Introduce Async API counterparts for AE base class

cheenamalhotra · cheenamalhotra · commit e3045f0ec019 · 2026-03-25T15:08:22.000-07:00
diff --git a/doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml b/doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml
@@ -24,9 +24,26 @@
         Decrypts the specified encrypted value of a column encryption key. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.
       </summary>
       <returns>
-        Returns <see cref="T:System.Byte" />. The decrypted column encryption key.
+        Returns <see cref="T:System.Byte" /> array representing the decrypted column encryption key.
       </returns>
     </DecryptColumnEncryptionKey>
+    <DecryptColumnEncryptionKeyAsync>
+      <param name="masterKeyPath">
+        The master key path.
+      </param>
+      <param name="encryptionAlgorithm">
+        The encryption algorithm.
+      </param>
+      <param name="encryptedColumnEncryptionKey">
+        The encrypted column encryption key.
+      </param>
+      <summary>
+        Decrypts the specified encrypted value of a column encryption key asynchronously. The encrypted value is expected to be encrypted using the column master key with the specified key path and using the specified algorithm.
+      </summary>
+      <returns>
+        Returns a task that returns <see cref="T:System.Byte" /> array representing the decrypted column encryption key on completion.
+      </returns>
+    </DecryptColumnEncryptionKeyAsync>
     <EncryptColumnEncryptionKey>
       <param name="masterKeyPath">
         The master key path.
@@ -41,9 +58,26 @@
         Encrypts a column encryption key using the column master key with the specified key path and using the specified algorithm.
       </summary>
       <returns>
-        Returns <see cref="T:System.Byte" />. The encrypted column encryption key.
+        Returns <see cref="T:System.Byte" /> array representing the encrypted column encryption key.
       </returns>
     </EncryptColumnEncryptionKey>
+    <EncryptColumnEncryptionKeyAsync>
+      <param name="masterKeyPath">
+        The master key path.
+      </param>
+      <param name="encryptionAlgorithm">
+        The encryption algorithm.
+      </param>
+      <param name="columnEncryptionKey">
+        The plaintext column encryption key.
+      </param>
+      <summary>
+        Encrypts a column encryption key asynchronously using the column master key with the specified key path and using the specified algorithm.
+      </summary>
+      <returns>
+        Returns a task that returns <see cref="T:System.Byte" /> array representing the encrypted column encryption key on completion.
+      </returns>
+    </EncryptColumnEncryptionKeyAsync>
     <SignColumnMasterKeyMetadata>
       <param name="masterKeyPath">
         The column master key path.
@@ -55,7 +89,7 @@
         When implemented in a derived class, digitally signs the column master key metadata with the column master key referenced by the <paramref name="masterKeyPath" /> parameter. The input values used to generate the signature should be the specified values of the <paramref name="masterKeyPath" /> and <paramref name="allowEnclaveComputations" /> parameters.
       </summary>
       <returns>
-        The signature of the column master key metadata.
+        Returns the signature of the column master key metadata.
       </returns>
       <remarks>
         <para>
@@ -69,6 +103,31 @@
         In all cases.
       </exception>
     </SignColumnMasterKeyMetadata>
+    <SignColumnMasterKeyMetadataAsync>
+      <param name="masterKeyPath">
+        The column master key path.
+      </param>
+      <param name="allowEnclaveComputations">
+        <see langword="true" /> to indicate that the column master key supports enclave computations; otherwise, <see langword="false" />.
+      </param>
+      <summary>
+        When implemented in a derived class, asynchronously digitally signs the column master key metadata with the column master key referenced by the <paramref name="masterKeyPath" /> parameter. The input values used to generate the signature should be the specified values of the <paramref name="masterKeyPath" /> and <paramref name="allowEnclaveComputations" /> parameters.
+      </summary>
+      <returns>
+        Returns a task that returns the signature of the column master key metadata on completion.
+      </returns>
+      <remarks>
+        <para>
+          To ensure that the <see cref="M:Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" /> method doesn't break applications that rely on an old API, it throws a <see cref="T:System.NotImplementedException" /> exception by default.
+        </para>
+        <para>
+          The <see cref="M:Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" /> method will be used by client tools that generate Column Master Keys (CMK) for customers. <see cref="M:Microsoft.Data.SqlClient.SqlColumnEncryptionKeyStoreProvider.SignColumnMasterKeyMetadata(System.String,System.Boolean)" /> must be implemented by the corresponding key store providers that wish to use enclaves with <see href="https://learn.microsoft.com/sql/relational-databases/security/encryption/always-encrypted-database-engine">Always Encrypted</see>.
+        </para>
+      </remarks>
+      <exception cref="T:System.NotImplementedException">
+        In all cases.
+      </exception>
+    </SignColumnMasterKeyMetadataAsync>
     <VerifyColumnMasterKeyMetadata>
       <param name="masterKeyPath">
         The column master key path.
@@ -86,6 +145,23 @@
         When implemented in a derived class, the method is expected to return true if the specified signature is valid, or false if the specified signature is not valid. The default implementation throws `NotImplementedException`.
       </returns>
     </VerifyColumnMasterKeyMetadata>
+    <VerifyColumnMasterKeyMetadataAsync>
+      <param name="masterKeyPath">
+        The column master key path.
+      </param>
+      <param name="allowEnclaveComputations">
+        Indicates whether the column master key supports enclave computations.
+      </param>
+      <param name="signature">
+        The signature of the column master key metadata.
+      </param>
+      <summary>
+        When implemented in a derived class, this method is expected to verify the specified signature is valid for the column master key with the specified key path and the specified enclave behavior asynchronously. The default implementation throws `NotImplementedException`.
+      </summary>
+      <returns>
+        When implemented in a derived class, the method is expected to return true if the specified signature is valid, or false if the specified signature is not valid. The default implementation throws `NotImplementedException`.
+      </returns>
+    </VerifyColumnMasterKeyMetadataAsync>
     <ColumnEncryptionKeyCacheTtl>
       <summary>
         Gets or sets the lifespan of the decrypted column encryption key in the cache. Once the timespan has elapsed, the decrypted column encryption key is discarded and must be revalidated.
diff --git a/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlColumnEncryptionKeyStoreProvider.cs b/src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/SqlColumnEncryptionKeyStoreProvider.cs
@@ -3,6 +3,7 @@
 // See the LICENSE file in the project root for more information.
 
 using System;
+using System.Threading.Tasks;
 
 namespace Microsoft.Data.SqlClient
 {
@@ -16,19 +17,42 @@ public abstract class SqlColumnEncryptionKeyStoreProvider
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/DecryptColumnEncryptionKey/*'/>
         public abstract byte[] DecryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey);
 
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/DecryptColumnEncryptionKeyAsync/*'/>
+        public virtual Task<byte[]> DecryptColumnEncryptionKeyAsync(string masterKeyPath, string encryptionAlgorithm, byte[] encryptedColumnEncryptionKey)
+        {
+            throw new NotImplementedException();
+        }
+
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/EncryptColumnEncryptionKey/*'/>
         public abstract byte[] EncryptColumnEncryptionKey(string masterKeyPath, string encryptionAlgorithm, byte[] columnEncryptionKey);
 
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/EncryptColumnEncryptionKeyAsync/*'/>
+        public virtual Task<byte[]> EncryptColumnEncryptionKeyAsync(string masterKeyPath, string encryptionAlgorithm, byte[] columnEncryptionKey)
+        {
+            throw new NotImplementedException();
+        }
+
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/SignColumnMasterKeyMetadata/*'/>
         public virtual byte[] SignColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations)
         {
             throw new NotImplementedException();
         }
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/SignColumnMasterKeyMetadataAsync/*'/>
+        public virtual Task<byte[]> SignColumnMasterKeyMetadataAsync(string masterKeyPath, bool allowEnclaveComputations)
+        {
+            throw new NotImplementedException();
+        }
 
         /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/VerifyColumnMasterKeyMetadata/*'/>
         public virtual bool VerifyColumnMasterKeyMetadata(string masterKeyPath, bool allowEnclaveComputations, byte[] signature)
         {
             throw new NotImplementedException();
         }
+
+        /// <include file='../../../../../../doc/snippets/Microsoft.Data.SqlClient/SqlColumnEncryptionKeyStoreProvider.xml' path='docs/members[@name="SqlColumnEncryptionKeyStoreProvider"]/VerifyColumnMasterKeyMetadataAsync/*'/>
+        public virtual Task<bool> VerifyColumnMasterKeyMetadataAsync(string masterKeyPath, bool allowEnclaveComputations, byte[] signature)
+        {
+            throw new NotImplementedException();
+        }
     }
 }
