def test_no_decryption_key_but_decryption_requested(actions,
                                                    parametrized_item):
    encryption_key = JceNameLocalDelegatedKey.generate("AES", 256)
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    encrypting_cmp = StaticCryptographicMaterialsProvider(
        encryption_materials=RawEncryptionMaterials(
            encryption_key=encryption_key, signing_key=signing_key))
    decrypting_cmp = StaticCryptographicMaterialsProvider(
        decryption_materials=RawDecryptionMaterials(
            verification_key=signing_key))

    encrypted_item = encrypt_python_item(
        parametrized_item,
        CryptoConfig(materials_provider=encrypting_cmp,
                     encryption_context=EncryptionContext(),
                     attribute_actions=actions),
    )

    with pytest.raises(DecryptionError) as excinfo:
        decrypt_python_item(
            encrypted_item,
            CryptoConfig(materials_provider=decrypting_cmp,
                         encryption_context=EncryptionContext(),
                         attribute_actions=actions),
        )

    excinfo.match(
        "Attribute actions ask for some attributes to be decrypted but no decryption key is available"
    )
Exemple #2
0
    def decryption_materials(self, encryption_context):
        # type: (EncryptionContext) -> RawDecryptionMaterials
        """Provide decryption materials.

        :param EncryptionContext encryption_context: Encryption context for request
        :returns: Encryption materials
        :rtype: RawDecryptionMaterials
        """
        decryption_material_description = encryption_context.material_description.copy(
        )
        initial_material = self._decrypt_initial_material(encryption_context)
        signing_key_info = KeyInfo.from_material_description(
            material_description=encryption_context.material_description,
            description_key=MaterialDescriptionKeys.ITEM_SIGNATURE_ALGORITHM.
            value,
            default_algorithm=_DEFAULT_SIGNING_ALGORITHM,
            default_key_length=_DEFAULT_SIGNING_KEY_LENGTH,
        )
        decryption_key_info = KeyInfo.from_material_description(
            material_description=encryption_context.material_description,
            description_key=MaterialDescriptionKeys.
            CONTENT_ENCRYPTION_ALGORITHM.value,
            default_algorithm=_DEFAULT_CONTENT_ENCRYPTION_ALGORITHM,
            default_key_length=_DEFAULT_CONTENT_KEY_LENGTH,
        )
        return RawDecryptionMaterials(
            verification_key=self._mac_key(initial_material, signing_key_info),
            decryption_key=self._encryption_key(initial_material,
                                                decryption_key_info),
            material_description=decryption_material_description,
        )
Exemple #3
0
def _build_static_cmp(decrypt_key, verify_key):
    decryption_key = _load_key(decrypt_key)
    verification_key = _load_signing_key(verify_key)
    decryption_materials = RawDecryptionMaterials(
        decryption_key=decryption_key, verification_key=verification_key)
    return StaticCryptographicMaterialsProvider(
        decryption_materials=decryption_materials)
Exemple #4
0
def test_no_decryption_key():
    verification_key = JceNameLocalDelegatedKey.generate('HmacSHA512', 256)
    decryption_materials = RawDecryptionMaterials(
        verification_key=verification_key)

    with pytest.raises(AttributeError) as excinfo:
        decryption_materials.decryption_key

    excinfo.match('No decryption key available')
Exemple #5
0
def build_static_jce_cmp(encryption_algorithm, encryption_key_length, signing_algorithm, signing_key_length):
    """Build a StaticCryptographicMaterialsProvider using ephemeral JceNameLocalDelegatedKeys as specified."""
    encryption_key = _get_from_cache(JceNameLocalDelegatedKey, encryption_algorithm, encryption_key_length)
    authentication_key = _get_from_cache(JceNameLocalDelegatedKey, signing_algorithm, signing_key_length)
    encryption_materials = RawEncryptionMaterials(signing_key=authentication_key, encryption_key=encryption_key)
    decryption_materials = RawDecryptionMaterials(verification_key=authentication_key, decryption_key=encryption_key)
    return StaticCryptographicMaterialsProvider(
        encryption_materials=encryption_materials, decryption_materials=decryption_materials
    )
def _build_static_cmp(encrypt_key, decrypt_key, sign_key, verify_key):
    encryption_key = _load_key(encrypt_key)
    decryption_key = _load_key(decrypt_key)
    verification_key = _load_signing_key(verify_key)
    signing_key = _load_signing_key(sign_key)
    decryption_materials = RawDecryptionMaterials(decryption_key=decryption_key, verification_key=verification_key)
    encryption_materials = RawEncryptionMaterials(encryption_key=encryption_key, signing_key=signing_key)
    return StaticCryptographicMaterialsProvider(
        decryption_materials=decryption_materials, encryption_materials=encryption_materials
    )
def test_only_sign_item(parametrized_item):
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    cmp = StaticCryptographicMaterialsProvider(
        encryption_materials=RawEncryptionMaterials(signing_key=signing_key),
        decryption_materials=RawDecryptionMaterials(verification_key=signing_key),
    )
    actions = AttributeActions(default_action=CryptoAction.SIGN_ONLY)
    crypto_config = CryptoConfig(
        materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
    )

    signed_item = encrypt_python_item(parametrized_item, crypto_config)
    material_description = signed_item[ReservedAttributes.MATERIAL_DESCRIPTION.value].value
    assert MaterialDescriptionKeys.ATTRIBUTE_ENCRYPTION_MODE.value.encode("utf-8") not in material_description

    decrypt_python_item(signed_item, crypto_config)