* padding algorithm is not required for raw AES keys: we only allow AES-GCM

mattsb42-aws · mattsb42-aws · commit 54a59aeb2efc · 2018-11-06T13:38:12.000-08:00
* properly ignore test cases that require master keys that have not yet been implemented
diff --git a/test_vector_handlers/src/awses_test_vectors/manifests/full_message/encrypt.py b/test_vector_handlers/src/awses_test_vectors/manifests/full_message/encrypt.py
@@ -202,10 +202,12 @@ def from_file(cls, input_file):
         raw_keys_manifest = json.loads(reader(raw_manifest["keys"]).decode(ENCODING))
         keys = KeysManifest.from_manifest_spec(raw_keys_manifest)
         plaintexts = cls._generate_plaintexts(raw_manifest["plaintexts"])
-        tests = {
-            name: MessageEncryptionTestScenario.from_scenario(scenario=scenario, keys=keys, plaintexts=plaintexts)
-            for name, scenario in raw_manifest["tests"].items()
-        }
+        tests = {}
+        for name, scenario in raw_manifest["tests"].items():
+            try:
+                tests[name] = MessageEncryptionTestScenario.from_scenario(scenario=scenario, keys=keys, plaintexts=plaintexts)
+            except NotImplementedError:
+                continue
         return cls(version=raw_manifest["manifest"]["version"], keys=keys, plaintexts=plaintexts, tests=tests)
 
     def run_and_write_to_dir(self, target_directory, json_indent=None):
diff --git a/test_vector_handlers/src/awses_test_vectors/manifests/master_key.py b/test_vector_handlers/src/awses_test_vectors/manifests/master_key.py
@@ -54,6 +54,7 @@
     # 'rsa/oaep-mgf1/sha384': WrappingAlgorithm.RSA_OAEP_SHA384_MGF1,
     # 'rsa/oaep-mgf1/sha512': WrappingAlgorithm.RSA_OAEP_SHA512_MGF1,
 }
+_NOT_YET_IMPLEMENTED = {'rsa/oaep-mgf1/sha384', 'rsa/oaep-mgf1/sha512'}
 _RAW_ENCRYPTION_KEY_TYPE = {
     "symmetric": EncryptionKeyType.SYMMETRIC,
     "private": EncryptionKeyType.PRIVATE,
@@ -91,9 +92,14 @@ def __attrs_post_init__(self):
             raise NotImplementedError("Gap found between known master key types and available master key loaders.")
 
         if self.type_name == "raw":
-            if None in (self.provider_id, self.encryption_algorithm, self.padding_algorithm):
+            if None in (self.provider_id, self.encryption_algorithm):
                 raise ValueError(
-                    "Provider ID, encryption algorithm, and padding algorithm are all required for raw keys"
+                    "Provider ID and encryption algorithm are both required for raw keys"
+                )
+
+            if self.encryption_algorithm == "rsa" and self.padding_algorithm is None:
+                raise ValueError(
+                    "Padding algorithm is required for raw RSA keys"
                 )
 
             if self.padding_algorithm == "oaep-mgf1" and self.padding_hash is None:
@@ -140,7 +146,12 @@ def _wrapping_algorithm(self, key_bits):
             if self.padding_hash is not None:
                 key_spec_values.append(self.padding_hash)
 
-        return _RAW_WRAPPING_KEY_ALGORITHMS["/".join(key_spec_values)]
+        key_spec_name = "/".join(key_spec_values)
+
+        if key_spec_name in _NOT_YET_IMPLEMENTED:
+            raise NotImplementedError("Key spec \"{}\" is not yet available.")
+
+        return _RAW_WRAPPING_KEY_ALGORITHMS[key_spec_name]
 
     def _wrapping_key(self, key_spec):
         # type: (KeySpec) -> WrappingKey
