diff --git a/examples/src/keyring/multi/aws_kms_with_escrow.py b/examples/src/keyring/multi/aws_kms_with_escrow.py index 90b57def4..79873b29f 100644 --- a/examples/src/keyring/multi/aws_kms_with_escrow.py +++ b/examples/src/keyring/multi/aws_kms_with_escrow.py @@ -69,7 +69,7 @@ def run(aws_kms_cmk, source_plaintext): # # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring key_namespace="some managed raw keys", - key_name=b"my RSA wrapping key", + key_name="my RSA wrapping key", public_wrapping_key=public_key, # The wrapping algorithm tells the raw RSA keyring # how to use your wrapping key to encrypt data keys. @@ -83,7 +83,7 @@ def run(aws_kms_cmk, source_plaintext): escrow_decrypt_keyring = RawRSAKeyring( # The key namespace and key name MUST match the encrypt keyring. key_namespace="some managed raw keys", - key_name=b"my RSA wrapping key", + key_name="my RSA wrapping key", private_wrapping_key=private_key, # The wrapping algorithm MUST match the encrypt keyring. wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, diff --git a/examples/src/keyring/raw_aes/raw_aes.py b/examples/src/keyring/raw_aes/raw_aes.py index 57b5c3487..54eb83341 100644 --- a/examples/src/keyring/raw_aes/raw_aes.py +++ b/examples/src/keyring/raw_aes/raw_aes.py @@ -44,7 +44,7 @@ def run(source_plaintext): # # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-aes-keyring key_namespace="some managed raw keys", - key_name=b"my AES wrapping key", + key_name="my AES wrapping key", wrapping_key=key, ) diff --git a/examples/src/keyring/raw_rsa/keypair.py b/examples/src/keyring/raw_rsa/keypair.py index f053b75a3..125cf8b97 100644 --- a/examples/src/keyring/raw_rsa/keypair.py +++ b/examples/src/keyring/raw_rsa/keypair.py @@ -54,7 +54,7 @@ def run(source_plaintext): # # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring key_namespace="some managed raw keys", - key_name=b"my RSA wrapping key", + key_name="my RSA wrapping key", private_wrapping_key=private_key, public_wrapping_key=private_key.public_key(), # The wrapping algorithm tells the raw RSA keyring diff --git a/examples/src/keyring/raw_rsa/keypair_from_pem.py b/examples/src/keyring/raw_rsa/keypair_from_pem.py index 2ec7a6ba1..972f78f1c 100644 --- a/examples/src/keyring/raw_rsa/keypair_from_pem.py +++ b/examples/src/keyring/raw_rsa/keypair_from_pem.py @@ -70,7 +70,7 @@ def run(source_plaintext): # # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring key_namespace="some managed raw keys", - key_name=b"my RSA wrapping key", + key_name="my RSA wrapping key", private_encoded_key=private_key_pem, public_encoded_key=public_key_pem, # The wrapping algorithm tells the raw RSA keyring diff --git a/examples/src/keyring/raw_rsa/public_private_key_separate.py b/examples/src/keyring/raw_rsa/public_private_key_separate.py index dcda39cb9..eecdeb8d2 100644 --- a/examples/src/keyring/raw_rsa/public_private_key_separate.py +++ b/examples/src/keyring/raw_rsa/public_private_key_separate.py @@ -69,7 +69,7 @@ def run(source_plaintext): # # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring key_namespace="some managed raw keys", - key_name=b"my RSA wrapping key", + key_name="my RSA wrapping key", public_wrapping_key=public_key, # The wrapping algorithm tells the raw RSA keyring # how to use your wrapping key to encrypt data keys. @@ -83,7 +83,7 @@ def run(source_plaintext): private_key_keyring = RawRSAKeyring( # The key namespace and key name MUST match the encrypt keyring. key_namespace="some managed raw keys", - key_name=b"my RSA wrapping key", + key_name="my RSA wrapping key", private_wrapping_key=private_key, # The wrapping algorithm MUST match the encrypt keyring. wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, diff --git a/src/aws_encryption_sdk/keyrings/raw.py b/src/aws_encryption_sdk/keyrings/raw.py index 1bd10023d..d352224ee 100644 --- a/src/aws_encryption_sdk/keyrings/raw.py +++ b/src/aws_encryption_sdk/keyrings/raw.py @@ -1,6 +1,7 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 """Resources required for Raw Keyrings.""" +import codecs import logging import os @@ -14,6 +15,7 @@ from aws_encryption_sdk.exceptions import EncryptKeyError, GenerateKeyError from aws_encryption_sdk.identifiers import EncryptionKeyType, WrappingAlgorithm from aws_encryption_sdk.internal.crypto.wrapping_keys import EncryptedData, WrappingKey +from aws_encryption_sdk.internal.defaults import ENCODING from aws_encryption_sdk.internal.formatting.deserialize import deserialize_wrapped_key from aws_encryption_sdk.internal.formatting.serialize import serialize_raw_master_key_prefix, serialize_wrapped_key from aws_encryption_sdk.key_providers.raw import RawMasterKey @@ -73,7 +75,7 @@ class RawAESKeyring(Keyring): .. note:: key_namespace MUST NOT equal "aws-kms". - :param bytes key_name: Key ID + :param str key_name: Key ID :param bytes wrapping_key: Encryption key with which to wrap plaintext data key. .. note:: @@ -82,7 +84,7 @@ class RawAESKeyring(Keyring): """ key_namespace = attr.ib(validator=instance_of(six.string_types)) - key_name = attr.ib(validator=instance_of(six.binary_type)) + key_name = attr.ib(validator=instance_of(six.string_types)) _wrapping_key = attr.ib(repr=False, validator=instance_of(six.binary_type)) def __attrs_post_init__(self): @@ -197,9 +199,11 @@ def on_decrypt(self, decryption_materials, encrypted_data_keys): ): continue + encoded_key_name = codecs.encode(self.key_name, ENCODING) + # Wrapped EncryptedDataKey to deserialized EncryptedData encrypted_wrapped_key = deserialize_wrapped_key( - wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=self.key_name, wrapped_encrypted_key=key + wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=encoded_key_name, wrapped_encrypted_key=key ) # EncryptedData to raw key string @@ -237,7 +241,7 @@ class RawRSAKeyring(Keyring): .. note:: key_namespace MUST NOT equal "aws-kms". - :param bytes key_name: Key ID + :param str key_name: Key ID :param cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey private_wrapping_key: Private encryption key with which to wrap plaintext data key (optional) :param cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey public_wrapping_key: @@ -251,7 +255,7 @@ class RawRSAKeyring(Keyring): """ key_namespace = attr.ib(validator=instance_of(six.string_types)) - key_name = attr.ib(validator=instance_of(six.binary_type)) + key_name = attr.ib(validator=instance_of(six.string_types)) _wrapping_algorithm = attr.ib( repr=False, validator=in_( @@ -428,9 +432,11 @@ def on_decrypt(self, decryption_materials, encrypted_data_keys): if key.key_provider != self._key_provider: continue + encoded_key_name = codecs.encode(self.key_name, ENCODING) + # Wrapped EncryptedDataKey to deserialized EncryptedData encrypted_wrapped_key = deserialize_wrapped_key( - wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=self.key_name, wrapped_encrypted_key=key + wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=encoded_key_name, wrapped_encrypted_key=key ) try: plaintext_data_key = self._private_wrapping_key.decrypt( diff --git a/test/functional/keyrings/raw/test_raw_aes.py b/test/functional/keyrings/raw/test_raw_aes.py index 440d01cfa..9b55d33a4 100644 --- a/test/functional/keyrings/raw/test_raw_aes.py +++ b/test/functional/keyrings/raw/test_raw_aes.py @@ -25,8 +25,8 @@ pytestmark = [pytest.mark.functional, pytest.mark.local] _ENCRYPTION_CONTEXT = {"encryption": "context", "values": "here"} -_PROVIDER_ID = "Random Raw Keys" -_KEY_ID = b"5325b043-5843-4629-869c-64794af77ada" +_KEY_NAMESPACE = "Random Raw Keys" +_KEY_NAME = "5325b043-5843-4629-869c-64794af77ada" _WRAPPING_KEY = b"12345678901234567890123456789012" _SIGNING_KEY = b"aws-crypto-public-key" @@ -43,7 +43,7 @@ def sample_encryption_materials(): EncryptionMaterials( algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encryption_context=_ENCRYPTION_CONTEXT, @@ -56,8 +56,8 @@ def sample_encryption_materials(): def test_raw_aes_encryption_decryption(encryption_materials_samples): # Initializing attributes - key_namespace = _PROVIDER_ID - key_name = _KEY_ID + key_namespace = _KEY_NAMESPACE + key_name = _KEY_NAME # Creating an instance of a raw AES keyring test_raw_aes_keyring = RawAESKeyring(key_namespace=key_namespace, key_name=key_name, wrapping_key=_WRAPPING_KEY,) @@ -85,8 +85,8 @@ def test_raw_aes_encryption_decryption(encryption_materials_samples): def test_raw_master_key_decrypts_what_raw_keyring_encrypts(encryption_materials_samples): # Initializing attributes - key_namespace = _PROVIDER_ID - key_name = _KEY_ID + key_namespace = _KEY_NAMESPACE + key_name = _KEY_NAME # Creating an instance of a raw AES keyring test_raw_aes_keyring = RawAESKeyring(key_namespace=key_namespace, key_name=key_name, wrapping_key=_WRAPPING_KEY,) @@ -116,8 +116,8 @@ def test_raw_master_key_decrypts_what_raw_keyring_encrypts(encryption_materials_ def test_raw_keyring_decrypts_what_raw_master_key_encrypts(encryption_materials_samples): # Initializing attributes - key_namespace = _PROVIDER_ID - key_name = _KEY_ID + key_namespace = _KEY_NAMESPACE + key_name = _KEY_NAME # Creating an instance of a raw AES keyring test_raw_aes_keyring = RawAESKeyring(key_namespace=key_namespace, key_name=key_name, wrapping_key=_WRAPPING_KEY,) @@ -153,11 +153,12 @@ def test_raw_keyring_decrypts_what_raw_master_key_encrypts(encryption_materials_ @pytest.mark.parametrize("wrapping_algorithm", _WRAPPING_ALGORITHM) def test_key_info_prefix_vectors(wrapping_algorithm): + expected_prefix = _KEY_NAME.encode() + b"\x00\x00\x00\x80\x00\x00\x00\x0c" assert ( serialize_raw_master_key_prefix( raw_master_key=RawMasterKey( - provider_id=_PROVIDER_ID, - key_id=_KEY_ID, + provider_id=_KEY_NAMESPACE, + key_id=_KEY_NAME, wrapping_key=WrappingKey( wrapping_algorithm=wrapping_algorithm, wrapping_key=_WRAPPING_KEY, @@ -165,7 +166,7 @@ def test_key_info_prefix_vectors(wrapping_algorithm): ), ) ) - == _KEY_ID + b"\x00\x00\x00\x80\x00\x00\x00\x0c" + == expected_prefix ) @@ -173,7 +174,7 @@ def test_must_not_accept_aws_kms(): # Initializing attributes key_namespace = "aws-kms" - key_name = _KEY_ID + key_name = _KEY_NAME # Attempt to instantiate a raw AES keyring with pytest.raises(ValueError) as excinfo: diff --git a/test/functional/keyrings/raw/test_raw_rsa.py b/test/functional/keyrings/raw/test_raw_rsa.py index ca4e7139c..47be10ddc 100644 --- a/test/functional/keyrings/raw/test_raw_rsa.py +++ b/test/functional/keyrings/raw/test_raw_rsa.py @@ -28,8 +28,8 @@ pytestmark = [pytest.mark.functional, pytest.mark.local] _ENCRYPTION_CONTEXT = {"encryption": "context", "values": "here"} -_PROVIDER_ID = "Random Raw Keys" -_KEY_ID = b"5325b043-5843-4629-869c-64794af77ada" +_KEY_NAMESPACE = "Random Raw Keys" +_KEY_NAME = "5325b043-5843-4629-869c-64794af77ada" _WRAPPING_ALGORITHM = WrappingAlgorithm.RSA_OAEP_SHA256_MGF1 _PUBLIC_EXPONENT = 65537 @@ -83,7 +83,7 @@ def sample_encryption_materials(): EncryptionMaterials( algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encryption_context=_ENCRYPTION_CONTEXT, @@ -95,52 +95,52 @@ def sample_raw_rsa_keyring_using_different_wrapping_algorithm(): for alg in WrappingAlgorithm: if alg.encryption_type is EncryptionType.ASYMMETRIC: yield RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=alg, private_wrapping_key=_PRIVATE_WRAPPING_KEY, public_wrapping_key=_PUBLIC_WRAPPING_KEY, ) pem_and_der_encoded_raw_rsa_keyring = [ RawRSAKeyring.from_pem_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, private_encoded_key=_RAW_RSA_PRIVATE_KEY_PEM_ENCODED_WITHOUT_PASSWORD, public_encoded_key=_RAW_RSA_PUBLIC_KEY_PEM_ENCODED, wrapping_algorithm=_WRAPPING_ALGORITHM, ), RawRSAKeyring.from_pem_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, private_encoded_key=_RAW_RSA_PRIVATE_KEY_PEM_ENCODED_WITH_PASSWORD, public_encoded_key=_RAW_RSA_PUBLIC_KEY_PEM_ENCODED, password=b"mypassword", wrapping_algorithm=_WRAPPING_ALGORITHM, ), RawRSAKeyring.from_pem_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, public_encoded_key=_RAW_RSA_PUBLIC_KEY_PEM_ENCODED, wrapping_algorithm=_WRAPPING_ALGORITHM, ), RawRSAKeyring.from_der_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, private_encoded_key=_RAW_RSA_PRIVATE_KEY_DER_ENCODED_WITHOUT_PASSWORD, public_encoded_key=_RAW_RSA_PUBLIC_KEY_DER_ENCODED, wrapping_algorithm=_WRAPPING_ALGORITHM, ), RawRSAKeyring.from_der_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, private_encoded_key=_RAW_RSA_PRIVATE_KEY_DER_ENCODED_WITH_PASSWORD, public_encoded_key=_RAW_RSA_PUBLIC_KEY_DER_ENCODED, password=b"mypassword", wrapping_algorithm=_WRAPPING_ALGORITHM, ), RawRSAKeyring.from_der_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, public_encoded_key=_RAW_RSA_PUBLIC_KEY_DER_ENCODED, wrapping_algorithm=_WRAPPING_ALGORITHM, ), @@ -178,8 +178,8 @@ def test_raw_rsa_encryption_decryption(encryption_materials_samples, test_raw_rs @pytest.mark.parametrize("encryption_materials_samples", sample_encryption_materials()) def test_raw_master_key_decrypts_what_raw_keyring_encrypts(encryption_materials_samples): test_raw_rsa_keyring = RawRSAKeyring.from_pem_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, private_encoded_key=_PRIVATE_WRAPPING_KEY_PEM, public_encoded_key=_PUBLIC_WRAPPING_KEY_PEM, @@ -187,8 +187,8 @@ def test_raw_master_key_decrypts_what_raw_keyring_encrypts(encryption_materials_ # Creating an instance of a raw master key test_raw_master_key = RawMasterKey( - key_id=_KEY_ID, - provider_id=_PROVIDER_ID, + key_id=_KEY_NAME, + provider_id=_KEY_NAMESPACE, wrapping_key=WrappingKey( wrapping_algorithm=_WRAPPING_ALGORITHM, wrapping_key=_PRIVATE_WRAPPING_KEY_PEM, @@ -214,8 +214,8 @@ def test_raw_keyring_decrypts_what_raw_master_key_encrypts(encryption_materials_ # Create instance of raw master key test_raw_master_key = RawMasterKey( - key_id=_KEY_ID, - provider_id=_PROVIDER_ID, + key_id=_KEY_NAME, + provider_id=_KEY_NAMESPACE, wrapping_key=WrappingKey( wrapping_algorithm=_WRAPPING_ALGORITHM, wrapping_key=_PRIVATE_WRAPPING_KEY_PEM, @@ -224,8 +224,8 @@ def test_raw_keyring_decrypts_what_raw_master_key_encrypts(encryption_materials_ ) test_raw_rsa_keyring = RawRSAKeyring.from_pem_encoding( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, private_encoded_key=_PRIVATE_WRAPPING_KEY_PEM, public_encoded_key=_PUBLIC_WRAPPING_KEY_PEM, @@ -256,8 +256,8 @@ def test_raw_keyring_decrypts_what_raw_master_key_encrypts(encryption_materials_ def test_public_key_only_can_encrypt(): test_keyring = RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, public_wrapping_key=_PUBLIC_WRAPPING_KEY, ) @@ -274,8 +274,8 @@ def test_public_key_only_can_encrypt(): def test_public_key_only_cannot_decrypt(): test_keyring = RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, public_wrapping_key=_PUBLIC_WRAPPING_KEY, ) @@ -298,15 +298,15 @@ def test_public_key_only_cannot_decrypt(): def test_private_key_can_decrypt(): complete_keyring = RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, private_wrapping_key=_PRIVATE_WRAPPING_KEY, public_wrapping_key=_PUBLIC_WRAPPING_KEY, ) test_keyring = RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, private_wrapping_key=_PRIVATE_WRAPPING_KEY, ) @@ -330,8 +330,8 @@ def test_private_key_can_decrypt(): def test_private_key_cannot_encrypt(): test_keyring = RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, private_wrapping_key=_PRIVATE_WRAPPING_KEY, ) @@ -351,8 +351,8 @@ def test_keypair_must_match(): with pytest.raises(ValueError) as excinfo: RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, private_wrapping_key=wrapping_key_a, public_wrapping_key=wrapping_key_b.public_key(), @@ -367,7 +367,7 @@ def test_must_not_accept_aws_kms(): with pytest.raises(ValueError) as excinfo: RawRSAKeyring( key_namespace=bad_key_namespace, - key_name=_KEY_ID, + key_name=_KEY_NAME, wrapping_algorithm=_WRAPPING_ALGORITHM, private_wrapping_key=_PRIVATE_WRAPPING_KEY, public_wrapping_key=_PUBLIC_WRAPPING_KEY, diff --git a/test/functional/keyrings/test_multi.py b/test/functional/keyrings/test_multi.py index b2674bd8d..bc454cd8a 100644 --- a/test/functional/keyrings/test_multi.py +++ b/test/functional/keyrings/test_multi.py @@ -26,8 +26,8 @@ pytestmark = [pytest.mark.functional, pytest.mark.local] _ENCRYPTION_CONTEXT = {"encryption": "context", "values": "here"} -_PROVIDER_ID = "Random Raw Keys" -_KEY_ID = b"5325b043-5843-4629-869c-64794af77ada" +_KEY_NAMESPACE = "Random Raw Keys" +_KEY_NAME = "5325b043-5843-4629-869c-64794af77ada" _WRAPPING_KEY_AES = b"\xeby-\x80A6\x15rA8\x83#,\xe4\xab\xac`\xaf\x99Z\xc1\xce\xdb\xb6\x0f\xb7\x805\xb2\x14J3" _ENCRYPTION_MATERIALS_WITHOUT_DATA_KEY = EncryptionMaterials( @@ -37,7 +37,7 @@ _ENCRYPTION_MATERIALS_WITH_DATA_KEY = EncryptionMaterials( algorithm=ALGORITHM, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encryption_context=_ENCRYPTION_CONTEXT, @@ -46,18 +46,18 @@ _rsa_private_key_a = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) _rsa_private_key_b = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) _MULTI_KEYRING_WITH_GENERATOR_AND_CHILDREN = MultiKeyring( - generator=RawAESKeyring(key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=_WRAPPING_KEY_AES,), + generator=RawAESKeyring(key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=_WRAPPING_KEY_AES,), children=[ RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=_rsa_private_key_a, public_wrapping_key=_rsa_private_key_a.public_key(), ), RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=_rsa_private_key_b, public_wrapping_key=_rsa_private_key_b.public_key(), @@ -67,8 +67,8 @@ _MULTI_KEYRING_WITHOUT_CHILDREN = MultiKeyring( generator=RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=_rsa_private_key_a, public_wrapping_key=_rsa_private_key_a.public_key(), @@ -78,13 +78,13 @@ _MULTI_KEYRING_WITHOUT_GENERATOR = MultiKeyring( children=[ RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=_rsa_private_key_a, public_wrapping_key=_rsa_private_key_a.public_key(), ), - RawAESKeyring(key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=_WRAPPING_KEY_AES,), + RawAESKeyring(key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=_WRAPPING_KEY_AES,), ] ) diff --git a/test/unit/keyrings/raw/test_raw_aes.py b/test/unit/keyrings/raw/test_raw_aes.py index 954d4f6c9..399bf588f 100644 --- a/test/unit/keyrings/raw/test_raw_aes.py +++ b/test/unit/keyrings/raw/test_raw_aes.py @@ -32,8 +32,8 @@ _ENCRYPTED_DATA_KEY_AES, _ENCRYPTED_DATA_KEY_NOT_IN_KEYRING, _ENCRYPTION_CONTEXT, - _KEY_ID, - _PROVIDER_ID, + _KEY_NAME, + _KEY_NAMESPACE, _SIGNING_KEY, _WRAPPING_KEY, get_decryption_materials_with_data_encryption_key, @@ -47,7 +47,7 @@ @pytest.fixture def raw_aes_keyring(): - return RawAESKeyring(key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=_WRAPPING_KEY,) + return RawAESKeyring(key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=_WRAPPING_KEY,) @pytest.fixture @@ -80,8 +80,8 @@ def test_parent(): def test_valid_parameters(raw_aes_keyring): test = raw_aes_keyring - assert test.key_name == _KEY_ID - assert test.key_namespace == _PROVIDER_ID + assert test.key_name == _KEY_NAME + assert test.key_namespace == _KEY_NAMESPACE assert test._wrapping_algorithm == WrappingAlgorithm.AES_256_GCM_IV12_TAG16_NO_PADDING assert test._wrapping_key == _WRAPPING_KEY @@ -89,11 +89,11 @@ def test_valid_parameters(raw_aes_keyring): @pytest.mark.parametrize( "key_namespace, key_name, wrapping_algorithm, wrapping_key", ( - (_PROVIDER_ID, None, WrappingAlgorithm.AES_256_GCM_IV12_TAG16_NO_PADDING, None), + (_KEY_NAMESPACE, None, WrappingAlgorithm.AES_256_GCM_IV12_TAG16_NO_PADDING, None), (None, None, None, None), ( - _PROVIDER_ID, - _KEY_ID, + _KEY_NAMESPACE, + _KEY_NAME, WrappingAlgorithm.AES_256_GCM_IV12_TAG16_NO_PADDING, WrappingAlgorithm.AES_256_GCM_IV12_TAG16_NO_PADDING, ), @@ -115,7 +115,7 @@ def test_invalid_parameters(key_namespace, key_name, wrapping_algorithm, wrappin def test_invalid_key_length(): with pytest.raises(ValueError) as excinfo: RawAESKeyring( - key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=b"012345", + key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=b"012345", ) excinfo.match(r"Invalid wrapping key length. Must be one of \[16, 24, 32\] bytes.") @@ -213,7 +213,7 @@ def test_generate_data_key_error_when_data_key_not_generated(patch_os_urandom): with pytest.raises(GenerateKeyError) as exc_info: _generate_data_key( encryption_materials=get_encryption_materials_without_data_encryption_key(), - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME), ) assert exc_info.match("Unable to generate data encryption key.") @@ -222,7 +222,7 @@ def test_generate_data_key_error_when_data_key_exists(): with pytest.raises(TypeError) as exc_info: _generate_data_key( encryption_materials=get_encryption_materials_with_data_encryption_key(), - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME), ) assert exc_info.match("Data encryption key already exists.") @@ -233,7 +233,7 @@ def test_generate_data_key_provider_info(): encryption_context=_ENCRYPTION_CONTEXT, signing_key=_SIGNING_KEY, ) - key_provider_info = MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID) + key_provider_info = MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME) new_materials = _generate_data_key( encryption_materials=encryption_materials_without_data_key, key_provider=key_provider_info, ) diff --git a/test/unit/keyrings/raw/test_raw_rsa.py b/test/unit/keyrings/raw/test_raw_rsa.py index eba58b6e4..a9ea33e2b 100644 --- a/test/unit/keyrings/raw/test_raw_rsa.py +++ b/test/unit/keyrings/raw/test_raw_rsa.py @@ -31,9 +31,9 @@ _ENCRYPTED_DATA_KEY_AES, _ENCRYPTED_DATA_KEY_RSA, _ENCRYPTION_CONTEXT, - _KEY_ID, + _KEY_NAME, + _KEY_NAMESPACE, _KEY_SIZE, - _PROVIDER_ID, _PUBLIC_EXPONENT, get_decryption_materials_with_data_encryption_key, get_decryption_materials_without_data_encryption_key, @@ -51,8 +51,8 @@ def raw_rsa_keyring(): data=VALUES["private_rsa_key_bytes"][1], password=None, backend=default_backend() ) return RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=private_key, public_wrapping_key=private_key.public_key(), @@ -87,8 +87,8 @@ def test_parent(): def test_valid_parameters(raw_rsa_keyring): test = raw_rsa_keyring - assert test.key_namespace == _PROVIDER_ID - assert test.key_name == _KEY_ID + assert test.key_namespace == _KEY_NAMESPACE + assert test.key_name == _KEY_NAME assert test._wrapping_algorithm == WrappingAlgorithm.RSA_OAEP_SHA256_MGF1 assert isinstance(test._private_wrapping_key, rsa.RSAPrivateKey) @@ -96,11 +96,17 @@ def test_valid_parameters(raw_rsa_keyring): @pytest.mark.parametrize( "key_namespace, key_name, wrapping_algorithm, private_wrapping_key, public_wrapping_key", ( - (_PROVIDER_ID, None, WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, raw_rsa_private_key(), None), + (_KEY_NAMESPACE, None, WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, raw_rsa_private_key(), None), (None, None, None, None, None), - (_PROVIDER_ID, _KEY_ID, WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, None), + ( + _KEY_NAMESPACE, + _KEY_NAME, + WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, + WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, + None, + ), (None, None, None, raw_rsa_private_key(), raw_rsa_private_key().public_key()), - (len(_PROVIDER_ID), len(_KEY_ID), _PROVIDER_ID, _PROVIDER_ID, _KEY_ID), + (len(_KEY_NAMESPACE), len(_KEY_NAME), _KEY_NAMESPACE, _KEY_NAMESPACE, _KEY_NAME), ), ) def test_invalid_parameters(key_namespace, key_name, wrapping_algorithm, private_wrapping_key, public_wrapping_key): @@ -125,8 +131,8 @@ def test_invalid_parameters(key_namespace, key_name, wrapping_algorithm, private def test_invalid_wrapping_algorithm_suite(wrapping_algorithm): with pytest.raises(ValueError): RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=wrapping_algorithm, private_wrapping_key=raw_rsa_private_key(), ) @@ -135,7 +141,7 @@ def test_invalid_wrapping_algorithm_suite(wrapping_algorithm): def test_public_and_private_key_not_provided(): with pytest.raises(TypeError) as exc_info: RawRSAKeyring( - key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1 + key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1 ) assert exc_info.match("At least one of public key or private key must be provided.") @@ -151,8 +157,8 @@ def test_on_encrypt_when_data_encryption_key_given(raw_rsa_keyring, patch_genera def test_on_encrypt_no_public_key(raw_rsa_keyring): private_key = raw_rsa_private_key() test_keyring = RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=private_key, ) diff --git a/test/unit/keyrings/test_multi.py b/test/unit/keyrings/test_multi.py index 97948ef63..acd8badfb 100644 --- a/test/unit/keyrings/test_multi.py +++ b/test/unit/keyrings/test_multi.py @@ -40,8 +40,8 @@ _ENCRYPTION_CONTEXT = {"encryption": "context", "values": "here"} -_PROVIDER_ID = "Random Raw Keys" -_KEY_ID = b"5325b043-5843-4629-869c-64794af77ada" +_KEY_NAMESPACE = "Random Raw Keys" +_KEY_NAME = "5325b043-5843-4629-869c-64794af77ada" _WRAPPING_KEY_AES = b"\xeby-\x80A6\x15rA8\x83#,\xe4\xab\xac`\xaf\x99Z\xc1\xce\xdb\xb6\x0f\xb7\x805\xb2\x14J3" _SIGNING_KEY = b"aws-crypto-public-key" @@ -96,14 +96,16 @@ def test_parent(): def test_keyring_with_generator_but_no_children(): - generator_keyring = RawAESKeyring(key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=_WRAPPING_KEY_AES,) + generator_keyring = RawAESKeyring(key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=_WRAPPING_KEY_AES,) test_multi_keyring = MultiKeyring(generator=generator_keyring) assert test_multi_keyring.generator is generator_keyring assert not test_multi_keyring.children def test_keyring_with_children_but_no_generator(): - children_keyring = [RawAESKeyring(key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=_WRAPPING_KEY_AES,)] + children_keyring = [ + RawAESKeyring(key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=_WRAPPING_KEY_AES,) + ] test_multi_keyring = MultiKeyring(children=children_keyring) assert test_multi_keyring.children is children_keyring assert test_multi_keyring.generator is None diff --git a/test/unit/unit_test_utils.py b/test/unit/unit_test_utils.py index 35bafd609..f97a75940 100644 --- a/test/unit/unit_test_utils.py +++ b/test/unit/unit_test_utils.py @@ -32,9 +32,9 @@ pass _ENCRYPTION_CONTEXT = {"encryption": "context", "values": "here"} -_PROVIDER_ID = "Random Raw Keys" -_EXISTING_KEY_ID = b"pre-seeded key id" -_KEY_ID = b"5325b043-5843-4629-869c-64794af77ada" +_KEY_NAMESPACE = "Random Raw Keys" +_EXISTING_KEY_NAME = "pre-seeded key id" +_KEY_NAME = "5325b043-5843-4629-869c-64794af77ada" _WRAPPING_KEY = b"\xeby-\x80A6\x15rA8\x83#,\xe4\xab\xac`\xaf\x99Z\xc1\xce\xdb\xb6\x0f\xb7\x805\xb2\x14J3" _SIGNING_KEY = b"aws-crypto-public-key" _DATA_KEY = ( @@ -73,7 +73,7 @@ ) _ENCRYPTED_DATA_KEY_RSA = EncryptedDataKey( - key_provider=MasterKeyInfo(provider_id="Random Raw Keys", key_info=_KEY_ID), + key_provider=MasterKeyInfo(provider_id="Random Raw Keys", key_info=_KEY_NAME), encrypted_data_key=b"\xf3+\x15n\xe6`\xbe\xfe\xf0\x9e1\xe5\x9b" b"\xaf\xfe\xdaT\xbb\x17\x14\xfd} o\xdd\xf1" b"\xbc\xe1C\xa5J\xd8\xc7\x15\xc2\x90t=\xb9" @@ -95,7 +95,7 @@ class OnlyGenerateKeyring(Keyring): def on_encrypt(self, encryption_materials): # type: (EncryptionMaterials) -> EncryptionMaterials if encryption_materials.data_encryption_key is None: - key_provider = MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID) + key_provider = MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME) data_encryption_key = RawDataKey( key_provider=key_provider, data_key=os.urandom(encryption_materials.algorithm.kdf_input_len) ) @@ -113,7 +113,7 @@ def get_encryption_materials_with_data_key(): return EncryptionMaterials( algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_EXISTING_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_EXISTING_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encryption_context=_ENCRYPTION_CONTEXT, @@ -125,7 +125,7 @@ def get_encryption_materials_with_data_encryption_key(): return EncryptionMaterials( algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_EXISTING_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_EXISTING_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encryption_context=_ENCRYPTION_CONTEXT, @@ -145,12 +145,12 @@ def get_encryption_materials_with_encrypted_data_key(): return EncryptionMaterials( algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_EXISTING_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_EXISTING_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encrypted_data_keys=[ EncryptedDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_EXISTING_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_EXISTING_KEY_NAME), encrypted_data_key=b"\xde^\x97\x7f\x84\xe9\x9e\x98\xd0\xe2\xf8\xd5\xcb\xe9\x7f.}\x87\x16,\x11n#\xc8p" b"\xdb\xbf\x94\x86*Q\x06\xd2\xf5\xdah\x08\xa4p\x81\xf7\xf4G\x07FzE\xde", ) @@ -164,7 +164,7 @@ def get_encryption_materials_with_encrypted_data_key_aes(): return EncryptionMaterials( algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_EXISTING_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_EXISTING_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encrypted_data_keys=[_ENCRYPTED_DATA_KEY_AES], @@ -193,7 +193,7 @@ def get_decryption_materials_with_data_key(): return DecryptionMaterials( algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_EXISTING_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_EXISTING_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encryption_context=_ENCRYPTION_CONTEXT, @@ -205,7 +205,7 @@ def get_decryption_materials_with_data_encryption_key(): return DecryptionMaterials( algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, data_encryption_key=RawDataKey( - key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_EXISTING_KEY_ID), + key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_EXISTING_KEY_NAME), data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(', ), encryption_context=_ENCRYPTION_CONTEXT, @@ -220,18 +220,18 @@ def get_decryption_materials_without_data_key(): def get_multi_keyring_with_generator_and_children(): private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) return MultiKeyring( - generator=RawAESKeyring(key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=_WRAPPING_KEY_AES,), + generator=RawAESKeyring(key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=_WRAPPING_KEY_AES,), children=[ RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=private_key, public_wrapping_key=private_key.public_key(), ), RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=private_key, public_wrapping_key=private_key.public_key(), @@ -244,8 +244,8 @@ def get_multi_keyring_with_no_children(): private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) return MultiKeyring( generator=RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=private_key, public_wrapping_key=private_key.public_key(), @@ -258,13 +258,13 @@ def get_multi_keyring_with_no_generator(): return MultiKeyring( children=[ RawRSAKeyring( - key_namespace=_PROVIDER_ID, - key_name=_KEY_ID, + key_namespace=_KEY_NAMESPACE, + key_name=_KEY_NAME, wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1, private_wrapping_key=private_key, public_wrapping_key=private_key.public_key(), ), - RawAESKeyring(key_namespace=_PROVIDER_ID, key_name=_KEY_ID, wrapping_key=_WRAPPING_KEY_AES,), + RawAESKeyring(key_namespace=_KEY_NAMESPACE, key_name=_KEY_NAME, wrapping_key=_WRAPPING_KEY_AES,), ] ) @@ -375,7 +375,7 @@ def ephemeral_raw_rsa_keyring(size=4096, wrapping_algorithm=WrappingAlgorithm.RS private_key = rsa.generate_private_key(public_exponent=65537, key_size=size, backend=default_backend()) return RawRSAKeyring( key_namespace="fake", - key_name="rsa-{}".format(size).encode("utf-8"), + key_name="rsa-{}".format(size), wrapping_algorithm=wrapping_algorithm, private_wrapping_key=private_key, public_wrapping_key=private_key.public_key(), @@ -434,9 +434,7 @@ def ephemeral_raw_aes_keyring(wrapping_algorithm=WrappingAlgorithm.AES_256_GCM_I key_length = wrapping_algorithm.algorithm.data_key_len if key is None: key = os.urandom(key_length) - return RawAESKeyring( - key_namespace="fake", key_name="aes-{}".format(key_length * 8).encode("utf-8"), wrapping_key=key, - ) + return RawAESKeyring(key_namespace="fake", key_name="aes-{}".format(key_length * 8), wrapping_key=key,) class EphemeralRawMasterKeyProvider(RawMasterKeyProvider):