def _prep_non_framed(self):
"""Prepare the opening data for a non-framed message."""
try:
plaintext_length = self.stream_length
self.__unframed_plaintext_cache = self.source_stream
except NotSupportedError:
# We need to know the plaintext length before we can start processing the data.
# If we cannot seek on the source then we need to read the entire source into memory.
self.__unframed_plaintext_cache = io.BytesIO()
self.__unframed_plaintext_cache.write(self.source_stream.read())
plaintext_length = self.__unframed_plaintext_cache.tell()
self.__unframed_plaintext_cache.seek(0)
aad_content_string = aws_encryption_sdk.internal.utils.get_aad_content_string(
content_type=self.content_type, is_final_frame=True
)
associated_data = assemble_content_aad(
message_id=self._header.message_id,
aad_content_string=aad_content_string,
seq_num=1,
length=plaintext_length,
)
self.encryptor = Encryptor(
algorithm=self._encryption_materials.algorithm,
key=self._derived_data_key,
associated_data=associated_data,
iv=non_framed_body_iv(self._encryption_materials.algorithm),
)
self.output_buffer += serialize_non_framed_open(
algorithm=self._encryption_materials.algorithm,
iv=self.encryptor.iv,
plaintext_length=plaintext_length,
signer=self.signer,
)
def _read_bytes_from_non_framed_body(self, b):
"""Reads the requested number of bytes from a streaming non-framed message body.
:param int b: Number of bytes to read
:returns: Decrypted bytes from source stream
:rtype: bytes
"""
_LOGGER.debug("starting non-framed body read")
# Always read the entire message for non-framed message bodies.
bytes_to_read = self.body_length
_LOGGER.debug("%d bytes requested; reading %d bytes", b, bytes_to_read)
ciphertext = self.source_stream.read(bytes_to_read)
if len(self.output_buffer) + len(ciphertext) < self.body_length:
raise SerializationError(
"Total message body contents less than specified in body description"
)
if self.verifier is not None:
self.verifier.update(ciphertext)
tag = deserialize_tag(stream=self.source_stream,
header=self._header,
verifier=self.verifier)
aad_content_string = aws_encryption_sdk.internal.utils.get_aad_content_string(
content_type=self._header.content_type, is_final_frame=True)
associated_data = assemble_content_aad(
message_id=self._header.message_id,
aad_content_string=aad_content_string,
seq_num=1,
length=self.body_length,
)
self.decryptor = Decryptor(
algorithm=self._header.algorithm,
key=self._derived_data_key,
associated_data=associated_data,
iv=self._unframed_body_iv,
tag=tag,
)
plaintext = self.decryptor.update(ciphertext)
plaintext += self.decryptor.finalize()
self.footer = deserialize_footer(stream=self.source_stream,
verifier=self.verifier)
return plaintext
def _read_bytes_from_framed_body(self, b):
"""Reads the requested number of bytes from a streaming framed message body.
:param int b: Number of bytes to read
:returns: Bytes read from source stream and decrypted
:rtype: bytes
"""
plaintext = b""
final_frame = False
_LOGGER.debug("collecting %d bytes", b)
while len(plaintext) < b and not final_frame:
_LOGGER.debug("Reading frame")
frame_data, final_frame = deserialize_frame(
stream=self.source_stream,
header=self._header,
verifier=self.verifier)
_LOGGER.debug("Read complete for frame %d",
frame_data.sequence_number)
if frame_data.sequence_number != self.last_sequence_number + 1:
raise SerializationError(
"Malformed message: frames out of order")
self.last_sequence_number += 1
aad_content_string = aws_encryption_sdk.internal.utils.get_aad_content_string(
content_type=self._header.content_type,
is_final_frame=frame_data.final_frame)
associated_data = assemble_content_aad(
message_id=self._header.message_id,
aad_content_string=aad_content_string,
seq_num=frame_data.sequence_number,
length=len(frame_data.ciphertext),
)
plaintext += decrypt(
algorithm=self._header.algorithm,
key=self._derived_data_key,
encrypted_data=frame_data,
associated_data=associated_data,
)
plaintext_length = len(plaintext)
_LOGGER.debug("bytes collected: %d", plaintext_length)
if final_frame:
_LOGGER.debug("Reading footer")
self.footer = deserialize_footer(stream=self.source_stream,
verifier=self.verifier)
return plaintext
