def test_json_ready_header_auth():
iv = b"some random bytes"
tag = b"some not random bytes"
raw_header_auth = MessageHeaderAuthentication(iv=iv, tag=tag)
expected_header_auth_dict = {
"iv": metadata.unicode_b64_encode(iv),
"tag": metadata.unicode_b64_encode(tag)
}
test = metadata.json_ready_header_auth(raw_header_auth)
assert test == expected_header_auth_dict
# verify that the dict is actually JSON-encodable
json.dumps(test)
def deserialize_header_auth(stream, algorithm, verifier=None):
"""Deserializes a MessageHeaderAuthentication object from a source stream.
:param stream: Source data stream
:type stream: io.BytesIO
:param algorithm: The AlgorithmSuite object type contained in the header
:type algorith: aws_encryption_sdk.identifiers.AlgorithmSuite
:param verifier: Signature verifier object (optional)
:type verifier: aws_encryption_sdk.internal.crypto.Verifier
:returns: Deserialized MessageHeaderAuthentication object
:rtype: aws_encryption_sdk.internal.structures.MessageHeaderAuthentication
"""
_LOGGER.debug("Starting header auth deserialization")
format_string = ">{iv_len}s{tag_len}s".format(iv_len=algorithm.iv_len, tag_len=algorithm.tag_len)
return MessageHeaderAuthentication(*unpack_values(format_string, stream, verifier))
def _deserialize_header_auth_v2(stream, algorithm, verifier=None):
"""Deserializes a MessageHeaderAuthentication object from a source stream in serialization version V1.
:param stream: Source data stream
:type stream: io.BytesIO
:param algorithm: The AlgorithmSuite object type contained in the header
:type algorith: aws_encryption_sdk.identifiers.AlgorithmSuite
:param verifier: Signature verifier object (optional)
:type verifier: aws_encryption_sdk.internal.crypto.Verifier
:returns: Deserialized MessageHeaderAuthentication object
:rtype: aws_encryption_sdk.internal.structures.MessageHeaderAuthentication
"""
format_string = ">{tag_len}s".format(tag_len=algorithm.tag_len)
(tag, ) = unpack_values(format_string, stream, verifier)
iv = algorithm.header_auth_iv
return MessageHeaderAuthentication(tag=tag, iv=iv)
algorithm=Algorithm.AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384,
message_id=VALUES["message_id_32_byte"],
encryption_context=VALUES["updated_encryption_context"],
encrypted_data_keys=set([
EncryptedDataKey(
key_provider=VALUES["data_keys"][0].key_provider,
encrypted_data_key=VALUES["data_keys"][0].encrypted_data_key,
)
]),
content_type=ContentType.FRAMED_DATA,
frame_length=32,
commitment_key=six.
b("\x00\xfa\x8c\xdd\x08Au\xc6\x92_4\xc5\xfb\x90\xaf\x8f\xa1D\xaf\xcc\xd25\xa8\x0b\x0b\x16\x92\x91W\x01\xb7\x84"
),
)
VALUES["deserialized_header_auth_block"] = MessageHeaderAuthentication(
iv=VALUES["header_auth_base"].iv, tag=VALUES["header_auth_base"].tag)
VALUES["deserialized_header_auth_block_v2"] = MessageHeaderAuthentication(
iv=b"\x00" * 12, tag=VALUES["header_auth_base"].tag)
VALUES["deserialized_body_block"] = MessageNoFrameBody(
iv=VALUES["non_framed_base"].iv,
ciphertext=VALUES["non_framed_base"].ciphertext,
tag=VALUES["non_framed_base"].tag)
VALUES["deserialized_footer"] = MessageFooter(VALUES["signature"])
VALUES["deserialized_empty_footer"] = MessageFooter(b"")
VALUES["deserialized_body_final_frame_single"] = MessageFrameBody(
iv=VALUES["final_frame_base"].iv,
ciphertext=VALUES["final_frame_base"].ciphertext,
tag=VALUES["final_frame_base"].tag,
sequence_number=1,
final_frame=True,
)
version=SerializationVersion.V1,
type=ObjectType.CUSTOMER_AE_DATA,
algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384,
message_id=VALUES['message_id'],
encryption_context=VALUES['updated_encryption_context'],
encrypted_data_keys=set([EncryptedDataKey(
key_provider=VALUES['data_keys'][0].key_provider,
encrypted_data_key=VALUES['data_keys'][0].encrypted_data_key
)]),
content_type=ContentType.FRAMED_DATA,
content_aad_length=0,
header_iv_length=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384.iv_len,
frame_length=32
)
VALUES['deserialized_header_auth_block'] = MessageHeaderAuthentication(
iv=VALUES['header_auth_base'].iv,
tag=VALUES['header_auth_base'].tag
)
VALUES['deserialized_body_block'] = MessageNoFrameBody(
iv=VALUES['non_framed_base'].iv,
ciphertext=VALUES['non_framed_base'].ciphertext,
tag=VALUES['non_framed_base'].tag
)
VALUES['deserialized_footer'] = MessageFooter(VALUES['signature'])
VALUES['deserialized_empty_footer'] = MessageFooter(b'')
VALUES['deserialized_body_final_frame_single'] = MessageFrameBody(
iv=VALUES['final_frame_base'].iv,
ciphertext=VALUES['final_frame_base'].ciphertext,
tag=VALUES['final_frame_base'].tag,
sequence_number=1,
final_frame=True
)
def test_message_header_auth_succeeds():
MessageHeaderAuthentication(iv=b'', tag=b'')
def test_message_header_auth_fails(iv, tag):
with pytest.raises(TypeError):
MessageHeaderAuthentication(iv=iv, tag=tag)