def test_no_decryption_key_but_decryption_requested(actions,
parametrized_item):
encryption_key = JceNameLocalDelegatedKey.generate("AES", 256)
signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
encrypting_cmp = StaticCryptographicMaterialsProvider(
encryption_materials=RawEncryptionMaterials(
encryption_key=encryption_key, signing_key=signing_key))
decrypting_cmp = StaticCryptographicMaterialsProvider(
decryption_materials=RawDecryptionMaterials(
verification_key=signing_key))
encrypted_item = encrypt_python_item(
parametrized_item,
CryptoConfig(materials_provider=encrypting_cmp,
encryption_context=EncryptionContext(),
attribute_actions=actions),
)
with pytest.raises(DecryptionError) as excinfo:
decrypt_python_item(
encrypted_item,
CryptoConfig(materials_provider=decrypting_cmp,
encryption_context=EncryptionContext(),
attribute_actions=actions),
)
excinfo.match(
"Attribute actions ask for some attributes to be decrypted but no decryption key is available"
)
def encryption_materials(self, encryption_context):
# type: (EncryptionContext) -> RawEncryptionMaterials
"""Provide encryption materials.
:param EncryptionContext encryption_context: Encryption context for request
:returns: Encryption materials
:rtype: RawEncryptionMaterials
"""
initial_material, encrypted_initial_material = self._generate_initial_material(
encryption_context)
encryption_material_description = encryption_context.material_description.copy(
)
encryption_material_description.update({
_COVERED_ATTR_CTX_KEY:
_KEY_COVERAGE,
MaterialDescriptionKeys.CONTENT_KEY_WRAPPING_ALGORITHM.value:
"kms",
MaterialDescriptionKeys.CONTENT_ENCRYPTION_ALGORITHM.value:
self._content_key_info.description,
MaterialDescriptionKeys.ITEM_SIGNATURE_ALGORITHM.value:
self._signing_key_info.description,
MaterialDescriptionKeys.WRAPPED_DATA_KEY.value:
to_str(base64.b64encode(encrypted_initial_material)),
})
return RawEncryptionMaterials(
signing_key=self._mac_key(initial_material,
self._signing_key_info),
encryption_key=self._encryption_key(initial_material,
self._content_key_info),
material_description=encryption_material_description,
)
def test_no_encryption_key():
signing_key = JceNameLocalDelegatedKey.generate('HmacSHA512', 256)
encryption_materials = RawEncryptionMaterials(signing_key=signing_key)
with pytest.raises(AttributeError) as excinfo:
encryption_materials.encryption_key
excinfo.match('No encryption key available')
def build_static_jce_cmp(encryption_algorithm, encryption_key_length, signing_algorithm, signing_key_length):
"""Build a StaticCryptographicMaterialsProvider using ephemeral JceNameLocalDelegatedKeys as specified."""
encryption_key = _get_from_cache(JceNameLocalDelegatedKey, encryption_algorithm, encryption_key_length)
authentication_key = _get_from_cache(JceNameLocalDelegatedKey, signing_algorithm, signing_key_length)
encryption_materials = RawEncryptionMaterials(signing_key=authentication_key, encryption_key=encryption_key)
decryption_materials = RawDecryptionMaterials(verification_key=authentication_key, decryption_key=encryption_key)
return StaticCryptographicMaterialsProvider(
encryption_materials=encryption_materials, decryption_materials=decryption_materials
)
def _build_static_cmp(encrypt_key, decrypt_key, sign_key, verify_key):
encryption_key = _load_key(encrypt_key)
decryption_key = _load_key(decrypt_key)
verification_key = _load_signing_key(verify_key)
signing_key = _load_signing_key(sign_key)
decryption_materials = RawDecryptionMaterials(decryption_key=decryption_key, verification_key=verification_key)
encryption_materials = RawEncryptionMaterials(encryption_key=encryption_key, signing_key=signing_key)
return StaticCryptographicMaterialsProvider(
decryption_materials=decryption_materials, encryption_materials=encryption_materials
)
def test_no_encryption_key_but_encryption_requested(actions, parametrized_item):
signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
cmp = StaticCryptographicMaterialsProvider(encryption_materials=RawEncryptionMaterials(signing_key=signing_key))
crypto_config = CryptoConfig(
materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
)
with pytest.raises(EncryptionError) as excinfo:
encrypt_python_item(parametrized_item, crypto_config)
excinfo.match("Attribute actions ask for some attributes to be encrypted but no encryption key is available")
def test_only_sign_item(parametrized_item):
signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
cmp = StaticCryptographicMaterialsProvider(
encryption_materials=RawEncryptionMaterials(signing_key=signing_key),
decryption_materials=RawDecryptionMaterials(verification_key=signing_key),
)
actions = AttributeActions(default_action=CryptoAction.SIGN_ONLY)
crypto_config = CryptoConfig(
materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
)
signed_item = encrypt_python_item(parametrized_item, crypto_config)
material_description = signed_item[ReservedAttributes.MATERIAL_DESCRIPTION.value].value
assert MaterialDescriptionKeys.ATTRIBUTE_ENCRYPTION_MODE.value.encode("utf-8") not in material_description
decrypt_python_item(signed_item, crypto_config)