def test_generate_data_key(self, mock_encrypt_data_key, mock_urandom,
mock_key_len_check):
mock_urandom.return_value = VALUES['data_key']
mock_encrypt_data_key.return_value = self.mock_encrypted_data_key
test_master_key = RawMasterKey(
key_id=VALUES['wrapped_keys']['raw']['key_info'],
provider_id=VALUES['provider_id'],
wrapping_key=self.mock_wrapping_key)
test = test_master_key.generate_data_key(
algorithm=self.mock_algorithm,
encryption_context=VALUES['encryption_context'])
mock_urandom.assert_called_once_with(sentinel.kdf_input_len)
mock_encrypt_data_key.assert_called_once_with(
data_key=RawDataKey(key_provider=test_master_key.key_provider,
data_key=VALUES['data_key']),
algorithm=self.mock_algorithm,
encryption_context=VALUES['encryption_context'])
assert test == self.mock_data_key
def test_raw_keyring_decrypts_what_raw_master_key_encrypts(
encryption_materials_samples):
# Create instance of raw master key
test_raw_master_key = RawMasterKey(
key_id=_KEY_ID,
provider_id=_PROVIDER_ID,
wrapping_key=WrappingKey(
wrapping_algorithm=_WRAPPING_ALGORITHM,
wrapping_key=_PRIVATE_WRAPPING_KEY_PEM,
wrapping_key_type=EncryptionKeyType.PRIVATE,
),
)
test_raw_rsa_keyring = RawRSAKeyring.from_pem_encoding(
key_namespace=_PROVIDER_ID,
key_name=_KEY_ID,
wrapping_algorithm=_WRAPPING_ALGORITHM,
private_encoded_key=_PRIVATE_WRAPPING_KEY_PEM,
public_encoded_key=_PUBLIC_WRAPPING_KEY_PEM,
)
raw_mkp_generated_data_key = test_raw_master_key.generate_data_key(
algorithm=encryption_materials_samples.algorithm,
encryption_context=encryption_materials_samples.encryption_context,
)
raw_mkp_encrypted_data_key = test_raw_master_key.encrypt_data_key(
data_key=raw_mkp_generated_data_key,
algorithm=encryption_materials_samples.algorithm,
encryption_context=encryption_materials_samples.encryption_context,
)
decryption_materials = test_raw_rsa_keyring.on_decrypt(
decryption_materials=DecryptionMaterials(
algorithm=encryption_materials_samples.algorithm,
encryption_context=encryption_materials_samples.encryption_context,
verification_key=b"ex_verification_key",
),
encrypted_data_keys=[raw_mkp_encrypted_data_key],
)
assert raw_mkp_generated_data_key.data_key == decryption_materials.data_encryption_key.data_key
def test_generate_data_key(self, mock_encrypt_data_key, mock_urandom,
mock_key_len_check):
mock_urandom.return_value = VALUES["data_key"]
mock_encrypt_data_key.return_value = self.mock_encrypted_data_key
test_master_key = RawMasterKey(
key_id=VALUES["wrapped_keys"]["raw"]["key_info"],
provider_id=VALUES["provider_id"],
wrapping_key=self.mock_wrapping_key,
)
test = test_master_key.generate_data_key(
algorithm=self.mock_algorithm,
encryption_context=VALUES["encryption_context"])
mock_urandom.assert_called_once_with(sentinel.kdf_input_len)
mock_encrypt_data_key.assert_called_once_with(
data_key=RawDataKey(key_provider=test_master_key.key_provider,
data_key=VALUES["data_key"]),
algorithm=self.mock_algorithm,
encryption_context=VALUES["encryption_context"],
)
assert test == self.mock_data_key
