diff --git a/src/aws_encryption_sdk/internal/formatting/deserialize.py b/src/aws_encryption_sdk/internal/formatting/deserialize.py index 86fa4c06d..ddacab26b 100644 --- a/src/aws_encryption_sdk/internal/formatting/deserialize.py +++ b/src/aws_encryption_sdk/internal/formatting/deserialize.py @@ -316,25 +316,6 @@ def deserialize_tag(stream, header, verifier=None): return data_tag -def update_verifier_with_tag(stream, header, verifier): - """Updates verifier with data for authentication tag. - - .. note:: - This is meant to be used in conjunction with deserialize_non_framed_values - to update the verifier over information which has already been retrieved. - - :param stream: Source data stream - :type stream: io.BytesIO - :param header: Deserialized header - :type header: aws_encryption_sdk.structures.MessageHeader - :param verifier: Signature verifier object - :type verifier: aws_encryption_sdk.internal.crypto.Verifier - :returns: Data authentication tag value - :rtype: bytes - """ - return unpack_values(">{auth_len}s".format(auth_len=header.algorithm.auth_len), stream, verifier) - - def deserialize_frame(stream, header, verifier=None): """Deserializes a frame from a body. diff --git a/src/aws_encryption_sdk/streaming_client.py b/src/aws_encryption_sdk/streaming_client.py index faadc6515..139c36b60 100644 --- a/src/aws_encryption_sdk/streaming_client.py +++ b/src/aws_encryption_sdk/streaming_client.py @@ -21,9 +21,6 @@ import attr import six -import aws_encryption_sdk.internal.formatting.deserialize -import aws_encryption_sdk.internal.formatting.encryption_context -import aws_encryption_sdk.internal.formatting.serialize import aws_encryption_sdk.internal.utils from aws_encryption_sdk.exceptions import ( ActionNotAllowedError, @@ -38,6 +35,24 @@ from aws_encryption_sdk.internal.crypto.encryption import Decryptor, Encryptor, decrypt from aws_encryption_sdk.internal.crypto.iv import non_framed_body_iv from aws_encryption_sdk.internal.defaults import FRAME_LENGTH, LINE_LENGTH, MAX_NON_FRAMED_SIZE, TYPE, VERSION +from aws_encryption_sdk.internal.formatting.deserialize import ( + deserialize_footer, + deserialize_frame, + deserialize_header, + deserialize_header_auth, + deserialize_non_framed_values, + deserialize_tag, + validate_header, +) +from aws_encryption_sdk.internal.formatting.encryption_context import assemble_content_aad +from aws_encryption_sdk.internal.formatting.serialize import ( + serialize_footer, + serialize_frame, + serialize_header, + serialize_header_auth, + serialize_non_framed_close, + serialize_non_framed_open, +) from aws_encryption_sdk.key_providers.base import MasterKeyProvider from aws_encryption_sdk.materials_managers import DecryptionMaterialsRequest, EncryptionMaterialsRequest from aws_encryption_sdk.materials_managers.base import CryptoMaterialsManager @@ -461,10 +476,8 @@ def _prep_message(self): def _write_header(self): """Builds the message header and writes it to the output stream.""" - self.output_buffer += aws_encryption_sdk.internal.formatting.serialize.serialize_header( - header=self._header, signer=self.signer - ) - self.output_buffer += aws_encryption_sdk.internal.formatting.serialize.serialize_header_auth( + self.output_buffer += serialize_header(header=self._header, signer=self.signer) + self.output_buffer += serialize_header_auth( algorithm=self._encryption_materials.algorithm, header=self.output_buffer, data_encryption_key=self._derived_data_key, @@ -476,7 +489,7 @@ def _prep_non_framed(self): aad_content_string = aws_encryption_sdk.internal.utils.get_aad_content_string( content_type=self.content_type, is_final_frame=True ) - associated_data = aws_encryption_sdk.internal.formatting.encryption_context.assemble_content_aad( + associated_data = assemble_content_aad( message_id=self._header.message_id, aad_content_string=aad_content_string, seq_num=1, @@ -488,7 +501,7 @@ def _prep_non_framed(self): associated_data=associated_data, iv=non_framed_body_iv(self._encryption_materials.algorithm), ) - self.output_buffer += aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_open( + self.output_buffer += serialize_non_framed_open( algorithm=self._encryption_materials.algorithm, iv=self.encryptor.iv, plaintext_length=self.stream_length, @@ -521,12 +534,10 @@ def _read_bytes_to_non_framed_body(self, b): if self.signer is not None: self.signer.update(closing) - closing += aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_close( - tag=self.encryptor.tag, signer=self.signer - ) + closing += serialize_non_framed_close(tag=self.encryptor.tag, signer=self.signer) if self.signer is not None: - closing += aws_encryption_sdk.internal.formatting.serialize.serialize_footer(self.signer) + closing += serialize_footer(self.signer) return ciphertext + closing return ciphertext @@ -575,7 +586,7 @@ def _read_bytes_to_framed_body(self, b): self.sequence_number, ) self._bytes_encrypted += bytes_in_frame - ciphertext, plaintext = aws_encryption_sdk.internal.formatting.serialize.serialize_frame( + ciphertext, plaintext = serialize_frame( algorithm=self._encryption_materials.algorithm, plaintext=plaintext, message_id=self._header.message_id, @@ -592,7 +603,7 @@ def _read_bytes_to_framed_body(self, b): if finalize: _LOGGER.debug("Writing footer") if self.signer is not None: - output += aws_encryption_sdk.internal.formatting.serialize.serialize_footer(self.signer) + output += serialize_footer(self.signer) self.source_stream.close() return output @@ -713,7 +724,7 @@ def _read_header(self): and aws_encryption_sdk.internal.structures.MessageHeaderAuthentication :raises CustomMaximumValueExceeded: if frame length is greater than the custom max value """ - header, raw_header = aws_encryption_sdk.internal.formatting.deserialize.deserialize_header(self.source_stream) + header, raw_header = deserialize_header(self.source_stream) self.__unframed_bytes_read += len(raw_header) if ( @@ -742,15 +753,13 @@ def _read_header(self): if self.verifier is not None: self.verifier.update(raw_header) - header_auth = aws_encryption_sdk.internal.formatting.deserialize.deserialize_header_auth( + header_auth = deserialize_header_auth( stream=self.source_stream, algorithm=header.algorithm, verifier=self.verifier ) self._derived_data_key = derive_data_encryption_key( source_key=decryption_materials.data_key.data_key, algorithm=header.algorithm, message_id=header.message_id ) - aws_encryption_sdk.internal.formatting.deserialize.validate_header( - header=header, header_auth=header_auth, raw_header=raw_header, data_key=self._derived_data_key - ) + validate_header(header=header, header_auth=header_auth, raw_header=raw_header, data_key=self._derived_data_key) return header, header_auth @property @@ -767,7 +776,7 @@ def body_end(self): def _prep_non_framed(self): """Prepare the opening data for a non-framed message.""" - self._unframed_body_iv, self.body_length = aws_encryption_sdk.internal.formatting.deserialize.deserialize_non_framed_values( # noqa # pylint: disable=line-too-long + self._unframed_body_iv, self.body_length = deserialize_non_framed_values( stream=self.source_stream, header=self._header, verifier=self.verifier ) @@ -803,14 +812,12 @@ def _read_bytes_from_non_framed_body(self, b): if self.verifier is not None: self.verifier.update(ciphertext) - tag = aws_encryption_sdk.internal.formatting.deserialize.deserialize_tag( - stream=self.source_stream, header=self._header, verifier=self.verifier - ) + tag = deserialize_tag(stream=self.source_stream, header=self._header, verifier=self.verifier) aad_content_string = aws_encryption_sdk.internal.utils.get_aad_content_string( content_type=self._header.content_type, is_final_frame=True ) - associated_data = aws_encryption_sdk.internal.formatting.encryption_context.assemble_content_aad( + associated_data = assemble_content_aad( message_id=self._header.message_id, aad_content_string=aad_content_string, seq_num=1, @@ -827,9 +834,7 @@ def _read_bytes_from_non_framed_body(self, b): plaintext = self.decryptor.update(ciphertext) plaintext += self.decryptor.finalize() - self.footer = aws_encryption_sdk.internal.formatting.deserialize.deserialize_footer( - stream=self.source_stream, verifier=self.verifier - ) + self.footer = deserialize_footer(stream=self.source_stream, verifier=self.verifier) self.source_stream.close() return plaintext @@ -845,7 +850,7 @@ def _read_bytes_from_framed_body(self, b): _LOGGER.debug("collecting %d bytes", b) while len(plaintext) < b and not final_frame: _LOGGER.debug("Reading frame") - frame_data, final_frame = aws_encryption_sdk.internal.formatting.deserialize.deserialize_frame( + frame_data, final_frame = deserialize_frame( stream=self.source_stream, header=self._header, verifier=self.verifier ) _LOGGER.debug("Read complete for frame %d", frame_data.sequence_number) @@ -855,7 +860,7 @@ def _read_bytes_from_framed_body(self, b): aad_content_string = aws_encryption_sdk.internal.utils.get_aad_content_string( content_type=self._header.content_type, is_final_frame=frame_data.final_frame ) - associated_data = aws_encryption_sdk.internal.formatting.encryption_context.assemble_content_aad( + associated_data = assemble_content_aad( message_id=self._header.message_id, aad_content_string=aad_content_string, seq_num=frame_data.sequence_number, @@ -871,9 +876,7 @@ def _read_bytes_from_framed_body(self, b): _LOGGER.debug("bytes collected: %d", plaintext_length) if final_frame: _LOGGER.debug("Reading footer") - self.footer = aws_encryption_sdk.internal.formatting.deserialize.deserialize_footer( - stream=self.source_stream, verifier=self.verifier - ) + self.footer = deserialize_footer(stream=self.source_stream, verifier=self.verifier) self.source_stream.close() return plaintext diff --git a/test/unit/test_streaming_client_stream_decryptor.py b/test/unit/test_streaming_client_stream_decryptor.py index 0c9f53ee7..c59ae4beb 100644 --- a/test/unit/test_streaming_client_stream_decryptor.py +++ b/test/unit/test_streaming_client_stream_decryptor.py @@ -48,34 +48,24 @@ def setUp(self): self.mock_input_stream.tell.side_effect = (0, 500) # Set up deserialize_header patch - self.mock_deserialize_header_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.deserialize.deserialize_header" - ) + self.mock_deserialize_header_patcher = patch("aws_encryption_sdk.streaming_client.deserialize_header") self.mock_deserialize_header = self.mock_deserialize_header_patcher.start() self.mock_deserialize_header.return_value = self.mock_header, self.mock_raw_header # Set up deserialize_header_auth patch - self.mock_deserialize_header_auth_patcher = patch( - "aws_encryption_sdk.streaming_client" - ".aws_encryption_sdk.internal.formatting.deserialize.deserialize_header_auth" - ) + self.mock_deserialize_header_auth_patcher = patch("aws_encryption_sdk.streaming_client.deserialize_header_auth") self.mock_deserialize_header_auth = self.mock_deserialize_header_auth_patcher.start() self.mock_deserialize_header_auth.return_value = sentinel.header_auth # Set up validate_header patch - self.mock_validate_header_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.deserialize.validate_header" - ) + self.mock_validate_header_patcher = patch("aws_encryption_sdk.streaming_client.validate_header") self.mock_validate_header = self.mock_validate_header_patcher.start() # Set up deserialize_non_framed_values patch self.mock_deserialize_non_framed_values_patcher = patch( - "aws_encryption_sdk.streaming_client" - ".aws_encryption_sdk.internal.formatting.deserialize.deserialize_non_framed_values" + "aws_encryption_sdk.streaming_client.deserialize_non_framed_values" ) self.mock_deserialize_non_framed_values = self.mock_deserialize_non_framed_values_patcher.start() self.mock_deserialize_non_framed_values.return_value = (sentinel.iv, len(VALUES["data_128"])) # Set up deserialize_tag_value patch - self.mock_deserialize_tag_patcher = patch( - "aws_encryption_sdk.streaming_client" ".aws_encryption_sdk.internal.formatting.deserialize.deserialize_tag" - ) + self.mock_deserialize_tag_patcher = patch("aws_encryption_sdk.streaming_client.deserialize_tag") self.mock_deserialize_tag = self.mock_deserialize_tag_patcher.start() self.mock_deserialize_tag.return_value = sentinel.tag # Set up get_aad_content_string patch @@ -85,10 +75,7 @@ def setUp(self): self.mock_get_aad_content_string = self.mock_get_aad_content_string_patcher.start() self.mock_get_aad_content_string.return_value = sentinel.aad_content_string # Set up assemble_content_aad patch - self.mock_assemble_content_aad_patcher = patch( - "aws_encryption_sdk.streaming_client" - ".aws_encryption_sdk.internal.formatting.encryption_context.assemble_content_aad" - ) + self.mock_assemble_content_aad_patcher = patch("aws_encryption_sdk.streaming_client.assemble_content_aad") self.mock_assemble_content_aad = self.mock_assemble_content_aad_patcher.start() self.mock_assemble_content_aad.return_value = sentinel.associated_data # Set up Decryptor patch @@ -96,21 +83,11 @@ def setUp(self): self.mock_decryptor = self.mock_decryptor_patcher.start() self.mock_decryptor_instance = MagicMock() self.mock_decryptor.return_value = self.mock_decryptor_instance - # Set up update_verifier_with_tag patch - self.mock_update_verifier_with_tag_patcher = patch( - "aws_encryption_sdk.streaming_client" - ".aws_encryption_sdk.internal.formatting.deserialize.update_verifier_with_tag" - ) - self.mock_update_verifier_with_tag = self.mock_update_verifier_with_tag_patcher.start() # Set up deserialize_footer patch - self.mock_deserialize_footer_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.deserialize.deserialize_footer" - ) + self.mock_deserialize_footer_patcher = patch("aws_encryption_sdk.streaming_client.deserialize_footer") self.mock_deserialize_footer = self.mock_deserialize_footer_patcher.start() # Set up deserialize_frame patch - self.mock_deserialize_frame_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.deserialize.deserialize_frame" - ) + self.mock_deserialize_frame_patcher = patch("aws_encryption_sdk.streaming_client.deserialize_frame") self.mock_deserialize_frame = self.mock_deserialize_frame_patcher.start() # Set up decrypt patch self.mock_decrypt_patcher = patch("aws_encryption_sdk.streaming_client.decrypt") @@ -125,7 +102,6 @@ def tearDown(self): self.mock_get_aad_content_string_patcher.stop() self.mock_assemble_content_aad_patcher.stop() self.mock_decryptor_patcher.stop() - self.mock_update_verifier_with_tag_patcher.stop() self.mock_deserialize_footer_patcher.stop() self.mock_deserialize_frame_patcher.stop() self.mock_decrypt_patcher.stop() diff --git a/test/unit/test_streaming_client_stream_encryptor.py b/test/unit/test_streaming_client_stream_encryptor.py index 96a3f2a43..52e5f1215 100644 --- a/test/unit/test_streaming_client_stream_encryptor.py +++ b/test/unit/test_streaming_client_stream_encryptor.py @@ -107,14 +107,10 @@ def setUp(self): self.mock_data_encryption_key = VALUES["data_key_obj"] self.mock_prepare_data_keys.return_value = (self.mock_data_encryption_key, self.mock_encrypted_data_keys) # Set up serialize_header patch - self.mock_serialize_header_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.serialize.serialize_header" - ) + self.mock_serialize_header_patcher = patch("aws_encryption_sdk.streaming_client.serialize_header") self.mock_serialize_header = self.mock_serialize_header_patcher.start() # Set up serialize_header_auth patch - self.mock_serialize_header_auth_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.serialize.serialize_header_auth" - ) + self.mock_serialize_header_auth_patcher = patch("aws_encryption_sdk.streaming_client.serialize_header_auth") self.mock_serialize_header_auth = self.mock_serialize_header_auth_patcher.start() # Set up get_aad_content_string patch self.mock_get_aad_content_string_patcher = patch( @@ -123,10 +119,7 @@ def setUp(self): self.mock_get_aad_content_string = self.mock_get_aad_content_string_patcher.start() self.mock_get_aad_content_string.return_value = sentinel.aad_content_string # Set up assemble_content_aad patch - self.mock_assemble_content_aad_patcher = patch( - "aws_encryption_sdk.streaming_client" - ".aws_encryption_sdk.internal.formatting.encryption_context.assemble_content_aad" - ) + self.mock_assemble_content_aad_patcher = patch("aws_encryption_sdk.streaming_client.assemble_content_aad") self.mock_assemble_content_aad = self.mock_assemble_content_aad_patcher.start() self.mock_assemble_content_aad.return_value = sentinel.associated_data # Set up encryptor patch @@ -137,25 +130,19 @@ def setUp(self): self.mock_encryptor.return_value = self.mock_encryptor_instance # Set up serialize_non_framed_open patch self.mock_serialize_non_framed_open_patcher = patch( - "aws_encryption_sdk.streaming_client" - ".aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_open" + "aws_encryption_sdk.streaming_client.serialize_non_framed_open" ) self.mock_serialize_non_framed_open = self.mock_serialize_non_framed_open_patcher.start() # Set up serialize_non_framed_close patch self.mock_serialize_non_framed_close_patcher = patch( - "aws_encryption_sdk.streaming_client" - ".aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_close" + "aws_encryption_sdk.streaming_client.serialize_non_framed_close" ) self.mock_serialize_non_framed_close = self.mock_serialize_non_framed_close_patcher.start() # Set up serialize_footer patch - self.mock_serialize_footer_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.serialize.serialize_footer" - ) + self.mock_serialize_footer_patcher = patch("aws_encryption_sdk.streaming_client.serialize_footer") self.mock_serialize_footer = self.mock_serialize_footer_patcher.start() # Set up serialize_frame patch - self.mock_serialize_frame_patcher = patch( - "aws_encryption_sdk.streaming_client.aws_encryption_sdk.internal.formatting.serialize.serialize_frame" - ) + self.mock_serialize_frame_patcher = patch("aws_encryption_sdk.streaming_client.serialize_frame") self.mock_serialize_frame = self.mock_serialize_frame_patcher.start() def tearDown(self):