def serialize_header_auth(algorithm, header, data_encryption_key, signer=None):
"""Creates serialized header authentication data.
:param algorithm: Algorithm to use for encryption
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param bytes header: Serialized message header
:param bytes data_encryption_key: Data key with which to encrypt message
:param signer: Cryptographic signer object (optional)
:type signer: aws_encryption_sdk.Signer
:returns: Serialized header authentication data
:rtype: bytes
"""
header_auth = aws_encryption_sdk.internal.crypto.encrypt(
algorithm=algorithm,
key=data_encryption_key,
plaintext=b'',
associated_data=header,
iv=header_auth_iv(algorithm))
output = struct.pack(
'>{iv_len}s{tag_len}s'.format(iv_len=algorithm.iv_len,
tag_len=algorithm.tag_len),
header_auth.iv, header_auth.tag)
if signer is not None:
signer.update(output)
return output
def _serialize_header_auth_v2(algorithm,
header,
data_encryption_key,
signer=None):
"""Creates serialized header authentication data for messages in serialization version V2.
:param algorithm: Algorithm to use for encryption
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param bytes header: Serialized message header
:param bytes data_encryption_key: Data key with which to encrypt message
:param signer: Cryptographic signer object (optional)
:type signer: aws_encryption_sdk.Signer
:returns: Serialized header authentication data
:rtype: bytes
"""
header_auth = encrypt(
algorithm=algorithm,
key=data_encryption_key,
plaintext=b"",
associated_data=header,
iv=header_auth_iv(algorithm),
)
output = struct.pack(
">{tag_len}s".format(tag_len=algorithm.tag_len),
header_auth.tag,
)
if signer is not None:
signer.update(output)
return output
def test_header_auth_iv():
assert header_auth_iv(ALGORITHM) == VALUES['ivs']['header_auth']
def test_header_auth_iv():
assert header_auth_iv(ALGORITHM) == VALUES["ivs"]["header_auth"]