def test_symmetric_decrypt_local(self, key_client, **kwargs): """Encrypt with the service, decrypt locally""" key_name = self.get_resource_name("symmetric-encrypt") imported_key = self._import_symmetric_test_key(key_client, key_name) assert imported_key is not None crypto_client = self.create_crypto_client( imported_key, api_version=key_client.api_version) # Use 256-bit AES-CBCPAD for the 256-bit key (only AES-CBCPAD is implemented locally) algorithm = EncryptionAlgorithm.a256_cbcpad crypto_client._initialized = True crypto_client._local_provider = NoLocalCryptography() encrypt_result = crypto_client.encrypt( algorithm, self.plaintext, iv=self.iv, additional_authenticated_data=self.aad) assert encrypt_result.key_id == imported_key.id crypto_client._local_provider = get_local_cryptography_provider( imported_key.key) decrypt_result = crypto_client.decrypt( encrypt_result.algorithm, encrypt_result.ciphertext, iv=encrypt_result.iv, additional_authenticated_data=self.aad) assert decrypt_result.key_id == imported_key.id assert decrypt_result.algorithm == algorithm assert decrypt_result.plaintext == self.plaintext
def test_symmetric_encrypt_local_mhsm(self, **kwargs): """Encrypt locally, decrypt with the service""" self._skip_if_not_configured(True) endpoint_url = self.managed_hsm_url key_client = self.create_key_client(endpoint_url) key_name = self.get_resource_name("symmetric-encrypt") imported_key = self._import_symmetric_test_key(key_client, key_name) assert imported_key is not None crypto_client = self.create_crypto_client(imported_key) # Use 256-bit AES-CBCPAD for the 256-bit key (only AES-CBCPAD is implemented locally) algorithm = EncryptionAlgorithm.a256_cbcpad crypto_client._local_provider = get_local_cryptography_provider( imported_key.key) encrypt_result = crypto_client.encrypt( algorithm, self.plaintext, iv=self.iv, additional_authenticated_data=self.aad) assert encrypt_result.key_id == imported_key.id crypto_client._local_provider = NoLocalCryptography() decrypt_result = crypto_client.decrypt( encrypt_result.algorithm, encrypt_result.ciphertext, iv=encrypt_result.iv, additional_authenticated_data=self.aad) assert decrypt_result.key_id == imported_key.id assert decrypt_result.algorithm == algorithm assert decrypt_result.plaintext == self.plaintext