def test_generate_data_key(self, mock_encrypt_data_key, mock_urandom, mock_key_len_check): mock_urandom.return_value = VALUES['data_key'] mock_encrypt_data_key.return_value = self.mock_encrypted_data_key test_master_key = RawMasterKey( key_id=VALUES['wrapped_keys']['raw']['key_info'], provider_id=VALUES['provider_id'], wrapping_key=self.mock_wrapping_key) test = test_master_key.generate_data_key( algorithm=self.mock_algorithm, encryption_context=VALUES['encryption_context']) mock_urandom.assert_called_once_with(sentinel.kdf_input_len) mock_encrypt_data_key.assert_called_once_with( data_key=RawDataKey(key_provider=test_master_key.key_provider, data_key=VALUES['data_key']), algorithm=self.mock_algorithm, encryption_context=VALUES['encryption_context']) assert test == self.mock_data_key
def test_raw_keyring_decrypts_what_raw_master_key_encrypts( encryption_materials_samples): # Create instance of raw master key test_raw_master_key = RawMasterKey( key_id=_KEY_ID, provider_id=_PROVIDER_ID, wrapping_key=WrappingKey( wrapping_algorithm=_WRAPPING_ALGORITHM, wrapping_key=_PRIVATE_WRAPPING_KEY_PEM, wrapping_key_type=EncryptionKeyType.PRIVATE, ), ) test_raw_rsa_keyring = RawRSAKeyring.from_pem_encoding( key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_algorithm=_WRAPPING_ALGORITHM, private_encoded_key=_PRIVATE_WRAPPING_KEY_PEM, public_encoded_key=_PUBLIC_WRAPPING_KEY_PEM, ) raw_mkp_generated_data_key = test_raw_master_key.generate_data_key( algorithm=encryption_materials_samples.algorithm, encryption_context=encryption_materials_samples.encryption_context, ) raw_mkp_encrypted_data_key = test_raw_master_key.encrypt_data_key( data_key=raw_mkp_generated_data_key, algorithm=encryption_materials_samples.algorithm, encryption_context=encryption_materials_samples.encryption_context, ) decryption_materials = test_raw_rsa_keyring.on_decrypt( decryption_materials=DecryptionMaterials( algorithm=encryption_materials_samples.algorithm, encryption_context=encryption_materials_samples.encryption_context, verification_key=b"ex_verification_key", ), encrypted_data_keys=[raw_mkp_encrypted_data_key], ) assert raw_mkp_generated_data_key.data_key == decryption_materials.data_encryption_key.data_key
def test_generate_data_key(self, mock_encrypt_data_key, mock_urandom, mock_key_len_check): mock_urandom.return_value = VALUES["data_key"] mock_encrypt_data_key.return_value = self.mock_encrypted_data_key test_master_key = RawMasterKey( key_id=VALUES["wrapped_keys"]["raw"]["key_info"], provider_id=VALUES["provider_id"], wrapping_key=self.mock_wrapping_key, ) test = test_master_key.generate_data_key( algorithm=self.mock_algorithm, encryption_context=VALUES["encryption_context"]) mock_urandom.assert_called_once_with(sentinel.kdf_input_len) mock_encrypt_data_key.assert_called_once_with( data_key=RawDataKey(key_provider=test_master_key.key_provider, data_key=VALUES["data_key"]), algorithm=self.mock_algorithm, encryption_context=VALUES["encryption_context"], ) assert test == self.mock_data_key