def test_no_decryption_key_but_decryption_requested(actions,
parametrized_item):
encryption_key = JceNameLocalDelegatedKey.generate("AES", 256)
signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
encrypting_cmp = StaticCryptographicMaterialsProvider(
encryption_materials=RawEncryptionMaterials(
encryption_key=encryption_key, signing_key=signing_key))
decrypting_cmp = StaticCryptographicMaterialsProvider(
decryption_materials=RawDecryptionMaterials(
verification_key=signing_key))
encrypted_item = encrypt_python_item(
parametrized_item,
CryptoConfig(materials_provider=encrypting_cmp,
encryption_context=EncryptionContext(),
attribute_actions=actions),
)
with pytest.raises(DecryptionError) as excinfo:
decrypt_python_item(
encrypted_item,
CryptoConfig(materials_provider=decrypting_cmp,
encryption_context=EncryptionContext(),
attribute_actions=actions),
)
excinfo.match(
"Attribute actions ask for some attributes to be decrypted but no decryption key is available"
)
def decryption_materials(self, encryption_context):
# type: (EncryptionContext) -> RawDecryptionMaterials
"""Provide decryption materials.
:param EncryptionContext encryption_context: Encryption context for request
:returns: Encryption materials
:rtype: RawDecryptionMaterials
"""
decryption_material_description = encryption_context.material_description.copy(
)
initial_material = self._decrypt_initial_material(encryption_context)
signing_key_info = KeyInfo.from_material_description(
material_description=encryption_context.material_description,
description_key=MaterialDescriptionKeys.ITEM_SIGNATURE_ALGORITHM.
value,
default_algorithm=_DEFAULT_SIGNING_ALGORITHM,
default_key_length=_DEFAULT_SIGNING_KEY_LENGTH,
)
decryption_key_info = KeyInfo.from_material_description(
material_description=encryption_context.material_description,
description_key=MaterialDescriptionKeys.
CONTENT_ENCRYPTION_ALGORITHM.value,
default_algorithm=_DEFAULT_CONTENT_ENCRYPTION_ALGORITHM,
default_key_length=_DEFAULT_CONTENT_KEY_LENGTH,
)
return RawDecryptionMaterials(
verification_key=self._mac_key(initial_material, signing_key_info),
decryption_key=self._encryption_key(initial_material,
decryption_key_info),
material_description=decryption_material_description,
)
def _build_static_cmp(decrypt_key, verify_key):
decryption_key = _load_key(decrypt_key)
verification_key = _load_signing_key(verify_key)
decryption_materials = RawDecryptionMaterials(
decryption_key=decryption_key, verification_key=verification_key)
return StaticCryptographicMaterialsProvider(
decryption_materials=decryption_materials)
def test_no_decryption_key():
verification_key = JceNameLocalDelegatedKey.generate('HmacSHA512', 256)
decryption_materials = RawDecryptionMaterials(
verification_key=verification_key)
with pytest.raises(AttributeError) as excinfo:
decryption_materials.decryption_key
excinfo.match('No decryption key available')
def build_static_jce_cmp(encryption_algorithm, encryption_key_length, signing_algorithm, signing_key_length):
"""Build a StaticCryptographicMaterialsProvider using ephemeral JceNameLocalDelegatedKeys as specified."""
encryption_key = _get_from_cache(JceNameLocalDelegatedKey, encryption_algorithm, encryption_key_length)
authentication_key = _get_from_cache(JceNameLocalDelegatedKey, signing_algorithm, signing_key_length)
encryption_materials = RawEncryptionMaterials(signing_key=authentication_key, encryption_key=encryption_key)
decryption_materials = RawDecryptionMaterials(verification_key=authentication_key, decryption_key=encryption_key)
return StaticCryptographicMaterialsProvider(
encryption_materials=encryption_materials, decryption_materials=decryption_materials
)
def _build_static_cmp(encrypt_key, decrypt_key, sign_key, verify_key):
encryption_key = _load_key(encrypt_key)
decryption_key = _load_key(decrypt_key)
verification_key = _load_signing_key(verify_key)
signing_key = _load_signing_key(sign_key)
decryption_materials = RawDecryptionMaterials(decryption_key=decryption_key, verification_key=verification_key)
encryption_materials = RawEncryptionMaterials(encryption_key=encryption_key, signing_key=signing_key)
return StaticCryptographicMaterialsProvider(
decryption_materials=decryption_materials, encryption_materials=encryption_materials
)
def test_only_sign_item(parametrized_item):
signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
cmp = StaticCryptographicMaterialsProvider(
encryption_materials=RawEncryptionMaterials(signing_key=signing_key),
decryption_materials=RawDecryptionMaterials(verification_key=signing_key),
)
actions = AttributeActions(default_action=CryptoAction.SIGN_ONLY)
crypto_config = CryptoConfig(
materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
)
signed_item = encrypt_python_item(parametrized_item, crypto_config)
material_description = signed_item[ReservedAttributes.MATERIAL_DESCRIPTION.value].value
assert MaterialDescriptionKeys.ATTRIBUTE_ENCRYPTION_MODE.value.encode("utf-8") not in material_description
decrypt_python_item(signed_item, crypto_config)