Merge branch 'master' into users/nalutripician/semanticRerank

Author: NaluTripician

Microsoft.Azure.Cosmos.Encryption.Custom/src/CompressionOptions.cs

@@ -13,8 +13,6 @@ internal static class Constants
         public const string EncryptionDekId = "_en";
         public const string EncryptionFormatVersion = "_ef";
         public const string EncryptedPaths = "_ep";
-        public const string CompressionAlgorithm = "_ce";
-        public const string CompressedEncryptedPaths = "_cp";
         public const int DekPropertiesDefaultTTLInMinutes = 120;
     }
 }

Microsoft.Azure.Cosmos.Encryption.Custom/src/Constants.cs

@@ -94,7 +94,7 @@ public override async Task<ItemResponse<DataEncryptionKeyProperties>> CreateData
             }
             else if (string.Equals(encryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
             {
-                (wrappedDek, updatedMetadata) = this.GenerateAndWrapPdekForMdeEncAlgo(id, encryptionKeyWrapMetadata);
+                (wrappedDek, updatedMetadata) = await this.GenerateAndWrapPdekForMdeEncAlgoAsync(id, encryptionKeyWrapMetadata, cancellationToken);
             }
 #pragma warning restore CS0618 // Type or member is obsolete
 
@@ -403,7 +403,7 @@ internal async Task<InMemoryRawDek> FetchUnwrappedAsync(
             {
                 if (string.Equals(dekProperties.EncryptionAlgorithm, CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized, StringComparison.Ordinal))
                 {
-                    DataEncryptionKey dek = this.InitMdeEncryptionAlgorithm(dekProperties, withRawKey);
+                    DataEncryptionKey dek = await this.InitMdeEncryptionAlgorithmAsync(dekProperties, withRawKey, cancellationToken);
 
                     // TTL is not used since DEK is not cached.
                     return new InMemoryRawDek(dek, TimeSpan.FromMilliseconds(0));
@@ -546,7 +546,7 @@ internal async Task<InMemoryRawDek> UnwrapAsync(
                 cancellationToken);
         }
 
-        private (byte[], EncryptionKeyWrapMetadata) GenerateAndWrapPdekForMdeEncAlgo(string id, EncryptionKeyWrapMetadata encryptionKeyWrapMetadata)
+        private async Task<(byte[], EncryptionKeyWrapMetadata)> GenerateAndWrapPdekForMdeEncAlgoAsync(string id, EncryptionKeyWrapMetadata encryptionKeyWrapMetadata, CancellationToken cancellationToken)
         {
             if (this.DekProvider.MdeKeyWrapProvider == null)
             {
@@ -559,9 +559,10 @@ internal async Task<InMemoryRawDek> UnwrapAsync(
                 encryptionKeyWrapMetadata.Value,
                 this.DekProvider.MdeKeyWrapProvider.EncryptionKeyStoreProvider);
 
-            ProtectedDataEncryptionKey protectedDataEncryptionKey = new (
+            ProtectedDataEncryptionKey protectedDataEncryptionKey = await ProtectedDataEncryptionKey.CreateAsync(
                 id,
-                keyEncryptionKey);
+                keyEncryptionKey,
+                cancellationToken).ConfigureAwait(false);
 
             byte[] wrappedDek = protectedDataEncryptionKey.EncryptedValue;
             EncryptionKeyWrapMetadata updatedMetadata = encryptionKeyWrapMetadata;
@@ -591,20 +592,21 @@ private async Task<EncryptionKeyUnwrapResult> UnWrapDekMdeEncAlgoAsync(
             return unwrapResult;
         }
 
-        internal DataEncryptionKey InitMdeEncryptionAlgorithm(DataEncryptionKeyProperties dekProperties, bool withRawKey = false)
+        internal async Task<DataEncryptionKey> InitMdeEncryptionAlgorithmAsync(DataEncryptionKeyProperties dekProperties, bool withRawKey, CancellationToken cancellationToken)
         {
             if (this.DekProvider.MdeKeyWrapProvider == null)
             {
                 throw new InvalidOperationException($"For use of '{CosmosEncryptionAlgorithm.MdeAeadAes256CbcHmac256Randomized}' algorithm, " +
                     "Encryptor or CosmosDataEncryptionKeyProvider needs to be initialized with EncryptionKeyStoreProvider.");
             }
 
-            return new MdeEncryptionAlgorithm(
+            return await MdeEncryptionAlgorithm.CreateAsync(
                 dekProperties,
                 Data.Encryption.Cryptography.EncryptionType.Randomized,
                 this.DekProvider.MdeKeyWrapProvider.EncryptionKeyStoreProvider,
                 this.DekProvider.PdekCacheTimeToLive,
-                withRawKey);
+                withRawKey,
+                cancellationToken);
         }
 
         private async Task<DataEncryptionKeyProperties> ReadResourceAsync(

Microsoft.Azure.Cosmos.Encryption.Custom/src/DataEncryptionKeyContainerCore.cs

@@ -8,6 +8,5 @@ internal static class EncryptionFormatVersion
     {
         public const int AeAes = 2;
         public const int Mde = 3;
-        public const int MdeWithCompression = 4;
     }
 }

Microsoft.Azure.Cosmos.Encryption.Custom/src/EncryptionFormatVersion.cs

@@ -48,11 +48,6 @@ public sealed class EncryptionOptions
         /// </remarks>
         public string EncryptionAlgorithm { get; set; }
 
-        /// <summary>
-        /// Gets or sets payload compression mode
-        /// </summary>
-        public CompressionOptions CompressionOptions { get; set; } = new CompressionOptions();
-
         /// <summary>
         /// Gets or sets list of JSON paths to encrypt on the payload.
         /// Only top level paths are supported.

Microsoft.Azure.Cosmos.Encryption.Custom/src/EncryptionOptions.cs

@@ -50,18 +50,6 @@ internal static void Validate(this EncryptionOptions options)
                     throw new InvalidOperationException($"{nameof(options.PathsToEncrypt)} includes a invalid path: '{path}'.");
                 }
             }
-
-            options.CompressionOptions?.Validate();
-        }
-
-        internal static void Validate(this CompressionOptions options)
-        {
-            if (options.MinimalCompressedLength < 0)
-            {
-#pragma warning disable CA2208 // Instantiate argument exceptions correctly
-                throw new ArgumentOutOfRangeException(nameof(options.MinimalCompressedLength));
-#pragma warning restore CA2208 // Instantiate argument exceptions correctly
-            }
         }
     }
 }

Microsoft.Azure.Cosmos.Encryption.Custom/src/EncryptionOptionsExtensions.cs

@@ -30,30 +30,18 @@ internal class EncryptionProperties
         [JsonPropertyName(Constants.EncryptedPaths)]
         public IEnumerable<string> EncryptedPaths { get; }
 
-        [JsonProperty(PropertyName = Constants.CompressionAlgorithm)]
-        [JsonPropertyName(Constants.CompressionAlgorithm)]
-        public CompressionOptions.CompressionAlgorithm CompressionAlgorithm { get; }
-
-        [JsonProperty(PropertyName = Constants.CompressedEncryptedPaths)]
-        [JsonPropertyName(Constants.CompressedEncryptedPaths)]
-        public IDictionary<string, int> CompressedEncryptedPaths { get; }
-
         public EncryptionProperties(
             int encryptionFormatVersion,
             string encryptionAlgorithm,
             string dataEncryptionKeyId,
             byte[] encryptedData,
-            IEnumerable<string> encryptedPaths,
-            CompressionOptions.CompressionAlgorithm compressionAlgorithm = CompressionOptions.CompressionAlgorithm.None,
-            IDictionary<string, int> compressedEncryptedPaths = null)
+            IEnumerable<string> encryptedPaths)
         {
             this.EncryptionFormatVersion = encryptionFormatVersion;
             this.EncryptionAlgorithm = encryptionAlgorithm;
             this.DataEncryptionKeyId = dataEncryptionKeyId;
             this.EncryptedData = encryptedData;
             this.EncryptedPaths = encryptedPaths;
-            this.CompressionAlgorithm = compressionAlgorithm;
-            this.CompressedEncryptedPaths = compressedEncryptedPaths;
         }
     }
 }

Microsoft.Azure.Cosmos.Encryption.Custom/src/EncryptionProperties.cs

@@ -5,6 +5,8 @@
 namespace Microsoft.Azure.Cosmos.Encryption.Custom
 {
     using System;
+    using System.Threading;
+    using System.Threading.Tasks;
     using Microsoft.Data.Encryption.Cryptography;
 
     /// <summary>
@@ -27,12 +29,13 @@ internal sealed class MdeEncryptionAlgorithm : DataEncryptionKey
         /// <see href="http://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05">here</see> .
         /// More specifically this implements AEAD_AES_256_CBC_HMAC_SHA256 algorithm.
         /// </summary>
-        public MdeEncryptionAlgorithm(
+        public static async Task<MdeEncryptionAlgorithm> CreateAsync(
             DataEncryptionKeyProperties dekProperties,
             Data.Encryption.Cryptography.EncryptionType encryptionType,
             EncryptionKeyStoreProvider encryptionKeyStoreProvider,
             TimeSpan? cacheTimeToLive,
-            bool withRawKey = false)
+            bool withRawKey,
+            CancellationToken cancellationToken)
         {
 #if NET8_0_OR_GREATER
             ArgumentNullException.ThrowIfNull(dekProperties);
@@ -54,38 +57,44 @@ public MdeEncryptionAlgorithm(
                 dekProperties.EncryptionKeyWrapMetadata.Value,
                 encryptionKeyStoreProvider);
 
+            AeadAes256CbcHmac256EncryptionAlgorithm aeadAes256CbcHmac256EncryptionAlgorithm;
+            byte[] rawKey = null;
+
             if (!withRawKey)
             {
                 ProtectedDataEncryptionKey protectedDataEncryptionKey = cacheTimeToLive.HasValue && cacheTimeToLive.Value == TimeSpan.Zero
-                    ? new ProtectedDataEncryptionKey(
+                    ? await ProtectedDataEncryptionKey.CreateAsync(
                         dekProperties.Id,
                         keyEncryptionKey,
-                        dekProperties.WrappedDataEncryptionKey)
-                    : ProtectedDataEncryptionKey.GetOrCreate(
+                        dekProperties.WrappedDataEncryptionKey,
+                        cancellationToken)
+                    : await ProtectedDataEncryptionKey.GetOrCreateAsync(
                         dekProperties.Id,
                         keyEncryptionKey,
-                        dekProperties.WrappedDataEncryptionKey);
-                this.mdeAeadAes256CbcHmac256EncryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(
+                        dekProperties.WrappedDataEncryptionKey,
+                        cancellationToken);
+                aeadAes256CbcHmac256EncryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(
                     protectedDataEncryptionKey,
                     encryptionType,
                     Version);
             }
             else
             {
-                byte[] rawKey = keyEncryptionKey.DecryptEncryptionKey(dekProperties.WrappedDataEncryptionKey);
+                rawKey = await keyEncryptionKey.DecryptEncryptionKeyAsync(dekProperties.WrappedDataEncryptionKey, cancellationToken).ConfigureAwait(false);
                 PlaintextDataEncryptionKey plaintextDataEncryptionKey = cacheTimeToLive.HasValue && (cacheTimeToLive.Value == TimeSpan.Zero)
                     ? new PlaintextDataEncryptionKey(
                             dekProperties.Id,
                             rawKey)
                     : PlaintextDataEncryptionKey.GetOrCreate(
                            dekProperties.Id,
                            rawKey);
-                this.RawKey = rawKey;
-                this.mdeAeadAes256CbcHmac256EncryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(
+                aeadAes256CbcHmac256EncryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(
                     plaintextDataEncryptionKey,
                     encryptionType,
                     Version);
             }
+
+            return new MdeEncryptionAlgorithm(aeadAes256CbcHmac256EncryptionAlgorithm, rawKey);
         }
 
         /// <summary>
@@ -106,6 +115,12 @@ public MdeEncryptionAlgorithm(
                 Version);
         }
 
+        private MdeEncryptionAlgorithm(AeadAes256CbcHmac256EncryptionAlgorithm aeadAes256CbcHmac256EncryptionAlgorithm, byte[] rawKey)
+        {
+            this.mdeAeadAes256CbcHmac256EncryptionAlgorithm = aeadAes256CbcHmac256EncryptionAlgorithm ?? throw new ArgumentNullException(nameof(aeadAes256CbcHmac256EncryptionAlgorithm));
+            this.RawKey = rawKey;
+        }
+
         /// <summary>
         /// Encrypt data using EncryptionAlgorithm
         /// </summary>

Microsoft.Azure.Cosmos.Encryption.Custom/src/MdeServices/MdeEncryptionAlgorithm.cs

@@ -23,7 +23,7 @@ public MdeKeyWrapProvider(EncryptionKeyStoreProvider encryptionKeyStoreProvider)
             this.EncryptionKeyStoreProvider = encryptionKeyStoreProvider ?? throw new ArgumentNullException(nameof(encryptionKeyStoreProvider));
         }
 
-        public override Task<EncryptionKeyUnwrapResult> UnwrapKeyAsync(
+        public override async Task<EncryptionKeyUnwrapResult> UnwrapKeyAsync(
             byte[] wrappedKey,
             EncryptionKeyWrapMetadata metadata,
             CancellationToken cancellationToken)
@@ -42,11 +42,12 @@ public override Task<EncryptionKeyUnwrapResult> UnwrapKeyAsync(
                 metadata.Value,
                 this.EncryptionKeyStoreProvider);
 
-            byte[] result = keyEncryptionKey.DecryptEncryptionKey(wrappedKey);
-            return Task.FromResult(new EncryptionKeyUnwrapResult(result, TimeSpan.Zero));
+            byte[] result = await keyEncryptionKey.DecryptEncryptionKeyAsync(wrappedKey, cancellationToken).ConfigureAwait(false);
+
+            return new EncryptionKeyUnwrapResult(result, TimeSpan.Zero);
         }
 
-        public override Task<EncryptionKeyWrapResult> WrapKeyAsync(
+        public override async Task<EncryptionKeyWrapResult> WrapKeyAsync(
             byte[] key,
             EncryptionKeyWrapMetadata metadata,
             CancellationToken cancellationToken)
@@ -65,8 +66,9 @@ public override Task<EncryptionKeyWrapResult> WrapKeyAsync(
                 metadata.Value,
                 this.EncryptionKeyStoreProvider);
 
-            byte[] result = keyEncryptionKey.EncryptEncryptionKey(key);
-            return Task.FromResult(new EncryptionKeyWrapResult(result, metadata));
+            byte[] result = await keyEncryptionKey.EncryptEncryptionKeyAsync(key, cancellationToken).ConfigureAwait(false);
+
+            return new EncryptionKeyWrapResult(result, metadata);
         }
     }
 }

Microsoft.Azure.Cosmos.Encryption.Custom/src/MdeServices/MdeKeyWrapProvider.cs

@@ -36,10 +36,10 @@
   </ItemGroup>
 
   <ItemGroup>
-     <PackageReference Include="Microsoft.Data.Encryption.Cryptography" Version="2.0.0-pre007" />
+     <PackageReference Include="Microsoft.Data.Encryption.Cryptography" Version="2.0.0-pre015" />
      <PackageReference Include="Azure.Identity" Version="1.11.4" />
      <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
-     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
+     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.6.3" />
      <PackageReference Include="Newtonsoft.Json" Version="10.0.2" NoWarn="NU1903" PrivateAssets="All" />
   </ItemGroup>