From 4c41f05caad93acb1cba8b47553b928f413b8984 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila Date: Wed, 5 Jun 2024 10:49:42 -0700 Subject: [PATCH 1/4] chore(performance_tests): added hierarchy keyring and caching cmm tests --- .../keyrings/hierarchy_keyring.py | 174 +++++++++++++++++ .../master_key_providers/caching_cmm.py | 85 ++++++++ .../test/keyrings/test_hierarchy_keyring.py | 175 +++++++++++++++++ .../master_key_providers/test_caching_cmm.py | 183 ++++++++++++++++++ .../caching_cmm/ciphertext-data-empty.ct | Bin 0 -> 587 bytes .../caching_cmm/ciphertext-data-large.ct | Bin 0 -> 8619 bytes .../caching_cmm/ciphertext-data-medium.ct | Bin 0 -> 4587 bytes .../caching_cmm/ciphertext-data-small.ct | Bin 0 -> 623 bytes .../hierarchy/ciphertext-data-empty.ct | Bin 0 -> 654 bytes .../hierarchy/ciphertext-data-large.ct | Bin 0 -> 8686 bytes .../hierarchy/ciphertext-data-medium.ct | Bin 0 -> 4654 bytes .../hierarchy/ciphertext-data-small.ct | Bin 0 -> 690 bytes 12 files changed, 617 insertions(+) create mode 100644 performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py create mode 100644 performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py create mode 100644 performance_tests/test/keyrings/test_hierarchy_keyring.py create mode 100644 performance_tests/test/master_key_providers/test_caching_cmm.py create mode 100644 performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct create mode 100644 performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-large.ct create mode 100644 performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-medium.ct create mode 100644 performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct create mode 100644 performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-empty.ct create mode 100644 performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-large.ct create mode 100644 performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-medium.ct create mode 100644 performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-small.ct diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py new file mode 100644 index 000000000..5f4acfc7b --- /dev/null +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py @@ -0,0 +1,174 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""Performance tests for the hierarchy keyring.""" + +# noqa pylint: disable=wrong-import-order +from typing import Dict + +import aws_encryption_sdk +import boto3 +from aws_cryptographic_materialproviders.keystore import KeyStore +from aws_cryptographic_materialproviders.keystore.config import KeyStoreConfig +from aws_cryptographic_materialproviders.keystore.models import KMSConfigurationKmsKeyArn +from aws_cryptographic_materialproviders.mpl import AwsCryptographicMaterialProviders +from aws_cryptographic_materialproviders.mpl.config import MaterialProvidersConfig +from aws_cryptographic_materialproviders.mpl.models import ( + CacheTypeDefault, + CreateAwsKmsHierarchicalKeyringInput, + DefaultCache, + GetBranchKeyIdInput, + GetBranchKeyIdOutput, +) +from aws_cryptographic_materialproviders.mpl.references import IBranchKeyIdSupplier, IKeyring + +from ..utils.util import PerfTestUtils + + +class ExampleBranchKeyIdSupplier(IBranchKeyIdSupplier): + """Example implementation of a branch key ID supplier.""" + + branch_key_id_for_tenant_a: str + branch_key_id_for_tenant_b: str + + def __init__(self, tenant_1_id, tenant_2_id): + """Example constructor for a branch key ID supplier.""" + self.branch_key_id_for_tenant_a = tenant_1_id + self.branch_key_id_for_tenant_b = tenant_2_id + + def get_branch_key_id( + self, + param: GetBranchKeyIdInput + ) -> GetBranchKeyIdOutput: + """Returns branch key ID from the tenant ID in input's encryption context.""" + encryption_context: Dict[str, str] = param.encryption_context + + if b"tenant" not in encryption_context: + raise ValueError("EncryptionContext invalid, does not contain expected tenant key value pair.") + + tenant_key_id: str = encryption_context.get(b"tenant") + branch_key_id: str + + if tenant_key_id == b"TenantA": + branch_key_id = self.branch_key_id_for_tenant_a + elif tenant_key_id == b"TenantB": + branch_key_id = self.branch_key_id_for_tenant_b + else: + raise ValueError(f"Item does not contain valid tenant ID: {tenant_key_id=}") + + return GetBranchKeyIdOutput(branch_key_id=branch_key_id) + + +def create_keyring( + key_store_table_name: str, + logical_key_store_name: str, + kms_key_id: str +): + """Demonstrate how to create a hierarchy keyring. + + Usage: create_keyring(key_store_table_name, logical_key_store_name, kms_key_id) + :param key_store_table_name: Name of the KeyStore DynamoDB table. + :type key_store_table_name: string + :param logical_key_store_name: Logical name of the KeyStore. + :type logical_key_store_name: string + :param kms_key_id: KMS Key identifier for the KMS key you want to use. + :type kms_key_id: string + + For more information on KMS Key identifiers, see + https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id + """ + # Create boto3 clients for DynamoDB and KMS. + ddb_client = boto3.client('dynamodb', region_name="us-west-2") + kms_client = boto3.client('kms', region_name="us-west-2") + + # Configure your KeyStore resource. + # This SHOULD be the same configuration that you used + # to initially create and populate your KeyStore. + keystore: KeyStore = KeyStore( + config=KeyStoreConfig( + ddb_client=ddb_client, + ddb_table_name=key_store_table_name, + logical_key_store_name=logical_key_store_name, + kms_client=kms_client, + kms_configuration=KMSConfigurationKmsKeyArn( + value=kms_key_id + ), + ) + ) + + # Call CreateKey to create two new active branch keys + branch_key_id_a: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID_A + branch_key_id_b: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID_B + + # Create a branch key supplier that maps the branch key id to a more readable format + branch_key_id_supplier: IBranchKeyIdSupplier = ExampleBranchKeyIdSupplier( + tenant_1_id=branch_key_id_a, + tenant_2_id=branch_key_id_b, + ) + + # Create the Hierarchical Keyring. + mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders( + config=MaterialProvidersConfig() + ) + + keyring_input: CreateAwsKmsHierarchicalKeyringInput = CreateAwsKmsHierarchicalKeyringInput( + key_store=keystore, + branch_key_id_supplier=branch_key_id_supplier, + ttl_seconds=600, + cache=CacheTypeDefault( + value=DefaultCache( + entry_capacity=100 + ) + ), + ) + + keyring: IKeyring = mat_prov.create_aws_kms_hierarchical_keyring( + input=keyring_input + ) + + return keyring + + +def encrypt_using_keyring( + plaintext_data: bytes, + keyring: IKeyring +): + """Demonstrate how to encrypt plaintext data using a hierarchy keyring. + + Usage: encrypt_using_keyring(plaintext_data, keyring) + :param plaintext_data: plaintext data you want to encrypt + :type: bytes + :param keyring: Keyring to use for encryption. + :type keyring: IKeyring + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + ciphertext_data, _ = client.encrypt( + source=plaintext_data, + keyring=keyring, + encryption_context=PerfTestUtils.DEFAULT_ENCRYPTION_CONTEXT + ) + + return ciphertext_data + + +def decrypt_using_keyring( + ciphertext_data: bytes, + keyring: IKeyring +): + """Demonstrate how to decrypt ciphertext data using a hierarchy keyring. + + Usage: decrypt_using_keyring(ciphertext_data, keyring) + :param ciphertext_data: ciphertext data you want to decrypt + :type: bytes + :param keyring: Keyring to use for decryption. + :type keyring: IKeyring + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + decrypted_plaintext_data, _ = client.decrypt( + source=ciphertext_data, + keyring=keyring, + encryption_context=PerfTestUtils.DEFAULT_ENCRYPTION_CONTEXT + ) + + return decrypted_plaintext_data diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py new file mode 100644 index 000000000..1e23b8244 --- /dev/null +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py @@ -0,0 +1,85 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""Performance tests for the Caching Cryptographic Materials Manager (CMM).""" + +import aws_encryption_sdk + + +def create_cmm( + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int +): + """Demonstrate how to create a Caching CMM. + + Usage: create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + :param kms_key_id: Amazon Resource Name (ARN) of the KMS customer master key + :type kms_key_id: str + :param max_age_in_cache: Maximum time in seconds that a cached entry can be used + :type max_age_in_cache: float + :param cache_capacity: Maximum number of entries to retain in cache at once + :type cache_capacity: int + """ + # Security thresholds + # Max messages (or max bytes per) data key are optional + max_entry_messages = 100 + + # Create a master key provider for the KMS customer master key (CMK) + key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(key_ids=[kms_key_id]) + + # Create a local cache + cache = aws_encryption_sdk.LocalCryptoMaterialsCache(cache_capacity) + + # Create a caching CMM + caching_cmm = aws_encryption_sdk.CachingCryptoMaterialsManager( + master_key_provider=key_provider, + cache=cache, + max_age=max_age_in_cache, + max_messages_encrypted=max_entry_messages, + ) + + return caching_cmm + + +def encrypt_using_cmm( + plaintext_data: bytes, + caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager +): + """Demonstrate how to encrypt plaintext data using a Caching CMM. + + Usage: encrypt_using_cmm(plaintext_data, caching_cmm) + :param plaintext_data: plaintext data you want to encrypt + :type: bytes + :param caching_cmm: Crypto Materials Manager to use for encryption. + :type caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + ciphertext_data, _ = client.encrypt( + source=plaintext_data, + materials_manager=caching_cmm + ) + + return ciphertext_data + + +def decrypt_using_cmm( + ciphertext_data: bytes, + caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager +): + """Demonstrate how to decrypt ciphertext data using a Caching CMM. + + Usage: decrypt_using_cmm(ciphertext_data, caching_cmm) + :param ciphertext_data: ciphertext data you want to decrypt + :type: bytes + :param caching_cmm: Crypto Materials Manager to use for encryption. + :type caching_cmm: aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager + """ + client = aws_encryption_sdk.EncryptionSDKClient() + + decrypted_plaintext_data, _ = client.decrypt( + source=ciphertext_data, + materials_manager=caching_cmm + ) + + return decrypted_plaintext_data diff --git a/performance_tests/test/keyrings/test_hierarchy_keyring.py b/performance_tests/test/keyrings/test_hierarchy_keyring.py new file mode 100644 index 000000000..bbd6d5b3e --- /dev/null +++ b/performance_tests/test/keyrings/test_hierarchy_keyring.py @@ -0,0 +1,175 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""This is a performance test for creating the hierarchy keyring.""" + +import os +# noqa pylint: disable=wrong-import-order +import time + +import click +import click.testing +import pytest +from tqdm import tqdm + +from aws_encryption_sdk_performance_tests.keyrings.hierarchy_keyring import ( + create_keyring, + decrypt_using_keyring, + encrypt_using_keyring, +) +from aws_encryption_sdk_performance_tests.utils.util import PerfTestUtils + +MODULE_ABS_PATH = os.path.abspath(__file__) + + +@click.group() +def create_hierarchy_keyring(): + """Click group helper function""" + + +@create_hierarchy_keyring.command() +@click.option('--key_store_table_name', + default='KeyStoreDdbTable') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126') +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/hierarchy_keyring_create') +def create( + key_store_table_name: str, + kms_key_id: str, + n_iters: int, + output_file: str +): + """Performance test for the create_keyring function.""" + time_list = [] + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + create_keyring(key_store_table_name, key_store_table_name, kms_key_id) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def encrypt_hierarchy_keyring(): + """Click group helper function""" + + +@encrypt_hierarchy_keyring.command() +@click.option('--plaintext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/plaintext/plaintext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.dat') +@click.option('--key_store_table_name', + default='KeyStoreDdbTable') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126') +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/hierarchy_keyring_encrypt') +def encrypt( + plaintext_data_filename: str, + key_store_table_name: str, + kms_key_id: str, + n_iters: int, + output_file: str +): + """Performance test for the encrypt_using_keyring function.""" + plaintext_data = PerfTestUtils.read_file(plaintext_data_filename) + + keyring = create_keyring(key_store_table_name, key_store_table_name, kms_key_id) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + encrypt_using_keyring(plaintext_data, keyring) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def decrypt_hierarchy_keyring(): + """Click group helper function""" + + +@decrypt_hierarchy_keyring.command() +@click.option('--ciphertext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/ciphertext/hierarchy/ciphertext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.ct') +@click.option('--key_store_table_name', + default='KeyStoreDdbTable') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126') +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/hierarchy_keyring_decrypt') +def decrypt( + ciphertext_data_filename: str, + key_store_table_name: str, + kms_key_id: str, + n_iters: int, + output_file: str +): + """Performance test for the decrypt_using_keyring function.""" + ciphertext_data = PerfTestUtils.read_file(ciphertext_data_filename) + + keyring = create_keyring(key_store_table_name, key_store_table_name, kms_key_id) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + decrypt_using_keyring(ciphertext_data, keyring) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +hierarchy_keyring_test = click.CommandCollection(sources=[create_hierarchy_keyring, + encrypt_hierarchy_keyring, + decrypt_hierarchy_keyring]) + + +@pytest.fixture +def runner(): + """Click runner""" + return click.testing.CliRunner() + + +def test_create(runner): + """Test the create_keyring function""" + result = runner.invoke(create_hierarchy_keyring.commands['create'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_encrypt(runner): + """Test the encrypt_using_keyring function""" + result = runner.invoke(encrypt_hierarchy_keyring.commands['encrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_decrypt(runner): + """Test the decrypt_using_keyring function""" + result = runner.invoke(decrypt_hierarchy_keyring.commands['decrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +if __name__ == "__main__": + hierarchy_keyring_test() diff --git a/performance_tests/test/master_key_providers/test_caching_cmm.py b/performance_tests/test/master_key_providers/test_caching_cmm.py new file mode 100644 index 000000000..f8552f96e --- /dev/null +++ b/performance_tests/test/master_key_providers/test_caching_cmm.py @@ -0,0 +1,183 @@ +# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 +"""This is a performance test for creating a Caching CMM.""" + +import os +import time + +import click +import click.testing +import pytest +from tqdm import tqdm + +from aws_encryption_sdk_performance_tests.master_key_providers.caching_cmm import ( + create_cmm, + decrypt_using_cmm, + encrypt_using_cmm, +) +from aws_encryption_sdk_performance_tests.utils.util import PerfTestUtils + +MODULE_ABS_PATH = os.path.abspath(__file__) + + +@click.group() +def create_caching_cmm(): + """Click group helper function""" + + +@create_caching_cmm.command() +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f') +@click.option('--max_age_in_cache', + default=10.0) +@click.option('--cache_capacity', + default=10) +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/caching_cmm_create') +def create( + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int, + n_iters: int, + output_file: str +): + """Performance test for the create_cmm function.""" + time_list = [] + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def encrypt_caching_cmm(): + """Click group helper function""" + + +@encrypt_caching_cmm.command() +@click.option('--plaintext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/plaintext/plaintext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.dat') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f') +@click.option('--max_age_in_cache', + default=10.0) +@click.option('--cache_capacity', + default=10) +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/caching_cmm_encrypt') +def encrypt( + plaintext_data_filename: str, + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int, + n_iters: int, + output_file: str +): + """Performance test for the encrypt_using_cmm function.""" + plaintext_data = PerfTestUtils.read_file(plaintext_data_filename) + + caching_cmm = create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + encrypt_using_cmm(plaintext_data, caching_cmm) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +@click.group() +def decrypt_caching_cmm(): + """Click group helper function""" + + +@decrypt_caching_cmm.command() +@click.option('--ciphertext_data_filename', + default='/'.join(MODULE_ABS_PATH.split("/")[:-2]) + '/resources/ciphertext/caching_cmm/ciphertext-data-' + + PerfTestUtils.DEFAULT_FILE_SIZE + '.ct') +@click.option('--kms_key_id', + default='arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f') +@click.option('--max_age_in_cache', + default=10.0) +@click.option('--cache_capacity', + default=10) +@click.option('--n_iters', + default=PerfTestUtils.DEFAULT_N_ITERS) +@click.option('--output_file', + default='/'.join(MODULE_ABS_PATH.split("/")[:-3]) + '/results/caching_cmm_decrypt') +def decrypt( + ciphertext_data_filename: str, + kms_key_id: str, + max_age_in_cache: float, + cache_capacity: int, + n_iters: int, + output_file: str +): + """Performance test for the decrypt_using_cmm function.""" + ciphertext_data = PerfTestUtils.read_file(ciphertext_data_filename) + + caching_cmm = create_cmm(kms_key_id, max_age_in_cache, cache_capacity) + time_list = [] + + for _ in tqdm(range(n_iters)): + curr_time = time.time() + + decrypt_using_cmm(ciphertext_data, caching_cmm) + + # calculate elapsed time in milliseconds + elapsed_time = (time.time() - curr_time) * 1000 + time_list.append(elapsed_time) + + PerfTestUtils.write_time_list_to_csv(time_list, output_file) + + +caching_cmm_test = click.CommandCollection(sources=[create_caching_cmm, + encrypt_caching_cmm, + decrypt_caching_cmm]) + + +@pytest.fixture +def runner(): + """Click runner""" + return click.testing.CliRunner() + + +def test_create(runner): + """Test the create_cmm function""" + result = runner.invoke(create_caching_cmm.commands['create'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_encrypt(runner): + """Test the encrypt_using_cmm function""" + result = runner.invoke(encrypt_caching_cmm.commands['encrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +def test_decrypt(runner): + """Test the decrypt_using_cmm function""" + result = runner.invoke(decrypt_caching_cmm.commands['decrypt'], + ['--n_iters', PerfTestUtils.DEFAULT_TESTING_N_ITERS]) + assert result.exit_code == 0 + + +if __name__ == "__main__": + caching_cmm_test() diff --git a/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct new file mode 100644 index 0000000000000000000000000000000000000000..5bfb39a4ef910764c629a850f8f51b4631306ee9 GIT binary patch literal 587 zcmZQ#tzbVM?_qb%i0znq(}fRz{R+42cH8reiPKE2{fb70cm_rW(Zup%-Q=Rm zf|7jQg3_d%%w*l{)Jg^yM@#4MEaNgam#AzrWADT!mgC1MBJH3I{}B~#WeelMf=(x-dD-aT{qw}>z> zFw_~;uyJa&d9;1!Wn^btkZ+L7#K>Tffe>RfkYnRaX!Br9WoBX2GZ19qnUZUGa|-_- zGqGUHHB5{G4c50ElaJooozL{2{Rr3bH`U8jI?AtG+fQZD`WUn~WzVBZ9p-skTKkw+ zW;mTsTJqzA4X4DSWwGt2T%JA(VPaqqU=VQOo&2BYeoEVhsb}6Got&S zF{B%$G8r=TpR$;rsGs&bJZPiO)acDgsoeWd%y_ViN4rmb<<%aqQ>;P18}nu)N35ME z!142F*H$J28H2(tH;s3&yojn3?H3js_Td0u0096MVRv&a zV{&qK~X>W2bO-xWwbZ$ydI4dt>WkEq`IAw5TR9bRNS#VS` zM@dn5Xish{QbTxZcv^F8M{7xKV@YyYHB(17L@;&LNQU&LNQUDGuXAkdZ;^lmGq6^nh8CK~UjHZ*5PYkDfTip1Ty-~z@)xq9 z8gN8}DW#8Ux^Oc|zuxC2IVmU~`a!M)9?wTcX`#F1wKlT^<`i$Si5iLpv&9G%C^GYL zLo9X~+qQQuc3^Hav{llgMwWx3X0zpWtw~5NzXo{U4Q9eQAc` z{gX$#3R1R728j)mJtE(kQR#*glh@r8yock`u1XS2JImPwVA9%R@?^(%iWZPixvF+_rRj`p&_8;Tac2~{pK*EI0apq?707A`T zxU-xqvF6>>(Pz&gQL#O1EEjCuCzqCL>chyKz53;Vs^l63m@ZIVJR$oisKrF1e` zoY>(Jei}jL20BV_J-NpW6$2mwG*&wowcRRHQuBViT&LSs}QgY^m`sA=#Y8GAEPpb&SI}dq? z+Q{Erw6$*%3y1v}fuYQ^)48-M$k5SbXr3Xhcw4SMSS`^v0>WA-Tgc3r>5_Hh3857F zfJ+y_nGbLnTPp)i>m-CzpwLw-ebze}NI!5l)~ysYoWm$c5*{n~;_@SEe8HzM$DqQ^ zVwxem5-Qv#Yj+3Z^=W%01_XFB%6$b)#zu)~i;0@}nzK#KZavX>-SseEzuc1CL*qL~5knoR=MV){?C|i6h44_rG zNn3D=?usD?8}aTh8R=yFB9$R_BB0nTv=MNv(mGgO{m0$nKU^uSmq;8a8(d58?|sfO zgmWAZ@GJZwx7N0Mt^h+qMs;2v4h~O@Pt6{-6L& zgW4?z0PB@Akft%_B&2R3p|e`PM^5Pb0iY0nl~b;jwt9XW!MQe$0(}HT(ihW{R!-ol zLN}-H#pB%X%vY=)7d_o}QcEJc!m+6nfkIZVt#|fqrjiLhxC?sQJ=-+oIc@ro5a$0g z$;^hiSRWA`GzmOzi(^urh&yaKsZyY-*fQmvyRBBW=`=h2USAjrgFy2ABiK;;9V<*QLZ zhtqU<=ZWXTHc_cz&!V}ytV*Z`#`RPN4e?1Cs3DfQ20n$_pRBMTx{2kl;+FR7ars3( zeoR1V?u#&WI*Cq||FE8(5`XmF8$}ZK%|}X*sfyO_rr8jxj8?R+2q1dTM|D<<6iLB( z#t_}V=&e%AlG;J)?-m%R!Md%!@BL}f1uKC6yMC4>Y3(*ILG7ypa$Y%?|D#`(o1^&J=>%_-RV0^tfg6)COD!=eZwq_G_Tp2@kyPb8`PDZq5}K~C11G#1f2 zdxSP~0YwEqt&2ZsC){Y0f4!&ovT}}2!AY`GNI!{v$#!{|Kyt+7@O5b>?|@=sqw%uX zoMSd+RhS(4?Ftu^>TP)+Uyy{*FcJXn%uXbzLNz9uX7b6pR(PVN?}d027)T6~#3)9*A*1L?AtcMKZY;U>5`M4hVDdN70eVDsX1}C>p z`ha^;fh5ou{OWdb@u8{Ph-I=PRYA&EQ-^Kp6L~1VC{klw2+j>PjnB(&m;fE{T#Qrw zuh1(d{W93fU(#Yl9~t)CzyLeJ^{3bc^JC8CG;Wn{p z;am8jQCX5g5xB-)DPeOf7Se3(r3)-z96q%meS{^4Xhgy}5XX=?3y;ERPf{=Pg`$hM zr)Kj@s z()>ZY2d0AF4^}~GTS#*1f_EhVNpl2`Y;Ay^U}#h%JGD2jMqrLeaz5rK)634oHxfrq z#a5aH1(2I%Wxue4`)=E^cRSfkN=(OB8}lv8jtZ#Z)2kC3SGS`gO~OZ8#4>w^Gc_K9 zac{>ZTZYEmaahUZXj2brvbJA5p;O77!+=ICn@? zs*BGubL|oi(|`1Zn=+YZ6yKx*WBgWv9IZ?F&4tBc#g4ArI?i78 z#2<3*;}X8E&@?!=5-6vMCtNV$Bb>#7?$~{mId;a3Gk&6n6@HwuwN@>KBT&puB>Bai z>qKKPI#Q&Kf+rjz9Ty8dAE$W@ln#7Xq3P$t*(^JEiQr{sO0;gI-hk;BQIE;M8kdZP zmV!QjT3m=u)koHWBqt&T+bZm!D}3D505nOUsYipM1BLTO9RX!QZ$tk~@)jbrgA;O+ zs{~@lOy$g@HOOdnz(&uUe^XJ*PP6Dl06}100wt^A(5Ez2R@;oabXdzhf?=e6#?p`* zF6*y;(rPKA2>AN!{*ygFMM!-Ul+!e1oy`7Jk9{vdlGN>9UHw6q1&fg#v*LeIV+_TP z>~2J@2Gy5WRGos>x`fB2m5}#{mM4kKZK9dFUL{Qvt__FA8_^-#gPgJf8KaD)NN~&P z9|oskVNp8d?CnCuCnV&!TvkQtn?%U2Lm1CZV#K}C^{#`X0S$%1z(nR@F#2`_?DfzI zJk+h_PJES}SI?U6H{WdvRU`jO@@U-8;rTj%6x(CzsCtPjW$m8z*)Qf)fj zZz++*MN2Lj12RxSOxi5+Beq8N7LudHTYwgqxtVXN%HxpKjypMQ%6L)gY6LJ-;2Y6L zKDUR>^pvz>tl$M^>0qXISB2I5ecl_waKOC@K#Tf*XR)9fKSbK}?d7S7=-QIS-UyWd zTlutUgU_-dKLY*hzcj{PuIQR4(p!%aMNV%RV0~99t$i(rM)X}vOf-!Px_5LuftS=_y+V9 z=DluBzpgpIg~gH>&4DoJslmDR#^33zJ^7eD%l&5UVQ0-TH#onWsF!gdy12mk?|&?H zPVJjgp2;?hfOKk+&b~lbl7AHz9KpNG&^UUd%O)5WbY>*k6{v|FjbF=qq5DO=fyj*- zG^VRv+q2w`lAz_GlCkMAQ|@(ea(xAKq-cIRBk zse0o-(UD}m)#|D%wB!~S7uFrd>geOWMWF%M)nGA)l|Y?6TP9*Jk6F6a16oM z-J^0oK)?u=;%#4($RUyK%^?`VF*K3Ninyn|#ak{m*Tsn_NJAoAqd|@poK!a3;S%L1 z`c!#0TE291(>k?^cw~02Hwj`>71vx612fFt{-aoMbhI75<1voT?!zi;i2<$-!?l(o9f-f52YE7*#@CO+jgOTYX~$K% z!T+@KoE0^pEl@VG`pb}U7(n^M5i;9nCkGu+H0hBWZqSPjh6YB@QAiMt-BROa?7t29 zVF#JFZ-k)7O29VqQW%NuA)__q$s8KT8P%l#B+wT<)#f^|HAO08Pu{tX2WPIU%LHKp zK&3d666LA70BR_cGq1u{fH1nEAZY$g%~Y!volP1DX8~+94qDW%RBh8AO`*l& zB5S`Q1-}Fk!=v)6R$*=&$FQ{2mi^;Iw&*)F9DTbVfU&Z$MfM>^zVF6qRe;prcvE`I_OxH{57h=O;ho16n1<=$1lDaoN zObT4mI={)-im;J9QZ4PQ78r%FBQI+?zNd{z;js+vhjqk#Q>tb=mT!dZkugqQU`=Am zivR!r{{R300ssI200000000000ssIHKxF0)yIOdUn5DCdJkt==Kz>lg%K#ZsQ}MxP zwJO@=_E-4*T7APFSQr$oe}7%8c7iK|@WT%tEufvC)@dxo_5ey@yqe5pKyeAaiX3M$ zJBULdDm>(_#^PK5kYOyYzMRz76TR39m!zzdk|g=Fg-V#a+mrj@K~(@(lCIji=$1?N z_fWSWqDNoZGNmxs*8SY@5>vGQHT5oSC~`=dW=$n$`gkoKL%YU=m1j;uh0=4mM;kV* zxX=4lrf^e6^5Z5{F;NiCrd)dY-1eRrdQ8Ao;p)Mlz?})Zm_Ve?R#Eq7^=rnZ1b%CrL9CarBKo|mO5hyXj4EcZaDOYV@!`6 zfOH&Ein)=6Vx#($;Y7|{O zQV`$m9)PNWj=g6C&cHaa`hIqb*+cnFxFNk)Ql<}?2+FvgeMwp3z+i3QDQc1&#_Unk zU0S)t3A!&VbO;yV#@+r>%!%l@j1AqSaJdDX^jRR)Kml^^<0&(JRet5aeAhfW^fov< z8W-53^z)C((0c_jG3KRDf<@w)0D5wlv(GtEkqw&0NV@cnjEn!d0tDk=uYUU#2;3T9 zP6jrg3;}eoS;bq=uu>Bt0DiR59PNLg%Rm!9vFnl;2gA5>4tHBM z7iqHYBaG6(B&4myu@vfP)WM&v@QZT|wm%I~75WgiRa>jrF5A|50eq_f-V1AV*uzHI zlgBW48|SZV!yT$vQ!#lS&;N@&*DQu_UUf~7VA{KI%-2W;e=FTmYx&NrRX$jvpFGa{ z#UC4%WV2hWX}DW#~zEFJ!6p z5!3unRP!k--BYW-bWrN64}KD^UxREm&&LmN8g=Khdki%cnYNVKQT~Oi!wtL-NjCXu zX;wz+^b^i2P=_#A$}Wma2WA6>OHeuO2E2L27JBPzJsB0-)mWaZ=b(TiL^~U(D)f7x z)t+FfvuhXH*d0WW#n!P4bZziog*gwhQ%Ku&EEyvaX5i?~i`^E(&U6Eu+?Y_n$XT6r z9CtL(#6D+uIfxxRD+1nGdYm1$+t{siisVZ8|0BDrr}oZ-=jNQHLB*Kmp4Z9mQxdil zgHF%e*ytdlUj$WM;a2lw2lq|%>aG|%Q#gyUB`U;&!~vCb6iES+Z9xjs#XBSTtQ!uj ztcO37hGY4f_#;BW%;0+Mhi%ZNl6i;@Pk^aR@&)%vo=mS=N0#hWYq+Y_iKt&80R!>~ zxixLVtO7x-#R*#{V9>;Ws1q_H)iEJU{6i z`DjuxSnXeC{K?;D+?xU79JD0v5JRbA+EW}96dS>7EkWHfz*zKh8G(Q&`Co*tZ_W)f zz1VxEE2=$j0BMD#uBNa$$~_8JBMm@61)$g`U&96>Qwv_sXoo4acfV6uuRuDb z$dP|TDYJ>T%o1TKFV9h#;fM;m#SLcwKTU!i_^_8 zXixb*y3m$h0nZ7uCxHsMt$V?R2NT%VrFNw?c4agW_}dVw0sB(1K<6;RBsqQ`#p-`H zq;R}RGIFN>`e1$mpv<9mvxiI>KZYiq(8kJRYAkpFTct3>3)O@(-EIZ%K2lNtWvl|E zS&_0Hmb;_2Zq7MOZbD!thnXL%`e(1{6)AWqy#d4rcm6|-3dji=rpBC~4mU;C0nm~L z2>tE{P&FP(1&QwINMEFr1`=oB63(#i6BY23l<|umW`6Y_3S-c`>>!%7z%w6k0oy2| zr1O9rPu<4O9>RpLWEQabWailqov6>}&)znIj(=a$=3JR4EiN9#e4HZu%ai^tWAIee zPQPcIX9SvhnW!t&mg+E#20i|0H<^;i5XfDtAl_L@qS(F#2RQzM?~TvB6WQL(`nN1h z%#BAghTRjOB7#m7G^;_2uxar35vp_l*juAZEy9GNk|kM@?5uxddy~f$omyM$@hl1o z)bF_st${#+@s}TEQi2O4*#a4pqkM)%%xBV)4htiP3ms&EfbVAXZuG5LVWAKq3h$4& z6cka(HmZ0I_`R_HCon(v)5hRnBq}C94Qeb}hD&ppDuYhTO}*p=&U4s`=@Efz@t(^e zIC-&%RVd~teB=M;JePrg3rgCX-dAd+^3>aFC-e5dG&<~4xckzVa^r}WA6ALtwl&at(h3Ee~>^Ue?ZH8(e)hGN)*Vj8Q zES#AiKD?L7q9m^UaUq(v4`PxvM*W!qdl%@0#)|W7Q)I)6l7eQ(4K8;HHu8Ckb~Fwv zZ3zsMFRncgpVK{*=KJKmGC_@+XzwK{tgJ^aHshBxcP|}`bnO^n6aU;UC z6OS>y>~rDGn~R=c;a@%JQ1;57XD?E@!Y;R-OlEoH-)mwt9jU_>B__GC*}@WU-3RYw zyI|Tg6!f*)9NR*eTMEPJx}DhqCuD>;9%>JRbOfpL}Hvo{xWn)E&tY zN$2v#gSE_Mq8O4_8Ps!@p~yD~444$qKo00}vtRHh`%g6=q5(O0#$4?I~ zHhm8+31IB^Q$s%Ow-;6w0><~%wCK-I>pEwn&U>~(>6sDj3#2ltkXXGavc344;YI7! zU8Ksjbq45^BA1`kfzaMxm36Ley!x(~EuC`9rOY3_{j8_4!dh#VyHRS1Pb`$RZEo?( zgAL@`cHs@Cv?9?NUs~fy$iJ5Om(^@slCCv2u_iFBIJ@T;S#Jt^dN$7RN zhyPvm`~!hI9(9v3;yx2WfE#Kkbk^D*_M7+6?1-AEobdEB-SCIdZQw_Pwu?|J%Z3jY zURZ}XO!Y-DM_Kq1yzgl%HX>eQR+L*#2u__}d!r6h76GJ{k!6{0f=bsWj^>unls*jO zPsNWC7fz_wSmg{Val$2OoOC~`tb3kZiYl*&$MK1F^&MYos#GL!Tw~H-KeS7{WfnqL zPj66J(Ng6w0Pu>S)PHNsz8V_d;9{gL86Q?j76Y`0@3#u1nfLAvk$WHALLJ43@M@?u zh|b7f_3rb`6N18NM?&8_iItjz;?Ap}k=BI6d4hFNkR^%<+U%AI6>@h>Ydet#J5-Cn zDSrq&o)(XhU}Zc`g!{DlZv&=q<`~JKC#}8s9cJ}<&KR2>0zx{DCb4yl&tXd$xThFm zWIfWe_{Enbc!;@n+HnCI$-5g;e9fF1*Mz}`u7N1q`C9KT~p`1~OrW1+uj zeGDInZ?0vqt?}Y6H!^@fFef`c3uHD(df-|Z0%*_MHcy?0mj912`n?@E3-a~_@QU&Z z2A~yHJwEAK4IR^i*R0P~^Mk4l_=`IV>SAB`NjW-JifMM0(LZ4S_vpZ25&7gH%QsgB zA7fmyT{?hz@Ac$+AbL5o6*ci?Qrg~F#qZ0lnj$%O9?9b5je>syJ=^5d$*isVa`ID| zk;;+pY1UpYr5j3~JkP!@E7`5|67@PU-umh|ina1;O5h%N)jV;x?jvX$!*_;1CVchY zd-~k|0L_{<`d@N}H^0$Mvb8>#fEZ#1qPrJTsD_byO$upS=T6 zZx9_ExSZC-e6l_|3oA!)hN{e6e)xF!AmO)c` zX;}GABta)Cb(uAJyHmWO!ejg#=7LvB@*)D*3&CA?r~VU`ATZlcic-gNb^vEEWdblQ z^<_)EcwmhPH&&sEN&{;nAH+ZAe3_5iAIl>j+wa@Qv7(|l4LmiOMuDqCT}QeCF#x95 xT++!fKiILtuGVo)z~Q|A((p++W>=Gp*c+8!nuL@7x9399X>uoGcKsiHtkznqK~b51x+Y;<>8ct}-EMLA4bQfyE`cyDlIcuY@rLParc zK}JtdLS$BCG%syKQ9@c-cT-PUcXvo&LNQU&LNQU~)(l@DEVG$8l z(r!Tgo^_VKS*|Vq<=WeQsDVaN1Yb9{9wsk>4e(v!0ssII08_jBm{>g$JmnAfGnA)0 z^SFzRXmdJ%qF+3FB@h-oN#=(Vb)z2i!%BSTd$iElF8}}k{{R300RR910000000000 z0RR9Gpi^ge3INpzr>~kt{!NHZ52J?wf-N(O0PanRmPsJ9`TzwJ8pBF?_ktDsi7><6 ze$j)ZCFxGmh)a_grcWo$uvJM_{trv1a)>?;y)EqxLSlDeax&M6&4L%Ot5&_cNv@>{ z9_AHIKWG~~`b`hQAy?55-D7{83L&sw{mrtgcL(A-aO}C)#erv0Yb@0+oH;n(Cqa%c zK1A7kw?R@YaN@aihL5Zp_tW#}ZrrpZ7&7JpAu{2b0sq(9;epeM&jNgmJ}=Qnz0xRw z0$S8_f!p}P1)TR8C#~Bw)pj^!#fw;xaW5qzE#YE6)WbbQhZ0#{hJ?_7Yc&i*zI#G_ zvjSJ0Yu!UqzL`U<*i+c#-emx>lEBlL>4{VeeHjwRM2WAx03p7i$Km+4^zmi*qo&RnLw7tjW zYf&E2;D84$#c~GvM=2ZN^=Z%Xl-JW=JFyv>;U?Oth3n-S!GC$J)GETBBZ~%8yCTBo zH2s+T<5|}k_UsVRKX1wQjE4Kw;S)5rw>s3%_7-IyD@MnklFRU*QOJLm@l-Q&6Wl6r zH1V+B9{kbS_72TzZKiiIdVkZVF?S>D;pAzwYt-N>=WY zPB%aF&wlWXYrd!l1Rh4(T3!cE|M<5|T~qPwHF@LtqV%cWf(7fC1P6K1MO!PSF5v)7 z*^zu+UT_eorCSMfD$;qkGRexp_kg?s3j#8Wtr#nNx-Pr?Iyf$*Q=GrGK$TFM@%t%^ zGv7CP0I#Pf@M1PBKt_^qL>EtRkkM~Q4iR=Y^5iNGN2^70^EOK$9^F64*jizskaWas zs%giPl{A0?g4Nz*PI?z42G1ZaJkA+j&3$o0bnECRQiABgZYLNobE*yXq^yO3RPidRf ziVF~4=Tv*bgmYheBau9>GaLG8dPHC7#Qe>L>N@68lWPbAXoz?VNb7tajRqcWS&M@W z{L7$$AMthl>%Dg+qXA6a{A3raFk?VLH|Wxjg9ogp`FAmC`V>F-!m_ux6M?7;E5j9# zu-H~3a%%QXtw$%0o?5k7zvGLtqd8Ffky-I(74h}dHK*S*08f;Bq_8I@Eky_l%eLL< zL0T=|m(!1kI#Y_ks~PynuE?XUw<#T$4Z%ATa)PMfDh8Pfm0WWyvTe856$lnTWdo~^Ix>zZY7Jn7b=#NLFby=^kjqfintu2TWKVBF`F5ZF8M&(yb(Ml* zRIUep+=R^+e^4qTD6bW644_4Pc_9skIYZf`HlKo;VW8qUk-2V)BpolcwVc<)8{@w< zuuHUEy``Sw)&oqv(7Ze4Y9g`BcJ>FwZ6dZRtWRE27DdLRyTSHs^Nd+mO2P|-hLQjP z=cmX#02C$&KwOERB-koQYY680Fa$9mDMJ7OLBf>d@7+bg>03eCPPqt82`x5p?|PbTU{6RT9aWc4OS| z$pl2CtkeH{J2cu!-rec2L6Z!%8*&s%D4xmO*fw6GGG!~Bz_X49fMp?B(Mb3jN0Rb zPzCvyK7~Zy@Hr;==ADiP2L>yd`H*b&jf_iB(6?wbZ1;WZ|D z_A6_n$+PX#V1(Dgo7Kud;Kiog)PLT?^75NJ}fb8)Q2df_2+VXk9PIAt9o|#QA zn<`7w^=JS+ZYwRg;!`gdU!$u2B|1)uv+{F_$e#=nv!>c? zRD~LX|2gDAKGbQe5+{-@i5@&Z9fBZ!llEl>Pj{L*xErpbcXq*K>`1zvC`~=ce@Xu7 zt|uHco6|fSR&VPT(JAIKbBAJ0BB+M+7DgLq4QB30q;di^3s(~XV9J9~vxuzj4`#^5 z1l6vUXuvxF_9s}ncfS(RMFK3hwUO=_ODkCe?{+G!qC%0*!q9c^@&AY(GF zJgADM0xFI2VlK}-f%3g8S2rDPDjjCNsgLHM6rluTR?zmO(ZKxIJVefhkIiQGIRcb> zq8>;n$NH}?bKO0pIB%$J$_uijumF9veVMlkjk}jh`BYDJirdJ98wWu7tL0q#{vM5V zAbz=f#utc_(1 zD`Rg@9WvvxFXJ6gt6KFH&j6f>5S&bSt3XMNi5`VJeb&AIU^rK4fdl;(S`ZavB#jPu zWUq^oRD^anA_zn8u%BSm%thhipDAnkAoL}3wEUT79{hMKilv0iUX#TRxXjB+=|wQP z0JUHbKV@ToIhQn;*^Sz(_iT=0e;QWzZ?2P87X7;5B!4Rfj{nVGUh=( zT&eY%lC^*-lhBmA{eO-(7;s^L?;s)-UNLE;LJR&HyhoExGaM)yD9H*Jg_K-=PjWQj%K z9ExbDqP);aBi0E6JGWAgW~t7_;a`hBC;gE!KEHW-vW$nZ^7E@XwaykynzM zGD~g{(m9|MHS##IV92hSW_JHb8zDmOkSI>Wy@Su8!TkyntL!oqF-TMUaa;WGBf-YS zvwX>1A;~=uvdwa+d^0Ij?C_63hZR6A?L$G@99sP?bN5Hvy?zgf``PvpNU`+wJ>?B@ z=x7Bn5rkG0*)FMG)UcNR_)T>(#*Xk&ed8*;`jpiSHc2QR7&hD+3O_^}#~`S^x4CC2 zEXN=!OIt+%@i%+4&imMO+V#1K#EJZ}yb&IBAtZR!3A5yZ>S3@oVBs(`X%kl}vhC6moU?bQRS6%31Y^HZB%M(k;G!=6=d7c`>#|&!_5$+$qU|7`O`BF6>d?Qrw zI|{IaAP)xsfP=zQYFy?WaI{IoOs+n~oba|P5` zU16QKh(mJ#RA)V#DJ;@O{W4US39)wZY`AG--Ge}lnx;~3kM+7LgU3RZE8;Wgx*j59 zBT@nok26b;hzWWfnTTuj%e*zDz_%gu6p9aMU{3K0etzA#3Ri}BJpE=y4v9JzZh3o? zKBo)OqD$HJ({d_g!zL1tG`8r_m<6dkH-qY&6>ufj@lXg~0d>rGS{`uC3!88+pW?aC z#u7aYkudtqpQ-F&k|XKRN2IOlgxOz+mym1>=K5t=&s787v~VH}QoC7Umq~PGXo0h3 za+E<4&6r^yrOy`uJ8h+EbMCzj61$GOyCQ^U0B-%Tfc3_a#*GLzFg98V{rLaeC}ccL z>!9!|#F8LqVQdB}R0^#Dm`h24>=c2F57LZ{MzYWZ8gN%`V;xArST`%bcPGCK(8Ftb6AOtNp3a|2hM9I-{zLC7)|9&@1bZS8I{0dGZ=*{!#6_!)_vJB_GW? z>S>|rv|Rgj1HXoQrZdB51oP4E3m-Z0y@V^gw|E?JfmUT!Euy30iK+NE{1jSV$5qBR zarJ5P2PyipP{?_bSXA?~cl{zH(4xV1#6oBHZ*Pf%Mv0hODHgCS4OTVnq}3Z)v9kj= zyDGDK<8+!3;g)0hDHp{}^ab3X(*Hg0cc5Ptb38H;w~+Q0z`TZV0|~zypdcd$H48dL zSpL6t_V$Qn9>Yj7-<45GI4&82${Hv4v5lKJpFR^b_0KSjdDA8{>+@otxIR`7$Wn{? zWDYqvic5m_KoAXt^{I@5sccRT&l4qVq(@bXS9SvfqKmaPz_V_N!6WIqlAE|Hc_l zT(FmGn#vSc>cw~U#JT%v&2O#7APzo@D2**?B!BDKH@eeV)@?&CV7j@xJ?NuP&9?8} zVSz1kbfuWvq$%ARHpFY5R}shVJ}>o(RvyAP>eL0%?imy*x=KM@r#|LWiEC1cqSRa& zlePmxuP6s9DHl~V0^J~(9=|~?ZkYNaBT%SO6Lo-5oy;o?ON0}p&hgHz3sg5Aa{naF z?O7V(RO-yE%n-6Ubn$A8j0ANx{AaAU0pKbVELyRXA2AT`UK9Cg>ml96x@hFH2Bv8_ zXX$fka9B4m89Wi?p>}}P3tqi6<)(cr#1k5-rm}RbFcx&9#xbArr5F{Xpqjz{gHC}3 z&mc+#^Z;_hPDx7()uzPzjk#x~K(VZrI16DiTGGJ0Gs+^;M+~1^J^%g)|HwCKr#i8F z{JcFtdk8W2R)NV&JouMMyH&%(oAdH690b~Nr%$b){>Hw~>a>Xl)6pz_6V|vMi^4s! zC91uSeWx?B>tsA@%zZmOwBiNs6EBGLrdNv$!ay{UaT*Dep|D(}uABIf%=1qnE8d5k1u=zy z%&l0qfuDK{#O`_MdnuwAWC$}Hpc8;n!->1v?y V-X-*L3)Ww3h#M2;#hI&ZLd6QKdcyz! literal 0 HcmV?d00001 diff --git a/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct b/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct new file mode 100644 index 0000000000000000000000000000000000000000..63dac90b7e752819bd5740db6d3f7d3a3cb73a65 GIT binary patch literal 623 zcmZQ#t+=k}wKe7Pg1*9K(sA3qFHtz?I*0eWX1hk=@r;>w_SWxWh-YAA5KSyE)=e&| zEGWs>EhtUO$xPPGPOW5caWvPj3`>b9Eh@}$3QjX9^>lVkinKH{tSs|!^U5?Sa&#{7 ztTa!IOwIB4&36j&aQ8_oG&Rlg&oS2yC`oqHcX70}1scx|GCn)En87=-D9;MWu>x|e zN{e;NQ;SPMHB~WkNP7HcRa02?-eQSQNEN?w`lp z4|5KyO#D!C+apI}G|Om=?aWx{i|wE zRLcrKli9d#?UkG-U;a{~S zkJTGO@9vR2(6qNp?xnok;r~lx&htKhW98{NuW_^8{*rmq-DW&tNH<7jGVs!B&^7YR zIqQ45-#?rCY{JPW7kd(I96X$d)4F<%OUxL$&g{W+`Wy7 y`)l`{P%)ijlvKB4V)ON&#}N^=x) zQ%e$45=#;pxKi`Lwr1w%F|a4+=ar;ZlrXSm7AxfC1L@+_yhyOc;Z6n2cwOfmXx)W2k>~wK4xNI5MT(Mto1Wc_{SZg9~tG&wZ1X8B^Ca< zI(?q}XJ3rXQa$tMsj*R)y;h~qIQe(Y(QEQ5o&SM=fdS|z1OT(|we0+ROKt1TAb01N z43D4ZFr*u#G8r)DuF;8~-?QM);oy+ZC*)`JvDNDS&wAIZ-2PHiaNXA{@&y7$&~r~RHY%?PsUW~ PN2N7q=$;rmEe^6F+=&Sg_E%s8Iyvjc~z_FjqK~D_BfWYA{k&K}l;_G;wWFYHLMlWm;HJb3;T*cSUt^ zRC!KVR(3BmL@;)AR8cT#MPf^1Zc<`SICE)lZ)8$PXFWXt2x4_~AYo)=a{v!@b7f|A zY#?oAbYWy+bYTDrWo~0~d2n=TZ*BkwV{dMBWq5P|25EC3Zf|q|26JU&a%FS?26Sa^ zVQzE)2UKNlVQzFm01$Mp z01;t#b1iFab1i6TWpZJ1V`zB*Bw;l&WM*MuWGy#jVq`5eG&3+QVKHW8En#9|VKp*2 zIb>llHvn8qVEAa6K9sGyWr*f{FZg&AR}+tCM2x~(uKn;4t4M8;{z}-JQb7~4l}}(U z`sQKxm(sm6%L5KaMcTDHcu-*>lUVZB)Fg|xxs}%`>eQLTsAJDC4qYKnZr`o~000mG zJY(`y*ayl12Ign5os^h3)<)WSvQY0iw!xUJY}hZ4!m9YJRl+dsmnQJoGe6#Yq`nL7!9DNfOdn zs$wRt^|ith=xKvVI8|T_-bKDLds+&=*r-jVL-lpQJ_!2LuCsY!HwpWT@9{V*mwMCo z-FS2EJ&aQq#j^#|DRmaW7X>r}FpW`|O>0J(Bke~Q$~ajPRmXCYUMc$KwMeytFcxMc zpGe!)=Lhc3p99KiLwTn%AWdwNMxaE_fBh@V7GAeIcMX#NBiEvw?Z`b@7!=jR@xnyT zRqaV?5{;LdC!v;42m8ewJavyPtM5V;sNyrmieoWPEyLb6=`mH@VJMU0kF+i;Cxca$ z(H_2eT6F22BS&(e*QUY+3tE({YV1PF@0#R8#@6=idl=;_1zWo1$`ns#k2H_9gm8ON z8gZDacwY&8x}a2aO=d1%EFR`=7j*sgzk<7}jj`+8Ngg%z6Shi&4rftH8tV7eFCuVN z?!cj)+ELdrI$iBZ8bWpCChNq5>6NuB-yiBcR1WwJAc^@7)EeBy#o*xF#Boo z4d{snP8&rsXl!oEEC08>^z@ssZ`B+mt}F?fDay^Z=h(`wx>kc<(oStm9IHnv2fs0= zQj>2^TjwC;^fu@O)Uask8eoBc`y?^|Lfos8NL`q5x=LIHE>6glDOM@!N+@La_V+(_ znK~Akd@AR?K_oNSZh==qDKsM%gK0eJtCw_n9<%6S?&Zxa|0^5K$tm&J;Ddps{fN+E zqPe~hw$s|{obnC@;HgK`N>e6mG25B?$wjG`Ff+y|lpqy$D&d0=WLMF zRzwjCyCNJkj zU38v8f@0F{3=A*)iG&Cib$FaBIqA@p5jpSP8{$z=w01@N&3gX$<5Nl-j^5%aazR9L z4(6}Ny^#5Ti(jsq=V%R#yEy@wlc7}(V5=`q;I{oqtTo&JRo4V=(^U4Y!aXBLKbGWr z4x)hL|B40g-%6xnnfXs79qzW_-et^-1!jHh+$6IqkGCU_bg2WvR}d;Ge*ab)X2>Bh zbaS(d#IdV`rahE%8Ioz3y1l(dAObyg?cQ`T++%6#lt}R83GiWQc&%zJ`v!e z(mIhpVv3-ED}s#8!;?ZSTU_KGv|H`1ci7rnzd8yo;rdwv$Nei4_U3q>3>GV2o>*AA zI>lD<^e7wYdGJZUo+h)O)tq!A|>NHWH&3`EQ5s!R2u9~P+Vz&8^lrFQQ z|FMFH10*U(5_nao0wwCdPD~vCd0-JH{!qM#MRYi0p{8?js?ls@x@o?v2hj+ZNXkc0#NNUz zbJLk(%bR4<>Dne1)M4s2C`*OZEn^$A%IZt7oc`L!%aP^MfDMnBqYa^)2u>NI3>fuZ4RU5R?XE$fervux>fbr2XZvp zk*K5v5U|K!3`R!C@&O-1;I!#BuaT*{?P5kt;0~-YI0Z9Gy-mUn)zn$Ww>dk*fXkAI zOzEIn-ll={!QPyd@Fg&Zw+6sI#EwQ6GsL6M7)x=2mFx`lWtJ7RMSMFvDqUXnLW!rP z=>amwMB35AVgM~0SQ@?dF$A~CjH(6XtA3+VvsD`DH>$VMCdsr=Afd0VM)(Ynpc6G^ z-FQ64hx7Q@T}1!byt0~nl&3@FW-cGsx6npev4Q)&bSBh1Ugdm9}Yk|@acEIj6=VV zg9+AnYcA3P6%95qj104jHcf;;p!)&uk9EKMnbO51XodVoO2^o~5X>K!hzN++<*t`T zauPtltyIEIy3k%kFlWBW&&2i6rMhMNU3}+o9~0?$g^fUyaSP#n+ZCYKd~8z9!W-;) zjbO)E-yuhdbvduBWQskB4~F-57{Z}v>r_+K4Je6m{kr*-7W^3TZJQa<6%5uX--9HW zyYwL6d*}PJS`9xlM@LDYW&jwy4~vQ)?eF*m+o!Xx#GI-AURd&kKm@U)A9$-}5baL^ zjdBIGA)?6wM{o&n943r<&eY`muV%cUZRK2lw`<21r8W%rd7UyzL~!NHcb80Pnq$^o zoJ(0qV7?nheE8?F2VM>cm=gh#JUNm%`Lu}}Iy*=>kPn_KO@SlcIrV3vWY*$S7G9-~ zm1)tgxczsQc_zl!BW|nR93%z{Y(o$}l&Ftl`W%!ji>V#LCX2aTjDw@2TM?)fCnEz{l_IN6sVQ$6M9(%!K}}_CD)7=Htt^c+@o`dLMNmJS|qmouNg@@ z`CeypQ?&LU%_z+HW7;M@$Pp+XHG!u#1+LV|HHewGNfGuPQ5g^k1dH*7MloS6QBM#bQ2C*WP7HE>+z#2xYQrIsK(?sJX86c7ee$Ut1J zWCrj9Sco-Sf8m;|GLS9{u!8$yiTAMg8W0-Mp9r69c|-#JnZq#z!q+3sWnuyIEqE-` zPgU{gC#9rI9wE5-YEjx0t#-c{Sc2;emFZ871{6^=-E-~0N{xcgC6V0O7Xr8p=ujfq zO((KIpiH{)V0s8C46}Jo#n%GQx1w8+q9M+MlY(dkv8o~SbxgNk$~znV=wmp+u$tcz z`s$g$y1kPCM1b2;LzEu%t$cL3s4}irxVGPj6;}wTnY7X@d+A`@&g8*Q}{@R8o*7yp1`S6(acAY)oq}>++64u!t(}m!~)h9-u!0BLJiMDcL zgdwshO27{LpT`_YRE${Rgi-o)o-RTLfgo?f2G!8o*2p$y+h3zx_)=)YjCU#P+-He< zjFg;u2UwkEH7L>pMnL8aK?VVF+?kaYPC@k+y@5J1kc+dujN!daqOmAg_KwIN{dUe~ z!rz@aJ=BDXtCLxJQQ7OTJ)lx7fQ)q*pKm^-PO_L3;Q55(PDvW$+b=HLBM z*AOWJqnyAx@5Caqa$bx%;p@OPDM$HjUAMFx+vih&Q^e^NG$S7!T#VCog?S&m?2DA>Su-mvM}%6r9H0}l2#mOdmv$Jz>~64DDUhdjIG)w# zTOjyIoD(>$n#d=iM5rLBj^b#-@i{eqJnFRJHm(* zLuel+1BFLB;09L*TVkUesVjKIjeeC#%sMa~&Nd$h%to`}UCn_YK&@glbf^NtP!p~+ z8HNp=tD?+4^B8O4-~1x0km0)U6@hPb7kja&i^rzwwo>&xw|4FL(QXY5y7jIVq65>1 zO2X`tIIoR0P!kZewzz+W;vBxvyg-E^XqVh9N}kc{K_ z6C~qX3p6NBmSL^!w|>R%Xw#S+jRRVgWW_S}x^tQU%o1>2H-q-_H}+ooA^&4vPxITEiN=cJC=R3RmFp5tll4zV{KYYx`p zz3_i9vxGG5H|qs_1iMNwbdmT^g8Os0RB?||qh_Yge`vrANjU5yQ7gxayNfwS#1-(S zcsL)h_i4}G&*c+-yhR~JX|n%zzyB{DhB|9tB-kzs>{6SVRd|dfHAM zam82-0u3$cN(A~SgIWULqZw2t5zMUC*~Z3MRzGZ$mA-RM39|rU{17aDi+;-$4vPml zL3(wWPaSdlr}AY@=#HO7ZEGDf+Q4^ch1h7WSl9Tre`$9R4Q5&%`My>y76-l-Qc57& z8f%&agM;CQ9M)>$kZQdA#Nxq%Qd|*-8uVTQjJk<=6+rft5reBwwioDSAO9_`LVcwn zv9OEgQ|(UAjABK7y6qk&ZN|0Um@bS0+qyGPod%bR0I+m91Nb*@sJKJFO63y@=-o;_ z`3#-)(+D6bCb#hSYdi25|NsC000002000000000000002000j_PxC#|DmeW}osYQQ zEA6i9va~G0`044K3o@z)jg+?m>XcPt1r-ADKq$zzH_-;i@s#LP&|jg=h4pU%#EPQ@ z838#s9Mu&R+(ywP>}!0PpO{oWQcY$!5p*Aq)uU)d6*1mYuvfK2qBvMB79N^L-I$Qs zo3683)S6MUDyEUapiLSUZ>Wl_E8t07fH~)Z4

JYO(+TJbO_}u7^|V49O9TF zzpZ#;P~puS4-{r%)V0U3NiFWTK0U1VWgw$n7dD2aq2;;eo=FY=C=$myGClqJ%QR)+ z+ZB6^;)1VDN#!C4&`#%2Q<0A$few3>y%*&;dr7jrXuoQ5<{)A}h+tNV$?nm&O-M{{0SaT^5GXf;ubC* zcA?%;?``nI5NKF1(hVzf7LTPCd}K;DRv8U!)Tsi$#W#xkt5Y{gLq(93s!`?o19&2t zJro3M^M~bpqhCVbB&+%#gBwB#fTpq@SIF*(lC($?IMkyRzjK2U$I}~Q1GA);%?na} zL5$e`TR=`29ro3)(iKo)h+SJGuhYBhi*Hiz?fO-}!a)W2#F0fQVAXNHn*zf)1^+Bp z;LmwW)07LU^94bvIY<8FwHFwwYzdp3;5Z0w-^iX;sf-B^IaTZ1ksQ@v`B-%{o|UI+ z)TtLO(YBl3r+i|)Nt_rn$9WQUdXJp@e%Xdg3<81{|D|USE@}f8@lL(zR3MjhnH74i2oPRc5Wrx%md$~OB6KQk>`MlC z{q1cZWk0&vTH4bV`47Q_L(&D5N0FMVXy1!&IKK5EKaq!t4cC0C*MZ&h6;b+0h+n_h zVlB}NkJjM76KePSYOjsHZIvp{*02GO?Qq6^{JHp#?3JlMP(@99lEVX_G(AP4TT<7$ zZ)h<^N7l%784j(w$9m;+fG*ZJCNHS~Z|RX0Hy=&c2qDULbzXRjXcy@zq%QazavV?Y z>Hm_E8Cs<(U@=_Xdas)TGZmMR=oyRZhC|=1Q5&kKfLFD(Z8nRZZW!&Yw&0Bul~oR9 zud$7W`(hKo8+2h90r#&A*rW91_9nqk)!{1r3K*uczBmN|?c~$1noeHW8F%x%20`3}9Ga3FQPoh3KI)qFl9}{$} z3+{0OI*}}$swSwTk+XjhWwCUYBUp+W#?bYI8?Xuamf=zxQ(R|{FJX76#EYcnyu&`M zt~_{k^wy@WpB%{%;#@0K~IYvKI z>&LcscK>>_tZoVrG73F9<6w!Vfa_>1Ty^rwA4_aU>N0Q+y6Hm|qO`KWw*vj4hS0^= zf5@|ZOBZPJ-6>N#wz80B@(m4b_paL0T+avr*3uzGN}Y|i(u-p{zPURV(Rqw|m5dZ+ zzEmE%%_-AxmT(JI-;9@+_NhfF#se|?@fa)kUU;#apF>LcDr%?YvUwkSST;A!$s>;$7FdQKdY)TQS(P)jLp!AV}6j z)vhRmO3&a_QKI&omQp(tgnEpFSBRG-lKz>So%rtwjwG%L~#}d ze;K}H7w)DlQEx&f5Zd+;&TNvL!~Ru;Np2qTF%dtp;}!;&07&wF;ik)xjpN_Om&US`oInnn>Hfdo1Mef zbQqZ&cPFXv>LPu?fTS5ui!*-$GlsbhQBQbX!|tEkW_SyB!Gh|V#{Hu0I-U=JwPndu z=$oAM0JHc=Vq~ukQfT3;!Nu9noz9x44Sdx-vNcwNkioat%c)q0bx zCTCuMxqcO!f+hT%(#8n6Dk(v6WChGG!xtEbukTLj3drnW}wyP4JxRR8U`7&0yZGbYobQy7- zz_SIOdy9>`W~Hd^FP&aqy5P-G(OT8muGBiN37mfOr=K#JYjor!_0+B8XIBXQJ{1mp zqvqR>xkAw;Mhv@416}^-+l^h@+~>KMY+I6N8vK_5E{1 zRG5YfiSDlM0I|Dt=V4oxt;@Gs_m7A~M8%l|;2c(bXin}0o@P}P-dS%bv2y3?_P4%P zHN($;@h?~ylc2Q66*F6&hpn@2=Hv+O%W;*F&IM89+`D|EJKzloS4jDtMowaeEw;2C zjQY+;+T{$1VP>>&y0d9rLS`4JZA4dL=}K<1X4>>!_d}7r5@C+w4ma~!Z;&*W_I31$ zv^!mnx4$B|+P2|oW&G1%(__#D_JYel<4Kn#9gb<8m*y}=@}Pf1b)!4{n^Mi+Z0 ze0FCT^{XYc_X($_eQ3leF~(=1WRWImy6&?aSZq!hJ(hmX7J_KWqV_WacNXphC_<@* zMi<8oP&{T<&~7`X)}381k1j;(O= zwXLaf7T5eTV8|Ql0b{c7N#V$GgG2YjABi!$%cjYl*$1pf-8SF7SL$cHMQQQ?PFJR% zjv@PRsbeqQPQu=>YJ&B=AuCNs!<3U8u1Jy(yf?<4U5=8^2%ZNqad;SEp(ZIJ)iR8P zOeUx?0f{t3b5sFp%*nQI*>A6je+91^Sfwz6rRe$5+aI`%`9>80O9KuLuY34|ZN6$s z)B#84!LcQX%@3l@)7ou^^u^LV8)Q55Sep`UE(42Nsli~O1 zPBJMA&Jbl8aoY9L=r>-hUwyR)LjCH`%UFG+9^-~+z!N>%&Up7$ZenTl9C|NQhAJG4 zH_ExY>ybn5q{o>ghn(qUdS?;{PR<&Ax)>Oua6%UhJBURu-(uuyD~@0*p7OuL`I;>0 z3d6RxV6kl>T~=_2$q7yzd&wjN(4(xBqOlNN8|_(E_L=A+ZBm2yTXKx&U#XqZ4j=jc zOmu=X&dC^`?iUPOVEc;TC3bG>cK}Fo@|j={A5;iRSLEkSUmGrB68FtirDI<^#W;xf zprg9^YEa1NZL<{F$JPcRFi#U89`&n#3jf*)`>A?q!m}qrsp0OvBN|R7!a$y#fVz03 zewEK_rQXm>(_{pS6U_H=HC@5LcF`#R-^ORU-nLp`a}4`0Toy%<%Ou=_0YQ7Dh|Rx$9jQG3!kR8g4$+PHPvixkw?tQg)J z5VY6+kJN!}xkiMHNR}h<#Q&Aqk%NwMWFZ?;A2L0~=y7*x)!$b&DI38^6una1L9R&S z(+WUz())v$g(z5qYB-&W0-T<{7Q9lX9wz$kRw;uF1#F89)TR|FSK(g_qhAwpAP4~p00#gSVRv&a zV{&qK~c4T8_R54mwWJ)+fWk@$_FE2t@VKi7`XHY{^aZ^$_ zWm7q9a931XOjb!^Xi+n2b!#_4P)%b_R%d5NH#atLXFWXt2x4_~AYo)=a{v!@b7f|A zY#?oAbYWy+bYTDrWo~0~d2n=TZ*BkwV{dMBWq5P|25EC3Zf|q|26JU&a%FS?26Sa^ zVQzE)2UKNlVQzFm01$Mp z01;t#b1iFab1i6TWpZJ1V`zB*Bw;l&WM*MuWGy#jVq`5eG&3+QVKHW8En#9|VKp*2 zIb>llHvn9G1IO7~-X!h0_bL;vo%ASH%16V;FcgN$oif#z>rUuwFCX1gXLFXBmLeU7|ACHEsrK?Yua#UF|NsC0 z00001000000000000001000l5Lj(Q$+)w?{@T_lLB-gi2`Iq&)a2=v-o_5YIra~B{ z&8{{ig<-)RN`2c9jrU0IydEyPoXXMnlX*i0Fq{c3O_Io=_ z>kVEiTP^&h1Jw~SGSZmGLcDmFBnC%VH<%tJMob_ z+~Z+Hxsa_AT5!8X&E>P8;td`%OpADFc=x01PZ8f=Xq94Z z2fT6!bZ`d#;lQ?wKtLN#7TRnixo6XTo+W@0kQ$jUdO;Xf9=_VaEG&fQ`^!gfPR`7` z26bbadf9Et9TgMjJtmD%ewA$@E3*SAy_Rh4sbz|6Fc|O-0aoyb6n-y822tC8&Iz># zHOd#_DloDp08fZ*UO;O@9OH+H5l&^HP86qpr9D%nMbPmai^lPTqGN1)tjNW|EF#O_ zan+$rwL;HdJ_TPM56o}rB%P$y4Dc>}0=n+|!l}Y{YMGfwqT;hw31=culsKy0tb!f% z2(=XE{}cNR?<7g{RY3_P7Lpf>ahSIVHjP!|sxK+UwAV@?obT=b)jz275RK-Bi^Gg| zZwYX%MGfzPRz`#2KbIL$2WWer*U88|d82u(gln`|4A@>gVbvsRQd#!)Yu0BBI@FLm zf)rBJAek~3vasHDt?^W1Rm|jubwXtMhli)P*^J8=X_mYZb0^eJSz?#-?pFMM>JwPP z*b$+MNX~)5O`mT~!6FLrCONW{-uwvl?YZIA&y5i=xNm4K75}zCS_VCn;OAeH?|&+% z=Fo)C9MUy?4qWOs1h&y0`&oILZpf8V!|d_Qi}agfK(V3ouh?j944CbGr^9U!u2sew z-r2oW2ece)NBkuP0pypM3@s7fDi^fz%1gkdk^hYY1mNnTM>Gv|kMVDDyEDC)5uUHm z99J4~-Vn$$e6zyp70tXc&Vl^r+fWw>L=1!92anX`HwfqoKklBblyYXV>yJKZfoBPY z)aljJs4Km7_nweu<2Fx3k3!y^A^m=9RVmX2oryzC;Eo|MfSY$6ib}!PGT0anl zgrCK#gM*|yy^66{fNnBJ2^X)G-YEL@&AwlvE^tonGear&uj6px%x9InwSDZ=h&KE3 zPVrcgvblJ!@U&nl27ov52pc3k-?^GODgwCQ6tm?BsH1zTMR)Y221iV2F>rM4N?cZLdu~^8vU>SHT!#EZJY23 zhx<6!xj0%by-aIZ3sIaWE?Tu3oC=5JTV$(-^hz!Fw|KQ>u>%4T*Cq1F9?fvjg6sqTiW)S zjaa+Xk$i!jMu5zpHdc2R{GZ&&|J%0+q#gbkoT;Ih|%q~`m`04oH`#{i&$2bmWP@H-xzwG4dGycva zn0~&6{b?G4m+H3)#!8g7>(Rp7%a1c?>x8IFpoaN8T@nyQHERn>z?QxrRwv^g|5{cX z1~&nurLy1AH#P&VmlY`JELq7pV*=IJhG6+jY}v?(n@c*;K*RPot3;mD5Pg;pLCOUz_=f9Zh!G7b%dIN~3Kh!C4{D>~d4wi)8_n4^2 zEUd|ouG#LxF;e1GXrYN!qk9EEu3}KbE#4(CP+RnowRlp0_}%br zcpY!Q0;k5P0}IBf0JQV(bw|R(WXn7ns9Kr>#>vrs-?gh%AxOa4da8uMk({%)yVRFJ zOGlk#c*+#67Y|3-aWpsXYVNzV8Wt6fbxHVB#Am^l?rj@(y%SXkGcDk6qSSTKm=U|k zi|3W7W5nB`{E{iE>c4<4u^m|i#xZvXVVJBrYzJfyDHTL{(4X$J zYl}5-y-sr^_s1=>#I)_zy~cr~&2;qq|EU2<5l*yvxLWsud_E?0RdfXia9U{E4RCBj z_Wzins1FE}W-J~jr_e1U%aWd~=D{-D@+7LsoY{S*E%=xB7^wdQ`>yyZaxFPyQWFqD ze=Q{Pwq>q#!rWS$!4rks%0+jg=}sgpq3CX`$~-PGW)g9jiqESqZ@f%K^j$xSfs|iM zgM{8e0Gwk#h-k@pjza=InDlSS%sj3S@xw0vBNRtqoJ<*vI5FK?8bYmamrK=9f)qcI zLuMM)*K$q1^-N?|+eRqhc#z?!gUL&anXp~FembaWI~DvI3Ql=)758-=uV_pi^WGNx zb~N58`G=rj|6|3NTEXOa?vMLv48Z@_hCS0m;WDx1rci4g=vddh$;knLKAhk7BSfQT zg(L+EnVnIu1l;0Qrk)#KskcHr(o>1EM_!&BP36(_o`)Z}*E#fB5QX5_ynsV0;g=ZP z$N3priE#g?wMVftw>1o0B_IfzkE?oN0b;jO^0GB%G*r}B%IM?yVYo8wBrATjrL8fy zTyf;ImI;jAFK_I4KfkeCyY8&7vAsnu35)KB&+Xi-tGqGSI8ch;F+CpAdWU7P z@OfcHFSA$bu#cJp0TG7EB=@72KUPNlB@KU{q>ooY38M%h=(A(D#xv4D0ntnzMs$g$ z$h@L(n4rx(bSx+cZEcf_ zCzq2WIgH35}DAUYk?0bko`B6Um9)TrLkS|H>3#}jCoP@S^r|5Gb4c(#^C~J z%A35YXwKx0=BX^bZ%$2QsMFtYd10%u1QVNT_r~71=h5FlXT$9Gii&K$ZXfOJuy;mH zHa8YEWxD&8i;)>Ezh`<8RA$!|7q8g&M%kmreP1`+u@$ZKWyIfi>8UffpjwE|?(X21 z&=VuY&61?~0^M3rk#S!q$R1lml$3!O|4p#{ZO|2ORHn!ie0l0YQ`G#3FcUZEESwcL zZu$nLO@i>K6lE%2D5qCmTAiESWN~Ek@p-`uOIZ{(^;WaXJO`Dw3!3RqrL2=Pk4>F5 z1x0>`-!X=ht$Jv?hFkJueQMXjKdg(MN z%#$tby||i)2e2)}7tT0yJd>Hn4})yKM>oq8WeB`sPuL+Y;|`somd5POCS(pBU1!+jb>Q}A5=$Z8$*LEJ4+3HkH24bPHoV_ulZiuRx$v!SamE~CE9rCu9 zS!uu~P_!nx>R9<3%?|7cWn7%A_%7pu8b(zRnW8@9$*Zbm3+%w+bDIh~# zihbLLmy|(XJH9l;r%j*(@Gja=iNtoyPa}Ny+p{00kcQ82sI|zTA5rC&ne~Sdsn8>y z$nr}TCJZdByK~*|!;SW@4e0~w8U<_$`6k;+&HAdw$-9%_aB#p};&*zNuK=HZV&UP7 z3*!0<8Z`++`_wlFEgEzb%Xe>wO3+v-fb{p^xX_7y)Fm?=td{v+?rE>cvsjL=Dc0tL z)o3s@cYVWse8z0+03I<-*RT;BS(fuU7hk8YSrhoJs5jIUJfIwPY@1HuM9Gt*(6zpf z?-_#UQi~-u#!-}IZw#$+lQ%H2o$=lca}}_gCM?m2oOmzjtv7;KF;`U0jc0E^U`6Ze z)Em7*3Z>|X(iEC{3qOnEqV^ZJBvIAafMlqlb=b(2+cIvIzxsn7x|>ozzxv|A3qj z3^IkgZ!fF!B>&k5i3%DFEZ?Ys(_yYT)c01vJEyNNB@Z&-Uq6oyX!YiDw(8>gt3htw z-n#d%AO3ny&80p;o_>EtSwU6LV|vvRhEe?wXe2vFy?{KqHUHNOH69j8f|#^2wRqmu z3mB$8EQhi7Wk^3zDo-abJom{Uf$aj%HN>PR0Hy*-2r!c^2kQnMV4~c}Aw5`H^9{frcg7#*vw! z+WMIhNl7N|h9+fsCC)C6E-6(hAz76c?l}P-Zh^M83>-cZ%DXDoS3Ltp~$&!pz1&}Qu1qz8psR|j1 zc_}%WdFc$|KpVVvb0P|G%#m~`D#{Oa!kW!5wDi4T-c*1=Y21$ zpBJrr(UH2_V2a>skKBp>yl%`6aunV))jz>}>A}ms?MI&*{fb>W$KqedsvBG0{4uD0 z)st1X;GFdBw0ps8%w>;>+I@Rcrgp@Q$&`tKL4bj2?^K_e-E#Z4L@{!-e){st?Bbt$ zEy4*Mum20psd3M0Z`^Dx@$zNDm1PetR(bC*IQSn37#M(lLI4n3Ww!a>txXT?)mOiG z^h8CZ;O71KbSd@Nokh#bmp6X2nf5=@z9=)}+qRUwM|d(+?Y~wQT4gaYq#L9%8TgiV z_pUhpddJgw1y7sTAD2JRrEZ*}C?uZ%=7WOV@tlA5hV&eRN?+OwoZ&?sYQOW&pIW B55NEb literal 0 HcmV?d00001 From 4e692a9e020fdf76f008eabaff70d1bb9e2994d8 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila Date: Thu, 6 Jun 2024 14:02:09 -0700 Subject: [PATCH 2/4] minor edits --- .../keyrings/raw_aes_keyring.py | 1 - .../aws_kms_master_key_provider.py | 8 ++++---- .../raw_aes_master_key_provider.py | 10 +++++----- .../raw_rsa_master_key_provider.py | 10 +++++----- .../test_aws_kms_master_key_provider.py | 2 +- .../test_raw_aes_master_key_provider.py | 2 +- .../test_raw_rsa_master_key_provider.py | 2 +- 7 files changed, 17 insertions(+), 18 deletions(-) diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py index a849b1a7f..a2a3c9ab1 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/raw_aes_keyring.py @@ -19,7 +19,6 @@ def create_keyring(): key_name_space = "Some managed raw keys" key_name = "My 256-bit AES wrapping key" - # Here, the input to secrets.token_bytes() = 32 bytes = 256 bits # We fix the static key in order to make the test deterministic static_key = PerfTestUtils.DEFAULT_AES_256_STATIC_KEY diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py index c3136a5c7..023cd5942 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/aws_kms_master_key_provider.py @@ -8,7 +8,7 @@ def create_key_provider( kms_key_id: str ): - """Demonstrate how to create an AWS KMS master key-provider. + """Demonstrate how to create an AWS KMS master key provider. Usage: create_key_provider(kms_key_id) :param kms_key_id: KMS Key identifier for the KMS key you want to use. @@ -17,7 +17,7 @@ def create_key_provider( For more information on KMS Key identifiers, see https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id """ - # Create a KMS master key-provider. + # Create a KMS master key provider. key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(key_ids=[ kms_key_id, ]) @@ -29,7 +29,7 @@ def encrypt_using_key_provider( plaintext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to encrypt plaintext data using an AWS KMS master key-provider. + """Demonstrate how to encrypt plaintext data using an AWS KMS master key provider. Usage: encrypt_using_key_provider(plaintext_data, key_provider) :param plaintext_data: plaintext data you want to encrypt @@ -51,7 +51,7 @@ def decrypt_using_key_provider( ciphertext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to decrypt ciphertext data using an AWS KMS master key-provider. + """Demonstrate how to decrypt ciphertext data using an AWS KMS master key provider. Usage: decrypt_using_key_provider(ciphertext_data, key_provider) :param ciphertext_data: ciphertext data you want to decrypt diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py index 42d071dcf..de0188c5e 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_aes_master_key_provider.py @@ -43,13 +43,13 @@ def _get_raw_key(self, key_id): def create_key_provider(): - """Demonstrate how to create a Raw AES master key-provider. + """Demonstrate how to create a Raw AES master key provider. Usage: create_key_provider() """ - # Create a Raw AES master key-provider. + # Create a Raw AES master key provider. - # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings + # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings key_id = "My 256-bit AES wrapping key" key_provider = StaticRandomMasterKeyProvider() key_provider.add_master_key(key_id) @@ -61,7 +61,7 @@ def encrypt_using_key_provider( plaintext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to encrypt plaintext data using a Raw AES master key-provider. + """Demonstrate how to encrypt plaintext data using a Raw AES master key provider. Usage: encrypt_using_key_provider(plaintext_data, key_provider) :param plaintext_data: plaintext data you want to encrypt @@ -83,7 +83,7 @@ def decrypt_using_key_provider( ciphertext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to decrypt ciphertext data using a Raw AES master key-provider. + """Demonstrate how to decrypt ciphertext data using a Raw AES master key provider. Usage: decrypt_using_key_provider(ciphertext_data, key_provider) :param ciphertext_data: ciphertext data you want to decrypt diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py index b52b78735..cdbe24110 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/raw_rsa_master_key_provider.py @@ -43,13 +43,13 @@ def _get_raw_key(self, key_id): def create_key_provider(): - """Demonstrate how to create a Raw RSA master key-provider. + """Demonstrate how to create a Raw RSA master key provider. Usage: create_key_provider() """ - # Create a Raw RSA master key-provider. + # Create a Raw RSA master key provider. - # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings + # The Key ID field in the JceMasterKey and RawMasterKey is equivalent to key name in the Raw keyrings key_id = "My 4096-bit RSA wrapping key" key_provider = StaticRandomMasterKeyProvider() key_provider.add_master_key(key_id) @@ -61,7 +61,7 @@ def encrypt_using_key_provider( plaintext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to encrypt plaintext data using a Raw RSA master key-provider. + """Demonstrate how to encrypt plaintext data using a Raw RSA master key provider. Usage: encrypt_using_key_provider(plaintext_data, key_provider) :param plaintext_data: plaintext data you want to encrypt @@ -83,7 +83,7 @@ def decrypt_using_key_provider( ciphertext_data: bytes, key_provider: aws_encryption_sdk.key_providers.base.MasterKeyProvider ): - """Demonstrate how to decrypt ciphertext data using a Raw RSA master key-provider. + """Demonstrate how to decrypt ciphertext data using a Raw RSA master key provider. Usage: decrypt_using_key_provider(ciphertext_data, key_provider) :param ciphertext_data: ciphertext data you want to decrypt diff --git a/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py b/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py index b869245b5..c7b665857 100644 --- a/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py +++ b/performance_tests/test/master_key_providers/test_aws_kms_master_key_provider.py @@ -1,6 +1,6 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -"""This is a performance test for creating the AWS KMS Master key-provider.""" +"""This is a performance test for creating the AWS KMS Master key provider.""" import os import time diff --git a/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py b/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py index 375eca2ef..cf39963bf 100644 --- a/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py +++ b/performance_tests/test/master_key_providers/test_raw_aes_master_key_provider.py @@ -1,6 +1,6 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -"""This is a performance test for creating the Raw AES Master key-provider.""" +"""This is a performance test for creating the Raw AES Master key provider.""" import os import time diff --git a/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py b/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py index 5d6db861a..63b00a0e3 100644 --- a/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py +++ b/performance_tests/test/master_key_providers/test_raw_rsa_master_key_provider.py @@ -1,6 +1,6 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -"""This is a performance test for creating the Raw RSA Master key-provider.""" +"""This is a performance test for creating the Raw RSA Master key provider.""" import os import time From 80240060eb2858ad83de9e2da336f96840549b68 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila Date: Thu, 6 Jun 2024 16:33:58 -0700 Subject: [PATCH 3/4] removed branch key id supplier from HKeyring; minor fixes --- .../keyrings/hierarchy_keyring.py | 54 ++----------------- .../master_key_providers/caching_cmm.py | 6 +-- .../utils/util.py | 4 +- 3 files changed, 8 insertions(+), 56 deletions(-) diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py index 5f4acfc7b..3170130b0 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py @@ -2,9 +2,6 @@ # SPDX-License-Identifier: Apache-2.0 """Performance tests for the hierarchy keyring.""" -# noqa pylint: disable=wrong-import-order -from typing import Dict - import aws_encryption_sdk import boto3 from aws_cryptographic_materialproviders.keystore import KeyStore @@ -16,48 +13,12 @@ CacheTypeDefault, CreateAwsKmsHierarchicalKeyringInput, DefaultCache, - GetBranchKeyIdInput, - GetBranchKeyIdOutput, ) -from aws_cryptographic_materialproviders.mpl.references import IBranchKeyIdSupplier, IKeyring +from aws_cryptographic_materialproviders.mpl.references import IKeyring from ..utils.util import PerfTestUtils -class ExampleBranchKeyIdSupplier(IBranchKeyIdSupplier): - """Example implementation of a branch key ID supplier.""" - - branch_key_id_for_tenant_a: str - branch_key_id_for_tenant_b: str - - def __init__(self, tenant_1_id, tenant_2_id): - """Example constructor for a branch key ID supplier.""" - self.branch_key_id_for_tenant_a = tenant_1_id - self.branch_key_id_for_tenant_b = tenant_2_id - - def get_branch_key_id( - self, - param: GetBranchKeyIdInput - ) -> GetBranchKeyIdOutput: - """Returns branch key ID from the tenant ID in input's encryption context.""" - encryption_context: Dict[str, str] = param.encryption_context - - if b"tenant" not in encryption_context: - raise ValueError("EncryptionContext invalid, does not contain expected tenant key value pair.") - - tenant_key_id: str = encryption_context.get(b"tenant") - branch_key_id: str - - if tenant_key_id == b"TenantA": - branch_key_id = self.branch_key_id_for_tenant_a - elif tenant_key_id == b"TenantB": - branch_key_id = self.branch_key_id_for_tenant_b - else: - raise ValueError(f"Item does not contain valid tenant ID: {tenant_key_id=}") - - return GetBranchKeyIdOutput(branch_key_id=branch_key_id) - - def create_keyring( key_store_table_name: str, logical_key_store_name: str, @@ -95,15 +56,8 @@ def create_keyring( ) ) - # Call CreateKey to create two new active branch keys - branch_key_id_a: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID_A - branch_key_id_b: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID_B - - # Create a branch key supplier that maps the branch key id to a more readable format - branch_key_id_supplier: IBranchKeyIdSupplier = ExampleBranchKeyIdSupplier( - tenant_1_id=branch_key_id_a, - tenant_2_id=branch_key_id_b, - ) + # Call CreateKey to create a new branch key. + branch_key_id: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID # Create the Hierarchical Keyring. mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders( @@ -112,7 +66,7 @@ def create_keyring( keyring_input: CreateAwsKmsHierarchicalKeyringInput = CreateAwsKmsHierarchicalKeyringInput( key_store=keystore, - branch_key_id_supplier=branch_key_id_supplier, + branch_key_id=branch_key_id, ttl_seconds=600, cache=CacheTypeDefault( value=DefaultCache( diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py index 1e23b8244..7199c50bf 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/caching_cmm.py @@ -1,6 +1,6 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -"""Performance tests for the Caching Cryptographic Materials Manager (CMM).""" +"""Performance tests for the Caching Cryptographic Materials Manager (CMM) with KMS Master Key Provider.""" import aws_encryption_sdk @@ -22,7 +22,7 @@ def create_cmm( """ # Security thresholds # Max messages (or max bytes per) data key are optional - max_entry_messages = 100 + max_messages_encrypted = 100 # Create a master key provider for the KMS customer master key (CMK) key_provider = aws_encryption_sdk.StrictAwsKmsMasterKeyProvider(key_ids=[kms_key_id]) @@ -35,7 +35,7 @@ def create_cmm( master_key_provider=key_provider, cache=cache, max_age=max_age_in_cache, - max_messages_encrypted=max_entry_messages, + max_messages_encrypted=max_messages_encrypted, ) return caching_cmm diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py b/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py index 52914b76a..9100ef12e 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/utils/util.py @@ -87,9 +87,7 @@ class PerfTestUtils: "the data you are handling": "is what you think it is", } - DEFAULT_BRANCH_KEY_ID_A = 'a52dfaad-7dbd-4430-a1fd-abaa5299da07' - - DEFAULT_BRANCH_KEY_ID_B = '8ba79cef-581c-4125-9292-b057a29d42d7' + DEFAULT_BRANCH_KEY_ID = 'a52dfaad-7dbd-4430-a1fd-abaa5299da07' @staticmethod def read_file(filename): From 9a6059fff10cac5af9da787fc443a9c443dd3111 Mon Sep 17 00:00:00 2001 From: Ritvik Kapila Date: Fri, 7 Jun 2024 12:44:48 -0700 Subject: [PATCH 4/4] minor refactoring for HKeyring --- .../keyrings/hierarchy_keyring.py | 10 +++++----- .../test/keyrings/test_hierarchy_keyring.py | 1 - 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py index 3170130b0..b1bdc6913 100644 --- a/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py +++ b/performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/hierarchy_keyring.py @@ -22,17 +22,20 @@ def create_keyring( key_store_table_name: str, logical_key_store_name: str, - kms_key_id: str + kms_key_id: str, + branch_key_id: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID ): """Demonstrate how to create a hierarchy keyring. - Usage: create_keyring(key_store_table_name, logical_key_store_name, kms_key_id) + Usage: create_keyring(key_store_table_name, logical_key_store_name, kms_key_id, branch_key_id) :param key_store_table_name: Name of the KeyStore DynamoDB table. :type key_store_table_name: string :param logical_key_store_name: Logical name of the KeyStore. :type logical_key_store_name: string :param kms_key_id: KMS Key identifier for the KMS key you want to use. :type kms_key_id: string + :param branch_key_id: Branch key you want to use for the hierarchy keyring. + :type branch_key_id: string For more information on KMS Key identifiers, see https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id @@ -56,9 +59,6 @@ def create_keyring( ) ) - # Call CreateKey to create a new branch key. - branch_key_id: str = PerfTestUtils.DEFAULT_BRANCH_KEY_ID - # Create the Hierarchical Keyring. mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders( config=MaterialProvidersConfig() diff --git a/performance_tests/test/keyrings/test_hierarchy_keyring.py b/performance_tests/test/keyrings/test_hierarchy_keyring.py index bbd6d5b3e..e890c2a18 100644 --- a/performance_tests/test/keyrings/test_hierarchy_keyring.py +++ b/performance_tests/test/keyrings/test_hierarchy_keyring.py @@ -3,7 +3,6 @@ """This is a performance test for creating the hierarchy keyring.""" import os -# noqa pylint: disable=wrong-import-order import time import click