-
Notifications
You must be signed in to change notification settings - Fork 86
/
Copy path__init__.py
111 lines (88 loc) · 5.02 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
"""Primitive structures for use when interacting with crypto material managers.
.. versionadded:: 1.3.0
"""
import attr
import six
from ..identifiers import Algorithm, CommitmentPolicy
from ..internal.utils.streams import ROStream
from ..structures import DataKey
@attr.s(hash=False)
class EncryptionMaterialsRequest(object):
"""Request object to provide to a crypto material manager's `get_encryption_materials` method.
.. versionadded:: 1.3.0
.. warning::
If plaintext_rostream seek position is modified, it must be returned before leaving method.
:param dict encryption_context: Encryption context passed to underlying master key provider and master keys
:param int frame_length: Frame length to be used while encrypting stream
:param plaintext_rostream: Source plaintext read-only stream (optional)
:type plaintext_rostream: aws_encryption_sdk.internal.utils.streams.ROStream
:param algorithm: Algorithm passed to underlying master key provider and master keys (optional)
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param int plaintext_length: Length of source plaintext (optional)
"""
encryption_context = attr.ib(validator=attr.validators.instance_of(dict))
frame_length = attr.ib(validator=attr.validators.instance_of(six.integer_types))
commitment_policy = attr.ib(
default=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT,
validator=attr.validators.optional(attr.validators.instance_of(CommitmentPolicy)),
)
plaintext_rostream = attr.ib(
default=None, validator=attr.validators.optional(attr.validators.instance_of(ROStream))
)
algorithm = attr.ib(default=None, validator=attr.validators.optional(attr.validators.instance_of(Algorithm)))
plaintext_length = attr.ib(
default=None, validator=attr.validators.optional(attr.validators.instance_of(six.integer_types))
)
@attr.s(hash=False)
class EncryptionMaterials(object):
"""Encryption materials returned by a crypto material manager's `get_encryption_materials` method.
.. versionadded:: 1.3.0
:param algorithm: Algorithm to use for encrypting message
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param data_encryption_key: Plaintext data key to use for encrypting message
:type data_encryption_key: aws_encryption_sdk.structures.DataKey
:param encrypted_data_keys: List of encrypted data keys
:type encrypted_data_keys: list of `aws_encryption_sdk.structures.EncryptedDataKey`
:param dict encryption_context: Encryption context tied to `encrypted_data_keys`
:param bytes signing_key: Encoded signing key
"""
algorithm = attr.ib(validator=attr.validators.instance_of(Algorithm))
data_encryption_key = attr.ib(validator=attr.validators.instance_of(DataKey))
encrypted_data_keys = attr.ib(validator=attr.validators.instance_of(set))
encryption_context = attr.ib(validator=attr.validators.instance_of(dict))
signing_key = attr.ib(default=None, validator=attr.validators.optional(attr.validators.instance_of(bytes)))
@attr.s(hash=False)
class DecryptionMaterialsRequest(object):
"""Request object to provide to a crypto material manager's `decrypt_materials` method.
.. versionadded:: 1.3.0
:param algorithm: Algorithm to provide to master keys for underlying decrypt requests
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param encrypted_data_keys: Set of encrypted data keys
:type encrypted_data_keys: set of `aws_encryption_sdk.structures.EncryptedDataKey`
:param dict encryption_context: Encryption context to provide to master keys for underlying decrypt requests
:param dict reproduced_encryption_context: Encryption context to provide on decrypt.
This is ONLY processed if using a CMM from the aws-cryptographic-material-providers library.
"""
algorithm = attr.ib(validator=attr.validators.instance_of(Algorithm))
encrypted_data_keys = attr.ib(validator=attr.validators.instance_of(set))
encryption_context = attr.ib(validator=attr.validators.instance_of(dict))
reproduced_encryption_context = attr.ib(
default=None,
validator=attr.validators.optional(attr.validators.instance_of(dict))
)
commitment_policy = attr.ib(
default=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT,
validator=attr.validators.optional(attr.validators.instance_of(CommitmentPolicy)),
)
@attr.s(hash=False)
class DecryptionMaterials(object):
"""Decryption materials returned by a crypto material manager's `decrypt_materials` method.
.. versionadded:: 1.3.0
:param data_key: Plaintext data key to use with message decryption
:type data_key: aws_encryption_sdk.structures.DataKey
:param bytes verification_key: Raw signature verification key
"""
data_key = attr.ib(validator=attr.validators.instance_of(DataKey))
verification_key = attr.ib(default=None, validator=attr.validators.optional(attr.validators.instance_of(bytes)))