def test_encrypt_unknown_key_id():
with pytest.raises(NotFoundException):
encrypt(
master_keys={},
key_id="anything",
plaintext=b"secrets",
encryption_context={},
)
def test_encrypt_decrypt_cycle(encryption_context):
plaintext = b"some secret plaintext"
master_key = Key("nop", "nop", "nop", [], "nop")
master_key_map = {master_key.id: master_key}
ciphertext_blob = encrypt(master_keys=master_key_map,
key_id=master_key.id,
plaintext=plaintext,
encryption_context=encryption_context)
ciphertext_blob.should_not.equal(plaintext)
decrypted, decrypting_key_id = decrypt(
master_keys=master_key_map,
ciphertext_blob=ciphertext_blob,
encryption_context=encryption_context)
decrypted.should.equal(plaintext)
decrypting_key_id.should.equal(master_key.id)
def test_decrypt_invalid_encryption_context():
plaintext = b"some secret plaintext"
master_key = Key("nop", "nop", "nop", [], "nop")
master_key_map = {master_key.id: master_key}
ciphertext_blob = encrypt(
master_keys=master_key_map,
key_id=master_key.id,
plaintext=plaintext,
encryption_context={
"some": "encryption",
"context": "here"
},
)
with assert_raises(InvalidCiphertextException):
decrypt(
master_keys=master_key_map,
ciphertext_blob=ciphertext_blob,
encryption_context={},
)
