Cleanup | Always Encrypted cryptographic algorithm factories

[edwardneal]

Description

This PR continues some Always Encrypted cleanup and modernization work. It moves more of the internal AE-related classes into the new AlwaysEncrypted namespace, tidying them up as the PR proceeds.

We moved and modernized the public providers which decrypt/encrypt the column master keys in v7.0 GA, and now we proceed to the next stage: the factories which convert a cryptographic algorithm's name to its implementation.

Classes in question:

• SqlClientEncryptionAlgorithmFactoryList: after being moved to the new namespace, I've simplified the name to EncryptionAlgorithmFactoryList. This class was slightly more complex than it needed to be: it allowed the provider to register its own cryptographic algorithm into a ConcurrentDictionary. This registration process was only ever used to build a static list of one entry, and was never exposed. I've thus replaced it with a simple switch block.
• SqlClientEncryptionAlgorithmFactory: renamed to EncryptionAlgorithmFactory. No changes beyond comments, this was only ever a base class.
• SqlAeadAes256CbcHmac256Factory: renamed to AeadAes256CbcHmac256Factory. These are largely just style, comment and whitespace changes. I've also sealed the class and moved the floating AlgorithmVersion constant into the actual algorithm's class.

I'm keeping the column encryption key handling in a separate PR so that any security review can be done on its own. I think these can provide a measurable improvement to Always Encrypted's memory usage.

Issues

None.

Testing

There were a few tests which referred to this using reflection; I've caught those, and they continue to pass. We've got reasonable test coverage for Always Encrypted so I've not added anything else.

[paulmedynski]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).

[codecov]

Codecov Report

❌ Patch coverage is 60.00000% with 16 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.29%. Comparing base (6db52a6) to head (96ffcf8).
⚠️ Report is 27 commits behind head on main.

Files with missing lines	Patch %	Lines
.../AlwaysEncrypted/EncryptionAlgorithmFactoryList.cs	0.00%	8 Missing ⚠️
...ent/AlwaysEncrypted/AeadAes256CbcHmac256Factory.cs	82.14%	5 Missing ⚠️
...src/Microsoft/Data/SqlClient/SqlSecurityUtility.cs	0.00%	2 Missing ⚠️
...nt/src/Microsoft/Data/SqlClient/EnclaveDelegate.cs	0.00%	1 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (6db52a6) and HEAD (96ffcf8). Click for more details.

HEAD has 1 upload less than BASE

Flag	BASE (6db52a6)	HEAD (96ffcf8)
CI-SqlClient	1	0

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4138      +/-   ##
==========================================
- Coverage   74.17%   64.29%   -9.89%     
==========================================
  Files         279      272       -7     
  Lines       42983    65784   +22801     
==========================================
+ Hits        31884    42295   +10411     
- Misses      11099    23489   +12390     

Flag	Coverage Δ
CI-SqlClient	?
PR-SqlClient-Project	64.29% <60.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cheenamalhotra]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 2 pipeline(s).