Performance | Use lower-allocation AlwaysEncrypted primitives

src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj

@@ -978,6 +978,9 @@
     <Compile Include="$(CommonSourceRoot)System\Buffers\ArrayBufferWriter.netfx.cs">
       <Link>System\Buffers\ArrayBufferWriter.netfx.cs</Link>
     </Compile>
+    <Compile Include="$(CommonSourceRoot)System\Diagnostics\CodeAnalysis.cs">
+      <Link>System\Diagnostics\CodeAnalysis.cs</Link>
+    </Compile>
     <Compile Include="$(CommonSourceRoot)System\IO\StreamExtensions.netfx.cs">
       <Link>System\IO\StreamExtensions.netfx.cs</Link>
     </Compile>

src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlColumnEncryptionCngProvider.netcore.Unix.cs

@@ -6,26 +6,14 @@
 
 using System;
 
+#nullable enable
+
 namespace Microsoft.Data.SqlClient
 {
-    /// <summary>
-    /// Provides implementation similar to certificate store provider.
-    /// A CEK encrypted with certificate provider should be decryptable by this provider and vice versa.
-    /// 
-    /// Envolope Format for the encrypted column encryption key  
-    ///           version + keyPathLength + ciphertextLength + keyPath + ciphertext +  signature
-    /// version: A single byte indicating the format version.
-    /// keyPathLength: Length of the keyPath.
-    /// ciphertextLength: ciphertext length
-    /// keyPath: keyPath used to encrypt the column encryption key. This is only used for troubleshooting purposes and is not verified during decryption.
-    /// ciphertext: Encrypted column encryption key
-    /// signature: Signature of the entire byte array. Signature is validated before decrypting the column encryption key.
-    /// </summary>
+    /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/SqlColumnEncryptionCngProvider/*' />
     public class SqlColumnEncryptionCngProvider : SqlColumnEncryptionKeyStoreProvider
     {
-        /// <summary>
-        /// Name for the CNG key store provider.
-        /// </summary>
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/ProviderName/*' />
         public const string ProviderName = @"MSSQL_CNG_STORE";
 
         /// <summary>
@@ -38,51 +26,26 @@ public class SqlColumnEncryptionCngProvider : SqlColumnEncryptionKeyStoreProvide
         /// </summary>
         internal const string KeyPathReference = @"Microsoft Cryptography API: Next Generation (CNG) provider";
 
-        /// <summary>
-        /// This function uses the asymmetric key specified by the key path
-        /// and decrypts an encrypted CEK with RSA encryption algorithm.
-        /// </summary>
-        /// <param name="masterKeyPath">Complete path of an asymmetric key in CNG</param>
-        /// <param name="encryptionAlgorithm">Asymmetric Key Encryption Algorithm</param>
-        /// <param name="encryptedColumnEncryptionKey">Encrypted Column Encryption Key</param>
-        /// <returns>Plain text column encryption key</returns>
-        public override byte[] DecryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey)
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/DecryptColumnEncryptionKey/*' />
+        public override byte[] DecryptColumnEncryptionKey(string? masterKeyPath, string? encryptionAlgorithm, byte[]? encryptedColumnEncryptionKey)
         {
             throw new PlatformNotSupportedException();
         }
 
-        /// <summary>
-        /// This function uses the asymmetric key specified by the key path
-        /// and encrypts CEK with RSA encryption algorithm.
-        /// </summary>
-        /// <param name="masterKeyPath">Complete path of an asymmetric key in AKV</param>
-        /// <param name="encryptionAlgorithm">Asymmetric Key Encryption Algorithm</param>
-        /// <param name="columnEncryptionKey">The plaintext column encryption key</param>
-        /// <returns>Encrypted column encryption key</returns>
-        public override byte[] EncryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] columnEncryptionKey)
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/EncryptColumnEncryptionKey/*' />
+        public override byte[] EncryptColumnEncryptionKey(string? masterKeyPath, string? encryptionAlgorithm, byte[]? columnEncryptionKey)
         {
             throw new PlatformNotSupportedException();
         }
 
-        /// <summary>
-        /// Throws NotSupportedException. In this version of .NET Framework this provider does not support signing column master key metadata.
-        /// </summary>
-        /// <param name="masterKeyPath">Complete path of an asymmetric key. Path format is specific to a key store provider.</param>
-        /// <param name="allowEnclaveComputations">Boolean indicating whether this key can be sent to trusted enclave</param>
-        /// <returns>Encrypted column encryption key</returns>
-        public override byte[] SignColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations)
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/SignColumnMasterKeyMetadata/*' />
+        public override byte[] SignColumnMasterKeyMetadata(string? masterKeyPath, bool allowEnclaveComputations)
         {
             throw new PlatformNotSupportedException();
         }
 
-        /// <summary>
-        /// Throws NotSupportedException. In this version of .NET Framework this provider does not support verifying signatures of column master key metadata.
-        /// </summary>
-        /// <param name="masterKeyPath">Complete path of an asymmetric key. Path format is specific to a key store provider.</param>
-        /// <param name="allowEnclaveComputations">Boolean indicating whether this key can be sent to trusted enclave</param>
-        /// <param name="signature">Signature for the master key metadata</param>
-        /// <returns>Boolean indicating whether the master key metadata can be verified based on the provided signature</returns>
-        public override bool VerifyColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations, byte[] signature)
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionCngProvider.xml' path='docs/members[@name="SqlColumnEncryptionCngProvider"]/VerifyColumnMasterKeyMetadata/*' />
+        public override bool VerifyColumnMasterKeyMetadata(string? masterKeyPath, bool allowEnclaveComputations, byte[]? signature)
         {
             throw new PlatformNotSupportedException();
         }