inline encrypt and decrypt

RitvikKapila · RitvikKapila · commit 67d866f9c9cc · 2024-06-07T12:39:33.000-07:00
diff --git a/examples/src/migration/README.rst b/examples/src/migration/README.rst
@@ -2,7 +2,7 @@
 Migration Examples
 ##################
 
-The native Python ESDK now uses the `AWS Cryptographic Material Providers Library`_,
+The `Encryption SDK for Python`_ now uses the `AWS Cryptographic Material Providers Library`_,
 which introduces keyrings in place of Master Key Providers. The MPL abstracts lower
 level cryptographic materials management of encryption and decryption materials.
 
@@ -15,4 +15,5 @@ of the ESDK. Here is the list of examples:
 3. Migration example for Raw RSA keys
 4. Setting a 'CommitmentPolicy' during migration
 
-.. _AWS Cryptographic Material Providers Library: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html
+.. _AWS Cryptographic Material Providers Library: https://github.com/aws/aws-cryptographic-material-providers-library
+.. _Encryption SDK for Python: https://github.com/aws/aws-encryption-sdk-python/tree/9c34aad60fc918c1a9186ec5215a451e8bfd0f65
diff --git a/examples/src/migration/migration_aws_kms_key_example.py b/examples/src/migration/migration_aws_kms_key_example.py
@@ -40,21 +40,9 @@
 }
 
 
-def create_kms_client(aws_region="us-west-2"):
-    """Create an AWS KMS client.
-
-    Usage: create_kms_client(aws_region)
-    :param aws_region: AWS region to use for KMS client.
-    :type aws_region: string
-    """
-    # Create a boto3 client for KMS.
-    kms_client = boto3.client('kms', region_name=aws_region)
-
-    return kms_client
-
-
 def create_keyring(
-    kms_key_id: str
+    kms_key_id: str,
+    aws_region="us-west-2"
 ):
     """Demonstrate how to create an AWS KMS keyring.
 
@@ -66,7 +54,7 @@ def create_keyring(
     https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
     """
     # Create a boto3 client for KMS.
-    kms_client = create_kms_client()
+    kms_client = boto3.client('kms', region_name=aws_region)
 
     # Create a KMS keyring
     mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders(
@@ -85,53 +73,6 @@ def create_keyring(
     return keyring
 
 
-def encrypt_using_keyring(
-    plaintext_data: bytes,
-    keyring: IKeyring,
-    client: aws_encryption_sdk.EncryptionSDKClient
-):
-    """Demonstrate how to encrypt plaintext data using an AWS KMS keyring.
-
-    Usage: encrypt_using_keyring(plaintext_data, keyring)
-    :param plaintext_data: plaintext data you want to encrypt
-    :type: bytes
-    :param keyring: Keyring to use for encryption.
-    :type keyring: IKeyring
-    :param client: AWS Encryption SDK client.
-    :type client: aws_encryption_sdk.EncryptionSDKClient
-    """
-    ciphertext_data, _ = client.encrypt(
-        source=plaintext_data,
-        keyring=keyring,
-        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
-    )
-
-    return ciphertext_data
-
-
-def decrypt_using_keyring(
-    ciphertext_data: bytes,
-    keyring: IKeyring,
-    client: aws_encryption_sdk.EncryptionSDKClient
-):
-    """Demonstrate how to decrypt ciphertext data using an AWS KMS keyring.
-
-    Usage: decrypt_using_keyring(ciphertext_data, keyring)
-    :param ciphertext_data: ciphertext data you want to decrypt
-    :type: bytes
-    :param keyring: Keyring to use for decryption.
-    :type keyring: IKeyring
-    :param client: AWS Encryption SDK client.
-    :type client: aws_encryption_sdk.EncryptionSDKClient
-    """
-    decrypted_plaintext_data, _ = client.decrypt(
-        source=ciphertext_data,
-        keyring=keyring
-    )
-
-    return decrypted_plaintext_data
-
-
 def create_key_provider(
     kms_key_id: str
 ):
@@ -152,53 +93,6 @@ def create_key_provider(
     return key_provider
 
 
-def encrypt_using_key_provider(
-    plaintext_data: bytes,
-    key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider,
-    client: aws_encryption_sdk.EncryptionSDKClient
-):
-    """Demonstrate how to encrypt plaintext data using an AWS KMS master key provider.
-
-    Usage: encrypt_using_key_provider(plaintext_data, key_provider)
-    :param plaintext_data: plaintext data you want to encrypt
-    :type: bytes
-    :param key_provider: Master key provider to use for encryption.
-    :type key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider
-    :param client: AWS Encryption SDK client.
-    :type client: aws_encryption_sdk.EncryptionSDKClient
-    """
-    ciphertext_data, _ = client.encrypt(
-        source=plaintext_data,
-        key_provider=key_provider,
-        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
-    )
-
-    return ciphertext_data
-
-
-def decrypt_using_key_provider(
-    ciphertext_data: bytes,
-    key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider,
-    client: aws_encryption_sdk.EncryptionSDKClient
-):
-    """Demonstrate how to decrypt ciphertext data using an AWS KMS master key provider.
-
-    Usage: decrypt_using_key_provider(ciphertext_data, key_provider)
-    :param ciphertext_data: ciphertext data you want to decrypt
-    :type: bytes
-    :param key_provider: Master key provider to use for decryption.
-    :type key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider
-    :param client: AWS Encryption SDK client.
-    :type client: aws_encryption_sdk.EncryptionSDKClient
-    """
-    decrypted_plaintext_data, _ = client.decrypt(
-        source=ciphertext_data,
-        key_provider=key_provider
-    )
-
-    return decrypted_plaintext_data
-
-
 def migration_aws_kms_key(
     kms_key_id: str
 ):
@@ -221,17 +115,17 @@ def migration_aws_kms_key(
     aws_kms_master_key_provider = create_key_provider(kms_key_id=kms_key_id)
 
     # 2a. Encrypt EXAMPLE_DATA using AWS KMS Keyring
-    ciphertext_keyring = encrypt_using_keyring(
-        plaintext_data=EXAMPLE_DATA,
+    ciphertext_keyring, _ = client.encrypt(
+        source=EXAMPLE_DATA,
         keyring=aws_kms_keyring,
-        client=client
+        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
     )
 
     # 2b. Encrypt EXAMPLE_DATA using AWS KMS Master Key Provider
-    ciphertext_mkp = encrypt_using_key_provider(
-        plaintext_data=EXAMPLE_DATA,
+    ciphertext_mkp, _ = client.encrypt(
+        source=EXAMPLE_DATA,
         key_provider=aws_kms_master_key_provider,
-        client=client
+        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
     )
 
     # Note: The ciphertexts obtained by encrypting EXAMPLE_DATA using keyring and MKP
@@ -241,16 +135,14 @@ def migration_aws_kms_key(
 
     # 3. Decrypt the ciphertext_keyring using both the keyring and MKP and ensure the
     # resulting plaintext is the same and also equal to EXAMPLE_DATA
-    decrypted_ciphertext_keyring_using_keyring = decrypt_using_keyring(
-        ciphertext_data=ciphertext_keyring,
-        keyring=aws_kms_keyring,
-        client=client
+    decrypted_ciphertext_keyring_using_keyring, _ = client.decrypt(
+        source=ciphertext_keyring,
+        keyring=aws_kms_keyring
     )
 
-    decrypted_ciphertext_keyring_using_mkp = decrypt_using_key_provider(
-        ciphertext_data=ciphertext_keyring,
-        key_provider=aws_kms_master_key_provider,
-        client=client
+    decrypted_ciphertext_keyring_using_mkp, _ = client.decrypt(
+        source=ciphertext_keyring,
+        key_provider=aws_kms_master_key_provider
     )
 
     assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \
@@ -259,16 +151,14 @@ def migration_aws_kms_key(
 
     # 4. Decrypt the ciphertext_mkp using both the keyring and MKP and ensure the
     # resulting plaintext is the same and also equal to EXAMPLE_DATA
-    decrypted_ciphertext_mkp_using_keyring = decrypt_using_keyring(
-        ciphertext_data=ciphertext_mkp,
-        keyring=aws_kms_keyring,
-        client=client
+    decrypted_ciphertext_mkp_using_keyring, _ = client.decrypt(
+        source=ciphertext_mkp,
+        keyring=aws_kms_keyring
     )
 
-    decrypted_ciphertext_mkp_using_mkp = decrypt_using_key_provider(
-        ciphertext_data=ciphertext_mkp,
-        key_provider=aws_kms_master_key_provider,
-        client=client
+    decrypted_ciphertext_mkp_using_mkp, _ = client.decrypt(
+        source=ciphertext_mkp,
+        key_provider=aws_kms_master_key_provider
     )
 
     assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \
diff --git a/examples/src/migration/migration_raw_aes_key_example.py b/examples/src/migration/migration_raw_aes_key_example.py
@@ -80,51 +80,6 @@ def create_keyring():
     return keyring
 
 
-def encrypt_using_keyring(
-    plaintext_data: bytes,
-    keyring: IKeyring
-):
-    """Demonstrate how to encrypt plaintext data using a Raw AES keyring.
-
-    Usage: encrypt_using_keyring(plaintext_data, keyring)
-    :param plaintext_data: plaintext data you want to encrypt
-    :type: bytes
-    :param keyring: Keyring to use for encryption.
-    :type keyring: IKeyring
-    """
-    client = aws_encryption_sdk.EncryptionSDKClient()
-
-    ciphertext_data, _ = client.encrypt(
-        source=plaintext_data,
-        keyring=keyring,
-        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
-    )
-
-    return ciphertext_data
-
-
-def decrypt_using_keyring(
-    ciphertext_data: bytes,
-    keyring: IKeyring
-):
-    """Demonstrate how to decrypt ciphertext data using a Raw AES keyring.
-
-    Usage: decrypt_using_keyring(ciphertext_data, keyring)
-    :param ciphertext_data: ciphertext data you want to decrypt
-    :type: bytes
-    :param keyring: Keyring to use for decryption.
-    :type keyring: IKeyring
-    """
-    client = aws_encryption_sdk.EncryptionSDKClient()
-
-    decrypted_plaintext_data, _ = client.decrypt(
-        source=ciphertext_data,
-        keyring=keyring
-    )
-
-    return decrypted_plaintext_data
-
-
 # This is a helper class necessary for the Raw AES master key provider
 class StaticRandomMasterKeyProvider(RawMasterKeyProvider):
     """Generates 256-bit keys for each unique key ID."""
@@ -173,72 +128,31 @@ def create_key_provider():
     return key_provider
 
 
-def encrypt_using_key_provider(
-    plaintext_data: bytes,
-    key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider
-):
-    """Demonstrate how to encrypt plaintext data using a Raw AES master key provider.
-
-    Usage: encrypt_using_key_provider(plaintext_data, key_provider)
-    :param plaintext_data: plaintext data you want to encrypt
-    :type: bytes
-    :param key_provider: Master key provider to use for encryption.
-    :type key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider
-    """
-    client = aws_encryption_sdk.EncryptionSDKClient()
-
-    ciphertext_data, _ = client.encrypt(
-        source=plaintext_data,
-        key_provider=key_provider,
-        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
-    )
-
-    return ciphertext_data
-
-
-def decrypt_using_key_provider(
-    ciphertext_data: bytes,
-    key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider
-):
-    """Demonstrate how to decrypt ciphertext data using a Raw AES master key provider.
-
-    Usage: decrypt_using_key_provider(ciphertext_data, key_provider)
-    :param ciphertext_data: ciphertext data you want to decrypt
-    :type: bytes
-    :param key_provider: Master key provider to use for decryption.
-    :type key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider
-    """
-    client = aws_encryption_sdk.EncryptionSDKClient()
-
-    decrypted_plaintext_data, _ = client.decrypt(
-        source=ciphertext_data,
-        key_provider=key_provider
-    )
-
-    return decrypted_plaintext_data
-
-
 def migration_raw_aes_key():
     """Demonstrate a migration example for moving to a Raw AES keyring from Raw AES MKP.
 
     Usage: migration_raw_aes_key()
     """
+    client = aws_encryption_sdk.EncryptionSDKClient()
+
     # 1a. Create a Raw AES Keyring
     raw_aes_keyring = create_keyring()
 
     # 1b. Create a Raw AES Master Key Provider
     raw_aes_master_key_provider = create_key_provider()
 
     # 2a. Encrypt EXAMPLE_DATA using Raw AES Keyring
-    ciphertext_keyring = encrypt_using_keyring(
-        plaintext_data=EXAMPLE_DATA,
-        keyring=raw_aes_keyring
+    ciphertext_keyring, _ = client.encrypt(
+        source=EXAMPLE_DATA,
+        keyring=raw_aes_keyring,
+        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
     )
 
     # 2b. Encrypt EXAMPLE_DATA using Raw AES Master Key Provider
-    ciphertext_mkp = encrypt_using_key_provider(
-        plaintext_data=EXAMPLE_DATA,
-        key_provider=raw_aes_master_key_provider
+    ciphertext_mkp, _ = client.encrypt(
+        source=EXAMPLE_DATA,
+        key_provider=raw_aes_master_key_provider,
+        encryption_context=DEFAULT_ENCRYPTION_CONTEXT
     )
 
     # Note: The ciphertexts obtained by encrypting EXAMPLE_DATA using keyring and MKP
@@ -248,13 +162,13 @@ def migration_raw_aes_key():
 
     # 3. Decrypt the ciphertext_keyring using both the keyring and MKP and ensure the
     # resulting plaintext is the same and also equal to EXAMPLE_DATA
-    decrypted_ciphertext_keyring_using_keyring = decrypt_using_keyring(
-        ciphertext_data=ciphertext_keyring,
+    decrypted_ciphertext_keyring_using_keyring, _ = client.decrypt(
+        source=ciphertext_keyring,
         keyring=raw_aes_keyring
     )
 
-    decrypted_ciphertext_keyring_using_mkp = decrypt_using_key_provider(
-        ciphertext_data=ciphertext_keyring,
+    decrypted_ciphertext_keyring_using_mkp, _ = client.decrypt(
+        source=ciphertext_keyring,
         key_provider=raw_aes_master_key_provider
     )
 
diff --git a/examples/src/migration/migration_raw_rsa_key_example.py b/examples/src/migration/migration_raw_rsa_key_example.py
