def _VerifyResponseIntegrityFields(self, req, resp):
"""Verifies integrity fields in response."""
# ciphertext_crc32c was verified server-side.
if not resp.verifiedCiphertextCrc32c:
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetRequestToServerCorruptedErrorMessage())
# Verify plaintext checksum.
if not crc32c.Crc32cMatches(resp.plaintext, resp.plaintextCrc32c):
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
def _VerifyResponseIntegrityFields(self, req, resp):
"""Verifies integrity fields in MacSignResponse."""
# Verify resource name.
if req.name != resp.name:
raise e2e_integrity.ResourceNameVerificationError(
e2e_integrity.GetResourceNameMismatchErrorMessage(
req.name, resp.name))
# data_crc32c was verified server-side.
if not resp.verifiedDataCrc32c:
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetRequestToServerCorruptedErrorMessage())
# Verify mac checksum.
if not crc32c.Crc32cMatches(resp.mac, resp.macCrc32c):
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
def _VerifyResponseIntegrityFields(self, req, resp):
"""Verifies integrity fields in AsymmetricSignResponse."""
# TODO(b/170470282) Uncomment when the server populates the name field.
# # Verify resource name.
# if req.name != resp.name:
# raise e2e_integrity.ResourceNameVerificationError(
# e2e_integrity.GetResourceNameMismatchErrorMessage(
# req.name, resp.name))
# digest_crc32c was verified server-side.
if not resp.verifiedDigestCrc32c:
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetRequestToServerCorruptedErrorMessage())
# Verify signature checksum.
if not crc32c.Crc32cMatches(resp.signature, resp.signatureCrc32c):
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
def _VerifyResponseIntegrityFields(self, req, resp):
"""Verifies integrity fields in EncryptResponse.
Note: This methods assumes that self._PerformIntegrityVerification() is True
and that all request CRC32C fields were pupolated.
Args:
req: messages.CloudkmsProjectsLocationsKeyRingsCryptoKeysEncryptRequest()
object
resp: messages.EncryptResponse() object.
Returns:
Void.
Raises:
e2e_integrity.ServerSideIntegrityVerificationError if the server reports
request integrity verification error.
e2e_integrity.ClientSideIntegrityVerificationError if response integrity
verification fails.
"""
# Verify resource name.
# Strip version from resp.name if --key was provided.
resp_name = self._MaybeStripResourceVersion(req.name, resp.name)
if req.name != resp_name:
raise e2e_integrity.ResourceNameVerificationError(
e2e_integrity.GetResourceNameMismatchErrorMessage(
req.name, resp_name))
# plaintext_crc32c was verified server-side.
if not resp.verifiedPlaintextCrc32c:
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetRequestToServerCorruptedErrorMessage())
# additional_authenticated_data_crc32c was verified server-side.
if not resp.verifiedAdditionalAuthenticatedDataCrc32c:
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetRequestToServerCorruptedErrorMessage())
# Verify ciphertext checksum.
if not crc32c.Crc32cMatches(resp.ciphertext, resp.ciphertextCrc32c):
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
def _VerifyResponseIntegrityFields(self, req, resp, use_digest=True):
"""Verifies integrity fields in AsymmetricSignResponse."""
# Verify resource name.
if req.name != resp.name:
raise e2e_integrity.ResourceNameVerificationError(
e2e_integrity.GetResourceNameMismatchErrorMessage(
req.name, resp.name))
if use_digest:
# digest_crc32c was verified server-side.
if not resp.verifiedDigestCrc32c:
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetRequestToServerCorruptedErrorMessage())
else:
# data_crc32c was verified server-side.
if not resp.verifiedDataCrc32c:
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetRequestToServerCorruptedErrorMessage())
# Verify signature checksum.
if not crc32c.Crc32cMatches(resp.signature, resp.signatureCrc32c):
raise e2e_integrity.ClientSideIntegrityVerificationError(
e2e_integrity.GetResponseFromServerCorruptedErrorMessage())
