-
Notifications
You must be signed in to change notification settings - Fork 86
/
Copy pathstructures.py
114 lines (91 loc) · 4.82 KB
/
structures.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
"""Public data structures for aws_encryption_sdk."""
import attr
import six
import aws_encryption_sdk.identifiers
from aws_encryption_sdk.internal.str_ops import to_bytes, to_str
@attr.s(hash=True)
class MessageHeader(object):
# pylint: disable=too-many-instance-attributes
"""Deserialized message header object.
:param version: Message format version, per spec
:type version: aws_encryption_sdk.identifiers.SerializationVersion
:param type: Message content type, per spec
:type type: aws_encryption_sdk.identifiers.ObjectType
:param algorithm: Algorithm to use for encryption
:type algorithm: aws_encryption_sdk.identifiers.Algorithm
:param bytes message_id: Message ID
:param dict encryption_context: Dictionary defining encryption context
:param encrypted_data_keys: Encrypted data keys
:type encrypted_data_keys: set of :class:`aws_encryption_sdk.structures.EncryptedDataKey`
:param content_type: Message content framing type (framed/non-framed)
:type content_type: aws_encryption_sdk.identifiers.ContentType
:param bytes content_aad_length: empty
:param int header_iv_length: Bytes in Initialization Vector value found in header
:param int frame_length: Length of message frame in bytes
"""
version = attr.ib(
hash=True, validator=attr.validators.instance_of(aws_encryption_sdk.identifiers.SerializationVersion)
)
algorithm = attr.ib(hash=True, validator=attr.validators.instance_of(aws_encryption_sdk.identifiers.Algorithm))
message_id = attr.ib(hash=True, validator=attr.validators.instance_of(bytes))
encryption_context = attr.ib(hash=True, validator=attr.validators.instance_of(dict))
encrypted_data_keys = attr.ib(hash=True, validator=attr.validators.instance_of(set))
content_type = attr.ib(hash=True, validator=attr.validators.instance_of(aws_encryption_sdk.identifiers.ContentType))
frame_length = attr.ib(hash=True, validator=attr.validators.instance_of(six.integer_types))
# Only present in SerializationVersion.V1
type = attr.ib(
hash=True,
default=None,
validator=attr.validators.optional(attr.validators.instance_of(aws_encryption_sdk.identifiers.ObjectType)),
)
content_aad_length = attr.ib(
hash=True,
default=None,
validator=attr.validators.optional(attr.validators.optional(attr.validators.instance_of(six.integer_types))),
)
header_iv_length = attr.ib(
hash=True, default=None, validator=attr.validators.optional(attr.validators.instance_of(six.integer_types))
)
# Only present in SerializationVersion.V2 with certain algorithm suites
commitment_key = attr.ib(
hash=True, default=None, validator=attr.validators.optional(attr.validators.instance_of(bytes))
)
@attr.s(hash=True)
class MasterKeyInfo(object):
"""Contains information necessary to identify a Master Key.
:param str provider_id: MasterKey provider_id value
:param bytes key_info: MasterKey key_info value
"""
provider_id = attr.ib(hash=True, validator=attr.validators.instance_of((six.string_types, bytes)), converter=to_str)
key_info = attr.ib(hash=True, validator=attr.validators.instance_of((six.string_types, bytes)), converter=to_bytes)
@attr.s(hash=True)
class RawDataKey(object):
"""Hold only the unencrypted copy of a data key.
:param key_provider: Key Provider information
:type key_provider: aws_encryption_sdk.structures.MasterKeyInfo
:param bytes data_key: Plaintext data key
"""
key_provider = attr.ib(hash=True, validator=attr.validators.instance_of(MasterKeyInfo))
data_key = attr.ib(hash=True, repr=False, validator=attr.validators.instance_of(bytes))
@attr.s(hash=True)
class DataKey(object):
"""Holds both the encrypted and unencrypted copies of a data key.
:param key_provider: Key Provider information
:type key_provider: aws_encryption_sdk.structures.MasterKeyInfo
:param bytes data_key: Plaintext data key
:param bytes encrypted_data_key: Encrypted data key
"""
key_provider = attr.ib(hash=True, validator=attr.validators.instance_of(MasterKeyInfo))
data_key = attr.ib(hash=True, repr=False, validator=attr.validators.instance_of(bytes))
encrypted_data_key = attr.ib(hash=True, validator=attr.validators.instance_of(bytes))
@attr.s(hash=True)
class EncryptedDataKey(object):
"""Holds only the encrypted copy of a data key.
:param key_provider: Key Provider information
:type key_provider: aws_encryption_sdk.structures.MasterKeyInfo
:param bytes encrypted_data_key: Encrypted data key
"""
key_provider = attr.ib(hash=True, validator=attr.validators.instance_of(MasterKeyInfo))
encrypted_data_key = attr.ib(hash=True, validator=attr.validators.instance_of(bytes))