示例#1
0
def test_no_decryption_key_but_decryption_requested(actions,
                                                    parametrized_item):
    encryption_key = JceNameLocalDelegatedKey.generate("AES", 256)
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    encrypting_cmp = StaticCryptographicMaterialsProvider(
        encryption_materials=RawEncryptionMaterials(
            encryption_key=encryption_key, signing_key=signing_key))
    decrypting_cmp = StaticCryptographicMaterialsProvider(
        decryption_materials=RawDecryptionMaterials(
            verification_key=signing_key))

    encrypted_item = encrypt_python_item(
        parametrized_item,
        CryptoConfig(materials_provider=encrypting_cmp,
                     encryption_context=EncryptionContext(),
                     attribute_actions=actions),
    )

    with pytest.raises(DecryptionError) as excinfo:
        decrypt_python_item(
            encrypted_item,
            CryptoConfig(materials_provider=decrypting_cmp,
                         encryption_context=EncryptionContext(),
                         attribute_actions=actions),
        )

    excinfo.match(
        "Attribute actions ask for some attributes to be decrypted but no decryption key is available"
    )
示例#2
0
    def encryption_materials(self, encryption_context):
        # type: (EncryptionContext) -> RawEncryptionMaterials
        """Provide encryption materials.

        :param EncryptionContext encryption_context: Encryption context for request
        :returns: Encryption materials
        :rtype: RawEncryptionMaterials
        """
        initial_material, encrypted_initial_material = self._generate_initial_material(
            encryption_context)
        encryption_material_description = encryption_context.material_description.copy(
        )
        encryption_material_description.update({
            _COVERED_ATTR_CTX_KEY:
            _KEY_COVERAGE,
            MaterialDescriptionKeys.CONTENT_KEY_WRAPPING_ALGORITHM.value:
            "kms",
            MaterialDescriptionKeys.CONTENT_ENCRYPTION_ALGORITHM.value:
            self._content_key_info.description,
            MaterialDescriptionKeys.ITEM_SIGNATURE_ALGORITHM.value:
            self._signing_key_info.description,
            MaterialDescriptionKeys.WRAPPED_DATA_KEY.value:
            to_str(base64.b64encode(encrypted_initial_material)),
        })
        return RawEncryptionMaterials(
            signing_key=self._mac_key(initial_material,
                                      self._signing_key_info),
            encryption_key=self._encryption_key(initial_material,
                                                self._content_key_info),
            material_description=encryption_material_description,
        )
示例#3
0
def test_no_encryption_key():
    signing_key = JceNameLocalDelegatedKey.generate('HmacSHA512', 256)
    encryption_materials = RawEncryptionMaterials(signing_key=signing_key)

    with pytest.raises(AttributeError) as excinfo:
        encryption_materials.encryption_key

    excinfo.match('No encryption key available')
示例#4
0
def build_static_jce_cmp(encryption_algorithm, encryption_key_length, signing_algorithm, signing_key_length):
    """Build a StaticCryptographicMaterialsProvider using ephemeral JceNameLocalDelegatedKeys as specified."""
    encryption_key = _get_from_cache(JceNameLocalDelegatedKey, encryption_algorithm, encryption_key_length)
    authentication_key = _get_from_cache(JceNameLocalDelegatedKey, signing_algorithm, signing_key_length)
    encryption_materials = RawEncryptionMaterials(signing_key=authentication_key, encryption_key=encryption_key)
    decryption_materials = RawDecryptionMaterials(verification_key=authentication_key, decryption_key=encryption_key)
    return StaticCryptographicMaterialsProvider(
        encryption_materials=encryption_materials, decryption_materials=decryption_materials
    )
示例#5
0
def _build_static_cmp(encrypt_key, decrypt_key, sign_key, verify_key):
    encryption_key = _load_key(encrypt_key)
    decryption_key = _load_key(decrypt_key)
    verification_key = _load_signing_key(verify_key)
    signing_key = _load_signing_key(sign_key)
    decryption_materials = RawDecryptionMaterials(decryption_key=decryption_key, verification_key=verification_key)
    encryption_materials = RawEncryptionMaterials(encryption_key=encryption_key, signing_key=signing_key)
    return StaticCryptographicMaterialsProvider(
        decryption_materials=decryption_materials, encryption_materials=encryption_materials
    )
示例#6
0
def test_no_encryption_key_but_encryption_requested(actions, parametrized_item):
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    cmp = StaticCryptographicMaterialsProvider(encryption_materials=RawEncryptionMaterials(signing_key=signing_key))
    crypto_config = CryptoConfig(
        materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
    )

    with pytest.raises(EncryptionError) as excinfo:
        encrypt_python_item(parametrized_item, crypto_config)

    excinfo.match("Attribute actions ask for some attributes to be encrypted but no encryption key is available")
示例#7
0
def test_only_sign_item(parametrized_item):
    signing_key = JceNameLocalDelegatedKey.generate("HmacSHA256", 256)
    cmp = StaticCryptographicMaterialsProvider(
        encryption_materials=RawEncryptionMaterials(signing_key=signing_key),
        decryption_materials=RawDecryptionMaterials(verification_key=signing_key),
    )
    actions = AttributeActions(default_action=CryptoAction.SIGN_ONLY)
    crypto_config = CryptoConfig(
        materials_provider=cmp, encryption_context=EncryptionContext(), attribute_actions=actions
    )

    signed_item = encrypt_python_item(parametrized_item, crypto_config)
    material_description = signed_item[ReservedAttributes.MATERIAL_DESCRIPTION.value].value
    assert MaterialDescriptionKeys.ATTRIBUTE_ENCRYPTION_MODE.value.encode("utf-8") not in material_description

    decrypt_python_item(signed_item, crypto_config)