def test_symmetric_decrypt_local(self, key_client, **kwargs):
"""Encrypt with the service, decrypt locally"""
key_name = self.get_resource_name("symmetric-encrypt")
imported_key = self._import_symmetric_test_key(key_client, key_name)
assert imported_key is not None
crypto_client = self.create_crypto_client(
imported_key, api_version=key_client.api_version)
# Use 256-bit AES-CBCPAD for the 256-bit key (only AES-CBCPAD is implemented locally)
algorithm = EncryptionAlgorithm.a256_cbcpad
crypto_client._initialized = True
crypto_client._local_provider = NoLocalCryptography()
encrypt_result = crypto_client.encrypt(
algorithm,
self.plaintext,
iv=self.iv,
additional_authenticated_data=self.aad)
assert encrypt_result.key_id == imported_key.id
crypto_client._local_provider = get_local_cryptography_provider(
imported_key.key)
decrypt_result = crypto_client.decrypt(
encrypt_result.algorithm,
encrypt_result.ciphertext,
iv=encrypt_result.iv,
additional_authenticated_data=self.aad)
assert decrypt_result.key_id == imported_key.id
assert decrypt_result.algorithm == algorithm
assert decrypt_result.plaintext == self.plaintext
def test_symmetric_encrypt_local_mhsm(self, **kwargs):
"""Encrypt locally, decrypt with the service"""
self._skip_if_not_configured(True)
endpoint_url = self.managed_hsm_url
key_client = self.create_key_client(endpoint_url)
key_name = self.get_resource_name("symmetric-encrypt")
imported_key = self._import_symmetric_test_key(key_client, key_name)
assert imported_key is not None
crypto_client = self.create_crypto_client(imported_key)
# Use 256-bit AES-CBCPAD for the 256-bit key (only AES-CBCPAD is implemented locally)
algorithm = EncryptionAlgorithm.a256_cbcpad
crypto_client._local_provider = get_local_cryptography_provider(
imported_key.key)
encrypt_result = crypto_client.encrypt(
algorithm,
self.plaintext,
iv=self.iv,
additional_authenticated_data=self.aad)
assert encrypt_result.key_id == imported_key.id
crypto_client._local_provider = NoLocalCryptography()
decrypt_result = crypto_client.decrypt(
encrypt_result.algorithm,
encrypt_result.ciphertext,
iv=encrypt_result.iv,
additional_authenticated_data=self.aad)
assert decrypt_result.key_id == imported_key.id
assert decrypt_result.algorithm == algorithm
assert decrypt_result.plaintext == self.plaintext
