xuICAgICAgaXYgPSByYW5kb21CeXRlcyhibG9ja1NpemVJbkJ5dGVzKTtcbiAgICB9XG5cbiAgICBjb25zdCBlbmNyeXB0Q2lwaGVyID0gY3JlYXRlQ2lwaGVyaXYoJ2Flcy0yNTYtY2JjJywgdGhpcy5jb2x1bW5FbmNyeXB0aW9ua2V5LmdldEVuY3J5cHRpb25LZXkoKSwgaXYpO1xuXG4gICAgY29uc3QgZW5jcnlwdGVkQnVmZmVyID0gQnVmZmVyLmNvbmNhdChbZW5jcnlwdENpcGhlci51cGRhdGUocGxhaW50VGV4dCksIGVuY3J5cHRDaXBoZXIuZmluYWwoKV0pO1xuXG4gICAgY29uc3QgYXV0aGVudGljYXRpb25UYWc6IEJ1ZmZlciA9IHRoaXMuX3ByZXBhcmVBdXRoZW50aWNhdGlvblRhZyhpdiwgZW5jcnlwdGVkQnVmZmVyLCAwLCBlbmNyeXB0ZWRCdWZmZXIubGVuZ3RoKTtcblxuICAgIHJldHVybiBCdWZmZXIuY29uY2F0KFtCdWZmZXIuZnJvbShbYWxnb3JpdGhtVmVyc2lvbl0pLCBhdXRoZW50aWNhdGlvblRhZywgaXYsIGVuY3J5cHRlZEJ1ZmZlcl0pO1xuICB9XG5cbiAgZGVjcnlwdERhdGEoY2lwaGVyVGV4dDogQnVmZmVyKTogQnVmZmVyIHtcbiAgICBjb25zdCBpdjogQnVmZmVyID0gQnVmZmVyLmFsbG9jKGJsb2NrU2l6ZUluQnl0ZXMpO1xuXG4gICAgY29uc3QgbWluaW11bUNpcGVyVGV4dExlbmd0aDogbnVtYmVyID0gdGhpcy5taW5pbXVtQ2lwaGVyVGV4dExlbmd0aEluQnl0ZXNXaXRoQXV0aGVudGljYXRpb25UYWc7XG5cbiAgICBpZiAoY2lwaGVyVGV4dC5sZW5ndGggPCBtaW5pbXVtQ2lwZXJUZXh0TGVuZ3RoKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYFNwZWNpZmllZCBjaXBoZXJ0ZXh0IGhhcyBhbiBpbnZhbGlkIHNpemUgb2YgJHtjaXBoZXJUZXh0Lmxlbmd0aH0gYnl0ZXMsIHdoaWNoIGlzIGJlbG93IHRoZSBtaW5pbXVtICR7bWluaW11bUNpcGVyVGV4dExlbmd0aH0gYnl0ZXMgcmVxdWlyZWQgZm9yIGRlY3J5cHRpb24uYCk7XG4gICAgfVxuXG4gICAgbGV0IHN0YXJ0SW5kZXggPSAwO1xuICAgIGlmIChjaXBoZXJUZXh0WzBdICE9PSBhbGdvcml0aG1WZXJzaW9uKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYFRoZSBzcGVjaWZpZWQgY2lwaGVydGV4dCdzIGVuY3J5cHRpb24gYWxnb3JpdGhtIHZlcnNpb24gJHtCdWZmZXIuZnJvbShbY2lwaGVyVGV4dFswXV0pLnRvU3RyaW5nKCdoZXgnKX0gZG9lcyBub3QgbWF0Y2ggdGhlIGV4cGVjdGVkIGVuY3J5cHRpb24gYWxnb3JpdGhtIHZlcnNpb24gJHthbGdvcml0aG1WZXJzaW9ufS5gKTtcbiAgICB9XG5cbiAgICBzdGFydEluZGV4ICs9IDE7XG4gICAgbGV0IGF1dGhlbnRpY2F0aW9uVGFnT2Zmc2V0ID0gMDtcblxuICAgIGF1dGhlbnRpY2F0aW9uVGFnT2Zmc2V0ID0gc3RhcnRJbmRleDtcbiAgICBzdGFydEluZGV4ICs9IHRoaXMua2V5U2l6ZUluQnl0ZXM7XG5cbiAgICBjaXBoZXJUZXh0LmNvcHkoaXYsIDAsIHN0YXJ0SW5kZXgsIHN0YXJ0SW5kZXggKyBpdi5sZW5ndGgpO1xuICAgIHN0YXJ0SW5kZXggKz0gaXYubGVuZ3RoO1xuXG4gICAgY29uc3QgY2lwaGVyVGV4dE9mZnNldCA9IHN0YXJ0SW5kZXg7XG4gICAgY29uc3QgY2lwaGVyVGV4dENvdW50ID0gY2lwaGVyVGV4dC5sZW5ndGggLSBzdGFydEluZGV4O1xuXG4gICAgY29uc3QgYXV0aGVudGljYXRpb25UYWc6IEJ1ZmZlciA9IHRoaXMuX3ByZXBhcmVBdXRoZW50aWNhdGlvblRhZyhpdiwgY2lwaGVyVGV4dCwgY2lwaGVyVGV4dE9mZnNldCwgY2lwaGVyVGV4dENvdW50KTtcblxuICAgIGlmICgwICE9PSBhdXRoZW50aWNhdGlvblRhZy5jb21wYXJlKGNpcGhlclRleHQsIGF1dGhlbnRpY2F0aW9uVGFnT2Zmc2V0LCBNYXRoLm1pbihhdXRoZW50aWNhdGlvblRhZ09mZnNldCArIGNpcGhlclRleHRDb3VudCwgYXV0aGVudGljYXRpb25UYWdPZmZzZXQgKyBhdXRoZW50aWNhdGlvblRhZy5sZW5ndGgpLCAwLCBNYXRoLm1pbihjaXBoZXJUZXh0Q291bnQsIGF1dGhlbnRpY2F0aW9uVGFnLmxlbmd0aCkpKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1NwZWNpZmllZCBjaXBoZXJ0ZXh0IGhhcyBhbiBpbnZhbGlkIGF1dGhlbnRpY2F0aW9uIHRhZy4nKTtcbiAgICB9XG5cbiAgICBsZXQgcGxhaW5UZXh0OiBCdWZmZXI7XG5cbiAgICBjb25zdCBkZWNpcGhlciA9IGNyZWF0ZURlY2lwaGVyaXYoJ2Flcy0yNTYtY2JjJywgdGhpcy5jb2x1bW5FbmNyeXB0aW9ua2V5LmdldEVuY3J5cHRpb25LZXkoKSwgaXYpO1xuICAgIHRyeSB7XG4gICAgICBwbGFpblRleHQgPSBkZWNpcGhlci51cGRhdGUoY2lwaGVyVGV4dC5zbGljZShjaXBoZXJUZXh0T2Zmc2V0LCBjaXBoZXJUZXh0T2Zmc2V0ICsgY2lwaGVyVGV4dENvdW50KSk7XG4gICAgICBwbGFpblRleHQgPSBCdWZmZXIuY29uY2F0KFtwbGFpblRleHQsIGRlY2lwaGVyLmZpbmFsKCldKTtcbiAgICB9IGNhdGNoIChlcnJvcjogYW55KSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYEludGVybmFsIGVycm9yIHdoaWxlIGRlY3J5cHRpb246ICR7ZXJyb3IubWVzc2FnZX1gKTtcbiAgICB9XG5cbiAgICByZXR1cm4gcGxhaW5UZXh0O1xuICB9XG5cbiAgX3ByZXBhcmVBdXRoZW50aWNhdGlvblRhZyhpdjogQnVmZmVyLCBjaXBoZXJUZXh0OiBCdWZmZXIsIG9mZnNldDogbnVtYmVyLCBsZW5ndGg6IG51bWJlcik6IEJ1ZmZlciB7XG4gICAgY29uc3QgaG1hYyA9IGNyZWF0ZUhtYWMoJ3NoYTI1NicsIHRoaXMuY29sdW1uRW5jcnlwdGlvbmtleS5nZXRNYWNLZXkoKSk7XG5cbiAgICBobWFjLnVwZGF0ZSh0aGlzLnZlcnNpb24pO1xuICAgIGhtYWMudXBkYXRlKGl2KTtcbiAgICBobWFjLnVwZGF0ZShjaXBoZXJUZXh0LnNsaWNlKG9mZnNldCwgb2Zmc2V0ICsgbGVuZ3RoKSk7XG4gICAgaG1hYy51cGRhdGUodGhpcy52ZXJzaW9uU2l6ZSk7XG4gICAgcmV0dXJuIGhtYWMuZGlnZXN0KCk7XG4gIH1cbn1cbiJdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBR0EsSUFBQUEsTUFBQSxHQUFBQyxPQUFBO0FBQ0EsSUFBQUMsT0FBQSxHQUFBRCxPQUFBO0FBQ0EsSUFBQUUsK0JBQUEsR0FBQUYsT0FBQTtBQUxBO0FBQ0E7O0FBTU8sTUFBTUcsYUFBYSxHQUFBQyxPQUFBLENBQUFELGFBQUEsR0FBRyw4QkFBOEI7QUFDM0QsTUFBTUUsZ0JBQWdCLEdBQUcsR0FBRztBQUM1QixNQUFNQyxnQkFBZ0IsR0FBRyxFQUFFO0FBRXBCLE1BQU1DLDZCQUE2QixDQUFnQztFQVN4RUMsV0FBV0EsQ0FBQ0MsbUJBQXNELEVBQUVDLGNBQXVDLEVBQUU7SUFDM0csSUFBSSxDQUFDQyxjQUFjLEdBQUdDLHVDQUFPLEdBQUcsQ0FBQztJQUNqQyxJQUFJLENBQUNDLE9BQU8sR0FBR0MsTUFBTSxDQUFDQyxJQUFJLENBQUMsQ0FBQ1YsZ0JBQWdCLENBQUMsQ0FBQztJQUM5QyxJQUFJLENBQUNXLFdBQVcsR0FBR0YsTUFBTSxDQUFDQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNuQyxJQUFJLENBQUNFLGlEQUFpRCxHQUFHLENBQUMsR0FBR1gsZ0JBQWdCLEdBQUdBLGdCQUFnQjtJQUNoRyxJQUFJLENBQUNZLG1EQUFtRCxHQUFHLElBQUksQ0FBQ0QsaURBQWlELEdBQUcsSUFBSSxDQUFDTixjQUFjO0lBQ3ZJLElBQUksQ0FBQ1EsbUJBQW1CLEdBQUdWLG1CQUFtQjtJQUU5QyxJQUFJLENBQUNXLGVBQWUsR0FBR1YsY0FBYyxLQUFLVyw4QkFBdUIsQ0FBQ0MsYUFBYTtFQUNqRjtFQUVBQyxXQUFXQSxDQUFDQyxVQUFrQixFQUFVO0lBQ3RDLElBQUlDLEVBQVU7SUFFZCxJQUFJLElBQUksQ0FBQ0wsZUFBZSxLQUFLLElBQUksRUFBRTtNQUNqQyxNQUFNTSxNQUFNLEdBQUcsSUFBQUMsa0JBQVUsRUFBQyxRQUFRLEVBQUUsSUFBSSxDQUFDUixtQkFBbUIsQ0FBQ1MsUUFBUSxDQUFDLENBQUMsQ0FBQztNQUN4RUYsTUFBTSxDQUFDRyxNQUFNLENBQUNMLFVBQVUsQ0FBQztNQUN6QkMsRUFBRSxHQUFHQyxNQUFNLENBQUNJLE1BQU0sQ0FBQyxDQUFDLENBQUNDLEtBQUssQ0FBQyxDQUFDLEVBQUV6QixnQkFBZ0IsQ0FBQztJQUNqRCxDQUFDLE1BQU07TUFDTG1CLEVBQUUsR0FBRyxJQUFBTyxtQkFBVyxFQUFDMUIsZ0JBQWdCLENBQUM7SUFDcEM7SUFFQSxNQUFNMkIsYUFBYSxHQUFHLElBQUFDLHNCQUFjLEVBQUMsYUFBYSxFQUFFLElBQUksQ0FBQ2YsbUJBQW1CLENBQUNnQixnQkFBZ0IsQ0FBQyxDQUFDLEVBQUVWLEVBQUUsQ0FBQztJQUVwRyxNQUFNVyxlQUFlLEdBQUd0QixNQUFNLENBQUN1QixNQUFNLENBQUMsQ0FBQ0osYUFBYSxDQUFDSixNQUFNLENBQUNMLFVBQVUsQ0FBQyxFQUFFUyxhQUFhLENBQUNLLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUVoRyxNQUFNQyxpQkFBeUIsR0FBRyxJQUFJLENBQUNDLHlCQUF5QixDQUFDZixFQUFFLEVBQUVXLGVBQWUsRUFBRSxDQUFDLEVBQUVBLGVBQWUsQ0FBQ0ssTUFBTSxDQUFDO0lBRWhILE9BQU8zQixNQUFNLENBQUN1QixNQUFNLENBQUMsQ0FBQ3ZCLE1BQU0sQ0FBQ0MsSUFBSSxDQUFDLENBQUNWLGdCQUFnQixDQUFDLENBQUMsRUFBRWtDLGlCQUFpQixFQUFFZCxFQUFFLEVBQUVXLGVBQWUsQ0FBQyxDQUFDO0VBQ2pHO0VBRUFNLFdBQVdBLENBQUNDLFVBQWtCLEVBQVU7SUFDdEMsTUFBTWxCLEVBQVUsR0FBR1gsTUFBTSxDQUFDOEIsS0FBSyxDQUFDdEMsZ0JBQWdCLENBQUM7SUFFakQsTUFBTXVDLHNCQUE4QixHQUFHLElBQUksQ0FBQzNCLG1EQUFtRDtJQUUvRixJQUFJeUIsVUFBVSxDQUFDRixNQUFNLEdBQUdJLHNCQUFzQixFQUFFO01BQzlDLE1BQU0sSUFBSUMsS0FBSyxDQUFDLCtDQUErQ0gsVUFBVSxDQUFDRixNQUFNLHNDQUFzQ0ksc0JBQXNCLGlDQUFpQyxDQUFDO0lBQ2hMO0lBRUEsSUFBSUUsVUFBVSxHQUFHLENBQUM7SUFDbEIsSUFBSUosVUFBVSxDQUFDLENBQUMsQ0FBQyxLQUFLdEMsZ0JBQWdCLEVBQUU7TUFDdEMsTUFBTSxJQUFJeUMsS0FBSyxDQUFDLDJEQUEyRGhDLE1BQU0sQ0FBQ0MsSUFBSSxDQUFDLENBQUM0QixVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDSyxRQUFRLENBQUMsS0FBSyxDQUFDLDZEQUE2RDNDLGdCQUFnQixHQUFHLENBQUM7SUFDMU07SUFFQTBDLFVBQVUsSUFBSSxDQUFDO0lBQ2YsSUFBSUUsdUJBQXVCLEdBQUcsQ0FBQztJQUUvQkEsdUJBQXVCLEdBQUdGLFVBQVU7SUFDcENBLFVBQVUsSUFBSSxJQUFJLENBQUNwQyxjQUFjO0lBRWpDZ0MsVUFBVSxDQUFDTyxJQUFJLENBQUN6QixFQUFFLEVBQUUsQ0FBQyxFQUFFc0IsVUFBVSxFQUFFQSxVQUFVLEdBQUd0QixFQUFFLENBQUNnQixNQUFNLENBQUM7SUFDMURNLFVBQVUsSUFBSXRCLEVBQUUsQ0FBQ2dCLE1BQU07SUFFdkIsTUFBTVUsZ0JBQWdCLEdBQUdKLFVBQVU7SUFDbkMsTUFBTUssZUFBZSxHQUFHVCxVQUFVLENBQUNGLE1BQU0sR0FBR00sVUFBVTtJQUV0RCxNQUFNUixpQkFBeUIsR0FBRyxJQUFJLENBQUNDLHlCQUF5QixDQUFDZixFQUFFLEVBQUVrQixVQUFVLEVBQUVRLGdCQUFnQixFQUFFQyxlQUFlLENBQUM7SUFFbkgsSUFBSSxDQUFDLEtBQUtiLGlCQUFpQixDQUFDYyxPQUFPLENBQUNWLFVBQVUsRUFBRU0sdUJBQXVCLEVBQUVLLElBQUksQ0FBQ0MsR0FBRyxDQUFDTix1QkFBdUIsR0FBR0csZUFBZSxFQUFFSCx1QkFBdUIsR0FBR1YsaUJBQWlCLENBQUNFLE1BQU0sQ0FBQyxFQUFFLENBQUMsRUFBRWEsSUFBSSxDQUFDQyxHQUFHLENBQUNILGVBQWUsRUFBRWIsaUJBQWlCLENBQUNFLE1BQU0sQ0FBQyxDQUFDLEVBQUU7TUFDek8sTUFBTSxJQUFJSyxLQUFLLENBQUMseURBQXlELENBQUM7SUFDNUU7SUFFQSxJQUFJVSxTQUFpQjtJQUVyQixNQUFNQyxRQUFRLEdBQUcsSUFBQUMsd0JBQWdCLEVBQUMsYUFBYSxFQUFFLElBQUksQ0FBQ3ZDLG1CQUFtQixDQUFDZ0IsZ0JBQWdCLENBQUMsQ0FBQyxFQUFFVixFQUFFLENBQUM7SUFDakcsSUFBSTtNQUNGK0IsU0FBUyxHQUFHQyxRQUFRLENBQUM1QixNQUFNLENBQUNjLFVBQVUsQ0FBQ1osS0FBSyxDQUFDb0IsZ0JBQWdCLEVBQUVBLGdCQUFnQixHQUFHQyxlQUFlLENBQUMsQ0FBQztNQUNuR0ksU0FBUyxHQUFHMUMsTUFBTSxDQUFDdUIsTUFBTSxDQUFDLENBQUNtQixTQUFTLEVBQUVDLFFBQVEsQ0FBQ25CLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUMxRCxDQUFDLENBQUMsT0FBT3FCLEtBQVUsRUFBRTtNQUNuQixNQUFNLElBQUliLEtBQUssQ0FBQyxvQ0FBb0NhLEtBQUssQ0FBQ0MsT0FBTyxFQUFFLENBQUM7SUFDdEU7SUFFQSxPQUFPSixTQUFTO0VBQ2xCO0VBRUFoQix5QkFBeUJBLENBQUNmLEVBQVUsRUFBRWtCLFVBQWtCLEVBQUVrQixNQUFjLEVBQUVwQixNQUFjLEVBQVU7SUFDaEcsTUFBTXFCLElBQUksR0FBRyxJQUFBbkMsa0JBQVUsRUFBQyxRQUFRLEVBQUUsSUFBSSxDQUFDUixtQkFBbUIsQ0FBQzRDLFNBQVMsQ0FBQyxDQUFDLENBQUM7SUFFdkVELElBQUksQ0FBQ2pDLE1BQU0sQ0FBQyxJQUFJLENBQUNoQixPQUFPLENBQUM7SUFDekJpRCxJQUFJLENBQUNqQyxNQUFNLENBQUNKLEVBQUUsQ0FBQztJQUNmcUMsSUFBSSxDQUFDakMsTUFBTSxDQUFDYyxVQUFVLENBQUNaLEtBQUssQ0FBQzhCLE1BQU0sRUFBRUEsTUFBTSxHQUFHcEIsTUFBTSxDQUFDLENBQUM7SUFDdERxQixJQUFJLENBQUNqQyxNQUFNLENBQUMsSUFBSSxDQUFDYixXQUFXLENBQUM7SUFDN0IsT0FBTzhDLElBQUksQ0FBQ2hDLE1BQU0sQ0FBQyxDQUFDO0VBQ3RCO0FBQ0Y7QUFBQzFCLE9BQUEsQ0FBQUcsNkJBQUEsR0FBQUEsNkJBQUEiLCJpZ25vcmVMaXN0IjpbXX0=

package/lib/always-encrypted/aead-aes-256-cbc-hmac-algorithm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aead-aes-256-cbc-hmac-algorithm.js","names":["_types","require","_crypto","_aeadAes256CbcHmacEncryptionKey","algorithmName","exports","algorithmVersion","blockSizeInBytes","AeadAes256CbcHmac256Algorithm","constructor","columnEncryptionKey","encryptionType","keySizeInBytes","keySize","version","Buffer","from","versionSize","minimumCipherTextLengthInBytesNoAuthenticationTag","minimumCipherTextLengthInBytesWithAuthenticationTag","columnEncryptionkey","isDeterministic","SQLServerEncryptionType","Deterministic","encryptData","plaintText","iv","hmacIv","createHmac","getIvKey","update","digest","slice","randomBytes","encryptCipher","createCipheriv","getEncryptionKey","encryptedBuffer","concat","final","authenticationTag","_prepareAuthenticationTag","length","decryptData","cipherText","alloc","minimumCiperTextLength","Error","startIndex","toString","authenticationTagOffset","copy","cipherTextOffset","cipherTextCount","compare","Math","min","plainText","decipher","createDecipheriv","error","message","offset","hmac","getMacKey"],"sources":["../../src/always-encrypted/aead-aes-256-cbc-hmac-algorithm.ts"],"sourcesContent":["// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.\n// Copyright (c) 2019 Microsoft Corporation\n\nimport { type EncryptionAlgorithm, SQLServerEncryptionType } from './types';\nimport { createHmac, randomBytes, createCipheriv, createDecipheriv } from 'crypto';\nimport { AeadAes256CbcHmac256EncryptionKey, keySize } from './aead-aes-256-cbc-hmac-encryption-key';\n\nexport const algorithmName = 'AEAD_AES_256_CBC_HMAC_SHA256';\nconst algorithmVersion = 0x1;\nconst blockSizeInBytes = 16;\n\nexport class AeadAes256CbcHmac256Algorithm implements EncryptionAlgorithm {\n  declare private columnEncryptionkey: AeadAes256CbcHmac256EncryptionKey;\n  declare private isDeterministic: boolean;\n  declare private keySizeInBytes: number;\n  declare private version: Buffer;\n  declare private versionSize: Buffer;\n  declare private minimumCipherTextLengthInBytesNoAuthenticationTag: number;\n  declare private minimumCipherTextLengthInBytesWithAuthenticationTag: number;\n\n  constructor(columnEncryptionKey: AeadAes256CbcHmac256EncryptionKey, encryptionType: SQLServerEncryptionType) {\n    this.keySizeInBytes = keySize / 8;\n    this.version = Buffer.from([algorithmVersion]);\n    this.versionSize = Buffer.from([1]);\n    this.minimumCipherTextLengthInBytesNoAuthenticationTag = 1 + blockSizeInBytes + blockSizeInBytes;\n    this.minimumCipherTextLengthInBytesWithAuthenticationTag = this.minimumCipherTextLengthInBytesNoAuthenticationTag + this.keySizeInBytes;\n    this.columnEncryptionkey = columnEncryptionKey;\n\n    this.isDeterministic = encryptionType === SQLServerEncryptionType.Deterministic;\n  }\n\n  encryptData(plaintText: Buffer): Buffer {\n    let iv: Buffer;\n\n    if (this.isDeterministic === true) {\n      const hmacIv = createHmac('sha256', this.columnEncryptionkey.getIvKey());\n      hmacIv.update(plaintText);\n      iv = hmacIv.digest().slice(0, blockSizeInBytes);\n    } else {\n      iv = randomBytes(blockSizeInBytes);\n    }\n\n    const encryptCipher = createCipheriv('aes-256-cbc', this.columnEncryptionkey.getEncryptionKey(), iv);\n\n    const encryptedBuffer = Buffer.concat([encryptCipher.update(plaintText), encryptCipher.final()]);\n\n    const authenticationTag: Buffer = this._prepareAuthenticationTag(iv, encryptedBuffer, 0, encryptedBuffer.length);\n\n    return Buffer.concat([Buffer.from([algorithmVersion]), authenticationTag, iv, encryptedBuffer]);\n  }\n\n  decryptData(cipherText: Buffer): Buffer {\n    const iv: Buffer = Buffer.alloc(blockSizeInBytes);\n\n    const minimumCiperTextLength: number = this.minimumCipherTextLengthInBytesWithAuthenticationTag;\n\n    if (cipherText.length < minimumCiperTextLength) {\n      throw new Error(`Specified ciphertext has an invalid size of ${cipherText.length} bytes, which is below the minimum ${minimumCiperTextLength} bytes required for decryption.`);\n    }\n\n    let startIndex = 0;\n    if (cipherText[0] !== algorithmVersion) {\n      throw new Error(`The specified ciphertext's encryption algorithm version ${Buffer.from([cipherText[0]]).toString('hex')} does not match the expected encryption algorithm version ${algorithmVersion}.`);\n    }\n\n    startIndex += 1;\n    let authenticationTagOffset = 0;\n\n    authenticationTagOffset = startIndex;\n    startIndex += this.keySizeInBytes;\n\n    cipherText.copy(iv, 0, startIndex, startIndex + iv.length);\n    startIndex += iv.length;\n\n    const cipherTextOffset = startIndex;\n    const cipherTextCount = cipherText.length - startIndex;\n\n    const authenticationTag: Buffer = this._prepareAuthenticationTag(iv, cipherText, cipherTextOffset, cipherTextCount);\n\n    if (0 !== authenticationTag.compare(cipherText, authenticationTagOffset, Math.min(authenticationTagOffset + cipherTextCount, authenticationTagOffset + authenticationTag.length), 0, Math.min(cipherTextCount, authenticationTag.length))) {\n      throw new Error('Specified ciphertext has an invalid authentication tag.');\n    }\n\n    let plainText: Buffer;\n\n    const decipher = createDecipheriv('aes-256-cbc', this.columnEncryptionkey.getEncryptionKey(), iv);\n    try {\n      plainText = decipher.update(cipherText.slice(cipherTextOffset, cipherTextOffset + cipherTextCount));\n      plainText = Buffer.concat([plainText, decipher.final()]);\n    } catch (error: any) {\n      throw new Error(`Internal error while decryption: ${error.message}`);\n    }\n\n    return plainText;\n  }\n\n  _prepareAuthenticationTag(iv: Buffer, cipherText: Buffer, offset: number, length: number): Buffer {\n    const hmac = createHmac('sha256', this.columnEncryptionkey.getMacKey());\n\n    hmac.update(this.version);\n    hmac.update(iv);\n    hmac.update(cipherText.slice(offset, offset + length));\n    hmac.update(this.versionSize);\n    return hmac.digest();\n  }\n}\n"],"mappings":";;;;;;AAGA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,OAAA,GAAAD,OAAA;AACA,IAAAE,+BAAA,GAAAF,OAAA;AALA;AACA;;AAMO,MAAMG,aAAa,GAAAC,OAAA,CAAAD,aAAA,GAAG,8BAA8B;AAC3D,MAAME,gBAAgB,GAAG,GAAG;AAC5B,MAAMC,gBAAgB,GAAG,EAAE;AAEpB,MAAMC,6BAA6B,CAAgC;EASxEC,WAAWA,CAACC,mBAAsD,EAAEC,cAAuC,EAAE;IAC3G,IAAI,CAACC,cAAc,GAAGC,uCAAO,GAAG,CAAC;IACjC,IAAI,CAACC,OAAO,GAAGC,MAAM,CAACC,IAAI,CAAC,CAACV,gBAAgB,CAAC,CAAC;IAC9C,IAAI,CAACW,WAAW,GAAGF,MAAM,CAACC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IACnC,IAAI,CAACE,iDAAiD,GAAG,CAAC,GAAGX,gBAAgB,GAAGA,gBAAgB;IAChG,IAAI,CAACY,mDAAmD,GAAG,IAAI,CAACD,iDAAiD,GAAG,IAAI,CAACN,cAAc;IACvI,IAAI,CAACQ,mBAAmB,GAAGV,mBAAmB;IAE9C,IAAI,CAACW,eAAe,GAAGV,cAAc,KAAKW,8BAAuB,CAACC,aAAa;EACjF;EAEAC,WAAWA,CAACC,UAAkB,EAAU;IACtC,IAAIC,EAAU;IAEd,IAAI,IAAI,CAACL,eAAe,KAAK,IAAI,EAAE;MACjC,MAAMM,MAAM,GAAG,IAAAC,kBAAU,EAAC,QAAQ,EAAE,IAAI,CAACR,mBAAmB,CAACS,QAAQ,CAAC,CAAC,CAAC;MACxEF,MAAM,CAACG,MAAM,CAACL,UAAU,CAAC;MACzBC,EAAE,GAAGC,MAAM,CAACI,MAAM,CAAC,CAAC,CAACC,KAAK,CAAC,CAAC,EAAEzB,gBAAgB,CAAC;IACjD,CAAC,MAAM;MACLmB,EAAE,GAAG,IAAAO,mBAAW,EAAC1B,gBAAgB,CAAC;IACpC;IAEA,MAAM2B,aAAa,GAAG,IAAAC,sBAAc,EAAC,aAAa,EAAE,IAAI,CAACf,mBAAmB,CAACgB,gBAAgB,CAAC,CAAC,EAAEV,EAAE,CAAC;IAEpG,MAAMW,eAAe,GAAGtB,MAAM,CAACuB,MAAM,CAAC,CAACJ,aAAa,CAACJ,MAAM,CAACL,UAAU,CAAC,EAAES,aAAa,CAACK,KAAK,CAAC,CAAC,CAAC,CAAC;IAEhG,MAAMC,iBAAyB,GAAG,IAAI,CAACC,yBAAyB,CAACf,EAAE,EAAEW,eAAe,EAAE,CAAC,EAAEA,eAAe,CAACK,MAAM,CAAC;IAEhH,OAAO3B,MAAM,CAACuB,MAAM,CAAC,CAACvB,MAAM,CAACC,IAAI,CAAC,CAACV,gBAAgB,CAAC,CAAC,EAAEkC,iBAAiB,EAAEd,EAAE,EAAEW,eAAe,CAAC,CAAC;EACjG;EAEAM,WAAWA,CAACC,UAAkB,EAAU;IACtC,MAAMlB,EAAU,GAAGX,MAAM,CAAC8B,KAAK,CAACtC,gBAAgB,CAAC;IAEjD,MAAMuC,sBAA8B,GAAG,IAAI,CAAC3B,mDAAmD;IAE/F,IAAIyB,UAAU,CAACF,MAAM,GAAGI,sBAAsB,EAAE;MAC9C,MAAM,IAAIC,KAAK,CAAC,+CAA+CH,UAAU,CAACF,MAAM,sCAAsCI,sBAAsB,iCAAiC,CAAC;IAChL;IAEA,IAAIE,UAAU,GAAG,CAAC;IAClB,IAAIJ,UAAU,CAAC,CAAC,CAAC,KAAKtC,gBAAgB,EAAE;MACtC,MAAM,IAAIyC,KAAK,CAAC,2DAA2DhC,MAAM,CAACC,IAAI,CAAC,CAAC4B,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAACK,QAAQ,CAAC,KAAK,CAAC,6DAA6D3C,gBAAgB,GAAG,CAAC;IAC1M;IAEA0C,UAAU,IAAI,CAAC;IACf,IAAIE,uBAAuB,GAAG,CAAC;IAE/BA,uBAAuB,GAAGF,UAAU;IACpCA,UAAU,IAAI,IAAI,CAACpC,cAAc;IAEjCgC,UAAU,CAACO,IAAI,CAACzB,EAAE,EAAE,CAAC,EAAEsB,UAAU,EAAEA,UAAU,GAAGtB,EAAE,CAACgB,MAAM,CAAC;IAC1DM,UAAU,IAAItB,EAAE,CAACgB,MAAM;IAEvB,MAAMU,gBAAgB,GAAGJ,UAAU;IACnC,MAAMK,eAAe,GAAGT,UAAU,CAACF,MAAM,GAAGM,UAAU;IAEtD,MAAMR,iBAAyB,GAAG,IAAI,CAACC,yBAAyB,CAACf,EAAE,EAAEkB,UAAU,EAAEQ,gBAAgB,EAAEC,eAAe,CAAC;IAEnH,IAAI,CAAC,KAAKb,iBAAiB,CAACc,OAAO,CAACV,UAAU,EAAEM,uBAAuB,EAAEK,IAAI,CAACC,GAAG,CAACN,uBAAuB,GAAGG,eAAe,EAAEH,uBAAuB,GAAGV,iBAAiB,CAACE,MAAM,CAAC,EAAE,CAAC,EAAEa,IAAI,CAACC,GAAG,CAACH,eAAe,EAAEb,iBAAiB,CAACE,MAAM,CAAC,CAAC,EAAE;MACzO,MAAM,IAAIK,KAAK,CAAC,yDAAyD,CAAC;IAC5E;IAEA,IAAIU,SAAiB;IAErB,MAAMC,QAAQ,GAAG,IAAAC,wBAAgB,EAAC,aAAa,EAAE,IAAI,CAACvC,mBAAmB,CAACgB,gBAAgB,CAAC,CAAC,EAAEV,EAAE,CAAC;IACjG,IAAI;MACF+B,SAAS,GAAGC,QAAQ,CAAC5B,MAAM,CAACc,UAAU,CAACZ,KAAK,CAACoB,gBAAgB,EAAEA,gBAAgB,GAAGC,eAAe,CAAC,CAAC;MACnGI,SAAS,GAAG1C,MAAM,CAACuB,MAAM,CAAC,CAACmB,SAAS,EAAEC,QAAQ,CAACnB,KAAK,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC,CAAC,OAAOqB,KAAU,EAAE;MACnB,MAAM,IAAIb,KAAK,CAAC,oCAAoCa,KAAK,CAACC,OAAO,EAAE,CAAC;IACtE;IAEA,OAAOJ,SAAS;EAClB;EAEAhB,yBAAyBA,CAACf,EAAU,EAAEkB,UAAkB,EAAEkB,MAAc,EAAEpB,MAAc,EAAU;IAChG,MAAMqB,IAAI,GAAG,IAAAnC,kBAAU,EAAC,QAAQ,EAAE,IAAI,CAACR,mBAAmB,CAAC4C,SAAS,CAAC,CAAC,CAAC;IAEvED,IAAI,CAACjC,MAAM,CAAC,IAAI,CAAChB,OAAO,CAAC;IACzBiD,IAAI,CAACjC,MAAM,CAACJ,EAAE,CAAC;IACfqC,IAAI,CAACjC,MAAM,CAACc,UAAU,CAACZ,KAAK,CAAC8B,MAAM,EAAEA,MAAM,GAAGpB,MAAM,CAAC,CAAC;IACtDqB,IAAI,CAACjC,MAAM,CAAC,IAAI,CAACb,WAAW,CAAC;IAC7B,OAAO8C,IAAI,CAAChC,MAAM,CAAC,CAAC;EACtB;AACF;AAAC1B,OAAA,CAAAG,6BAAA,GAAAA,6BAAA","ignoreList":[]}

package/lib/always-encrypted/aead-aes-256-cbc-hmac-encryption-key.js

@@ -0,0 +1,55 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.keySize = exports.generateKeySalt = exports.deriveKey = exports.AeadAes256CbcHmac256EncryptionKey = void 0;
+var _crypto = require("crypto");
+var _symmetricKey = _interopRequireDefault(require("./symmetric-key"));
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.
+// Copyright (c) 2019 Microsoft Corporation
+
+const keySize = exports.keySize = 256;
+const keySizeInBytes = keySize / 8;
+const deriveKey = (rootKey, salt) => {
+  const hmac = (0, _crypto.createHmac)('sha256', rootKey);
+  hmac.update(Buffer.from(salt, 'utf16le'));
+  return hmac.digest();
+};
+exports.deriveKey = deriveKey;
+const generateKeySalt = (keyType, algorithmName, keySize) => `Microsoft SQL Server cell ${keyType} key ` + `with encryption algorithm:${algorithmName} and key length:${keySize}`;
+exports.generateKeySalt = generateKeySalt;
+class AeadAes256CbcHmac256EncryptionKey extends _symmetricKey.default {
+  constructor(rootKey, algorithmName) {
+    super(rootKey);
+    this.algorithmName = algorithmName;
+    this.encryptionKeySaltFormat = generateKeySalt('encryption', this.algorithmName, keySize);
+    this.macKeySaltFormat = generateKeySalt('MAC', this.algorithmName, keySize);
+    this.ivKeySaltFormat = generateKeySalt('IV', this.algorithmName, keySize);
+    if (rootKey.length !== keySizeInBytes) {
+      throw new Error(`The column encryption key has been successfully decrypted but it's length: ${rootKey.length} does not match the length: ${keySizeInBytes} for algorithm "${this.algorithmName}". Verify the encrypted value of the column encryption key in the database.`);
+    }
+    try {
+      const encKeyBuff = deriveKey(rootKey, this.encryptionKeySaltFormat);
+      this.encryptionKey = new _symmetricKey.default(encKeyBuff);
+      const macKeyBuff = deriveKey(rootKey, this.macKeySaltFormat);
+      this.macKey = new _symmetricKey.default(macKeyBuff);
+      const ivKeyBuff = deriveKey(rootKey, this.ivKeySaltFormat);
+      this.ivKey = new _symmetricKey.default(ivKeyBuff);
+    } catch (error) {
+      throw new Error(`Key extraction failed : ${error.message}.`);
+    }
+  }
+  getEncryptionKey() {
+    return this.encryptionKey.rootKey;
+  }
+  getMacKey() {
+    return this.macKey.rootKey;
+  }
+  getIvKey() {
+    return this.ivKey.rootKey;
+  }
+}
+exports.AeadAes256CbcHmac256EncryptionKey = AeadAes256CbcHmac256EncryptionKey;
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJfY3J5cHRvIiwicmVxdWlyZSIsIl9zeW1tZXRyaWNLZXkiLCJfaW50ZXJvcFJlcXVpcmVEZWZhdWx0IiwiZSIsIl9fZXNNb2R1bGUiLCJkZWZhdWx0Iiwia2V5U2l6ZSIsImV4cG9ydHMiLCJrZXlTaXplSW5CeXRlcyIsImRlcml2ZUtleSIsInJvb3RLZXkiLCJzYWx0IiwiaG1hYyIsImNyZWF0ZUhtYWMiLCJ1cGRhdGUiLCJCdWZmZXIiLCJmcm9tIiwiZGlnZXN0IiwiZ2VuZXJhdGVLZXlTYWx0Iiwia2V5VHlwZSIsImFsZ29yaXRobU5hbWUiLCJBZWFkQWVzMjU2Q2JjSG1hYzI1NkVuY3J5cHRpb25LZXkiLCJTeW1tZXRyaWNLZXkiLCJjb25zdHJ1Y3RvciIsImVuY3J5cHRpb25LZXlTYWx0Rm9ybWF0IiwibWFjS2V5U2FsdEZvcm1hdCIsIml2S2V5U2FsdEZvcm1hdCIsImxlbmd0aCIsIkVycm9yIiwiZW5jS2V5QnVmZiIsImVuY3J5cHRpb25LZXkiLCJtYWNLZXlCdWZmIiwibWFjS2V5IiwiaXZLZXlCdWZmIiwiaXZLZXkiLCJlcnJvciIsIm1lc3NhZ2UiLCJnZXRFbmNyeXB0aW9uS2V5IiwiZ2V0TWFjS2V5IiwiZ2V0SXZLZXkiXSwic291cmNlcyI6WyIuLi8uLi9zcmMvYWx3YXlzLWVuY3J5cHRlZC9hZWFkLWFlcy0yNTYtY2JjLWhtYWMtZW5jcnlwdGlvbi1rZXkudHMiXSwic291cmNlc0NvbnRlbnQiOlsiLy8gVGhpcyBjb2RlIGlzIGJhc2VkIG9uIHRoZSBgbXNzcWwtamRiY2AgbGlicmFyeSBwdWJsaXNoZWQgdW5kZXIgdGhlIGNvbmRpdGlvbnMgb2YgTUlUIGxpY2Vuc2UuXG4vLyBDb3B5cmlnaHQgKGMpIDIwMTkgTWljcm9zb2Z0IENvcnBvcmF0aW9uXG5cbmltcG9ydCB7IGNyZWF0ZUhtYWMgfSBmcm9tICdjcnlwdG8nO1xuaW1wb3J0IFN5bW1ldHJpY0tleSBmcm9tICcuL3N5bW1ldHJpYy1rZXknO1xuXG5leHBvcnQgY29uc3Qga2V5U2l6ZSA9IDI1NjtcbmNvbnN0IGtleVNpemVJbkJ5dGVzID0ga2V5U2l6ZSAvIDg7XG5cbmV4cG9ydCBjb25zdCBkZXJpdmVLZXkgPSAocm9vdEtleTogQnVmZmVyLCBzYWx0OiBzdHJpbmcpOiBCdWZmZXIgPT4ge1xuICBjb25zdCBobWFjID0gY3JlYXRlSG1hYygnc2hhMjU2Jywgcm9vdEtleSk7XG4gIGhtYWMudXBkYXRlKEJ1ZmZlci5mcm9tKHNhbHQsICd1dGYxNmxlJykpO1xuICByZXR1cm4gaG1hYy5kaWdlc3QoKTtcbn07XG5cbmV4cG9ydCBjb25zdCBnZW5lcmF0ZUtleVNhbHQgPSAoXG4gIGtleVR5cGU6ICdlbmNyeXB0aW9uJyB8ICdNQUMnIHwgJ0lWJyxcbiAgYWxnb3JpdGhtTmFtZTogc3RyaW5nLFxuICBrZXlTaXplOiBudW1iZXIsXG4pOiBzdHJpbmcgPT5cbiAgYE1pY3Jvc29mdCBTUUwgU2VydmVyIGNlbGwgJHtrZXlUeXBlfSBrZXkgYCArXG4gIGB3aXRoIGVuY3J5cHRpb24gYWxnb3JpdGhtOiR7YWxnb3JpdGhtTmFtZX0gYW5kIGtleSBsZW5ndGg6JHtrZXlTaXplfWA7XG5cbmV4cG9ydCBjbGFzcyBBZWFkQWVzMjU2Q2JjSG1hYzI1NkVuY3J5cHRpb25LZXkgZXh0ZW5kcyBTeW1tZXRyaWNLZXkge1xuICBkZWNsYXJlIHByaXZhdGUgcmVhZG9ubHkgYWxnb3JpdGhtTmFtZTogc3RyaW5nO1xuICBkZWNsYXJlIHByaXZhdGUgZW5jcnlwdGlvbktleVNhbHRGb3JtYXQ6IHN0cmluZztcbiAgZGVjbGFyZSBwcml2YXRlIG1hY0tleVNhbHRGb3JtYXQ6IHN0cmluZztcbiAgZGVjbGFyZSBwcml2YXRlIGl2S2V5U2FsdEZvcm1hdDogc3RyaW5nO1xuICBkZWNsYXJlIHByaXZhdGUgZW5jcnlwdGlvbktleTogU3ltbWV0cmljS2V5O1xuICBkZWNsYXJlIHByaXZhdGUgbWFjS2V5OiBTeW1tZXRyaWNLZXk7XG4gIGRlY2xhcmUgcHJpdmF0ZSBpdktleTogU3ltbWV0cmljS2V5O1xuXG4gIGNvbnN0cnVjdG9yKHJvb3RLZXk6IEJ1ZmZlciwgYWxnb3JpdGhtTmFtZTogc3RyaW5nKSB7XG4gICAgc3VwZXIocm9vdEtleSk7XG4gICAgdGhpcy5hbGdvcml0aG1OYW1lID0gYWxnb3JpdGhtTmFtZTtcbiAgICB0aGlzLmVuY3J5cHRpb25LZXlTYWx0Rm9ybWF0ID0gZ2VuZXJhdGVLZXlTYWx0KCdlbmNyeXB0aW9uJywgdGhpcy5hbGdvcml0aG1OYW1lLCBrZXlTaXplKTtcbiAgICB0aGlzLm1hY0tleVNhbHRGb3JtYXQgPSBnZW5lcmF0ZUtleVNhbHQoJ01BQycsIHRoaXMuYWxnb3JpdGhtTmFtZSwga2V5U2l6ZSk7XG4gICAgdGhpcy5pdktleVNhbHRGb3JtYXQgPSBnZW5lcmF0ZUtleVNhbHQoJ0lWJywgdGhpcy5hbGdvcml0aG1OYW1lLCBrZXlTaXplKTtcblxuICAgIGlmIChyb290S2V5Lmxlbmd0aCAhPT0ga2V5U2l6ZUluQnl0ZXMpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihgVGhlIGNvbHVtbiBlbmNyeXB0aW9uIGtleSBoYXMgYmVlbiBzdWNjZXNzZnVsbHkgZGVjcnlwdGVkIGJ1dCBpdCdzIGxlbmd0aDogJHtyb290S2V5Lmxlbmd0aH0gZG9lcyBub3QgbWF0Y2ggdGhlIGxlbmd0aDogJHtrZXlTaXplSW5CeXRlc30gZm9yIGFsZ29yaXRobSBcIiR7dGhpcy5hbGdvcml0aG1OYW1lfVwiLiBWZXJpZnkgdGhlIGVuY3J5cHRlZCB2YWx1ZSBvZiB0aGUgY29sdW1uIGVuY3J5cHRpb24ga2V5IGluIHRoZSBkYXRhYmFzZS5gKTtcbiAgICB9XG5cbiAgICB0cnkge1xuICAgICAgY29uc3QgZW5jS2V5QnVmZiA9IGRlcml2ZUtleShyb290S2V5LCB0aGlzLmVuY3J5cHRpb25LZXlTYWx0Rm9ybWF0KTtcblxuICAgICAgdGhpcy5lbmNyeXB0aW9uS2V5ID0gbmV3IFN5bW1ldHJpY0tleShlbmNLZXlCdWZmKTtcblxuICAgICAgY29uc3QgbWFjS2V5QnVmZiA9IGRlcml2ZUtleShyb290S2V5LCB0aGlzLm1hY0tleVNhbHRGb3JtYXQpO1xuXG4gICAgICB0aGlzLm1hY0tleSA9IG5ldyBTeW1tZXRyaWNLZXkobWFjS2V5QnVmZik7XG5cbiAgICAgIGNvbnN0IGl2S2V5QnVmZiA9IGRlcml2ZUtleShyb290S2V5LCB0aGlzLml2S2V5U2FsdEZvcm1hdCk7XG5cbiAgICAgIHRoaXMuaXZLZXkgPSBuZXcgU3ltbWV0cmljS2V5KGl2S2V5QnVmZik7XG4gICAgfSBjYXRjaCAoZXJyb3I6IGFueSkge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKGBLZXkgZXh0cmFjdGlvbiBmYWlsZWQgOiAke2Vycm9yLm1lc3NhZ2V9LmApO1xuICAgIH1cbiAgfVxuXG4gIGdldEVuY3J5cHRpb25LZXkoKTogQnVmZmVyIHtcbiAgICByZXR1cm4gdGhpcy5lbmNyeXB0aW9uS2V5LnJvb3RLZXk7XG4gIH1cblxuICBnZXRNYWNLZXkoKTogQnVmZmVyIHtcbiAgICByZXR1cm4gdGhpcy5tYWNLZXkucm9vdEtleTtcbiAgfVxuXG4gIGdldEl2S2V5KCk6IEJ1ZmZlciB7XG4gICAgcmV0dXJuIHRoaXMuaXZLZXkucm9vdEtleTtcbiAgfVxufVxuIl0sIm1hcHBpbmdzIjoiOzs7Ozs7QUFHQSxJQUFBQSxPQUFBLEdBQUFDLE9BQUE7QUFDQSxJQUFBQyxhQUFBLEdBQUFDLHNCQUFBLENBQUFGLE9BQUE7QUFBMkMsU0FBQUUsdUJBQUFDLENBQUEsV0FBQUEsQ0FBQSxJQUFBQSxDQUFBLENBQUFDLFVBQUEsR0FBQUQsQ0FBQSxLQUFBRSxPQUFBLEVBQUFGLENBQUE7QUFKM0M7QUFDQTs7QUFLTyxNQUFNRyxPQUFPLEdBQUFDLE9BQUEsQ0FBQUQsT0FBQSxHQUFHLEdBQUc7QUFDMUIsTUFBTUUsY0FBYyxHQUFHRixPQUFPLEdBQUcsQ0FBQztBQUUzQixNQUFNRyxTQUFTLEdBQUdBLENBQUNDLE9BQWUsRUFBRUMsSUFBWSxLQUFhO0VBQ2xFLE1BQU1DLElBQUksR0FBRyxJQUFBQyxrQkFBVSxFQUFDLFFBQVEsRUFBRUgsT0FBTyxDQUFDO0VBQzFDRSxJQUFJLENBQUNFLE1BQU0sQ0FBQ0MsTUFBTSxDQUFDQyxJQUFJLENBQUNMLElBQUksRUFBRSxTQUFTLENBQUMsQ0FBQztFQUN6QyxPQUFPQyxJQUFJLENBQUNLLE1BQU0sQ0FBQyxDQUFDO0FBQ3RCLENBQUM7QUFBQ1YsT0FBQSxDQUFBRSxTQUFBLEdBQUFBLFNBQUE7QUFFSyxNQUFNUyxlQUFlLEdBQUdBLENBQzdCQyxPQUFvQyxFQUNwQ0MsYUFBcUIsRUFDckJkLE9BQWUsS0FFZiw2QkFBNkJhLE9BQU8sT0FBTyxHQUMzQyw2QkFBNkJDLGFBQWEsbUJBQW1CZCxPQUFPLEVBQUU7QUFBQ0MsT0FBQSxDQUFBVyxlQUFBLEdBQUFBLGVBQUE7QUFFbEUsTUFBTUcsaUNBQWlDLFNBQVNDLHFCQUFZLENBQUM7RUFTbEVDLFdBQVdBLENBQUNiLE9BQWUsRUFBRVUsYUFBcUIsRUFBRTtJQUNsRCxLQUFLLENBQUNWLE9BQU8sQ0FBQztJQUNkLElBQUksQ0FBQ1UsYUFBYSxHQUFHQSxhQUFhO0lBQ2xDLElBQUksQ0FBQ0ksdUJBQXVCLEdBQUdOLGVBQWUsQ0FBQyxZQUFZLEVBQUUsSUFBSSxDQUFDRSxhQUFhLEVBQUVkLE9BQU8sQ0FBQztJQUN6RixJQUFJLENBQUNtQixnQkFBZ0IsR0FBR1AsZUFBZSxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUNFLGFBQWEsRUFBRWQsT0FBTyxDQUFDO0lBQzNFLElBQUksQ0FBQ29CLGVBQWUsR0FBR1IsZUFBZSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUNFLGFBQWEsRUFBRWQsT0FBTyxDQUFDO0lBRXpFLElBQUlJLE9BQU8sQ0FBQ2lCLE1BQU0sS0FBS25CLGNBQWMsRUFBRTtNQUNyQyxNQUFNLElBQUlvQixLQUFLLENBQUMsOEVBQThFbEIsT0FBTyxDQUFDaUIsTUFBTSwrQkFBK0JuQixjQUFjLG1CQUFtQixJQUFJLENBQUNZLGFBQWEsNkVBQTZFLENBQUM7SUFDOVE7SUFFQSxJQUFJO01BQ0YsTUFBTVMsVUFBVSxHQUFHcEIsU0FBUyxDQUFDQyxPQUFPLEVBQUUsSUFBSSxDQUFDYyx1QkFBdUIsQ0FBQztNQUVuRSxJQUFJLENBQUNNLGFBQWEsR0FBRyxJQUFJUixxQkFBWSxDQUFDTyxVQUFVLENBQUM7TUFFakQsTUFBTUUsVUFBVSxHQUFHdEIsU0FBUyxDQUFDQyxPQUFPLEVBQUUsSUFBSSxDQUFDZSxnQkFBZ0IsQ0FBQztNQUU1RCxJQUFJLENBQUNPLE1BQU0sR0FBRyxJQUFJVixxQkFBWSxDQUFDUyxVQUFVLENBQUM7TUFFMUMsTUFBTUUsU0FBUyxHQUFHeEIsU0FBUyxDQUFDQyxPQUFPLEVBQUUsSUFBSSxDQUFDZ0IsZUFBZSxDQUFDO01BRTFELElBQUksQ0FBQ1EsS0FBSyxHQUFHLElBQUlaLHFCQUFZLENBQUNXLFNBQVMsQ0FBQztJQUMxQyxDQUFDLENBQUMsT0FBT0UsS0FBVSxFQUFFO01BQ25CLE1BQU0sSUFBSVAsS0FBSyxDQUFDLDJCQUEyQk8sS0FBSyxDQUFDQyxPQUFPLEdBQUcsQ0FBQztJQUM5RDtFQUNGO0VBRUFDLGdCQUFnQkEsQ0FBQSxFQUFXO0lBQ3pCLE9BQU8sSUFBSSxDQUFDUCxhQUFhLENBQUNwQixPQUFPO0VBQ25DO0VBRUE0QixTQUFTQSxDQUFBLEVBQVc7SUFDbEIsT0FBTyxJQUFJLENBQUNOLE1BQU0sQ0FBQ3RCLE9BQU87RUFDNUI7RUFFQTZCLFFBQVFBLENBQUEsRUFBVztJQUNqQixPQUFPLElBQUksQ0FBQ0wsS0FBSyxDQUFDeEIsT0FBTztFQUMzQjtBQUNGO0FBQUNILE9BQUEsQ0FBQWMsaUNBQUEsR0FBQUEsaUNBQUEiLCJpZ25vcmVMaXN0IjpbXX0=

package/lib/always-encrypted/aead-aes-256-cbc-hmac-encryption-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"aead-aes-256-cbc-hmac-encryption-key.js","names":["_crypto","require","_symmetricKey","_interopRequireDefault","e","__esModule","default","keySize","exports","keySizeInBytes","deriveKey","rootKey","salt","hmac","createHmac","update","Buffer","from","digest","generateKeySalt","keyType","algorithmName","AeadAes256CbcHmac256EncryptionKey","SymmetricKey","constructor","encryptionKeySaltFormat","macKeySaltFormat","ivKeySaltFormat","length","Error","encKeyBuff","encryptionKey","macKeyBuff","macKey","ivKeyBuff","ivKey","error","message","getEncryptionKey","getMacKey","getIvKey"],"sources":["../../src/always-encrypted/aead-aes-256-cbc-hmac-encryption-key.ts"],"sourcesContent":["// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.\n// Copyright (c) 2019 Microsoft Corporation\n\nimport { createHmac } from 'crypto';\nimport SymmetricKey from './symmetric-key';\n\nexport const keySize = 256;\nconst keySizeInBytes = keySize / 8;\n\nexport const deriveKey = (rootKey: Buffer, salt: string): Buffer => {\n  const hmac = createHmac('sha256', rootKey);\n  hmac.update(Buffer.from(salt, 'utf16le'));\n  return hmac.digest();\n};\n\nexport const generateKeySalt = (\n  keyType: 'encryption' | 'MAC' | 'IV',\n  algorithmName: string,\n  keySize: number,\n): string =>\n  `Microsoft SQL Server cell ${keyType} key ` +\n  `with encryption algorithm:${algorithmName} and key length:${keySize}`;\n\nexport class AeadAes256CbcHmac256EncryptionKey extends SymmetricKey {\n  declare private readonly algorithmName: string;\n  declare private encryptionKeySaltFormat: string;\n  declare private macKeySaltFormat: string;\n  declare private ivKeySaltFormat: string;\n  declare private encryptionKey: SymmetricKey;\n  declare private macKey: SymmetricKey;\n  declare private ivKey: SymmetricKey;\n\n  constructor(rootKey: Buffer, algorithmName: string) {\n    super(rootKey);\n    this.algorithmName = algorithmName;\n    this.encryptionKeySaltFormat = generateKeySalt('encryption', this.algorithmName, keySize);\n    this.macKeySaltFormat = generateKeySalt('MAC', this.algorithmName, keySize);\n    this.ivKeySaltFormat = generateKeySalt('IV', this.algorithmName, keySize);\n\n    if (rootKey.length !== keySizeInBytes) {\n      throw new Error(`The column encryption key has been successfully decrypted but it's length: ${rootKey.length} does not match the length: ${keySizeInBytes} for algorithm \"${this.algorithmName}\". Verify the encrypted value of the column encryption key in the database.`);\n    }\n\n    try {\n      const encKeyBuff = deriveKey(rootKey, this.encryptionKeySaltFormat);\n\n      this.encryptionKey = new SymmetricKey(encKeyBuff);\n\n      const macKeyBuff = deriveKey(rootKey, this.macKeySaltFormat);\n\n      this.macKey = new SymmetricKey(macKeyBuff);\n\n      const ivKeyBuff = deriveKey(rootKey, this.ivKeySaltFormat);\n\n      this.ivKey = new SymmetricKey(ivKeyBuff);\n    } catch (error: any) {\n      throw new Error(`Key extraction failed : ${error.message}.`);\n    }\n  }\n\n  getEncryptionKey(): Buffer {\n    return this.encryptionKey.rootKey;\n  }\n\n  getMacKey(): Buffer {\n    return this.macKey.rootKey;\n  }\n\n  getIvKey(): Buffer {\n    return this.ivKey.rootKey;\n  }\n}\n"],"mappings":";;;;;;AAGA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,aAAA,GAAAC,sBAAA,CAAAF,OAAA;AAA2C,SAAAE,uBAAAC,CAAA,WAAAA,CAAA,IAAAA,CAAA,CAAAC,UAAA,GAAAD,CAAA,KAAAE,OAAA,EAAAF,CAAA;AAJ3C;AACA;;AAKO,MAAMG,OAAO,GAAAC,OAAA,CAAAD,OAAA,GAAG,GAAG;AAC1B,MAAME,cAAc,GAAGF,OAAO,GAAG,CAAC;AAE3B,MAAMG,SAAS,GAAGA,CAACC,OAAe,EAAEC,IAAY,KAAa;EAClE,MAAMC,IAAI,GAAG,IAAAC,kBAAU,EAAC,QAAQ,EAAEH,OAAO,CAAC;EAC1CE,IAAI,CAACE,MAAM,CAACC,MAAM,CAACC,IAAI,CAACL,IAAI,EAAE,SAAS,CAAC,CAAC;EACzC,OAAOC,IAAI,CAACK,MAAM,CAAC,CAAC;AACtB,CAAC;AAACV,OAAA,CAAAE,SAAA,GAAAA,SAAA;AAEK,MAAMS,eAAe,GAAGA,CAC7BC,OAAoC,EACpCC,aAAqB,EACrBd,OAAe,KAEf,6BAA6Ba,OAAO,OAAO,GAC3C,6BAA6BC,aAAa,mBAAmBd,OAAO,EAAE;AAACC,OAAA,CAAAW,eAAA,GAAAA,eAAA;AAElE,MAAMG,iCAAiC,SAASC,qBAAY,CAAC;EASlEC,WAAWA,CAACb,OAAe,EAAEU,aAAqB,EAAE;IAClD,KAAK,CAACV,OAAO,CAAC;IACd,IAAI,CAACU,aAAa,GAAGA,aAAa;IAClC,IAAI,CAACI,uBAAuB,GAAGN,eAAe,CAAC,YAAY,EAAE,IAAI,CAACE,aAAa,EAAEd,OAAO,CAAC;IACzF,IAAI,CAACmB,gBAAgB,GAAGP,eAAe,CAAC,KAAK,EAAE,IAAI,CAACE,aAAa,EAAEd,OAAO,CAAC;IAC3E,IAAI,CAACoB,eAAe,GAAGR,eAAe,CAAC,IAAI,EAAE,IAAI,CAACE,aAAa,EAAEd,OAAO,CAAC;IAEzE,IAAII,OAAO,CAACiB,MAAM,KAAKnB,cAAc,EAAE;MACrC,MAAM,IAAIoB,KAAK,CAAC,8EAA8ElB,OAAO,CAACiB,MAAM,+BAA+BnB,cAAc,mBAAmB,IAAI,CAACY,aAAa,6EAA6E,CAAC;IAC9Q;IAEA,IAAI;MACF,MAAMS,UAAU,GAAGpB,SAAS,CAACC,OAAO,EAAE,IAAI,CAACc,uBAAuB,CAAC;MAEnE,IAAI,CAACM,aAAa,GAAG,IAAIR,qBAAY,CAACO,UAAU,CAAC;MAEjD,MAAME,UAAU,GAAGtB,SAAS,CAACC,OAAO,EAAE,IAAI,CAACe,gBAAgB,CAAC;MAE5D,IAAI,CAACO,MAAM,GAAG,IAAIV,qBAAY,CAACS,UAAU,CAAC;MAE1C,MAAME,SAAS,GAAGxB,SAAS,CAACC,OAAO,EAAE,IAAI,CAACgB,eAAe,CAAC;MAE1D,IAAI,CAACQ,KAAK,GAAG,IAAIZ,qBAAY,CAACW,SAAS,CAAC;IAC1C,CAAC,CAAC,OAAOE,KAAU,EAAE;MACnB,MAAM,IAAIP,KAAK,CAAC,2BAA2BO,KAAK,CAACC,OAAO,GAAG,CAAC;IAC9D;EACF;EAEAC,gBAAgBA,CAAA,EAAW;IACzB,OAAO,IAAI,CAACP,aAAa,CAACpB,OAAO;EACnC;EAEA4B,SAASA,CAAA,EAAW;IAClB,OAAO,IAAI,CAACN,MAAM,CAACtB,OAAO;EAC5B;EAEA6B,QAAQA,CAAA,EAAW;IACjB,OAAO,IAAI,CAACL,KAAK,CAACxB,OAAO;EAC3B;AACF;AAACH,OAAA,CAAAc,iCAAA,GAAAA,iCAAA","ignoreList":[]}

package/lib/always-encrypted/cek-entry.d.ts

@@ -0,0 +1,11 @@
+import { type EncryptionKeyInfo } from './types';
+export declare class CEKEntry {
+    columnEncryptionKeyValues: EncryptionKeyInfo[];
+    ordinal: number;
+    databaseId: number;
+    cekId: number;
+    cekVersion: number;
+    cekMdVersion: Buffer;
+    constructor(ordinalVal: number);
+    add(encryptedKey: Buffer, dbId: number, keyId: number, keyVersion: number, mdVersion: Buffer, keyPath: string, keyStoreName: string, algorithmName: string): void;
+}

package/lib/always-encrypted/cek-entry.js

@@ -0,0 +1,42 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.CEKEntry = void 0;
+// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.
+// Copyright (c) 2019 Microsoft Corporation
+
+class CEKEntry {
+  constructor(ordinalVal) {
+    this.ordinal = ordinalVal;
+    this.databaseId = 0;
+    this.cekId = 0;
+    this.cekVersion = 0;
+    this.cekMdVersion = Buffer.alloc(0);
+    this.columnEncryptionKeyValues = [];
+  }
+  add(encryptedKey, dbId, keyId, keyVersion, mdVersion, keyPath, keyStoreName, algorithmName) {
+    const encryptionKey = {
+      encryptedKey,
+      dbId,
+      keyId,
+      keyVersion,
+      mdVersion,
+      keyPath,
+      keyStoreName,
+      algorithmName
+    };
+    this.columnEncryptionKeyValues.push(encryptionKey);
+    if (this.databaseId === 0) {
+      this.databaseId = dbId;
+      this.cekId = keyId;
+      this.cekVersion = keyVersion;
+      this.cekMdVersion = mdVersion;
+    } else if (this.databaseId !== dbId || this.cekId !== keyId || this.cekVersion !== keyVersion || !this.cekMdVersion || !mdVersion || this.cekMdVersion.length !== mdVersion.length) {
+      throw new Error('Invalid databaseId, cekId, cekVersion or cekMdVersion.');
+    }
+  }
+}
+exports.CEKEntry = CEKEntry;
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJDRUtFbnRyeSIsImNvbnN0cnVjdG9yIiwib3JkaW5hbFZhbCIsIm9yZGluYWwiLCJkYXRhYmFzZUlkIiwiY2VrSWQiLCJjZWtWZXJzaW9uIiwiY2VrTWRWZXJzaW9uIiwiQnVmZmVyIiwiYWxsb2MiLCJjb2x1bW5FbmNyeXB0aW9uS2V5VmFsdWVzIiwiYWRkIiwiZW5jcnlwdGVkS2V5IiwiZGJJZCIsImtleUlkIiwia2V5VmVyc2lvbiIsIm1kVmVyc2lvbiIsImtleVBhdGgiLCJrZXlTdG9yZU5hbWUiLCJhbGdvcml0aG1OYW1lIiwiZW5jcnlwdGlvbktleSIsInB1c2giLCJsZW5ndGgiLCJFcnJvciIsImV4cG9ydHMiXSwic291cmNlcyI6WyIuLi8uLi9zcmMvYWx3YXlzLWVuY3J5cHRlZC9jZWstZW50cnkudHMiXSwic291cmNlc0NvbnRlbnQiOlsiLy8gVGhpcyBjb2RlIGlzIGJhc2VkIG9uIHRoZSBgbXNzcWwtamRiY2AgbGlicmFyeSBwdWJsaXNoZWQgdW5kZXIgdGhlIGNvbmRpdGlvbnMgb2YgTUlUIGxpY2Vuc2UuXG4vLyBDb3B5cmlnaHQgKGMpIDIwMTkgTWljcm9zb2Z0IENvcnBvcmF0aW9uXG5cbmltcG9ydCB7IHR5cGUgRW5jcnlwdGlvbktleUluZm8gfSBmcm9tICcuL3R5cGVzJztcblxuZXhwb3J0IGNsYXNzIENFS0VudHJ5IHtcbiAgZGVjbGFyZSBjb2x1bW5FbmNyeXB0aW9uS2V5VmFsdWVzOiBFbmNyeXB0aW9uS2V5SW5mb1tdO1xuICBkZWNsYXJlIG9yZGluYWw6IG51bWJlcjtcbiAgZGVjbGFyZSBkYXRhYmFzZUlkOiBudW1iZXI7XG4gIGRlY2xhcmUgY2VrSWQ6IG51bWJlcjtcbiAgZGVjbGFyZSBjZWtWZXJzaW9uOiBudW1iZXI7XG4gIGRlY2xhcmUgY2VrTWRWZXJzaW9uOiBCdWZmZXI7XG5cbiAgY29uc3RydWN0b3Iob3JkaW5hbFZhbDogbnVtYmVyKSB7XG4gICAgdGhpcy5vcmRpbmFsID0gb3JkaW5hbFZhbDtcbiAgICB0aGlzLmRhdGFiYXNlSWQgPSAwO1xuICAgIHRoaXMuY2VrSWQgPSAwO1xuICAgIHRoaXMuY2VrVmVyc2lvbiA9IDA7XG4gICAgdGhpcy5jZWtNZFZlcnNpb24gPSBCdWZmZXIuYWxsb2MoMCk7XG4gICAgdGhpcy5jb2x1bW5FbmNyeXB0aW9uS2V5VmFsdWVzID0gW107XG4gIH1cblxuICBhZGQoZW5jcnlwdGVkS2V5OiBCdWZmZXIsIGRiSWQ6IG51bWJlciwga2V5SWQ6IG51bWJlciwga2V5VmVyc2lvbjogbnVtYmVyLCBtZFZlcnNpb246IEJ1ZmZlciwga2V5UGF0aDogc3RyaW5nLCBrZXlTdG9yZU5hbWU6IHN0cmluZywgYWxnb3JpdGhtTmFtZTogc3RyaW5nKTogdm9pZCB7XG4gICAgY29uc3QgZW5jcnlwdGlvbktleTogRW5jcnlwdGlvbktleUluZm8gPSB7XG4gICAgICBlbmNyeXB0ZWRLZXksXG4gICAgICBkYklkLFxuICAgICAga2V5SWQsXG4gICAgICBrZXlWZXJzaW9uLFxuICAgICAgbWRWZXJzaW9uLFxuICAgICAga2V5UGF0aCxcbiAgICAgIGtleVN0b3JlTmFtZSxcbiAgICAgIGFsZ29yaXRobU5hbWUsXG4gICAgfTtcblxuICAgIHRoaXMuY29sdW1uRW5jcnlwdGlvbktleVZhbHVlcy5wdXNoKGVuY3J5cHRpb25LZXkpO1xuXG4gICAgaWYgKHRoaXMuZGF0YWJhc2VJZCA9PT0gMCkge1xuICAgICAgdGhpcy5kYXRhYmFzZUlkID0gZGJJZDtcbiAgICAgIHRoaXMuY2VrSWQgPSBrZXlJZDtcbiAgICAgIHRoaXMuY2VrVmVyc2lvbiA9IGtleVZlcnNpb247XG4gICAgICB0aGlzLmNla01kVmVyc2lvbiA9IG1kVmVyc2lvbjtcbiAgICB9IGVsc2UgaWYgKCh0aGlzLmRhdGFiYXNlSWQgIT09IGRiSWQpIHx8ICh0aGlzLmNla0lkICE9PSBrZXlJZCkgfHwgKHRoaXMuY2VrVmVyc2lvbiAhPT0ga2V5VmVyc2lvbikgfHwgIXRoaXMuY2VrTWRWZXJzaW9uIHx8ICFtZFZlcnNpb24gfHwgdGhpcy5jZWtNZFZlcnNpb24ubGVuZ3RoICE9PSBtZFZlcnNpb24ubGVuZ3RoKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ0ludmFsaWQgZGF0YWJhc2VJZCwgY2VrSWQsIGNla1ZlcnNpb24gb3IgY2VrTWRWZXJzaW9uLicpO1xuICAgIH1cbiAgfVxufVxuIl0sIm1hcHBpbmdzIjoiOzs7Ozs7QUFBQTtBQUNBOztBQUlPLE1BQU1BLFFBQVEsQ0FBQztFQVFwQkMsV0FBV0EsQ0FBQ0MsVUFBa0IsRUFBRTtJQUM5QixJQUFJLENBQUNDLE9BQU8sR0FBR0QsVUFBVTtJQUN6QixJQUFJLENBQUNFLFVBQVUsR0FBRyxDQUFDO0lBQ25CLElBQUksQ0FBQ0MsS0FBSyxHQUFHLENBQUM7SUFDZCxJQUFJLENBQUNDLFVBQVUsR0FBRyxDQUFDO0lBQ25CLElBQUksQ0FBQ0MsWUFBWSxHQUFHQyxNQUFNLENBQUNDLEtBQUssQ0FBQyxDQUFDLENBQUM7SUFDbkMsSUFBSSxDQUFDQyx5QkFBeUIsR0FBRyxFQUFFO0VBQ3JDO0VBRUFDLEdBQUdBLENBQUNDLFlBQW9CLEVBQUVDLElBQVksRUFBRUMsS0FBYSxFQUFFQyxVQUFrQixFQUFFQyxTQUFpQixFQUFFQyxPQUFlLEVBQUVDLFlBQW9CLEVBQUVDLGFBQXFCLEVBQVE7SUFDaEssTUFBTUMsYUFBZ0MsR0FBRztNQUN2Q1IsWUFBWTtNQUNaQyxJQUFJO01BQ0pDLEtBQUs7TUFDTEMsVUFBVTtNQUNWQyxTQUFTO01BQ1RDLE9BQU87TUFDUEMsWUFBWTtNQUNaQztJQUNGLENBQUM7SUFFRCxJQUFJLENBQUNULHlCQUF5QixDQUFDVyxJQUFJLENBQUNELGFBQWEsQ0FBQztJQUVsRCxJQUFJLElBQUksQ0FBQ2hCLFVBQVUsS0FBSyxDQUFDLEVBQUU7TUFDekIsSUFBSSxDQUFDQSxVQUFVLEdBQUdTLElBQUk7TUFDdEIsSUFBSSxDQUFDUixLQUFLLEdBQUdTLEtBQUs7TUFDbEIsSUFBSSxDQUFDUixVQUFVLEdBQUdTLFVBQVU7TUFDNUIsSUFBSSxDQUFDUixZQUFZLEdBQUdTLFNBQVM7SUFDL0IsQ0FBQyxNQUFNLElBQUssSUFBSSxDQUFDWixVQUFVLEtBQUtTLElBQUksSUFBTSxJQUFJLENBQUNSLEtBQUssS0FBS1MsS0FBTSxJQUFLLElBQUksQ0FBQ1IsVUFBVSxLQUFLUyxVQUFXLElBQUksQ0FBQyxJQUFJLENBQUNSLFlBQVksSUFBSSxDQUFDUyxTQUFTLElBQUksSUFBSSxDQUFDVCxZQUFZLENBQUNlLE1BQU0sS0FBS04sU0FBUyxDQUFDTSxNQUFNLEVBQUU7TUFDeEwsTUFBTSxJQUFJQyxLQUFLLENBQUMsd0RBQXdELENBQUM7SUFDM0U7RUFDRjtBQUNGO0FBQUNDLE9BQUEsQ0FBQXhCLFFBQUEsR0FBQUEsUUFBQSIsImlnbm9yZUxpc3QiOltdfQ==

package/lib/always-encrypted/cek-entry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cek-entry.js","names":["CEKEntry","constructor","ordinalVal","ordinal","databaseId","cekId","cekVersion","cekMdVersion","Buffer","alloc","columnEncryptionKeyValues","add","encryptedKey","dbId","keyId","keyVersion","mdVersion","keyPath","keyStoreName","algorithmName","encryptionKey","push","length","Error","exports"],"sources":["../../src/always-encrypted/cek-entry.ts"],"sourcesContent":["// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.\n// Copyright (c) 2019 Microsoft Corporation\n\nimport { type EncryptionKeyInfo } from './types';\n\nexport class CEKEntry {\n  declare columnEncryptionKeyValues: EncryptionKeyInfo[];\n  declare ordinal: number;\n  declare databaseId: number;\n  declare cekId: number;\n  declare cekVersion: number;\n  declare cekMdVersion: Buffer;\n\n  constructor(ordinalVal: number) {\n    this.ordinal = ordinalVal;\n    this.databaseId = 0;\n    this.cekId = 0;\n    this.cekVersion = 0;\n    this.cekMdVersion = Buffer.alloc(0);\n    this.columnEncryptionKeyValues = [];\n  }\n\n  add(encryptedKey: Buffer, dbId: number, keyId: number, keyVersion: number, mdVersion: Buffer, keyPath: string, keyStoreName: string, algorithmName: string): void {\n    const encryptionKey: EncryptionKeyInfo = {\n      encryptedKey,\n      dbId,\n      keyId,\n      keyVersion,\n      mdVersion,\n      keyPath,\n      keyStoreName,\n      algorithmName,\n    };\n\n    this.columnEncryptionKeyValues.push(encryptionKey);\n\n    if (this.databaseId === 0) {\n      this.databaseId = dbId;\n      this.cekId = keyId;\n      this.cekVersion = keyVersion;\n      this.cekMdVersion = mdVersion;\n    } else if ((this.databaseId !== dbId) || (this.cekId !== keyId) || (this.cekVersion !== keyVersion) || !this.cekMdVersion || !mdVersion || this.cekMdVersion.length !== mdVersion.length) {\n      throw new Error('Invalid databaseId, cekId, cekVersion or cekMdVersion.');\n    }\n  }\n}\n"],"mappings":";;;;;;AAAA;AACA;;AAIO,MAAMA,QAAQ,CAAC;EAQpBC,WAAWA,CAACC,UAAkB,EAAE;IAC9B,IAAI,CAACC,OAAO,GAAGD,UAAU;IACzB,IAAI,CAACE,UAAU,GAAG,CAAC;IACnB,IAAI,CAACC,KAAK,GAAG,CAAC;IACd,IAAI,CAACC,UAAU,GAAG,CAAC;IACnB,IAAI,CAACC,YAAY,GAAGC,MAAM,CAACC,KAAK,CAAC,CAAC,CAAC;IACnC,IAAI,CAACC,yBAAyB,GAAG,EAAE;EACrC;EAEAC,GAAGA,CAACC,YAAoB,EAAEC,IAAY,EAAEC,KAAa,EAAEC,UAAkB,EAAEC,SAAiB,EAAEC,OAAe,EAAEC,YAAoB,EAAEC,aAAqB,EAAQ;IAChK,MAAMC,aAAgC,GAAG;MACvCR,YAAY;MACZC,IAAI;MACJC,KAAK;MACLC,UAAU;MACVC,SAAS;MACTC,OAAO;MACPC,YAAY;MACZC;IACF,CAAC;IAED,IAAI,CAACT,yBAAyB,CAACW,IAAI,CAACD,aAAa,CAAC;IAElD,IAAI,IAAI,CAAChB,UAAU,KAAK,CAAC,EAAE;MACzB,IAAI,CAACA,UAAU,GAAGS,IAAI;MACtB,IAAI,CAACR,KAAK,GAAGS,KAAK;MAClB,IAAI,CAACR,UAAU,GAAGS,UAAU;MAC5B,IAAI,CAACR,YAAY,GAAGS,SAAS;IAC/B,CAAC,MAAM,IAAK,IAAI,CAACZ,UAAU,KAAKS,IAAI,IAAM,IAAI,CAACR,KAAK,KAAKS,KAAM,IAAK,IAAI,CAACR,UAAU,KAAKS,UAAW,IAAI,CAAC,IAAI,CAACR,YAAY,IAAI,CAACS,SAAS,IAAI,IAAI,CAACT,YAAY,CAACe,MAAM,KAAKN,SAAS,CAACM,MAAM,EAAE;MACxL,MAAM,IAAIC,KAAK,CAAC,wDAAwD,CAAC;IAC3E;EACF;AACF;AAACC,OAAA,CAAAxB,QAAA,GAAAA,QAAA","ignoreList":[]}

package/lib/always-encrypted/get-parameter-encryption-metadata.js

@@ -0,0 +1,90 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.getParameterEncryptionMetadata = void 0;
+var _types = require("./types");
+var _cekEntry = require("./cek-entry");
+var _keyCrypto = require("./key-crypto");
+var _dataType = require("../data-type");
+var _request = _interopRequireDefault(require("../request"));
+var _rpcrequestPayload = _interopRequireDefault(require("../rpcrequest-payload"));
+var _packet = require("../packet");
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.
+// Copyright (c) 2019 Microsoft Corporation
+
+const getParameterEncryptionMetadata = (connection, request, callback) => {
+  if (request.cryptoMetadataLoaded === true) {
+    return callback();
+  }
+  const metadataRequest = new _request.default('sp_describe_parameter_encryption', error => {
+    if (error) {
+      return callback(error);
+    }
+    const decryptSymmetricKeyPromises = [];
+    const cekList = [];
+    let paramCount = 0;
+    for (const columns of resultRows) {
+      try {
+        const isFirstRecordSet = columns.some(col => (col && col.metadata && col.metadata.colName) === 'database_id');
+        if (isFirstRecordSet === true) {
+          const currentOrdinal = columns[_types.DescribeParameterEncryptionResultSet1.KeyOrdinal].value;
+          let cekEntry;
+          if (!cekList[currentOrdinal]) {
+            cekEntry = new _cekEntry.CEKEntry(currentOrdinal);
+            cekList[cekEntry.ordinal] = cekEntry;
+          } else {
+            cekEntry = cekList[currentOrdinal];
+          }
+          cekEntry.add(columns[_types.DescribeParameterEncryptionResultSet1.EncryptedKey].value, columns[_types.DescribeParameterEncryptionResultSet1.DbId].value, columns[_types.DescribeParameterEncryptionResultSet1.KeyId].value, columns[_types.DescribeParameterEncryptionResultSet1.KeyVersion].value, columns[_types.DescribeParameterEncryptionResultSet1.KeyMdVersion].value, columns[_types.DescribeParameterEncryptionResultSet1.KeyPath].value, columns[_types.DescribeParameterEncryptionResultSet1.ProviderName].value, columns[_types.DescribeParameterEncryptionResultSet1.KeyEncryptionAlgorithm].value);
+        } else {
+          paramCount++;
+          const paramName = columns[_types.DescribeParameterEncryptionResultSet2.ParameterName].value;
+          const paramIndex = request.parameters.findIndex(param => paramName === `@${param.name}`);
+          const cekOrdinal = columns[_types.DescribeParameterEncryptionResultSet2.ColumnEncryptionKeyOrdinal].value;
+          const cekEntry = cekList[cekOrdinal];
+          if (cekEntry && cekList.length < cekOrdinal) {
+            return callback(new Error(`Internal error. The referenced column encryption key ordinal "${cekOrdinal}" is missing in the encryption metadata returned by sp_describe_parameter_encryption. Max ordinal is "${cekList.length}".`));
+          }
+          const encType = columns[_types.DescribeParameterEncryptionResultSet2.ColumnEncrytionType].value;
+          if (_types.SQLServerEncryptionType.PlainText !== encType) {
+            request.parameters[paramIndex].cryptoMetadata = {
+              cekEntry: cekEntry,
+              ordinal: cekOrdinal,
+              cipherAlgorithmId: columns[_types.DescribeParameterEncryptionResultSet2.ColumnEncryptionAlgorithm].value,
+              encryptionType: encType,
+              normalizationRuleVersion: Buffer.from([columns[_types.DescribeParameterEncryptionResultSet2.NormalizationRuleVersion].value])
+            };
+            decryptSymmetricKeyPromises.push((0, _keyCrypto.decryptSymmetricKey)(request.parameters[paramIndex].cryptoMetadata, connection.config.options));
+          } else if (request.parameters[paramIndex].forceEncrypt === true) {
+            return callback(new Error(`Cannot execute statement or procedure ${request.sqlTextOrProcedure} because Force Encryption was set as true for parameter ${paramIndex + 1} and the database expects this parameter to be sent as plaintext. This may be due to a configuration error.`));
+          }
+        }
+      } catch {
+        return callback(new Error(`Internal error. Unable to parse parameter encryption metadata in statement or procedure "${request.sqlTextOrProcedure}"`));
+      }
+    }
+    if (paramCount !== request.parameters.length) {
+      return callback(new Error(`Internal error. Metadata for some parameters in statement or procedure "${request.sqlTextOrProcedure}" is missing in the resultset returned by sp_describe_parameter_encryption.`));
+    }
+    return Promise.all(decryptSymmetricKeyPromises).then(() => {
+      request.cryptoMetadataLoaded = true;
+      process.nextTick(callback);
+    }, error => {
+      process.nextTick(callback, error);
+    });
+  });
+  metadataRequest.addParameter('tsql', _dataType.typeByName.NVarChar, request.sqlTextOrProcedure);
+  if (request.parameters.length) {
+    metadataRequest.addParameter('params', _dataType.typeByName.NVarChar, metadataRequest.makeParamsParameter(request.parameters));
+  }
+  const resultRows = [];
+  metadataRequest.on('row', columns => {
+    resultRows.push(columns);
+  });
+  connection.makeRequest(metadataRequest, _packet.TYPE.RPC_REQUEST, new _rpcrequestPayload.default(metadataRequest.sqlTextOrProcedure, metadataRequest.parameters, connection.currentTransactionDescriptor(), connection.config.options, connection.databaseCollation));
+};
+exports.getParameterEncryptionMetadata = getParameterEncryptionMetadata;
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJfdHlwZXMiLCJyZXF1aXJlIiwiX2Nla0VudHJ5IiwiX2tleUNyeXB0byIsIl9kYXRhVHlwZSIsIl9yZXF1ZXN0IiwiX2ludGVyb3BSZXF1aXJlRGVmYXVsdCIsIl9ycGNyZXF1ZXN0UGF5bG9hZCIsIl9wYWNrZXQiLCJlIiwiX19lc01vZHVsZSIsImRlZmF1bHQiLCJnZXRQYXJhbWV0ZXJFbmNyeXB0aW9uTWV0YWRhdGEiLCJjb25uZWN0aW9uIiwicmVxdWVzdCIsImNhbGxiYWNrIiwiY3J5cHRvTWV0YWRhdGFMb2FkZWQiLCJtZXRhZGF0YVJlcXVlc3QiLCJSZXF1ZXN0IiwiZXJyb3IiLCJkZWNyeXB0U3ltbWV0cmljS2V5UHJvbWlzZXMiLCJjZWtMaXN0IiwicGFyYW1Db3VudCIsImNvbHVtbnMiLCJyZXN1bHRSb3dzIiwiaXNGaXJzdFJlY29yZFNldCIsInNvbWUiLCJjb2wiLCJtZXRhZGF0YSIsImNvbE5hbWUiLCJjdXJyZW50T3JkaW5hbCIsIkRlc2NyaWJlUGFyYW1ldGVyRW5jcnlwdGlvblJlc3VsdFNldDEiLCJLZXlPcmRpbmFsIiwidmFsdWUiLCJjZWtFbnRyeSIsIkNFS0VudHJ5Iiwib3JkaW5hbCIsImFkZCIsIkVuY3J5cHRlZEtleSIsIkRiSWQiLCJLZXlJZCIsIktleVZlcnNpb24iLCJLZXlNZFZlcnNpb24iLCJLZXlQYXRoIiwiUHJvdmlkZXJOYW1lIiwiS2V5RW5jcnlwdGlvbkFsZ29yaXRobSIsInBhcmFtTmFtZSIsIkRlc2NyaWJlUGFyYW1ldGVyRW5jcnlwdGlvblJlc3VsdFNldDIiLCJQYXJhbWV0ZXJOYW1lIiwicGFyYW1JbmRleCIsInBhcmFtZXRlcnMiLCJmaW5kSW5kZXgiLCJwYXJhbSIsIm5hbWUiLCJjZWtPcmRpbmFsIiwiQ29sdW1uRW5jcnlwdGlvbktleU9yZGluYWwiLCJsZW5ndGgiLCJFcnJvciIsImVuY1R5cGUiLCJDb2x1bW5FbmNyeXRpb25UeXBlIiwiU1FMU2VydmVyRW5jcnlwdGlvblR5cGUiLCJQbGFpblRleHQiLCJjcnlwdG9NZXRhZGF0YSIsImNpcGhlckFsZ29yaXRobUlkIiwiQ29sdW1uRW5jcnlwdGlvbkFsZ29yaXRobSIsImVuY3J5cHRpb25UeXBlIiwibm9ybWFsaXphdGlvblJ1bGVWZXJzaW9uIiwiQnVmZmVyIiwiZnJvbSIsIk5vcm1hbGl6YXRpb25SdWxlVmVyc2lvbiIsInB1c2giLCJkZWNyeXB0U3ltbWV0cmljS2V5IiwiY29uZmlnIiwib3B0aW9ucyIsImZvcmNlRW5jcnlwdCIsInNxbFRleHRPclByb2NlZHVyZSIsIlByb21pc2UiLCJhbGwiLCJ0aGVuIiwicHJvY2VzcyIsIm5leHRUaWNrIiwiYWRkUGFyYW1ldGVyIiwiVFlQRVMiLCJOVmFyQ2hhciIsIm1ha2VQYXJhbXNQYXJhbWV0ZXIiLCJvbiIsIm1ha2VSZXF1ZXN0IiwiVFlQRSIsIlJQQ19SRVFVRVNUIiwiUnBjUmVxdWVzdFBheWxvYWQiLCJjdXJyZW50VHJhbnNhY3Rpb25EZXNjcmlwdG9yIiwiZGF0YWJhc2VDb2xsYXRpb24iLCJleHBvcnRzIl0sInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Fsd2F5cy1lbmNyeXB0ZWQvZ2V0LXBhcmFtZXRlci1lbmNyeXB0aW9uLW1ldGFkYXRhLnRzIl0sInNvdXJjZXNDb250ZW50IjpbIi8vIFRoaXMgY29kZSBpcyBiYXNlZCBvbiB0aGUgYG1zc3FsLWpkYmNgIGxpYnJhcnkgcHVibGlzaGVkIHVuZGVyIHRoZSBjb25kaXRpb25zIG9mIE1JVCBsaWNlbnNlLlxuLy8gQ29weXJpZ2h0IChjKSAyMDE5IE1pY3Jvc29mdCBDb3Jwb3JhdGlvblxuXG5pbXBvcnQgeyBTUUxTZXJ2ZXJFbmNyeXB0aW9uVHlwZSwgdHlwZSBDcnlwdG9NZXRhZGF0YSwgRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MSwgRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MiB9IGZyb20gJy4vdHlwZXMnO1xuaW1wb3J0IHsgQ0VLRW50cnkgfSBmcm9tICcuL2Nlay1lbnRyeSc7XG5pbXBvcnQgeyBkZWNyeXB0U3ltbWV0cmljS2V5IH0gZnJvbSAnLi9rZXktY3J5cHRvJztcbmltcG9ydCB7IHR5cGVCeU5hbWUgYXMgVFlQRVMsIHR5cGUgUGFyYW1ldGVyIH0gZnJvbSAnLi4vZGF0YS10eXBlJztcbmltcG9ydCBSZXF1ZXN0IGZyb20gJy4uL3JlcXVlc3QnO1xuaW1wb3J0IENvbm5lY3Rpb24gZnJvbSAnLi4vY29ubmVjdGlvbic7XG5pbXBvcnQgUnBjUmVxdWVzdFBheWxvYWQgZnJvbSAnLi4vcnBjcmVxdWVzdC1wYXlsb2FkJztcbmltcG9ydCB7IFRZUEUgfSBmcm9tICcuLi9wYWNrZXQnO1xuXG5leHBvcnQgY29uc3QgZ2V0UGFyYW1ldGVyRW5jcnlwdGlvbk1ldGFkYXRhID0gKGNvbm5lY3Rpb246IENvbm5lY3Rpb24sIHJlcXVlc3Q6IFJlcXVlc3QsIGNhbGxiYWNrOiAoZXJyb3I/OiBFcnJvcikgPT4gdm9pZCkgPT4ge1xuICBpZiAocmVxdWVzdC5jcnlwdG9NZXRhZGF0YUxvYWRlZCA9PT0gdHJ1ZSkge1xuICAgIHJldHVybiBjYWxsYmFjaygpO1xuICB9XG5cbiAgY29uc3QgbWV0YWRhdGFSZXF1ZXN0ID0gbmV3IFJlcXVlc3QoJ3NwX2Rlc2NyaWJlX3BhcmFtZXRlcl9lbmNyeXB0aW9uJywgKGVycm9yKSA9PiB7XG4gICAgaWYgKGVycm9yKSB7XG4gICAgICByZXR1cm4gY2FsbGJhY2soZXJyb3IpO1xuICAgIH1cblxuICAgIGNvbnN0IGRlY3J5cHRTeW1tZXRyaWNLZXlQcm9taXNlczogUHJvbWlzZTx2b2lkPltdID0gW107XG4gICAgY29uc3QgY2VrTGlzdDogQ0VLRW50cnlbXSA9IFtdO1xuICAgIGxldCBwYXJhbUNvdW50ID0gMDtcblxuICAgIGZvciAoY29uc3QgY29sdW1ucyBvZiByZXN1bHRSb3dzKSB7XG4gICAgICB0cnkge1xuICAgICAgICBjb25zdCBpc0ZpcnN0UmVjb3JkU2V0ID0gY29sdW1ucy5zb21lKChjb2w6IGFueSkgPT4gKGNvbCAmJiBjb2wubWV0YWRhdGEgJiYgY29sLm1ldGFkYXRhLmNvbE5hbWUpID09PSAnZGF0YWJhc2VfaWQnKTtcbiAgICAgICAgaWYgKGlzRmlyc3RSZWNvcmRTZXQgPT09IHRydWUpIHtcbiAgICAgICAgICBjb25zdCBjdXJyZW50T3JkaW5hbCA9IGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MS5LZXlPcmRpbmFsXS52YWx1ZTtcbiAgICAgICAgICBsZXQgY2VrRW50cnk6IENFS0VudHJ5O1xuICAgICAgICAgIGlmICghY2VrTGlzdFtjdXJyZW50T3JkaW5hbF0pIHtcbiAgICAgICAgICAgIGNla0VudHJ5ID0gbmV3IENFS0VudHJ5KGN1cnJlbnRPcmRpbmFsKTtcbiAgICAgICAgICAgIGNla0xpc3RbY2VrRW50cnkub3JkaW5hbF0gPSBjZWtFbnRyeTtcbiAgICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgICAgY2VrRW50cnkgPSBjZWtMaXN0W2N1cnJlbnRPcmRpbmFsXTtcbiAgICAgICAgICB9XG4gICAgICAgICAgY2VrRW50cnkuYWRkKGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MS5FbmNyeXB0ZWRLZXldLnZhbHVlLFxuICAgICAgICAgICAgICAgICAgICAgICBjb2x1bW5zW0Rlc2NyaWJlUGFyYW1ldGVyRW5jcnlwdGlvblJlc3VsdFNldDEuRGJJZF0udmFsdWUsXG4gICAgICAgICAgICAgICAgICAgICAgIGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MS5LZXlJZF0udmFsdWUsXG4gICAgICAgICAgICAgICAgICAgICAgIGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MS5LZXlWZXJzaW9uXS52YWx1ZSxcbiAgICAgICAgICAgICAgICAgICAgICAgY29sdW1uc1tEZXNjcmliZVBhcmFtZXRlckVuY3J5cHRpb25SZXN1bHRTZXQxLktleU1kVmVyc2lvbl0udmFsdWUsXG4gICAgICAgICAgICAgICAgICAgICAgIGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MS5LZXlQYXRoXS52YWx1ZSxcbiAgICAgICAgICAgICAgICAgICAgICAgY29sdW1uc1tEZXNjcmliZVBhcmFtZXRlckVuY3J5cHRpb25SZXN1bHRTZXQxLlByb3ZpZGVyTmFtZV0udmFsdWUsXG4gICAgICAgICAgICAgICAgICAgICAgIGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0MS5LZXlFbmNyeXB0aW9uQWxnb3JpdGhtXS52YWx1ZSk7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgcGFyYW1Db3VudCsrO1xuICAgICAgICAgIGNvbnN0IHBhcmFtTmFtZTogc3RyaW5nID0gY29sdW1uc1tEZXNjcmliZVBhcmFtZXRlckVuY3J5cHRpb25SZXN1bHRTZXQyLlBhcmFtZXRlck5hbWVdLnZhbHVlO1xuICAgICAgICAgIGNvbnN0IHBhcmFtSW5kZXg6IG51bWJlciA9IHJlcXVlc3QucGFyYW1ldGVycy5maW5kSW5kZXgoKHBhcmFtOiBQYXJhbWV0ZXIpID0+IHBhcmFtTmFtZSA9PT0gYEAke3BhcmFtLm5hbWV9YCk7XG4gICAgICAgICAgY29uc3QgY2VrT3JkaW5hbDogbnVtYmVyID0gY29sdW1uc1tEZXNjcmliZVBhcmFtZXRlckVuY3J5cHRpb25SZXN1bHRTZXQyLkNvbHVtbkVuY3J5cHRpb25LZXlPcmRpbmFsXS52YWx1ZTtcbiAgICAgICAgICBjb25zdCBjZWtFbnRyeTogQ0VLRW50cnkgPSBjZWtMaXN0W2Nla09yZGluYWxdO1xuXG4gICAgICAgICAgaWYgKGNla0VudHJ5ICYmIGNla0xpc3QubGVuZ3RoIDwgY2VrT3JkaW5hbCkge1xuICAgICAgICAgICAgcmV0dXJuIGNhbGxiYWNrKG5ldyBFcnJvcihgSW50ZXJuYWwgZXJyb3IuIFRoZSByZWZlcmVuY2VkIGNvbHVtbiBlbmNyeXB0aW9uIGtleSBvcmRpbmFsIFwiJHtjZWtPcmRpbmFsfVwiIGlzIG1pc3NpbmcgaW4gdGhlIGVuY3J5cHRpb24gbWV0YWRhdGEgcmV0dXJuZWQgYnkgc3BfZGVzY3JpYmVfcGFyYW1ldGVyX2VuY3J5cHRpb24uIE1heCBvcmRpbmFsIGlzIFwiJHtjZWtMaXN0Lmxlbmd0aH1cIi5gKSk7XG4gICAgICAgICAgfVxuXG4gICAgICAgICAgY29uc3QgZW5jVHlwZSA9IGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0Mi5Db2x1bW5FbmNyeXRpb25UeXBlXS52YWx1ZTtcbiAgICAgICAgICBpZiAoU1FMU2VydmVyRW5jcnlwdGlvblR5cGUuUGxhaW5UZXh0ICE9PSBlbmNUeXBlKSB7XG4gICAgICAgICAgICByZXF1ZXN0LnBhcmFtZXRlcnNbcGFyYW1JbmRleF0uY3J5cHRvTWV0YWRhdGEgPSB7XG4gICAgICAgICAgICAgIGNla0VudHJ5OiBjZWtFbnRyeSxcbiAgICAgICAgICAgICAgb3JkaW5hbDogY2VrT3JkaW5hbCxcbiAgICAgICAgICAgICAgY2lwaGVyQWxnb3JpdGhtSWQ6IGNvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0Mi5Db2x1bW5FbmNyeXB0aW9uQWxnb3JpdGhtXS52YWx1ZSxcbiAgICAgICAgICAgICAgZW5jcnlwdGlvblR5cGU6IGVuY1R5cGUsXG4gICAgICAgICAgICAgIG5vcm1hbGl6YXRpb25SdWxlVmVyc2lvbjogQnVmZmVyLmZyb20oW2NvbHVtbnNbRGVzY3JpYmVQYXJhbWV0ZXJFbmNyeXB0aW9uUmVzdWx0U2V0Mi5Ob3JtYWxpemF0aW9uUnVsZVZlcnNpb25dLnZhbHVlXSksXG4gICAgICAgICAgICB9O1xuICAgICAgICAgICAgZGVjcnlwdFN5bW1ldHJpY0tleVByb21pc2VzLnB1c2goZGVjcnlwdFN5bW1ldHJpY0tleShyZXF1ZXN0LnBhcmFtZXRlcnNbcGFyYW1JbmRleF0uY3J5cHRvTWV0YWRhdGEgYXMgQ3J5cHRvTWV0YWRhdGEsIGNvbm5lY3Rpb24uY29uZmlnLm9wdGlvbnMpKTtcbiAgICAgICAgICB9IGVsc2UgaWYgKHJlcXVlc3QucGFyYW1ldGVyc1twYXJhbUluZGV4XS5mb3JjZUVuY3J5cHQgPT09IHRydWUpIHtcbiAgICAgICAgICAgIHJldHVybiBjYWxsYmFjayhuZXcgRXJyb3IoYENhbm5vdCBleGVjdXRlIHN0YXRlbWVudCBvciBwcm9jZWR1cmUgJHtyZXF1ZXN0LnNxbFRleHRPclByb2NlZHVyZX0gYmVjYXVzZSBGb3JjZSBFbmNyeXB0aW9uIHdhcyBzZXQgYXMgdHJ1ZSBmb3IgcGFyYW1ldGVyICR7cGFyYW1JbmRleCArIDF9IGFuZCB0aGUgZGF0YWJhc2UgZXhwZWN0cyB0aGlzIHBhcmFtZXRlciB0byBiZSBzZW50IGFzIHBsYWludGV4dC4gVGhpcyBtYXkgYmUgZHVlIHRvIGEgY29uZmlndXJhdGlvbiBlcnJvci5gKSk7XG4gICAgICAgICAgfVxuICAgICAgICB9XG4gICAgICB9IGNhdGNoIHtcbiAgICAgICAgcmV0dXJuIGNhbGxiYWNrKG5ldyBFcnJvcihgSW50ZXJuYWwgZXJyb3IuIFVuYWJsZSB0byBwYXJzZSBwYXJhbWV0ZXIgZW5jcnlwdGlvbiBtZXRhZGF0YSBpbiBzdGF0ZW1lbnQgb3IgcHJvY2VkdXJlIFwiJHtyZXF1ZXN0LnNxbFRleHRPclByb2NlZHVyZX1cImApKTtcbiAgICAgIH1cbiAgICB9XG5cbiAgICBpZiAocGFyYW1Db3VudCAhPT0gcmVxdWVzdC5wYXJhbWV0ZXJzLmxlbmd0aCkge1xuICAgICAgcmV0dXJuIGNhbGxiYWNrKG5ldyBFcnJvcihgSW50ZXJuYWwgZXJyb3IuIE1ldGFkYXRhIGZvciBzb21lIHBhcmFtZXRlcnMgaW4gc3RhdGVtZW50IG9yIHByb2NlZHVyZSBcIiR7cmVxdWVzdC5zcWxUZXh0T3JQcm9jZWR1cmV9XCIgaXMgbWlzc2luZyBpbiB0aGUgcmVzdWx0c2V0IHJldHVybmVkIGJ5IHNwX2Rlc2NyaWJlX3BhcmFtZXRlcl9lbmNyeXB0aW9uLmApKTtcbiAgICB9XG5cbiAgICByZXR1cm4gUHJvbWlzZS5hbGwoZGVjcnlwdFN5bW1ldHJpY0tleVByb21pc2VzKS50aGVuKCgpID0+IHtcbiAgICAgIHJlcXVlc3QuY3J5cHRvTWV0YWRhdGFMb2FkZWQgPSB0cnVlO1xuICAgICAgcHJvY2Vzcy5uZXh0VGljayhjYWxsYmFjayk7XG4gICAgfSwgKGVycm9yKSA9PiB7XG4gICAgICBwcm9jZXNzLm5leHRUaWNrKGNhbGxiYWNrLCBlcnJvcik7XG4gICAgfSk7XG4gIH0pO1xuXG4gIG1ldGFkYXRhUmVxdWVzdC5hZGRQYXJhbWV0ZXIoJ3RzcWwnLCBUWVBFUy5OVmFyQ2hhciwgcmVxdWVzdC5zcWxUZXh0T3JQcm9jZWR1cmUpO1xuICBpZiAocmVxdWVzdC5wYXJhbWV0ZXJzLmxlbmd0aCkge1xuICAgIG1ldGFkYXRhUmVxdWVzdC5hZGRQYXJhbWV0ZXIoJ3BhcmFtcycsIFRZUEVTLk5WYXJDaGFyLCBtZXRhZGF0YVJlcXVlc3QubWFrZVBhcmFtc1BhcmFtZXRlcihyZXF1ZXN0LnBhcmFtZXRlcnMpKTtcbiAgfVxuXG4gIGNvbnN0IHJlc3VsdFJvd3M6IGFueVtdID0gW107XG5cbiAgbWV0YWRhdGFSZXF1ZXN0Lm9uKCdyb3cnLCAoY29sdW1uczogYW55KSA9PiB7XG4gICAgcmVzdWx0Um93cy5wdXNoKGNvbHVtbnMpO1xuICB9KTtcblxuICBjb25uZWN0aW9uLm1ha2VSZXF1ZXN0KG1ldGFkYXRhUmVxdWVzdCwgVFlQRS5SUENfUkVRVUVTVCwgbmV3IFJwY1JlcXVlc3RQYXlsb2FkKG1ldGFkYXRhUmVxdWVzdC5zcWxUZXh0T3JQcm9jZWR1cmUhLCBtZXRhZGF0YVJlcXVlc3QucGFyYW1ldGVycywgY29ubmVjdGlvbi5jdXJyZW50VHJhbnNhY3Rpb25EZXNjcmlwdG9yKCksIGNvbm5lY3Rpb24uY29uZmlnLm9wdGlvbnMsIGNvbm5lY3Rpb24uZGF0YWJhc2VDb2xsYXRpb24pKTtcbn07XG4iXSwibWFwcGluZ3MiOiI7Ozs7OztBQUdBLElBQUFBLE1BQUEsR0FBQUMsT0FBQTtBQUNBLElBQUFDLFNBQUEsR0FBQUQsT0FBQTtBQUNBLElBQUFFLFVBQUEsR0FBQUYsT0FBQTtBQUNBLElBQUFHLFNBQUEsR0FBQUgsT0FBQTtBQUNBLElBQUFJLFFBQUEsR0FBQUMsc0JBQUEsQ0FBQUwsT0FBQTtBQUVBLElBQUFNLGtCQUFBLEdBQUFELHNCQUFBLENBQUFMLE9BQUE7QUFDQSxJQUFBTyxPQUFBLEdBQUFQLE9BQUE7QUFBaUMsU0FBQUssdUJBQUFHLENBQUEsV0FBQUEsQ0FBQSxJQUFBQSxDQUFBLENBQUFDLFVBQUEsR0FBQUQsQ0FBQSxLQUFBRSxPQUFBLEVBQUFGLENBQUE7QUFWakM7QUFDQTs7QUFXTyxNQUFNRyw4QkFBOEIsR0FBR0EsQ0FBQ0MsVUFBc0IsRUFBRUMsT0FBZ0IsRUFBRUMsUUFBaUMsS0FBSztFQUM3SCxJQUFJRCxPQUFPLENBQUNFLG9CQUFvQixLQUFLLElBQUksRUFBRTtJQUN6QyxPQUFPRCxRQUFRLENBQUMsQ0FBQztFQUNuQjtFQUVBLE1BQU1FLGVBQWUsR0FBRyxJQUFJQyxnQkFBTyxDQUFDLGtDQUFrQyxFQUFHQyxLQUFLLElBQUs7SUFDakYsSUFBSUEsS0FBSyxFQUFFO01BQ1QsT0FBT0osUUFBUSxDQUFDSSxLQUFLLENBQUM7SUFDeEI7SUFFQSxNQUFNQywyQkFBNEMsR0FBRyxFQUFFO0lBQ3ZELE1BQU1DLE9BQW1CLEdBQUcsRUFBRTtJQUM5QixJQUFJQyxVQUFVLEdBQUcsQ0FBQztJQUVsQixLQUFLLE1BQU1DLE9BQU8sSUFBSUMsVUFBVSxFQUFFO01BQ2hDLElBQUk7UUFDRixNQUFNQyxnQkFBZ0IsR0FBR0YsT0FBTyxDQUFDRyxJQUFJLENBQUVDLEdBQVEsSUFBSyxDQUFDQSxHQUFHLElBQUlBLEdBQUcsQ0FBQ0MsUUFBUSxJQUFJRCxHQUFHLENBQUNDLFFBQVEsQ0FBQ0MsT0FBTyxNQUFNLGFBQWEsQ0FBQztRQUNwSCxJQUFJSixnQkFBZ0IsS0FBSyxJQUFJLEVBQUU7VUFDN0IsTUFBTUssY0FBYyxHQUFHUCxPQUFPLENBQUNRLDRDQUFxQyxDQUFDQyxVQUFVLENBQUMsQ0FBQ0MsS0FBSztVQUN0RixJQUFJQyxRQUFrQjtVQUN0QixJQUFJLENBQUNiLE9BQU8sQ0FBQ1MsY0FBYyxDQUFDLEVBQUU7WUFDNUJJLFFBQVEsR0FBRyxJQUFJQyxrQkFBUSxDQUFDTCxjQUFjLENBQUM7WUFDdkNULE9BQU8sQ0FBQ2EsUUFBUSxDQUFDRSxPQUFPLENBQUMsR0FBR0YsUUFBUTtVQUN0QyxDQUFDLE1BQU07WUFDTEEsUUFBUSxHQUFHYixPQUFPLENBQUNTLGNBQWMsQ0FBQztVQUNwQztVQUNBSSxRQUFRLENBQUNHLEdBQUcsQ0FBQ2QsT0FBTyxDQUFDUSw0Q0FBcUMsQ0FBQ08sWUFBWSxDQUFDLENBQUNMLEtBQUssRUFDakVWLE9BQU8sQ0FBQ1EsNENBQXFDLENBQUNRLElBQUksQ0FBQyxDQUFDTixLQUFLLEVBQ3pEVixPQUFPLENBQUNRLDRDQUFxQyxDQUFDUyxLQUFLLENBQUMsQ0FBQ1AsS0FBSyxFQUMxRFYsT0FBTyxDQUFDUSw0Q0FBcUMsQ0FBQ1UsVUFBVSxDQUFDLENBQUNSLEtBQUssRUFDL0RWLE9BQU8sQ0FBQ1EsNENBQXFDLENBQUNXLFlBQVksQ0FBQyxDQUFDVCxLQUFLLEVBQ2pFVixPQUFPLENBQUNRLDRDQUFxQyxDQUFDWSxPQUFPLENBQUMsQ0FBQ1YsS0FBSyxFQUM1RFYsT0FBTyxDQUFDUSw0Q0FBcUMsQ0FBQ2EsWUFBWSxDQUFDLENBQUNYLEtBQUssRUFDakVWLE9BQU8sQ0FBQ1EsNENBQXFDLENBQUNjLHNCQUFzQixDQUFDLENBQUNaLEtBQUssQ0FBQztRQUMzRixDQUFDLE1BQU07VUFDTFgsVUFBVSxFQUFFO1VBQ1osTUFBTXdCLFNBQWlCLEdBQUd2QixPQUFPLENBQUN3Qiw0Q0FBcUMsQ0FBQ0MsYUFBYSxDQUFDLENBQUNmLEtBQUs7VUFDNUYsTUFBTWdCLFVBQWtCLEdBQUduQyxPQUFPLENBQUNvQyxVQUFVLENBQUNDLFNBQVMsQ0FBRUMsS0FBZ0IsSUFBS04sU0FBUyxLQUFLLElBQUlNLEtBQUssQ0FBQ0MsSUFBSSxFQUFFLENBQUM7VUFDN0csTUFBTUMsVUFBa0IsR0FBRy9CLE9BQU8sQ0FBQ3dCLDRDQUFxQyxDQUFDUSwwQkFBMEIsQ0FBQyxDQUFDdEIsS0FBSztVQUMxRyxNQUFNQyxRQUFrQixHQUFHYixPQUFPLENBQUNpQyxVQUFVLENBQUM7VUFFOUMsSUFBSXBCLFFBQVEsSUFBSWIsT0FBTyxDQUFDbUMsTUFBTSxHQUFHRixVQUFVLEVBQUU7WUFDM0MsT0FBT3ZDLFFBQVEsQ0FBQyxJQUFJMEMsS0FBSyxDQUFDLGlFQUFpRUgsVUFBVSx5R0FBeUdqQyxPQUFPLENBQUNtQyxNQUFNLElBQUksQ0FBQyxDQUFDO1VBQ3BPO1VBRUEsTUFBTUUsT0FBTyxHQUFHbkMsT0FBTyxDQUFDd0IsNENBQXFDLENBQUNZLG1CQUFtQixDQUFDLENBQUMxQixLQUFLO1VBQ3hGLElBQUkyQiw4QkFBdUIsQ0FBQ0MsU0FBUyxLQUFLSCxPQUFPLEVBQUU7WUFDakQ1QyxPQUFPLENBQUNvQyxVQUFVLENBQUNELFVBQVUsQ0FBQyxDQUFDYSxjQUFjLEdBQUc7Y0FDOUM1QixRQUFRLEVBQUVBLFFBQVE7Y0FDbEJFLE9BQU8sRUFBRWtCLFVBQVU7Y0FDbkJTLGlCQUFpQixFQUFFeEMsT0FBTyxDQUFDd0IsNENBQXFDLENBQUNpQix5QkFBeUIsQ0FBQyxDQUFDL0IsS0FBSztjQUNqR2dDLGNBQWMsRUFBRVAsT0FBTztjQUN2QlEsd0JBQXdCLEVBQUVDLE1BQU0sQ0FBQ0MsSUFBSSxDQUFDLENBQUM3QyxPQUFPLENBQUN3Qiw0Q0FBcUMsQ0FBQ3NCLHdCQUF3QixDQUFDLENBQUNwQyxLQUFLLENBQUM7WUFDdkgsQ0FBQztZQUNEYiwyQkFBMkIsQ0FBQ2tELElBQUksQ0FBQyxJQUFBQyw4QkFBbUIsRUFBQ3pELE9BQU8sQ0FBQ29DLFVBQVUsQ0FBQ0QsVUFBVSxDQUFDLENBQUNhLGNBQWMsRUFBb0JqRCxVQUFVLENBQUMyRCxNQUFNLENBQUNDLE9BQU8sQ0FBQyxDQUFDO1VBQ25KLENBQUMsTUFBTSxJQUFJM0QsT0FBTyxDQUFDb0MsVUFBVSxDQUFDRCxVQUFVLENBQUMsQ0FBQ3lCLFlBQVksS0FBSyxJQUFJLEVBQUU7WUFDL0QsT0FBTzNELFFBQVEsQ0FBQyxJQUFJMEMsS0FBSyxDQUFDLHlDQUF5QzNDLE9BQU8sQ0FBQzZELGtCQUFrQiwyREFBMkQxQixVQUFVLEdBQUcsQ0FBQyw2R0FBNkcsQ0FBQyxDQUFDO1VBQ3ZSO1FBQ0Y7TUFDRixDQUFDLENBQUMsTUFBTTtRQUNOLE9BQU9sQyxRQUFRLENBQUMsSUFBSTBDLEtBQUssQ0FBQyw0RkFBNEYzQyxPQUFPLENBQUM2RCxrQkFBa0IsR0FBRyxDQUFDLENBQUM7TUFDdko7SUFDRjtJQUVBLElBQUlyRCxVQUFVLEtBQUtSLE9BQU8sQ0FBQ29DLFVBQVUsQ0FBQ00sTUFBTSxFQUFFO01BQzVDLE9BQU96QyxRQUFRLENBQUMsSUFBSTBDLEtBQUssQ0FBQywyRUFBMkUzQyxPQUFPLENBQUM2RCxrQkFBa0IsNkVBQTZFLENBQUMsQ0FBQztJQUNoTjtJQUVBLE9BQU9DLE9BQU8sQ0FBQ0MsR0FBRyxDQUFDekQsMkJBQTJCLENBQUMsQ0FBQzBELElBQUksQ0FBQyxNQUFNO01BQ3pEaEUsT0FBTyxDQUFDRSxvQkFBb0IsR0FBRyxJQUFJO01BQ25DK0QsT0FBTyxDQUFDQyxRQUFRLENBQUNqRSxRQUFRLENBQUM7SUFDNUIsQ0FBQyxFQUFHSSxLQUFLLElBQUs7TUFDWjRELE9BQU8sQ0FBQ0MsUUFBUSxDQUFDakUsUUFBUSxFQUFFSSxLQUFLLENBQUM7SUFDbkMsQ0FBQyxDQUFDO0VBQ0osQ0FBQyxDQUFDO0VBRUZGLGVBQWUsQ0FBQ2dFLFlBQVksQ0FBQyxNQUFNLEVBQUVDLG9CQUFLLENBQUNDLFFBQVEsRUFBRXJFLE9BQU8sQ0FBQzZELGtCQUFrQixDQUFDO0VBQ2hGLElBQUk3RCxPQUFPLENBQUNvQyxVQUFVLENBQUNNLE1BQU0sRUFBRTtJQUM3QnZDLGVBQWUsQ0FBQ2dFLFlBQVksQ0FBQyxRQUFRLEVBQUVDLG9CQUFLLENBQUNDLFFBQVEsRUFBRWxFLGVBQWUsQ0FBQ21FLG1CQUFtQixDQUFDdEUsT0FBTyxDQUFDb0MsVUFBVSxDQUFDLENBQUM7RUFDakg7RUFFQSxNQUFNMUIsVUFBaUIsR0FBRyxFQUFFO0VBRTVCUCxlQUFlLENBQUNvRSxFQUFFLENBQUMsS0FBSyxFQUFHOUQsT0FBWSxJQUFLO0lBQzFDQyxVQUFVLENBQUM4QyxJQUFJLENBQUMvQyxPQUFPLENBQUM7RUFDMUIsQ0FBQyxDQUFDO0VBRUZWLFVBQVUsQ0FBQ3lFLFdBQVcsQ0FBQ3JFLGVBQWUsRUFBRXNFLFlBQUksQ0FBQ0MsV0FBVyxFQUFFLElBQUlDLDBCQUFpQixDQUFDeEUsZUFBZSxDQUFDMEQsa0JBQWtCLEVBQUcxRCxlQUFlLENBQUNpQyxVQUFVLEVBQUVyQyxVQUFVLENBQUM2RSw0QkFBNEIsQ0FBQyxDQUFDLEVBQUU3RSxVQUFVLENBQUMyRCxNQUFNLENBQUNDLE9BQU8sRUFBRTVELFVBQVUsQ0FBQzhFLGlCQUFpQixDQUFDLENBQUM7QUFDdlAsQ0FBQztBQUFDQyxPQUFBLENBQUFoRiw4QkFBQSxHQUFBQSw4QkFBQSIsImlnbm9yZUxpc3QiOltdfQ==

package/lib/always-encrypted/get-parameter-encryption-metadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"get-parameter-encryption-metadata.js","names":["_types","require","_cekEntry","_keyCrypto","_dataType","_request","_interopRequireDefault","_rpcrequestPayload","_packet","e","__esModule","default","getParameterEncryptionMetadata","connection","request","callback","cryptoMetadataLoaded","metadataRequest","Request","error","decryptSymmetricKeyPromises","cekList","paramCount","columns","resultRows","isFirstRecordSet","some","col","metadata","colName","currentOrdinal","DescribeParameterEncryptionResultSet1","KeyOrdinal","value","cekEntry","CEKEntry","ordinal","add","EncryptedKey","DbId","KeyId","KeyVersion","KeyMdVersion","KeyPath","ProviderName","KeyEncryptionAlgorithm","paramName","DescribeParameterEncryptionResultSet2","ParameterName","paramIndex","parameters","findIndex","param","name","cekOrdinal","ColumnEncryptionKeyOrdinal","length","Error","encType","ColumnEncrytionType","SQLServerEncryptionType","PlainText","cryptoMetadata","cipherAlgorithmId","ColumnEncryptionAlgorithm","encryptionType","normalizationRuleVersion","Buffer","from","NormalizationRuleVersion","push","decryptSymmetricKey","config","options","forceEncrypt","sqlTextOrProcedure","Promise","all","then","process","nextTick","addParameter","TYPES","NVarChar","makeParamsParameter","on","makeRequest","TYPE","RPC_REQUEST","RpcRequestPayload","currentTransactionDescriptor","databaseCollation","exports"],"sources":["../../src/always-encrypted/get-parameter-encryption-metadata.ts"],"sourcesContent":["// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.\n// Copyright (c) 2019 Microsoft Corporation\n\nimport { SQLServerEncryptionType, type CryptoMetadata, DescribeParameterEncryptionResultSet1, DescribeParameterEncryptionResultSet2 } from './types';\nimport { CEKEntry } from './cek-entry';\nimport { decryptSymmetricKey } from './key-crypto';\nimport { typeByName as TYPES, type Parameter } from '../data-type';\nimport Request from '../request';\nimport Connection from '../connection';\nimport RpcRequestPayload from '../rpcrequest-payload';\nimport { TYPE } from '../packet';\n\nexport const getParameterEncryptionMetadata = (connection: Connection, request: Request, callback: (error?: Error) => void) => {\n  if (request.cryptoMetadataLoaded === true) {\n    return callback();\n  }\n\n  const metadataRequest = new Request('sp_describe_parameter_encryption', (error) => {\n    if (error) {\n      return callback(error);\n    }\n\n    const decryptSymmetricKeyPromises: Promise<void>[] = [];\n    const cekList: CEKEntry[] = [];\n    let paramCount = 0;\n\n    for (const columns of resultRows) {\n      try {\n        const isFirstRecordSet = columns.some((col: any) => (col && col.metadata && col.metadata.colName) === 'database_id');\n        if (isFirstRecordSet === true) {\n          const currentOrdinal = columns[DescribeParameterEncryptionResultSet1.KeyOrdinal].value;\n          let cekEntry: CEKEntry;\n          if (!cekList[currentOrdinal]) {\n            cekEntry = new CEKEntry(currentOrdinal);\n            cekList[cekEntry.ordinal] = cekEntry;\n          } else {\n            cekEntry = cekList[currentOrdinal];\n          }\n          cekEntry.add(columns[DescribeParameterEncryptionResultSet1.EncryptedKey].value,\n                       columns[DescribeParameterEncryptionResultSet1.DbId].value,\n                       columns[DescribeParameterEncryptionResultSet1.KeyId].value,\n                       columns[DescribeParameterEncryptionResultSet1.KeyVersion].value,\n                       columns[DescribeParameterEncryptionResultSet1.KeyMdVersion].value,\n                       columns[DescribeParameterEncryptionResultSet1.KeyPath].value,\n                       columns[DescribeParameterEncryptionResultSet1.ProviderName].value,\n                       columns[DescribeParameterEncryptionResultSet1.KeyEncryptionAlgorithm].value);\n        } else {\n          paramCount++;\n          const paramName: string = columns[DescribeParameterEncryptionResultSet2.ParameterName].value;\n          const paramIndex: number = request.parameters.findIndex((param: Parameter) => paramName === `@${param.name}`);\n          const cekOrdinal: number = columns[DescribeParameterEncryptionResultSet2.ColumnEncryptionKeyOrdinal].value;\n          const cekEntry: CEKEntry = cekList[cekOrdinal];\n\n          if (cekEntry && cekList.length < cekOrdinal) {\n            return callback(new Error(`Internal error. The referenced column encryption key ordinal \"${cekOrdinal}\" is missing in the encryption metadata returned by sp_describe_parameter_encryption. Max ordinal is \"${cekList.length}\".`));\n          }\n\n          const encType = columns[DescribeParameterEncryptionResultSet2.ColumnEncrytionType].value;\n          if (SQLServerEncryptionType.PlainText !== encType) {\n            request.parameters[paramIndex].cryptoMetadata = {\n              cekEntry: cekEntry,\n              ordinal: cekOrdinal,\n              cipherAlgorithmId: columns[DescribeParameterEncryptionResultSet2.ColumnEncryptionAlgorithm].value,\n              encryptionType: encType,\n              normalizationRuleVersion: Buffer.from([columns[DescribeParameterEncryptionResultSet2.NormalizationRuleVersion].value]),\n            };\n            decryptSymmetricKeyPromises.push(decryptSymmetricKey(request.parameters[paramIndex].cryptoMetadata as CryptoMetadata, connection.config.options));\n          } else if (request.parameters[paramIndex].forceEncrypt === true) {\n            return callback(new Error(`Cannot execute statement or procedure ${request.sqlTextOrProcedure} because Force Encryption was set as true for parameter ${paramIndex + 1} and the database expects this parameter to be sent as plaintext. This may be due to a configuration error.`));\n          }\n        }\n      } catch {\n        return callback(new Error(`Internal error. Unable to parse parameter encryption metadata in statement or procedure \"${request.sqlTextOrProcedure}\"`));\n      }\n    }\n\n    if (paramCount !== request.parameters.length) {\n      return callback(new Error(`Internal error. Metadata for some parameters in statement or procedure \"${request.sqlTextOrProcedure}\" is missing in the resultset returned by sp_describe_parameter_encryption.`));\n    }\n\n    return Promise.all(decryptSymmetricKeyPromises).then(() => {\n      request.cryptoMetadataLoaded = true;\n      process.nextTick(callback);\n    }, (error) => {\n      process.nextTick(callback, error);\n    });\n  });\n\n  metadataRequest.addParameter('tsql', TYPES.NVarChar, request.sqlTextOrProcedure);\n  if (request.parameters.length) {\n    metadataRequest.addParameter('params', TYPES.NVarChar, metadataRequest.makeParamsParameter(request.parameters));\n  }\n\n  const resultRows: any[] = [];\n\n  metadataRequest.on('row', (columns: any) => {\n    resultRows.push(columns);\n  });\n\n  connection.makeRequest(metadataRequest, TYPE.RPC_REQUEST, new RpcRequestPayload(metadataRequest.sqlTextOrProcedure!, metadataRequest.parameters, connection.currentTransactionDescriptor(), connection.config.options, connection.databaseCollation));\n};\n"],"mappings":";;;;;;AAGA,IAAAA,MAAA,GAAAC,OAAA;AACA,IAAAC,SAAA,GAAAD,OAAA;AACA,IAAAE,UAAA,GAAAF,OAAA;AACA,IAAAG,SAAA,GAAAH,OAAA;AACA,IAAAI,QAAA,GAAAC,sBAAA,CAAAL,OAAA;AAEA,IAAAM,kBAAA,GAAAD,sBAAA,CAAAL,OAAA;AACA,IAAAO,OAAA,GAAAP,OAAA;AAAiC,SAAAK,uBAAAG,CAAA,WAAAA,CAAA,IAAAA,CAAA,CAAAC,UAAA,GAAAD,CAAA,KAAAE,OAAA,EAAAF,CAAA;AAVjC;AACA;;AAWO,MAAMG,8BAA8B,GAAGA,CAACC,UAAsB,EAAEC,OAAgB,EAAEC,QAAiC,KAAK;EAC7H,IAAID,OAAO,CAACE,oBAAoB,KAAK,IAAI,EAAE;IACzC,OAAOD,QAAQ,CAAC,CAAC;EACnB;EAEA,MAAME,eAAe,GAAG,IAAIC,gBAAO,CAAC,kCAAkC,EAAGC,KAAK,IAAK;IACjF,IAAIA,KAAK,EAAE;MACT,OAAOJ,QAAQ,CAACI,KAAK,CAAC;IACxB;IAEA,MAAMC,2BAA4C,GAAG,EAAE;IACvD,MAAMC,OAAmB,GAAG,EAAE;IAC9B,IAAIC,UAAU,GAAG,CAAC;IAElB,KAAK,MAAMC,OAAO,IAAIC,UAAU,EAAE;MAChC,IAAI;QACF,MAAMC,gBAAgB,GAAGF,OAAO,CAACG,IAAI,CAAEC,GAAQ,IAAK,CAACA,GAAG,IAAIA,GAAG,CAACC,QAAQ,IAAID,GAAG,CAACC,QAAQ,CAACC,OAAO,MAAM,aAAa,CAAC;QACpH,IAAIJ,gBAAgB,KAAK,IAAI,EAAE;UAC7B,MAAMK,cAAc,GAAGP,OAAO,CAACQ,4CAAqC,CAACC,UAAU,CAAC,CAACC,KAAK;UACtF,IAAIC,QAAkB;UACtB,IAAI,CAACb,OAAO,CAACS,cAAc,CAAC,EAAE;YAC5BI,QAAQ,GAAG,IAAIC,kBAAQ,CAACL,cAAc,CAAC;YACvCT,OAAO,CAACa,QAAQ,CAACE,OAAO,CAAC,GAAGF,QAAQ;UACtC,CAAC,MAAM;YACLA,QAAQ,GAAGb,OAAO,CAACS,cAAc,CAAC;UACpC;UACAI,QAAQ,CAACG,GAAG,CAACd,OAAO,CAACQ,4CAAqC,CAACO,YAAY,CAAC,CAACL,KAAK,EACjEV,OAAO,CAACQ,4CAAqC,CAACQ,IAAI,CAAC,CAACN,KAAK,EACzDV,OAAO,CAACQ,4CAAqC,CAACS,KAAK,CAAC,CAACP,KAAK,EAC1DV,OAAO,CAACQ,4CAAqC,CAACU,UAAU,CAAC,CAACR,KAAK,EAC/DV,OAAO,CAACQ,4CAAqC,CAACW,YAAY,CAAC,CAACT,KAAK,EACjEV,OAAO,CAACQ,4CAAqC,CAACY,OAAO,CAAC,CAACV,KAAK,EAC5DV,OAAO,CAACQ,4CAAqC,CAACa,YAAY,CAAC,CAACX,KAAK,EACjEV,OAAO,CAACQ,4CAAqC,CAACc,sBAAsB,CAAC,CAACZ,KAAK,CAAC;QAC3F,CAAC,MAAM;UACLX,UAAU,EAAE;UACZ,MAAMwB,SAAiB,GAAGvB,OAAO,CAACwB,4CAAqC,CAACC,aAAa,CAAC,CAACf,KAAK;UAC5F,MAAMgB,UAAkB,GAAGnC,OAAO,CAACoC,UAAU,CAACC,SAAS,CAAEC,KAAgB,IAAKN,SAAS,KAAK,IAAIM,KAAK,CAACC,IAAI,EAAE,CAAC;UAC7G,MAAMC,UAAkB,GAAG/B,OAAO,CAACwB,4CAAqC,CAACQ,0BAA0B,CAAC,CAACtB,KAAK;UAC1G,MAAMC,QAAkB,GAAGb,OAAO,CAACiC,UAAU,CAAC;UAE9C,IAAIpB,QAAQ,IAAIb,OAAO,CAACmC,MAAM,GAAGF,UAAU,EAAE;YAC3C,OAAOvC,QAAQ,CAAC,IAAI0C,KAAK,CAAC,iEAAiEH,UAAU,yGAAyGjC,OAAO,CAACmC,MAAM,IAAI,CAAC,CAAC;UACpO;UAEA,MAAME,OAAO,GAAGnC,OAAO,CAACwB,4CAAqC,CAACY,mBAAmB,CAAC,CAAC1B,KAAK;UACxF,IAAI2B,8BAAuB,CAACC,SAAS,KAAKH,OAAO,EAAE;YACjD5C,OAAO,CAACoC,UAAU,CAACD,UAAU,CAAC,CAACa,cAAc,GAAG;cAC9C5B,QAAQ,EAAEA,QAAQ;cAClBE,OAAO,EAAEkB,UAAU;cACnBS,iBAAiB,EAAExC,OAAO,CAACwB,4CAAqC,CAACiB,yBAAyB,CAAC,CAAC/B,KAAK;cACjGgC,cAAc,EAAEP,OAAO;cACvBQ,wBAAwB,EAAEC,MAAM,CAACC,IAAI,CAAC,CAAC7C,OAAO,CAACwB,4CAAqC,CAACsB,wBAAwB,CAAC,CAACpC,KAAK,CAAC;YACvH,CAAC;YACDb,2BAA2B,CAACkD,IAAI,CAAC,IAAAC,8BAAmB,EAACzD,OAAO,CAACoC,UAAU,CAACD,UAAU,CAAC,CAACa,cAAc,EAAoBjD,UAAU,CAAC2D,MAAM,CAACC,OAAO,CAAC,CAAC;UACnJ,CAAC,MAAM,IAAI3D,OAAO,CAACoC,UAAU,CAACD,UAAU,CAAC,CAACyB,YAAY,KAAK,IAAI,EAAE;YAC/D,OAAO3D,QAAQ,CAAC,IAAI0C,KAAK,CAAC,yCAAyC3C,OAAO,CAAC6D,kBAAkB,2DAA2D1B,UAAU,GAAG,CAAC,6GAA6G,CAAC,CAAC;UACvR;QACF;MACF,CAAC,CAAC,MAAM;QACN,OAAOlC,QAAQ,CAAC,IAAI0C,KAAK,CAAC,4FAA4F3C,OAAO,CAAC6D,kBAAkB,GAAG,CAAC,CAAC;MACvJ;IACF;IAEA,IAAIrD,UAAU,KAAKR,OAAO,CAACoC,UAAU,CAACM,MAAM,EAAE;MAC5C,OAAOzC,QAAQ,CAAC,IAAI0C,KAAK,CAAC,2EAA2E3C,OAAO,CAAC6D,kBAAkB,6EAA6E,CAAC,CAAC;IAChN;IAEA,OAAOC,OAAO,CAACC,GAAG,CAACzD,2BAA2B,CAAC,CAAC0D,IAAI,CAAC,MAAM;MACzDhE,OAAO,CAACE,oBAAoB,GAAG,IAAI;MACnC+D,OAAO,CAACC,QAAQ,CAACjE,QAAQ,CAAC;IAC5B,CAAC,EAAGI,KAAK,IAAK;MACZ4D,OAAO,CAACC,QAAQ,CAACjE,QAAQ,EAAEI,KAAK,CAAC;IACnC,CAAC,CAAC;EACJ,CAAC,CAAC;EAEFF,eAAe,CAACgE,YAAY,CAAC,MAAM,EAAEC,oBAAK,CAACC,QAAQ,EAAErE,OAAO,CAAC6D,kBAAkB,CAAC;EAChF,IAAI7D,OAAO,CAACoC,UAAU,CAACM,MAAM,EAAE;IAC7BvC,eAAe,CAACgE,YAAY,CAAC,QAAQ,EAAEC,oBAAK,CAACC,QAAQ,EAAElE,eAAe,CAACmE,mBAAmB,CAACtE,OAAO,CAACoC,UAAU,CAAC,CAAC;EACjH;EAEA,MAAM1B,UAAiB,GAAG,EAAE;EAE5BP,eAAe,CAACoE,EAAE,CAAC,KAAK,EAAG9D,OAAY,IAAK;IAC1CC,UAAU,CAAC8C,IAAI,CAAC/C,OAAO,CAAC;EAC1B,CAAC,CAAC;EAEFV,UAAU,CAACyE,WAAW,CAACrE,eAAe,EAAEsE,YAAI,CAACC,WAAW,EAAE,IAAIC,0BAAiB,CAACxE,eAAe,CAAC0D,kBAAkB,EAAG1D,eAAe,CAACiC,UAAU,EAAErC,UAAU,CAAC6E,4BAA4B,CAAC,CAAC,EAAE7E,UAAU,CAAC2D,MAAM,CAACC,OAAO,EAAE5D,UAAU,CAAC8E,iBAAiB,CAAC,CAAC;AACvP,CAAC;AAACC,OAAA,CAAAhF,8BAAA,GAAAA,8BAAA","ignoreList":[]}

package/lib/always-encrypted/key-crypto.js

@@ -0,0 +1,94 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.validateAndGetEncryptionAlgorithmName = exports.encryptWithKey = exports.decryptWithKey = exports.decryptSymmetricKey = void 0;
+var _symmetricKeyCache = require("./symmetric-key-cache");
+var _aeadAes256CbcHmacAlgorithm = require("./aead-aes-256-cbc-hmac-algorithm");
+var _aeadAes256CbcHmacEncryptionKey = require("./aead-aes-256-cbc-hmac-encryption-key");
+// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.
+// Copyright (c) 2019 Microsoft Corporation
+
+const validateAndGetEncryptionAlgorithmName = (cipherAlgorithmId, cipherAlgorithmName) => {
+  if (cipherAlgorithmId !== 2) {
+    throw new Error('Custom cipher algorithm not supported.');
+  }
+  return _aeadAes256CbcHmacAlgorithm.algorithmName;
+};
+exports.validateAndGetEncryptionAlgorithmName = validateAndGetEncryptionAlgorithmName;
+const encryptWithKey = async (plaintext, md, options) => {
+  if (!options.trustedServerNameAE) {
+    throw new Error('Server name should not be null in EncryptWithKey');
+  }
+  if (!md.cipherAlgorithm) {
+    await decryptSymmetricKey(md, options);
+  }
+  if (!md.cipherAlgorithm) {
+    throw new Error('Cipher Algorithm should not be null in EncryptWithKey');
+  }
+  const cipherText = md.cipherAlgorithm.encryptData(plaintext);
+  if (!cipherText) {
+    throw new Error('Internal error. Ciphertext value cannot be null.');
+  }
+  return cipherText;
+};
+exports.encryptWithKey = encryptWithKey;
+const decryptWithKey = (cipherText, md, options) => {
+  if (!options.trustedServerNameAE) {
+    throw new Error('Server name should not be null in DecryptWithKey');
+  }
+
+  // if (!md.cipherAlgorithm) {
+  //   await decryptSymmetricKey(md, options);
+  // }
+
+  if (!md.cipherAlgorithm) {
+    throw new Error('Cipher Algorithm should not be null in DecryptWithKey');
+  }
+  const plainText = md.cipherAlgorithm.decryptData(cipherText);
+  if (!plainText) {
+    throw new Error('Internal error. Plaintext value cannot be null.');
+  }
+  return plainText;
+};
+exports.decryptWithKey = decryptWithKey;
+const decryptSymmetricKey = async (md, options) => {
+  if (!md) {
+    throw new Error('md should not be null in DecryptSymmetricKey.');
+  }
+  if (!md.cekEntry) {
+    throw new Error('md.EncryptionInfo should not be null in DecryptSymmetricKey.');
+  }
+  if (!md.cekEntry.columnEncryptionKeyValues) {
+    throw new Error('md.EncryptionInfo.ColumnEncryptionKeyValues should not be null in DecryptSymmetricKey.');
+  }
+  let symKey;
+  let encryptionKeyInfoChosen;
+  const CEKValues = md.cekEntry.columnEncryptionKeyValues;
+  let lastError;
+  for (const CEKValue of CEKValues) {
+    try {
+      symKey = await (0, _symmetricKeyCache.getKey)(CEKValue, options);
+      if (symKey) {
+        encryptionKeyInfoChosen = CEKValue;
+        break;
+      }
+    } catch (error) {
+      lastError = error;
+    }
+  }
+  if (!symKey) {
+    if (lastError) {
+      throw lastError;
+    } else {
+      throw new Error('Exception while decryption of encrypted column encryption key.');
+    }
+  }
+  const algorithmName = validateAndGetEncryptionAlgorithmName(md.cipherAlgorithmId, md.cipherAlgorithmName);
+  const cipherAlgorithm = new _aeadAes256CbcHmacAlgorithm.AeadAes256CbcHmac256Algorithm(new _aeadAes256CbcHmacEncryptionKey.AeadAes256CbcHmac256EncryptionKey(symKey.rootKey, algorithmName), md.encryptionType);
+  md.cipherAlgorithm = cipherAlgorithm;
+  md.encryptionKeyInfo = encryptionKeyInfoChosen;
+};
+exports.decryptSymmetricKey = decryptSymmetricKey;
+//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjozLCJuYW1lcyI6WyJfc3ltbWV0cmljS2V5Q2FjaGUiLCJyZXF1aXJlIiwiX2FlYWRBZXMyNTZDYmNIbWFjQWxnb3JpdGhtIiwiX2FlYWRBZXMyNTZDYmNIbWFjRW5jcnlwdGlvbktleSIsInZhbGlkYXRlQW5kR2V0RW5jcnlwdGlvbkFsZ29yaXRobU5hbWUiLCJjaXBoZXJBbGdvcml0aG1JZCIsImNpcGhlckFsZ29yaXRobU5hbWUiLCJFcnJvciIsImFsZ29yaXRobU5hbWUiLCJleHBvcnRzIiwiZW5jcnlwdFdpdGhLZXkiLCJwbGFpbnRleHQiLCJtZCIsIm9wdGlvbnMiLCJ0cnVzdGVkU2VydmVyTmFtZUFFIiwiY2lwaGVyQWxnb3JpdGhtIiwiZGVjcnlwdFN5bW1ldHJpY0tleSIsImNpcGhlclRleHQiLCJlbmNyeXB0RGF0YSIsImRlY3J5cHRXaXRoS2V5IiwicGxhaW5UZXh0IiwiZGVjcnlwdERhdGEiLCJjZWtFbnRyeSIsImNvbHVtbkVuY3J5cHRpb25LZXlWYWx1ZXMiLCJzeW1LZXkiLCJlbmNyeXB0aW9uS2V5SW5mb0Nob3NlbiIsIkNFS1ZhbHVlcyIsImxhc3RFcnJvciIsIkNFS1ZhbHVlIiwiZ2V0S2V5IiwiZXJyb3IiLCJBZWFkQWVzMjU2Q2JjSG1hYzI1NkFsZ29yaXRobSIsIkFlYWRBZXMyNTZDYmNIbWFjMjU2RW5jcnlwdGlvbktleSIsInJvb3RLZXkiLCJlbmNyeXB0aW9uVHlwZSIsImVuY3J5cHRpb25LZXlJbmZvIl0sInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Fsd2F5cy1lbmNyeXB0ZWQva2V5LWNyeXB0by50cyJdLCJzb3VyY2VzQ29udGVudCI6WyIvLyBUaGlzIGNvZGUgaXMgYmFzZWQgb24gdGhlIGBtc3NxbC1qZGJjYCBsaWJyYXJ5IHB1Ymxpc2hlZCB1bmRlciB0aGUgY29uZGl0aW9ucyBvZiBNSVQgbGljZW5zZS5cbi8vIENvcHlyaWdodCAoYykgMjAxOSBNaWNyb3NvZnQgQ29ycG9yYXRpb25cblxuaW1wb3J0IHsgdHlwZSBDcnlwdG9NZXRhZGF0YSwgdHlwZSBFbmNyeXB0aW9uS2V5SW5mbyB9IGZyb20gJy4vdHlwZXMnO1xuaW1wb3J0IHsgdHlwZSBJbnRlcm5hbENvbm5lY3Rpb25PcHRpb25zIGFzIENvbm5lY3Rpb25PcHRpb25zIH0gZnJvbSAnLi4vY29ubmVjdGlvbic7XG5pbXBvcnQgU3ltbWV0cmljS2V5IGZyb20gJy4vc3ltbWV0cmljLWtleSc7XG5pbXBvcnQgeyBnZXRLZXkgfSBmcm9tICcuL3N5bW1ldHJpYy1rZXktY2FjaGUnO1xuaW1wb3J0IHsgQWVhZEFlczI1NkNiY0htYWMyNTZBbGdvcml0aG0sIGFsZ29yaXRobU5hbWUgfSBmcm9tICcuL2FlYWQtYWVzLTI1Ni1jYmMtaG1hYy1hbGdvcml0aG0nO1xuaW1wb3J0IHsgQWVhZEFlczI1NkNiY0htYWMyNTZFbmNyeXB0aW9uS2V5IH0gZnJvbSAnLi9hZWFkLWFlcy0yNTYtY2JjLWhtYWMtZW5jcnlwdGlvbi1rZXknO1xuXG5leHBvcnQgY29uc3QgdmFsaWRhdGVBbmRHZXRFbmNyeXB0aW9uQWxnb3JpdGhtTmFtZSA9IChjaXBoZXJBbGdvcml0aG1JZDogbnVtYmVyLCBjaXBoZXJBbGdvcml0aG1OYW1lPzogc3RyaW5nKTogc3RyaW5nID0+IHtcbiAgaWYgKGNpcGhlckFsZ29yaXRobUlkICE9PSAyKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdDdXN0b20gY2lwaGVyIGFsZ29yaXRobSBub3Qgc3VwcG9ydGVkLicpO1xuICB9XG5cbiAgcmV0dXJuIGFsZ29yaXRobU5hbWU7XG59O1xuXG5leHBvcnQgY29uc3QgZW5jcnlwdFdpdGhLZXkgPSBhc3luYyAocGxhaW50ZXh0OiBCdWZmZXIsIG1kOiBDcnlwdG9NZXRhZGF0YSwgb3B0aW9uczogQ29ubmVjdGlvbk9wdGlvbnMpOiBQcm9taXNlPEJ1ZmZlcj4gPT4ge1xuICBpZiAoIW9wdGlvbnMudHJ1c3RlZFNlcnZlck5hbWVBRSkge1xuICAgIHRocm93IG5ldyBFcnJvcignU2VydmVyIG5hbWUgc2hvdWxkIG5vdCBiZSBudWxsIGluIEVuY3J5cHRXaXRoS2V5Jyk7XG4gIH1cblxuICBpZiAoIW1kLmNpcGhlckFsZ29yaXRobSkge1xuICAgIGF3YWl0IGRlY3J5cHRTeW1tZXRyaWNLZXkobWQsIG9wdGlvbnMpO1xuICB9XG5cbiAgaWYgKCFtZC5jaXBoZXJBbGdvcml0aG0pIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ0NpcGhlciBBbGdvcml0aG0gc2hvdWxkIG5vdCBiZSBudWxsIGluIEVuY3J5cHRXaXRoS2V5Jyk7XG4gIH1cblxuICBjb25zdCBjaXBoZXJUZXh0OiBCdWZmZXIgPSBtZC5jaXBoZXJBbGdvcml0aG0uZW5jcnlwdERhdGEocGxhaW50ZXh0KTtcblxuICBpZiAoIWNpcGhlclRleHQpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ0ludGVybmFsIGVycm9yLiBDaXBoZXJ0ZXh0IHZhbHVlIGNhbm5vdCBiZSBudWxsLicpO1xuICB9XG5cbiAgcmV0dXJuIGNpcGhlclRleHQ7XG59O1xuXG5leHBvcnQgY29uc3QgZGVjcnlwdFdpdGhLZXkgPSAoY2lwaGVyVGV4dDogQnVmZmVyLCBtZDogQ3J5cHRvTWV0YWRhdGEsIG9wdGlvbnM6IENvbm5lY3Rpb25PcHRpb25zKTogQnVmZmVyID0+IHtcbiAgaWYgKCFvcHRpb25zLnRydXN0ZWRTZXJ2ZXJOYW1lQUUpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ1NlcnZlciBuYW1lIHNob3VsZCBub3QgYmUgbnVsbCBpbiBEZWNyeXB0V2l0aEtleScpO1xuICB9XG5cbiAgLy8gaWYgKCFtZC5jaXBoZXJBbGdvcml0aG0pIHtcbiAgLy8gICBhd2FpdCBkZWNyeXB0U3ltbWV0cmljS2V5KG1kLCBvcHRpb25zKTtcbiAgLy8gfVxuXG4gIGlmICghbWQuY2lwaGVyQWxnb3JpdGhtKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdDaXBoZXIgQWxnb3JpdGhtIHNob3VsZCBub3QgYmUgbnVsbCBpbiBEZWNyeXB0V2l0aEtleScpO1xuICB9XG5cbiAgY29uc3QgcGxhaW5UZXh0OiBCdWZmZXIgPSBtZC5jaXBoZXJBbGdvcml0aG0uZGVjcnlwdERhdGEoY2lwaGVyVGV4dCk7XG5cbiAgaWYgKCFwbGFpblRleHQpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ0ludGVybmFsIGVycm9yLiBQbGFpbnRleHQgdmFsdWUgY2Fubm90IGJlIG51bGwuJyk7XG4gIH1cblxuICByZXR1cm4gcGxhaW5UZXh0O1xufTtcblxuZXhwb3J0IGNvbnN0IGRlY3J5cHRTeW1tZXRyaWNLZXkgPSBhc3luYyAobWQ6IENyeXB0b01ldGFkYXRhLCBvcHRpb25zOiBDb25uZWN0aW9uT3B0aW9ucyk6IFByb21pc2U8dm9pZD4gPT4ge1xuICBpZiAoIW1kKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdtZCBzaG91bGQgbm90IGJlIG51bGwgaW4gRGVjcnlwdFN5bW1ldHJpY0tleS4nKTtcbiAgfVxuXG4gIGlmICghbWQuY2VrRW50cnkpIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoJ21kLkVuY3J5cHRpb25JbmZvIHNob3VsZCBub3QgYmUgbnVsbCBpbiBEZWNyeXB0U3ltbWV0cmljS2V5LicpO1xuICB9XG5cbiAgaWYgKCFtZC5jZWtFbnRyeS5jb2x1bW5FbmNyeXB0aW9uS2V5VmFsdWVzKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKCdtZC5FbmNyeXB0aW9uSW5mby5Db2x1bW5FbmNyeXB0aW9uS2V5VmFsdWVzIHNob3VsZCBub3QgYmUgbnVsbCBpbiBEZWNyeXB0U3ltbWV0cmljS2V5LicpO1xuICB9XG5cbiAgbGV0IHN5bUtleTogU3ltbWV0cmljS2V5IHwgdW5kZWZpbmVkO1xuICBsZXQgZW5jcnlwdGlvbktleUluZm9DaG9zZW46IEVuY3J5cHRpb25LZXlJbmZvIHwgdW5kZWZpbmVkO1xuICBjb25zdCBDRUtWYWx1ZXM6IEVuY3J5cHRpb25LZXlJbmZvW10gPSBtZC5jZWtFbnRyeS5jb2x1bW5FbmNyeXB0aW9uS2V5VmFsdWVzO1xuICBsZXQgbGFzdEVycm9yOiBFcnJvciB8IHVuZGVmaW5lZDtcblxuICBmb3IgKGNvbnN0IENFS1ZhbHVlIG9mIENFS1ZhbHVlcykge1xuICAgIHRyeSB7XG4gICAgICBzeW1LZXkgPSBhd2FpdCBnZXRLZXkoQ0VLVmFsdWUsIG9wdGlvbnMpO1xuICAgICAgaWYgKHN5bUtleSkge1xuICAgICAgICBlbmNyeXB0aW9uS2V5SW5mb0Nob3NlbiA9IENFS1ZhbHVlO1xuICAgICAgICBicmVhaztcbiAgICAgIH1cbiAgICB9IGNhdGNoIChlcnJvcjogYW55KSB7XG4gICAgICBsYXN0RXJyb3IgPSBlcnJvcjtcbiAgICB9XG4gIH1cblxuICBpZiAoIXN5bUtleSkge1xuICAgIGlmIChsYXN0RXJyb3IpIHtcbiAgICAgIHRocm93IGxhc3RFcnJvcjtcbiAgICB9IGVsc2Uge1xuICAgICAgdGhyb3cgbmV3IEVycm9yKCdFeGNlcHRpb24gd2hpbGUgZGVjcnlwdGlvbiBvZiBlbmNyeXB0ZWQgY29sdW1uIGVuY3J5cHRpb24ga2V5LicpO1xuICAgIH1cbiAgfVxuXG4gIGNvbnN0IGFsZ29yaXRobU5hbWUgPSB2YWxpZGF0ZUFuZEdldEVuY3J5cHRpb25BbGdvcml0aG1OYW1lKG1kLmNpcGhlckFsZ29yaXRobUlkLCBtZC5jaXBoZXJBbGdvcml0aG1OYW1lKTtcbiAgY29uc3QgY2lwaGVyQWxnb3JpdGhtID0gbmV3IEFlYWRBZXMyNTZDYmNIbWFjMjU2QWxnb3JpdGhtKG5ldyBBZWFkQWVzMjU2Q2JjSG1hYzI1NkVuY3J5cHRpb25LZXkoc3ltS2V5LnJvb3RLZXksIGFsZ29yaXRobU5hbWUpLCBtZC5lbmNyeXB0aW9uVHlwZSk7XG5cbiAgbWQuY2lwaGVyQWxnb3JpdGhtID0gY2lwaGVyQWxnb3JpdGhtO1xuICBtZC5lbmNyeXB0aW9uS2V5SW5mbyA9IGVuY3J5cHRpb25LZXlJbmZvQ2hvc2VuIGFzIEVuY3J5cHRpb25LZXlJbmZvO1xufTtcbiJdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBTUEsSUFBQUEsa0JBQUEsR0FBQUMsT0FBQTtBQUNBLElBQUFDLDJCQUFBLEdBQUFELE9BQUE7QUFDQSxJQUFBRSwrQkFBQSxHQUFBRixPQUFBO0FBUkE7QUFDQTs7QUFTTyxNQUFNRyxxQ0FBcUMsR0FBR0EsQ0FBQ0MsaUJBQXlCLEVBQUVDLG1CQUE0QixLQUFhO0VBQ3hILElBQUlELGlCQUFpQixLQUFLLENBQUMsRUFBRTtJQUMzQixNQUFNLElBQUlFLEtBQUssQ0FBQyx3Q0FBd0MsQ0FBQztFQUMzRDtFQUVBLE9BQU9DLHlDQUFhO0FBQ3RCLENBQUM7QUFBQ0MsT0FBQSxDQUFBTCxxQ0FBQSxHQUFBQSxxQ0FBQTtBQUVLLE1BQU1NLGNBQWMsR0FBRyxNQUFBQSxDQUFPQyxTQUFpQixFQUFFQyxFQUFrQixFQUFFQyxPQUEwQixLQUFzQjtFQUMxSCxJQUFJLENBQUNBLE9BQU8sQ0FBQ0MsbUJBQW1CLEVBQUU7SUFDaEMsTUFBTSxJQUFJUCxLQUFLLENBQUMsa0RBQWtELENBQUM7RUFDckU7RUFFQSxJQUFJLENBQUNLLEVBQUUsQ0FBQ0csZUFBZSxFQUFFO0lBQ3ZCLE1BQU1DLG1CQUFtQixDQUFDSixFQUFFLEVBQUVDLE9BQU8sQ0FBQztFQUN4QztFQUVBLElBQUksQ0FBQ0QsRUFBRSxDQUFDRyxlQUFlLEVBQUU7SUFDdkIsTUFBTSxJQUFJUixLQUFLLENBQUMsdURBQXVELENBQUM7RUFDMUU7RUFFQSxNQUFNVSxVQUFrQixHQUFHTCxFQUFFLENBQUNHLGVBQWUsQ0FBQ0csV0FBVyxDQUFDUCxTQUFTLENBQUM7RUFFcEUsSUFBSSxDQUFDTSxVQUFVLEVBQUU7SUFDZixNQUFNLElBQUlWLEtBQUssQ0FBQyxrREFBa0QsQ0FBQztFQUNyRTtFQUVBLE9BQU9VLFVBQVU7QUFDbkIsQ0FBQztBQUFDUixPQUFBLENBQUFDLGNBQUEsR0FBQUEsY0FBQTtBQUVLLE1BQU1TLGNBQWMsR0FBR0EsQ0FBQ0YsVUFBa0IsRUFBRUwsRUFBa0IsRUFBRUMsT0FBMEIsS0FBYTtFQUM1RyxJQUFJLENBQUNBLE9BQU8sQ0FBQ0MsbUJBQW1CLEVBQUU7SUFDaEMsTUFBTSxJQUFJUCxLQUFLLENBQUMsa0RBQWtELENBQUM7RUFDckU7O0VBRUE7RUFDQTtFQUNBOztFQUVBLElBQUksQ0FBQ0ssRUFBRSxDQUFDRyxlQUFlLEVBQUU7SUFDdkIsTUFBTSxJQUFJUixLQUFLLENBQUMsdURBQXVELENBQUM7RUFDMUU7RUFFQSxNQUFNYSxTQUFpQixHQUFHUixFQUFFLENBQUNHLGVBQWUsQ0FBQ00sV0FBVyxDQUFDSixVQUFVLENBQUM7RUFFcEUsSUFBSSxDQUFDRyxTQUFTLEVBQUU7SUFDZCxNQUFNLElBQUliLEtBQUssQ0FBQyxpREFBaUQsQ0FBQztFQUNwRTtFQUVBLE9BQU9hLFNBQVM7QUFDbEIsQ0FBQztBQUFDWCxPQUFBLENBQUFVLGNBQUEsR0FBQUEsY0FBQTtBQUVLLE1BQU1ILG1CQUFtQixHQUFHLE1BQUFBLENBQU9KLEVBQWtCLEVBQUVDLE9BQTBCLEtBQW9CO0VBQzFHLElBQUksQ0FBQ0QsRUFBRSxFQUFFO0lBQ1AsTUFBTSxJQUFJTCxLQUFLLENBQUMsK0NBQStDLENBQUM7RUFDbEU7RUFFQSxJQUFJLENBQUNLLEVBQUUsQ0FBQ1UsUUFBUSxFQUFFO0lBQ2hCLE1BQU0sSUFBSWYsS0FBSyxDQUFDLDhEQUE4RCxDQUFDO0VBQ2pGO0VBRUEsSUFBSSxDQUFDSyxFQUFFLENBQUNVLFFBQVEsQ0FBQ0MseUJBQXlCLEVBQUU7SUFDMUMsTUFBTSxJQUFJaEIsS0FBSyxDQUFDLHdGQUF3RixDQUFDO0VBQzNHO0VBRUEsSUFBSWlCLE1BQWdDO0VBQ3BDLElBQUlDLHVCQUFzRDtFQUMxRCxNQUFNQyxTQUE4QixHQUFHZCxFQUFFLENBQUNVLFFBQVEsQ0FBQ0MseUJBQXlCO0VBQzVFLElBQUlJLFNBQTRCO0VBRWhDLEtBQUssTUFBTUMsUUFBUSxJQUFJRixTQUFTLEVBQUU7SUFDaEMsSUFBSTtNQUNGRixNQUFNLEdBQUcsTUFBTSxJQUFBSyx5QkFBTSxFQUFDRCxRQUFRLEVBQUVmLE9BQU8sQ0FBQztNQUN4QyxJQUFJVyxNQUFNLEVBQUU7UUFDVkMsdUJBQXVCLEdBQUdHLFFBQVE7UUFDbEM7TUFDRjtJQUNGLENBQUMsQ0FBQyxPQUFPRSxLQUFVLEVBQUU7TUFDbkJILFNBQVMsR0FBR0csS0FBSztJQUNuQjtFQUNGO0VBRUEsSUFBSSxDQUFDTixNQUFNLEVBQUU7SUFDWCxJQUFJRyxTQUFTLEVBQUU7TUFDYixNQUFNQSxTQUFTO0lBQ2pCLENBQUMsTUFBTTtNQUNMLE1BQU0sSUFBSXBCLEtBQUssQ0FBQyxnRUFBZ0UsQ0FBQztJQUNuRjtFQUNGO0VBRUEsTUFBTUMsYUFBYSxHQUFHSixxQ0FBcUMsQ0FBQ1EsRUFBRSxDQUFDUCxpQkFBaUIsRUFBRU8sRUFBRSxDQUFDTixtQkFBbUIsQ0FBQztFQUN6RyxNQUFNUyxlQUFlLEdBQUcsSUFBSWdCLHlEQUE2QixDQUFDLElBQUlDLGlFQUFpQyxDQUFDUixNQUFNLENBQUNTLE9BQU8sRUFBRXpCLGFBQWEsQ0FBQyxFQUFFSSxFQUFFLENBQUNzQixjQUFjLENBQUM7RUFFbEp0QixFQUFFLENBQUNHLGVBQWUsR0FBR0EsZUFBZTtFQUNwQ0gsRUFBRSxDQUFDdUIsaUJBQWlCLEdBQUdWLHVCQUE0QztBQUNyRSxDQUFDO0FBQUNoQixPQUFBLENBQUFPLG1CQUFBLEdBQUFBLG1CQUFBIiwiaWdub3JlTGlzdCI6W119

package/lib/always-encrypted/key-crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-crypto.js","names":["_symmetricKeyCache","require","_aeadAes256CbcHmacAlgorithm","_aeadAes256CbcHmacEncryptionKey","validateAndGetEncryptionAlgorithmName","cipherAlgorithmId","cipherAlgorithmName","Error","algorithmName","exports","encryptWithKey","plaintext","md","options","trustedServerNameAE","cipherAlgorithm","decryptSymmetricKey","cipherText","encryptData","decryptWithKey","plainText","decryptData","cekEntry","columnEncryptionKeyValues","symKey","encryptionKeyInfoChosen","CEKValues","lastError","CEKValue","getKey","error","AeadAes256CbcHmac256Algorithm","AeadAes256CbcHmac256EncryptionKey","rootKey","encryptionType","encryptionKeyInfo"],"sources":["../../src/always-encrypted/key-crypto.ts"],"sourcesContent":["// This code is based on the `mssql-jdbc` library published under the conditions of MIT license.\n// Copyright (c) 2019 Microsoft Corporation\n\nimport { type CryptoMetadata, type EncryptionKeyInfo } from './types';\nimport { type InternalConnectionOptions as ConnectionOptions } from '../connection';\nimport SymmetricKey from './symmetric-key';\nimport { getKey } from './symmetric-key-cache';\nimport { AeadAes256CbcHmac256Algorithm, algorithmName } from './aead-aes-256-cbc-hmac-algorithm';\nimport { AeadAes256CbcHmac256EncryptionKey } from './aead-aes-256-cbc-hmac-encryption-key';\n\nexport const validateAndGetEncryptionAlgorithmName = (cipherAlgorithmId: number, cipherAlgorithmName?: string): string => {\n  if (cipherAlgorithmId !== 2) {\n    throw new Error('Custom cipher algorithm not supported.');\n  }\n\n  return algorithmName;\n};\n\nexport const encryptWithKey = async (plaintext: Buffer, md: CryptoMetadata, options: ConnectionOptions): Promise<Buffer> => {\n  if (!options.trustedServerNameAE) {\n    throw new Error('Server name should not be null in EncryptWithKey');\n  }\n\n  if (!md.cipherAlgorithm) {\n    await decryptSymmetricKey(md, options);\n  }\n\n  if (!md.cipherAlgorithm) {\n    throw new Error('Cipher Algorithm should not be null in EncryptWithKey');\n  }\n\n  const cipherText: Buffer = md.cipherAlgorithm.encryptData(plaintext);\n\n  if (!cipherText) {\n    throw new Error('Internal error. Ciphertext value cannot be null.');\n  }\n\n  return cipherText;\n};\n\nexport const decryptWithKey = (cipherText: Buffer, md: CryptoMetadata, options: ConnectionOptions): Buffer => {\n  if (!options.trustedServerNameAE) {\n    throw new Error('Server name should not be null in DecryptWithKey');\n  }\n\n  // if (!md.cipherAlgorithm) {\n  //   await decryptSymmetricKey(md, options);\n  // }\n\n  if (!md.cipherAlgorithm) {\n    throw new Error('Cipher Algorithm should not be null in DecryptWithKey');\n  }\n\n  const plainText: Buffer = md.cipherAlgorithm.decryptData(cipherText);\n\n  if (!plainText) {\n    throw new Error('Internal error. Plaintext value cannot be null.');\n  }\n\n  return plainText;\n};\n\nexport const decryptSymmetricKey = async (md: CryptoMetadata, options: ConnectionOptions): Promise<void> => {\n  if (!md) {\n    throw new Error('md should not be null in DecryptSymmetricKey.');\n  }\n\n  if (!md.cekEntry) {\n    throw new Error('md.EncryptionInfo should not be null in DecryptSymmetricKey.');\n  }\n\n  if (!md.cekEntry.columnEncryptionKeyValues) {\n    throw new Error('md.EncryptionInfo.ColumnEncryptionKeyValues should not be null in DecryptSymmetricKey.');\n  }\n\n  let symKey: SymmetricKey | undefined;\n  let encryptionKeyInfoChosen: EncryptionKeyInfo | undefined;\n  const CEKValues: EncryptionKeyInfo[] = md.cekEntry.columnEncryptionKeyValues;\n  let lastError: Error | undefined;\n\n  for (const CEKValue of CEKValues) {\n    try {\n      symKey = await getKey(CEKValue, options);\n      if (symKey) {\n        encryptionKeyInfoChosen = CEKValue;\n        break;\n      }\n    } catch (error: any) {\n      lastError = error;\n    }\n  }\n\n  if (!symKey) {\n    if (lastError) {\n      throw lastError;\n    } else {\n      throw new Error('Exception while decryption of encrypted column encryption key.');\n    }\n  }\n\n  const algorithmName = validateAndGetEncryptionAlgorithmName(md.cipherAlgorithmId, md.cipherAlgorithmName);\n  const cipherAlgorithm = new AeadAes256CbcHmac256Algorithm(new AeadAes256CbcHmac256EncryptionKey(symKey.rootKey, algorithmName), md.encryptionType);\n\n  md.cipherAlgorithm = cipherAlgorithm;\n  md.encryptionKeyInfo = encryptionKeyInfoChosen as EncryptionKeyInfo;\n};\n"],"mappings":";;;;;;AAMA,IAAAA,kBAAA,GAAAC,OAAA;AACA,IAAAC,2BAAA,GAAAD,OAAA;AACA,IAAAE,+BAAA,GAAAF,OAAA;AARA;AACA;;AASO,MAAMG,qCAAqC,GAAGA,CAACC,iBAAyB,EAAEC,mBAA4B,KAAa;EACxH,IAAID,iBAAiB,KAAK,CAAC,EAAE;IAC3B,MAAM,IAAIE,KAAK,CAAC,wCAAwC,CAAC;EAC3D;EAEA,OAAOC,yCAAa;AACtB,CAAC;AAACC,OAAA,CAAAL,qCAAA,GAAAA,qCAAA;AAEK,MAAMM,cAAc,GAAG,MAAAA,CAAOC,SAAiB,EAAEC,EAAkB,EAAEC,OAA0B,KAAsB;EAC1H,IAAI,CAACA,OAAO,CAACC,mBAAmB,EAAE;IAChC,MAAM,IAAIP,KAAK,CAAC,kDAAkD,CAAC;EACrE;EAEA,IAAI,CAACK,EAAE,CAACG,eAAe,EAAE;IACvB,MAAMC,mBAAmB,CAACJ,EAAE,EAAEC,OAAO,CAAC;EACxC;EAEA,IAAI,CAACD,EAAE,CAACG,eAAe,EAAE;IACvB,MAAM,IAAIR,KAAK,CAAC,uDAAuD,CAAC;EAC1E;EAEA,MAAMU,UAAkB,GAAGL,EAAE,CAACG,eAAe,CAACG,WAAW,CAACP,SAAS,CAAC;EAEpE,IAAI,CAACM,UAAU,EAAE;IACf,MAAM,IAAIV,KAAK,CAAC,kDAAkD,CAAC;EACrE;EAEA,OAAOU,UAAU;AACnB,CAAC;AAACR,OAAA,CAAAC,cAAA,GAAAA,cAAA;AAEK,MAAMS,cAAc,GAAGA,CAACF,UAAkB,EAAEL,EAAkB,EAAEC,OAA0B,KAAa;EAC5G,IAAI,CAACA,OAAO,CAACC,mBAAmB,EAAE;IAChC,MAAM,IAAIP,KAAK,CAAC,kDAAkD,CAAC;EACrE;;EAEA;EACA;EACA;;EAEA,IAAI,CAACK,EAAE,CAACG,eAAe,EAAE;IACvB,MAAM,IAAIR,KAAK,CAAC,uDAAuD,CAAC;EAC1E;EAEA,MAAMa,SAAiB,GAAGR,EAAE,CAACG,eAAe,CAACM,WAAW,CAACJ,UAAU,CAAC;EAEpE,IAAI,CAACG,SAAS,EAAE;IACd,MAAM,IAAIb,KAAK,CAAC,iDAAiD,CAAC;EACpE;EAEA,OAAOa,SAAS;AAClB,CAAC;AAACX,OAAA,CAAAU,cAAA,GAAAA,cAAA;AAEK,MAAMH,mBAAmB,GAAG,MAAAA,CAAOJ,EAAkB,EAAEC,OAA0B,KAAoB;EAC1G,IAAI,CAACD,EAAE,EAAE;IACP,MAAM,IAAIL,KAAK,CAAC,+CAA+C,CAAC;EAClE;EAEA,IAAI,CAACK,EAAE,CAACU,QAAQ,EAAE;IAChB,MAAM,IAAIf,KAAK,CAAC,8DAA8D,CAAC;EACjF;EAEA,IAAI,CAACK,EAAE,CAACU,QAAQ,CAACC,yBAAyB,EAAE;IAC1C,MAAM,IAAIhB,KAAK,CAAC,wFAAwF,CAAC;EAC3G;EAEA,IAAIiB,MAAgC;EACpC,IAAIC,uBAAsD;EAC1D,MAAMC,SAA8B,GAAGd,EAAE,CAACU,QAAQ,CAACC,yBAAyB;EAC5E,IAAII,SAA4B;EAEhC,KAAK,MAAMC,QAAQ,IAAIF,SAAS,EAAE;IAChC,IAAI;MACFF,MAAM,GAAG,MAAM,IAAAK,yBAAM,EAACD,QAAQ,EAAEf,OAAO,CAAC;MACxC,IAAIW,MAAM,EAAE;QACVC,uBAAuB,GAAGG,QAAQ;QAClC;MACF;IACF,CAAC,CAAC,OAAOE,KAAU,EAAE;MACnBH,SAAS,GAAGG,KAAK;IACnB;EACF;EAEA,IAAI,CAACN,MAAM,EAAE;IACX,IAAIG,SAAS,EAAE;MACb,MAAMA,SAAS;IACjB,CAAC,MAAM;MACL,MAAM,IAAIpB,KAAK,CAAC,gEAAgE,CAAC;IACnF;EACF;EAEA,MAAMC,aAAa,GAAGJ,qCAAqC,CAACQ,EAAE,CAACP,iBAAiB,EAAEO,EAAE,CAACN,mBAAmB,CAAC;EACzG,MAAMS,eAAe,GAAG,IAAIgB,yDAA6B,CAAC,IAAIC,iEAAiC,CAACR,MAAM,CAACS,OAAO,EAAEzB,aAAa,CAAC,EAAEI,EAAE,CAACsB,cAAc,CAAC;EAElJtB,EAAE,CAACG,eAAe,GAAGA,eAAe;EACpCH,EAAE,CAACuB,iBAAiB,GAAGV,uBAA4C;AACrE,CAAC;AAAChB,OAAA,CAAAO,mBAAA,GAAAA,mBAAA","ignoreList":[]}

package/lib/always-encrypted/keystore-provider-azure-key-vault.d.ts

@@ -0,0 +1,21 @@
+export declare class ColumnEncryptionAzureKeyVaultProvider {
+    readonly name: string;
+    private url;
+    private readonly rsaEncryptionAlgorithmWithOAEPForAKV;
+    private readonly firstVersion;
+    private credentials;
+    private readonly azureKeyVaultDomainName;
+    private keyClient;
+    constructor(clientId: string, clientKey: string, tenantId: string);
+    decryptColumnEncryptionKey(masterKeyPath: string, encryptionAlgorithm: string, encryptedColumnEncryptionKey: Buffer): Promise<Buffer>;
+    encryptColumnEncryptionKey(masterKeyPath: string, encryptionAlgorithm: string, columnEncryptionKey: Buffer): Promise<Buffer>;
+    private getMasterKey;
+    private createKeyClient;
+    private createCryptoClient;
+    private parsePath;
+    private azureKeyVaultSignedHashedData;
+    private azureKeyVaultWrap;
+    private azureKeyVaultUnWrap;
+    private getAKVKeySize;
+    private validateEncryptionAlgorithm;
+}