From 47b70ffd4a1c64b7e36992da0ff77fcaf800598d Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 11:57:02 -0700 Subject: [PATCH 01/14] Adding example one_kms_cmk --- examples/src/one_kms_cmk.py | 31 +++++++++++++++++++++++++++ examples/test/test_i_one_kms_cmk.py | 33 +++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 examples/src/one_kms_cmk.py create mode 100644 examples/test/test_i_one_kms_cmk.py diff --git a/examples/src/one_kms_cmk.py b/examples/src/one_kms_cmk.py new file mode 100644 index 000000000..bf018b07c --- /dev/null +++ b/examples/src/one_kms_cmk.py @@ -0,0 +1,31 @@ +import aws_encryption_sdk + + +def encrypt_decrypt(key_arn, source_plaintext, botocore_session=None): + + kwargs = dict(key_ids=[key_arn]) + + if botocore_session is not None: + kwargs["botocore_session"] = botocore_session + + # Create master key provider using the ARN of the key and the session (botocore_session) + kms_key_provider = aws_encryption_sdk.KMSMasterKeyProvider(**kwargs) + + # Encrypt the plaintext using the AWS Encryption SDK. It returns the encrypted message and the header + ciphertext, encrypted_message_header = aws_encryption_sdk.encrypt( + source=source_plaintext, key_provider=kms_key_provider + ) + + # Decrypt the encrypted message using the AWS Encryption SDK. It returns the decrypted message and the header + plaintext, decrypted_message_header = aws_encryption_sdk.decrypt( + source=ciphertext, key_provider=kms_key_provider + ) + + # Check if the original message and the decrypted message are the same + assert source_plaintext == plaintext + + # Check if the headers of the encrypted message and decrypted message match + assert all( + pair in encrypted_message_header.encryption_context.items() + for pair in decrypted_message_header.encryption_context.items() + ) diff --git a/examples/test/test_i_one_kms_cmk.py b/examples/test/test_i_one_kms_cmk.py new file mode 100644 index 000000000..250e87e78 --- /dev/null +++ b/examples/test/test_i_one_kms_cmk.py @@ -0,0 +1,33 @@ +# Copyright 2017-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Unit test suite for the Strings examples in the AWS-hosted documentation.""" +import os + +import botocore.session +import pytest + +from ..src.one_kms_cmk import encrypt_decrypt +from .examples_test_utils import get_cmk_arn + + +pytestmark = [pytest.mark.examples] + + +def test_one_kms_cmk(): + plaintext = os.urandom(1024) + cmk_arn = get_cmk_arn() + encrypt_decrypt( + key_arn=cmk_arn, + source_plaintext=plaintext, + botocore_session=botocore.session.Session(), + ) From d579e713a6a1472d21ab71c7626bd0cbac85a734 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 15:38:18 -0700 Subject: [PATCH 02/14] Changes in one_kms_cmk and made random plaintext static --- examples/src/one_kms_cmk.py | 17 ++++++++++++++--- examples/test/examples_test_utils.py | 4 ++++ examples/test/test_i_basic_encryption.py | 3 ++- ...c_file_encryption_with_multiple_providers.py | 3 ++- ...sic_file_encryption_with_raw_key_provider.py | 3 ++- examples/test/test_i_one_kms_cmk.py | 13 +++++-------- 6 files changed, 29 insertions(+), 14 deletions(-) diff --git a/examples/src/one_kms_cmk.py b/examples/src/one_kms_cmk.py index bf018b07c..9b4203e7c 100644 --- a/examples/src/one_kms_cmk.py +++ b/examples/src/one_kms_cmk.py @@ -1,3 +1,16 @@ +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Example showing basic encryption and decryption using one KMS CMK of a value already in memory.""" import aws_encryption_sdk @@ -17,9 +30,7 @@ def encrypt_decrypt(key_arn, source_plaintext, botocore_session=None): ) # Decrypt the encrypted message using the AWS Encryption SDK. It returns the decrypted message and the header - plaintext, decrypted_message_header = aws_encryption_sdk.decrypt( - source=ciphertext, key_provider=kms_key_provider - ) + plaintext, decrypted_message_header = aws_encryption_sdk.decrypt(source=ciphertext, key_provider=kms_key_provider) # Check if the original message and the decrypted message are the same assert source_plaintext == plaintext diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index 669d8e823..d46008bb5 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -17,4 +17,8 @@ os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) +static_plaintext = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl.' +static_plaintext = str.encode(static_plaintext) + from integration_test_utils import get_cmk_arn # noqa pylint: disable=unused-import,import-error + diff --git a/examples/test/test_i_basic_encryption.py b/examples/test/test_i_basic_encryption.py index db1e9292a..3f635f8ca 100644 --- a/examples/test/test_i_basic_encryption.py +++ b/examples/test/test_i_basic_encryption.py @@ -18,12 +18,13 @@ from ..src.basic_encryption import cycle_string from .examples_test_utils import get_cmk_arn +from .examples_test_utils import static_plaintext pytestmark = [pytest.mark.examples] def test_cycle_string(): - plaintext = os.urandom(1024) + plaintext = static_plaintext cmk_arn = get_cmk_arn() cycle_string(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session()) diff --git a/examples/test/test_i_basic_file_encryption_with_multiple_providers.py b/examples/test/test_i_basic_file_encryption_with_multiple_providers.py index 0f91c2017..282a272ab 100644 --- a/examples/test/test_i_basic_file_encryption_with_multiple_providers.py +++ b/examples/test/test_i_basic_file_encryption_with_multiple_providers.py @@ -19,6 +19,7 @@ from ..src.basic_file_encryption_with_multiple_providers import cycle_file from .examples_test_utils import get_cmk_arn +from .examples_test_utils import static_plaintext pytestmark = [pytest.mark.examples] @@ -28,7 +29,7 @@ def test_cycle_file(): cmk_arn = get_cmk_arn() handle, filename = tempfile.mkstemp() with open(filename, "wb") as f: - f.write(os.urandom(1024)) + f.write(static_plaintext) try: new_files = cycle_file( key_arn=cmk_arn, source_plaintext_filename=filename, botocore_session=botocore.session.Session() diff --git a/examples/test/test_i_basic_file_encryption_with_raw_key_provider.py b/examples/test/test_i_basic_file_encryption_with_raw_key_provider.py index 6b744353e..710c0ccac 100644 --- a/examples/test/test_i_basic_file_encryption_with_raw_key_provider.py +++ b/examples/test/test_i_basic_file_encryption_with_raw_key_provider.py @@ -17,6 +17,7 @@ import pytest from ..src.basic_file_encryption_with_raw_key_provider import cycle_file +from .examples_test_utils import static_plaintext pytestmark = [pytest.mark.examples] @@ -25,7 +26,7 @@ def test_cycle_file(): handle, filename = tempfile.mkstemp() with open(filename, "wb") as f: - f.write(os.urandom(1024)) + f.write(static_plaintext) try: new_files = cycle_file(source_plaintext_filename=filename) for f in new_files: diff --git a/examples/test/test_i_one_kms_cmk.py b/examples/test/test_i_one_kms_cmk.py index 250e87e78..e103d3bbb 100644 --- a/examples/test/test_i_one_kms_cmk.py +++ b/examples/test/test_i_one_kms_cmk.py @@ -1,4 +1,4 @@ -# Copyright 2017-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). You # may not use this file except in compliance with the License. A copy of @@ -10,7 +10,7 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -"""Unit test suite for the Strings examples in the AWS-hosted documentation.""" +"""Unit test suite for the encryption and decryption using one KMS CMK example.""" import os import botocore.session @@ -18,16 +18,13 @@ from ..src.one_kms_cmk import encrypt_decrypt from .examples_test_utils import get_cmk_arn +from .examples_test_utils import static_plaintext pytestmark = [pytest.mark.examples] def test_one_kms_cmk(): - plaintext = os.urandom(1024) + plaintext = static_plaintext cmk_arn = get_cmk_arn() - encrypt_decrypt( - key_arn=cmk_arn, - source_plaintext=plaintext, - botocore_session=botocore.session.Session(), - ) + encrypt_decrypt(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session()) From 1bb655e54c1e4cc7a93210f968f4150c351f34c3 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 15:41:35 -0700 Subject: [PATCH 03/14] Changes in one_kms_cmk and made random plaintext static --- examples/test/examples_test_utils.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index d46008bb5..72cb092cc 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -17,7 +17,7 @@ os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) -static_plaintext = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl.' +static_plaintext = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl. Cras varius tortor non erat sodales, quis congue tellus laoreet. Etiam fermentum purus eu diam sagittis, vitae commodo est vehicula. Nulla feugiat viverra orci vel interdum. Quisque pulvinar elit eget nulla facilisis varius. Mauris at suscipit sem. Aliquam in purus ut velit fringilla volutpat id non mi. Curabitur quis nunc eleifend, ornare lectus non, fringilla quam. Nam maximus volutpat placerat. Nulla ullamcorper lorem velit, nec sagittis ex tristique posuere. Aliquam fringilla magna commodo libero faucibus tempor. Vestibulum non ligula tincidunt, finibus sapien in, sollicitudin ex. Pellentesque congue laoreet mi in condimentum. Cras convallis nisi ac nunc tincidunt venenatis. Suspendisse urna elit, cursus eu lacus a, aliquet porttitor mi. Nulla vel congue nibh, sed condimentum dui. Ut ante ligula, blandit eu finibus nec, scelerisque quis eros. Maecenas gravida odio eget nibh dictum, dictum varius lacus interdum. Integer quis nulla vulputate, rhoncus diam vitae, mollis mauris. Sed ut porttitor dolor. Fusce ut justo a ex bibendum imperdiet nec sit amet magna. Sed ullamcorper luctus augue, tempor viverra elit interdum sed. Cras sit amet arcu eu turpis molestie sollicitudin. Curabitur fermentum varius nibh, ut aliquet nisi. Aliquam id tempus tellus. Nulla porttitor nulla at nibh interdum, quis sollicitudin erat egestas. Ut blandit mauris quis efficitur efficitur. Morbi neque sapien, posuere ut aliquam eget, aliquam at velit. Morbi sit amet rhoncus felis, et hendrerit sem. Nulla porta dictum ligula eget iaculis. Cras lacinia ligula quis risus ultrices, sed consectetur metus imperdiet. Nullam id enim vestibulum nibh ultricies auctor. Morbi neque lacus, faucibus vitae commodo quis, malesuada sed velit.' static_plaintext = str.encode(static_plaintext) from integration_test_utils import get_cmk_arn # noqa pylint: disable=unused-import,import-error From a71f9f3fbce8783dc41da07aa4d0c0ca35bd473c Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Tue, 4 Jun 2019 15:44:17 -0700 Subject: [PATCH 04/14] Update one_kms_cmk.py --- examples/src/one_kms_cmk.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/one_kms_cmk.py b/examples/src/one_kms_cmk.py index 9b4203e7c..0abe22b79 100644 --- a/examples/src/one_kms_cmk.py +++ b/examples/src/one_kms_cmk.py @@ -10,7 +10,7 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -"""Example showing basic encryption and decryption using one KMS CMK of a value already in memory.""" +"""Example showing basic encryption and decryption of a value already in memory using one KMS CMK.""" import aws_encryption_sdk From af6f61d3176cff7e02a3e519c71ba9f5a3316688 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 15:45:52 -0700 Subject: [PATCH 05/14] Changes in one_kms_cmk and made random plaintext static --- examples/src/one_kms_cmk.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/one_kms_cmk.py b/examples/src/one_kms_cmk.py index 9b4203e7c..0abe22b79 100644 --- a/examples/src/one_kms_cmk.py +++ b/examples/src/one_kms_cmk.py @@ -10,7 +10,7 @@ # distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. -"""Example showing basic encryption and decryption using one KMS CMK of a value already in memory.""" +"""Example showing basic encryption and decryption of a value already in memory using one KMS CMK.""" import aws_encryption_sdk From a33d4ae9f7318af58a20d64e9b12ad1608387893 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 15:56:48 -0700 Subject: [PATCH 06/14] Formatting changes in some files --- examples/src/basic_file_encryption_with_multiple_providers.py | 2 +- examples/test/examples_test_utils.py | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/examples/src/basic_file_encryption_with_multiple_providers.py b/examples/src/basic_file_encryption_with_multiple_providers.py index 375b1f6be..9edceef9e 100644 --- a/examples/src/basic_file_encryption_with_multiple_providers.py +++ b/examples/src/basic_file_encryption_with_multiple_providers.py @@ -130,4 +130,4 @@ def cycle_file(key_arn, source_plaintext_filename, botocore_session=None): pair in static_decryptor.header.encryption_context.items() for pair in encryptor.header.encryption_context.items() ) - return ciphertext_filename, cycled_kms_plaintext_filename, cycled_static_plaintext_filename + return (ciphertext_filename, cycled_kms_plaintext_filename, cycled_static_plaintext_filename) diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index 72cb092cc..caa224716 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -17,8 +17,7 @@ os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) -static_plaintext = 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl. Cras varius tortor non erat sodales, quis congue tellus laoreet. Etiam fermentum purus eu diam sagittis, vitae commodo est vehicula. Nulla feugiat viverra orci vel interdum. Quisque pulvinar elit eget nulla facilisis varius. Mauris at suscipit sem. Aliquam in purus ut velit fringilla volutpat id non mi. Curabitur quis nunc eleifend, ornare lectus non, fringilla quam. Nam maximus volutpat placerat. Nulla ullamcorper lorem velit, nec sagittis ex tristique posuere. Aliquam fringilla magna commodo libero faucibus tempor. Vestibulum non ligula tincidunt, finibus sapien in, sollicitudin ex. Pellentesque congue laoreet mi in condimentum. Cras convallis nisi ac nunc tincidunt venenatis. Suspendisse urna elit, cursus eu lacus a, aliquet porttitor mi. Nulla vel congue nibh, sed condimentum dui. Ut ante ligula, blandit eu finibus nec, scelerisque quis eros. Maecenas gravida odio eget nibh dictum, dictum varius lacus interdum. Integer quis nulla vulputate, rhoncus diam vitae, mollis mauris. Sed ut porttitor dolor. Fusce ut justo a ex bibendum imperdiet nec sit amet magna. Sed ullamcorper luctus augue, tempor viverra elit interdum sed. Cras sit amet arcu eu turpis molestie sollicitudin. Curabitur fermentum varius nibh, ut aliquet nisi. Aliquam id tempus tellus. Nulla porttitor nulla at nibh interdum, quis sollicitudin erat egestas. Ut blandit mauris quis efficitur efficitur. Morbi neque sapien, posuere ut aliquam eget, aliquam at velit. Morbi sit amet rhoncus felis, et hendrerit sem. Nulla porta dictum ligula eget iaculis. Cras lacinia ligula quis risus ultrices, sed consectetur metus imperdiet. Nullam id enim vestibulum nibh ultricies auctor. Morbi neque lacus, faucibus vitae commodo quis, malesuada sed velit.' +static_plaintext = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl. Cras varius tortor non erat sodales, quis congue tellus laoreet. Etiam fermentum purus eu diam sagittis, vitae commodo est vehicula. Nulla feugiat viverra orci vel interdum. Quisque pulvinar elit eget nulla facilisis varius. Mauris at suscipit sem. Aliquam in purus ut velit fringilla volutpat id non mi. Curabitur quis nunc eleifend, ornare lectus non, fringilla quam. Nam maximus volutpat placerat. Nulla ullamcorper lorem velit, nec sagittis ex tristique posuere. Aliquam fringilla magna commodo libero faucibus tempor. Vestibulum non ligula tincidunt, finibus sapien in, sollicitudin ex. Pellentesque congue laoreet mi in condimentum. Cras convallis nisi ac nunc tincidunt venenatis. Suspendisse urna elit, cursus eu lacus a, aliquet porttitor mi. Nulla vel congue nibh, sed condimentum dui. Ut ante ligula, blandit eu finibus nec, scelerisque quis eros. Maecenas gravida odio eget nibh dictum, dictum varius lacus interdum. Integer quis nulla vulputate, rhoncus diam vitae, mollis mauris. Sed ut porttitor dolor. Fusce ut justo a ex bibendum imperdiet nec sit amet magna. Sed ullamcorper luctus augue, tempor viverra elit interdum sed. Cras sit amet arcu eu turpis molestie sollicitudin. Curabitur fermentum varius nibh, ut aliquet nisi. Aliquam id tempus tellus. Nulla porttitor nulla at nibh interdum, quis sollicitudin erat egestas. Ut blandit mauris quis efficitur efficitur. Morbi neque sapien, posuere ut aliquam eget, aliquam at velit. Morbi sit amet rhoncus felis, et hendrerit sem. Nulla porta dictum ligula eget iaculis. Cras lacinia ligula quis risus ultrices, sed consectetur metus imperdiet. Nullam id enim vestibulum nibh ultricies auctor. Morbi neque lacus, faucibus vitae commodo quis, malesuada sed velit." static_plaintext = str.encode(static_plaintext) from integration_test_utils import get_cmk_arn # noqa pylint: disable=unused-import,import-error - From 4be5bf86498fe190a79423f846dc92774c7a7901 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 16:09:04 -0700 Subject: [PATCH 07/14] Minor changes in some files --- examples/test/test_i_basic_encryption.py | 2 -- examples/test/test_i_one_kms_cmk.py | 1 - 2 files changed, 3 deletions(-) diff --git a/examples/test/test_i_basic_encryption.py b/examples/test/test_i_basic_encryption.py index 3f635f8ca..893fe643e 100644 --- a/examples/test/test_i_basic_encryption.py +++ b/examples/test/test_i_basic_encryption.py @@ -11,8 +11,6 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Unit test suite for the Strings examples in the AWS-hosted documentation.""" -import os - import botocore.session import pytest diff --git a/examples/test/test_i_one_kms_cmk.py b/examples/test/test_i_one_kms_cmk.py index e103d3bbb..71ce74d3d 100644 --- a/examples/test/test_i_one_kms_cmk.py +++ b/examples/test/test_i_one_kms_cmk.py @@ -11,7 +11,6 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Unit test suite for the encryption and decryption using one KMS CMK example.""" -import os import botocore.session import pytest From 42b6c019cf2eee7a7305bc6b9f79453175baa999 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 16:10:26 -0700 Subject: [PATCH 08/14] Adding example: Encryption decryption of streaming data using one KMS CMK --- examples/src/one_kms_cmk_streaming_data.py | 53 +++++++++++++++++++ .../test/test_i_one_kms_cmk_streaming_data.py | 41 ++++++++++++++ 2 files changed, 94 insertions(+) create mode 100644 examples/src/one_kms_cmk_streaming_data.py create mode 100644 examples/test/test_i_one_kms_cmk_streaming_data.py diff --git a/examples/src/one_kms_cmk_streaming_data.py b/examples/src/one_kms_cmk_streaming_data.py new file mode 100644 index 000000000..fcd74525a --- /dev/null +++ b/examples/src/one_kms_cmk_streaming_data.py @@ -0,0 +1,53 @@ +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Example showing basic encryption and decryption of streaming data in memory using one KMS CMK.""" +import filecmp + +import aws_encryption_sdk + + +def encrypt_decrypt_stream(key_arn, source_plaintext_filename, botocore_session=None): + + kwargs = dict() + + kwargs["key_ids"] = [key_arn] + + if botocore_session is not None: + kwargs["botocore_session"] = botocore_session + + # Create master key provider using the ARN of the key and the session (botocore_session) + kms_key_provider = aws_encryption_sdk.KMSMasterKeyProvider(**kwargs) + + ciphertext_filename = source_plaintext_filename + ".encrypted" + decrypted_text_filename = source_plaintext_filename + ".decrypted" + + # Encrypt the plaintext using the AWS Encryption SDK. + with open(source_plaintext_filename, "rb") as plaintext, open(ciphertext_filename, "wb") as ciphertext: + with aws_encryption_sdk.stream(source=plaintext, mode="e", key_provider=kms_key_provider) as encryptor: + for chunk in encryptor: + ciphertext.write(chunk) + + # Decrypt the encrypted message using the AWS Encryption SDK. + with open(ciphertext_filename, "rb") as ciphertext, open(decrypted_text_filename, "wb") as plaintext: + with aws_encryption_sdk.stream(source=ciphertext, mode="d", key_provider=kms_key_provider) as decryptor: + for chunk in decryptor: + plaintext.write(chunk) + + # Check if the original message and the decrypted message are the same + assert filecmp.cmp(source_plaintext_filename, decrypted_text_filename) + + # Check if the headers of the encrypted message and decrypted message match + assert all( + pair in encryptor.header.encryption_context.items() for pair in decryptor.header.encryption_context.items() + ) + return ciphertext_filename, decrypted_text_filename diff --git a/examples/test/test_i_one_kms_cmk_streaming_data.py b/examples/test/test_i_one_kms_cmk_streaming_data.py new file mode 100644 index 000000000..abc7c8cf3 --- /dev/null +++ b/examples/test/test_i_one_kms_cmk_streaming_data.py @@ -0,0 +1,41 @@ +# Copyright 2017-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Unit test suite for the encryption and decryption of streaming data using one KMS CMK example.""" +import os +import tempfile + +import botocore.session +import pytest + +from ..src.one_kms_cmk_streaming_data import encrypt_decrypt_stream +from .examples_test_utils import get_cmk_arn +from .examples_test_utils import static_plaintext + + +pytestmark = [pytest.mark.examples] + + +def test_one_kms_cmk_streaming_data(): + cmk_arn = get_cmk_arn() + handle, filename = tempfile.mkstemp() + with open(filename, "wb") as f: + f.write(static_plaintext) + try: + new_files = encrypt_decrypt_stream( + key_arn=cmk_arn, source_plaintext_filename=filename, botocore_session=botocore.session.Session() + ) + for f in new_files: + os.remove(f) + finally: + os.close(handle) + os.remove(filename) From c73b930719709016e16894ae0e90dce27ca3f67b Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 16:23:47 -0700 Subject: [PATCH 09/14] Added 'b' to the static plaintext --- examples/test/examples_test_utils.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index caa224716..57baa15d3 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -17,7 +17,6 @@ os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) -static_plaintext = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl. Cras varius tortor non erat sodales, quis congue tellus laoreet. Etiam fermentum purus eu diam sagittis, vitae commodo est vehicula. Nulla feugiat viverra orci vel interdum. Quisque pulvinar elit eget nulla facilisis varius. Mauris at suscipit sem. Aliquam in purus ut velit fringilla volutpat id non mi. Curabitur quis nunc eleifend, ornare lectus non, fringilla quam. Nam maximus volutpat placerat. Nulla ullamcorper lorem velit, nec sagittis ex tristique posuere. Aliquam fringilla magna commodo libero faucibus tempor. Vestibulum non ligula tincidunt, finibus sapien in, sollicitudin ex. Pellentesque congue laoreet mi in condimentum. Cras convallis nisi ac nunc tincidunt venenatis. Suspendisse urna elit, cursus eu lacus a, aliquet porttitor mi. Nulla vel congue nibh, sed condimentum dui. Ut ante ligula, blandit eu finibus nec, scelerisque quis eros. Maecenas gravida odio eget nibh dictum, dictum varius lacus interdum. Integer quis nulla vulputate, rhoncus diam vitae, mollis mauris. Sed ut porttitor dolor. Fusce ut justo a ex bibendum imperdiet nec sit amet magna. Sed ullamcorper luctus augue, tempor viverra elit interdum sed. Cras sit amet arcu eu turpis molestie sollicitudin. Curabitur fermentum varius nibh, ut aliquet nisi. Aliquam id tempus tellus. Nulla porttitor nulla at nibh interdum, quis sollicitudin erat egestas. Ut blandit mauris quis efficitur efficitur. Morbi neque sapien, posuere ut aliquam eget, aliquam at velit. Morbi sit amet rhoncus felis, et hendrerit sem. Nulla porta dictum ligula eget iaculis. Cras lacinia ligula quis risus ultrices, sed consectetur metus imperdiet. Nullam id enim vestibulum nibh ultricies auctor. Morbi neque lacus, faucibus vitae commodo quis, malesuada sed velit." -static_plaintext = str.encode(static_plaintext) +static_plaintext = b"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl. Cras varius tortor non erat sodales, quis congue tellus laoreet. Etiam fermentum purus eu diam sagittis, vitae commodo est vehicula. Nulla feugiat viverra orci vel interdum. Quisque pulvinar elit eget nulla facilisis varius. Mauris at suscipit sem. Aliquam in purus ut velit fringilla volutpat id non mi. Curabitur quis nunc eleifend, ornare lectus non, fringilla quam. Nam maximus volutpat placerat. Nulla ullamcorper lorem velit, nec sagittis ex tristique posuere. Aliquam fringilla magna commodo libero faucibus tempor. Vestibulum non ligula tincidunt, finibus sapien in, sollicitudin ex. Pellentesque congue laoreet mi in condimentum. Cras convallis nisi ac nunc tincidunt venenatis. Suspendisse urna elit, cursus eu lacus a, aliquet porttitor mi. Nulla vel congue nibh, sed condimentum dui. Ut ante ligula, blandit eu finibus nec, scelerisque quis eros. Maecenas gravida odio eget nibh dictum, dictum varius lacus interdum. Integer quis nulla vulputate, rhoncus diam vitae, mollis mauris. Sed ut porttitor dolor. Fusce ut justo a ex bibendum imperdiet nec sit amet magna. Sed ullamcorper luctus augue, tempor viverra elit interdum sed. Cras sit amet arcu eu turpis molestie sollicitudin. Curabitur fermentum varius nibh, ut aliquet nisi. Aliquam id tempus tellus. Nulla porttitor nulla at nibh interdum, quis sollicitudin erat egestas. Ut blandit mauris quis efficitur efficitur. Morbi neque sapien, posuere ut aliquam eget, aliquam at velit. Morbi sit amet rhoncus felis, et hendrerit sem. Nulla porta dictum ligula eget iaculis. Cras lacinia ligula quis risus ultrices, sed consectetur metus imperdiet. Nullam id enim vestibulum nibh ultricies auctor. Morbi neque lacus, faucibus vitae commodo quis, malesuada sed velit." from integration_test_utils import get_cmk_arn # noqa pylint: disable=unused-import,import-error From 164f7dd1fe8b97e19d1f3a80e87999b54da1cb57 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 4 Jun 2019 16:28:28 -0700 Subject: [PATCH 10/14] Wrapped static plaintext to <= 120 characters --- examples/test/examples_test_utils.py | 30 +++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/examples/test/examples_test_utils.py b/examples/test/examples_test_utils.py index 57baa15d3..0984ee684 100644 --- a/examples/test/examples_test_utils.py +++ b/examples/test/examples_test_utils.py @@ -17,6 +17,34 @@ os.environ["AWS_ENCRYPTION_SDK_EXAMPLES_TESTING"] = "yes" sys.path.extend([os.sep.join([os.path.dirname(__file__), "..", "..", "test", "integration"])]) -static_plaintext = b"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis, quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis mauris a gravida. Curabitur sed bibendum nisl. Cras varius tortor non erat sodales, quis congue tellus laoreet. Etiam fermentum purus eu diam sagittis, vitae commodo est vehicula. Nulla feugiat viverra orci vel interdum. Quisque pulvinar elit eget nulla facilisis varius. Mauris at suscipit sem. Aliquam in purus ut velit fringilla volutpat id non mi. Curabitur quis nunc eleifend, ornare lectus non, fringilla quam. Nam maximus volutpat placerat. Nulla ullamcorper lorem velit, nec sagittis ex tristique posuere. Aliquam fringilla magna commodo libero faucibus tempor. Vestibulum non ligula tincidunt, finibus sapien in, sollicitudin ex. Pellentesque congue laoreet mi in condimentum. Cras convallis nisi ac nunc tincidunt venenatis. Suspendisse urna elit, cursus eu lacus a, aliquet porttitor mi. Nulla vel congue nibh, sed condimentum dui. Ut ante ligula, blandit eu finibus nec, scelerisque quis eros. Maecenas gravida odio eget nibh dictum, dictum varius lacus interdum. Integer quis nulla vulputate, rhoncus diam vitae, mollis mauris. Sed ut porttitor dolor. Fusce ut justo a ex bibendum imperdiet nec sit amet magna. Sed ullamcorper luctus augue, tempor viverra elit interdum sed. Cras sit amet arcu eu turpis molestie sollicitudin. Curabitur fermentum varius nibh, ut aliquet nisi. Aliquam id tempus tellus. Nulla porttitor nulla at nibh interdum, quis sollicitudin erat egestas. Ut blandit mauris quis efficitur efficitur. Morbi neque sapien, posuere ut aliquam eget, aliquam at velit. Morbi sit amet rhoncus felis, et hendrerit sem. Nulla porta dictum ligula eget iaculis. Cras lacinia ligula quis risus ultrices, sed consectetur metus imperdiet. Nullam id enim vestibulum nibh ultricies auctor. Morbi neque lacus, faucibus vitae commodo quis, malesuada sed velit." +static_plaintext = ( + b"Lorem ipsum dolor sit amet, consectetur adipiscing elit. " + b"Praesent non feugiat leo. Aenean iaculis tellus ut velit consectetur, " + b"quis convallis orci eleifend. Sed eu dictum sapien. Nulla facilisi. Suspendisse potenti. " + b"Proin vehicula vehicula maximus. Donec varius et elit vel rutrum. Nulla lacinia neque turpis," + b" quis consequat orci pharetra et. Etiam consequat ullamcorper mauris. Vivamus molestie mollis " + b"mauris a gravida. Curabitur sed bibendum nisl. Cras varius tortor non erat sodales, quis congue" + b" tellus laoreet. Etiam fermentum purus eu diam sagittis, vitae commodo est vehicula. " + b"Nulla feugiat viverra orci vel interdum. Quisque pulvinar elit eget nulla facilisis varius. " + b"Mauris at suscipit sem. Aliquam in purus ut velit fringilla volutpat id non mi. " + b"Curabitur quis nunc eleifend, ornare lectus non, fringilla quam. Nam maximus volutpat placerat. " + b"Nulla ullamcorper lorem velit, nec sagittis ex tristique posuere. Aliquam fringilla magna commodo" + b" libero faucibus tempor. Vestibulum non ligula tincidunt, finibus sapien in, sollicitudin " + b"ex. Pellentesque congue laoreet mi in condimentum. Cras convallis nisi ac nunc tincidunt " + b"venenatis. Suspendisse urna elit, cursus eu lacus a, aliquet porttitor mi. " + b"Nulla vel congue nibh, sed condimentum dui. Ut ante ligula, blandit eu finibus nec, " + b"scelerisque quis eros. Maecenas gravida odio eget nibh dictum, dictum varius lacus interdum. " + b"Integer quis nulla vulputate, rhoncus diam vitae, mollis mauris. Sed ut porttitor dolor. " + b"Fusce ut justo a ex bibendum imperdiet nec sit amet magna. Sed ullamcorper luctus augue, " + b"tempor viverra elit interdum sed. Cras sit amet arcu eu turpis molestie sollicitudin. " + b"Curabitur fermentum varius nibh, ut aliquet nisi. Aliquam id tempus tellus. " + b"Nulla porttitor nulla at nibh interdum, quis sollicitudin erat egestas. " + b"Ut blandit mauris quis efficitur efficitur. Morbi neque sapien, posuere ut aliquam eget, " + b"aliquam at velit. Morbi sit amet rhoncus felis, et hendrerit sem. Nulla porta dictum ligula " + b"eget iaculis. Cras lacinia ligula quis risus ultrices, sed consectetur metus imperdiet. " + b"Nullam id enim vestibulum nibh ultricies auctor. Morbi neque lacus, faucibus vitae commodo quis, " + b"malesuada sed velit." +) + from integration_test_utils import get_cmk_arn # noqa pylint: disable=unused-import,import-error From 9ef87eab5f552b33e2a28659bb8a7051287155b9 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Wed, 5 Jun 2019 14:28:17 -0700 Subject: [PATCH 11/14] Added docstrings --- examples/src/one_kms_cmk.py | 7 +++++++ examples/src/one_kms_cmk_streaming_data.py | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/examples/src/one_kms_cmk.py b/examples/src/one_kms_cmk.py index 0abe22b79..fa46ed441 100644 --- a/examples/src/one_kms_cmk.py +++ b/examples/src/one_kms_cmk.py @@ -15,6 +15,13 @@ def encrypt_decrypt(key_arn, source_plaintext, botocore_session=None): + """Encrypts and then decrypts a string under one KMS customer master key (CMK). + + :param str key_arn: Amazon Resource Name (ARN) of the KMS CMK + :param bytes source_plaintext: Data to encrypt + :param botocore_session: existing botocore session instance + :type botocore_session: botocore.session.Session + """ kwargs = dict(key_ids=[key_arn]) diff --git a/examples/src/one_kms_cmk_streaming_data.py b/examples/src/one_kms_cmk_streaming_data.py index fcd74525a..ec31d68a2 100644 --- a/examples/src/one_kms_cmk_streaming_data.py +++ b/examples/src/one_kms_cmk_streaming_data.py @@ -17,6 +17,13 @@ def encrypt_decrypt_stream(key_arn, source_plaintext_filename, botocore_session=None): + """Encrypts and then decrypts streaming data under one KMS customer master key (CMK). + + :param str key_arn: Amazon Resource Name (ARN) of the KMS CMK + :param str source_plaintext_filename: Filename of file to encrypt + :param botocore_session: existing botocore session instance + :type botocore_session: botocore.session.Session + """ kwargs = dict() From e21e00d3616cff4a8b93bc6ebaae4a80d3654746 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Wed, 5 Jun 2019 15:28:43 -0700 Subject: [PATCH 12/14] Corrected docstrings --- examples/src/one_kms_cmk.py | 11 +++++------ examples/src/one_kms_cmk_streaming_data.py | 11 +++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/examples/src/one_kms_cmk.py b/examples/src/one_kms_cmk.py index fa46ed441..1ba1d869f 100644 --- a/examples/src/one_kms_cmk.py +++ b/examples/src/one_kms_cmk.py @@ -17,12 +17,11 @@ def encrypt_decrypt(key_arn, source_plaintext, botocore_session=None): """Encrypts and then decrypts a string under one KMS customer master key (CMK). - :param str key_arn: Amazon Resource Name (ARN) of the KMS CMK - :param bytes source_plaintext: Data to encrypt - :param botocore_session: existing botocore session instance - :type botocore_session: botocore.session.Session - """ - + :param str key_arn: Amazon Resource Name (ARN) of the KMS CMK + :param bytes source_plaintext: Data to encrypt + :param botocore_session: existing botocore session instance + :type botocore_session: botocore.session.Session + """ kwargs = dict(key_ids=[key_arn]) if botocore_session is not None: diff --git a/examples/src/one_kms_cmk_streaming_data.py b/examples/src/one_kms_cmk_streaming_data.py index ec31d68a2..3edfa82ab 100644 --- a/examples/src/one_kms_cmk_streaming_data.py +++ b/examples/src/one_kms_cmk_streaming_data.py @@ -19,12 +19,11 @@ def encrypt_decrypt_stream(key_arn, source_plaintext_filename, botocore_session=None): """Encrypts and then decrypts streaming data under one KMS customer master key (CMK). - :param str key_arn: Amazon Resource Name (ARN) of the KMS CMK - :param str source_plaintext_filename: Filename of file to encrypt - :param botocore_session: existing botocore session instance - :type botocore_session: botocore.session.Session - """ - + :param str key_arn: Amazon Resource Name (ARN) of the KMS CMK + :param str source_plaintext_filename: Filename of file to encrypt + :param botocore_session: existing botocore session instance + :type botocore_session: botocore.session.Session + """ kwargs = dict() kwargs["key_ids"] = [key_arn] From 80251e665a163240c05d0fe3ed367d6f93a694d7 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Mon, 10 Jun 2019 13:49:48 -0700 Subject: [PATCH 13/14] Changed imports for same modules to be in the same statement and changed name of instance variable --- examples/test/test_i_basic_encryption.py | 3 +-- examples/test/test_i_one_kms_cmk_streaming_data.py | 7 +++---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/examples/test/test_i_basic_encryption.py b/examples/test/test_i_basic_encryption.py index 893fe643e..f2a4fab51 100644 --- a/examples/test/test_i_basic_encryption.py +++ b/examples/test/test_i_basic_encryption.py @@ -15,8 +15,7 @@ import pytest from ..src.basic_encryption import cycle_string -from .examples_test_utils import get_cmk_arn -from .examples_test_utils import static_plaintext +from .examples_test_utils import get_cmk_arn, static_plaintext pytestmark = [pytest.mark.examples] diff --git a/examples/test/test_i_one_kms_cmk_streaming_data.py b/examples/test/test_i_one_kms_cmk_streaming_data.py index abc7c8cf3..406720714 100644 --- a/examples/test/test_i_one_kms_cmk_streaming_data.py +++ b/examples/test/test_i_one_kms_cmk_streaming_data.py @@ -18,8 +18,7 @@ import pytest from ..src.one_kms_cmk_streaming_data import encrypt_decrypt_stream -from .examples_test_utils import get_cmk_arn -from .examples_test_utils import static_plaintext +from .examples_test_utils import get_cmk_arn, static_plaintext pytestmark = [pytest.mark.examples] @@ -27,7 +26,7 @@ def test_one_kms_cmk_streaming_data(): cmk_arn = get_cmk_arn() - handle, filename = tempfile.mkstemp() + _handle, filename = tempfile.mkstemp() with open(filename, "wb") as f: f.write(static_plaintext) try: @@ -37,5 +36,5 @@ def test_one_kms_cmk_streaming_data(): for f in new_files: os.remove(f) finally: - os.close(handle) + os.close(_handle) os.remove(filename) From 4ac1a9ca0c80e63af02c831a60ad32e9e8e0abe2 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Mon, 10 Jun 2019 14:14:47 -0700 Subject: [PATCH 14/14] Changed handle back --- examples/test/test_i_one_kms_cmk_streaming_data.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/test/test_i_one_kms_cmk_streaming_data.py b/examples/test/test_i_one_kms_cmk_streaming_data.py index 406720714..b22fa4232 100644 --- a/examples/test/test_i_one_kms_cmk_streaming_data.py +++ b/examples/test/test_i_one_kms_cmk_streaming_data.py @@ -26,7 +26,7 @@ def test_one_kms_cmk_streaming_data(): cmk_arn = get_cmk_arn() - _handle, filename = tempfile.mkstemp() + handle, filename = tempfile.mkstemp() with open(filename, "wb") as f: f.write(static_plaintext) try: @@ -36,5 +36,5 @@ def test_one_kms_cmk_streaming_data(): for f in new_files: os.remove(f) finally: - os.close(_handle) + os.close(handle) os.remove(filename)