Merge pull request #63 from mattsb42-aws/vectors

New test vector handlers

.gitignore

@@ -1,21 +1,38 @@
-*.class
-*.egg-info
-*.pyc
-*.pyo
 *~
-.DS_Store
-.tox
-/.cache*
-/.coverage*
-/build
-/doc/generated/*
-/runpy
-/test/integration/test_values.conf
-__pycache__
+
+# Test vectors (legacy)
 aws_encryption_sdk_resources
+
+# OS Artifacts
+.DS_Store
+
+# Build Artifacts
 build
 dist
 docs/build
-test/integration/test_values.conf
+/doc/generated/*
+
+# Bytecode Artifacts
+*.pyc
+*.pyo
+.cache*
+__pycache__
+*.egg-info
+
+# Coverage.py
+.coverage*
+
+# MyPy
+.mypy_cache
+
+# PyEnv
 .python-version
+
+# PyTest
 .pytest_cache
+
+# PyCharm
+.idea/
+
+# Tox
+.tox

test_vector_generator/MANIFEST.in

@@ -0,0 +1,9 @@
+include README.rst
+include CHANGELOG.rst
+include CONTRIBUTING.rst
+include LICENSE
+include requirements.txt
+
+recursive-include doc *
+recursive-include test *.py
+recursive-include examples *.py

test_vector_generator/requirements.txt

@@ -0,0 +1,2 @@
+attrs >= 17.4.0
+six

test_vector_generator/setup.cfg

@@ -0,0 +1,42 @@
+[wheel]
+universal = 1
+
+[metadata]
+license_file = LICENSE
+
+[coverage:run]
+branch = True
+
+[coverage:report]
+show_missing = True
+
+[mypy]
+ignore_missing_imports = True
+
+[flake8]
+max_complexity = 10
+max_line_length = 120
+import_order_style = google
+application_import_names = aws_encryption_sdk_cli
+builtins = raw_input
+ignore =
+    # Ignoring D205 and D400 because of false positives
+    D205, D400,
+    # E203 is not PEP8 compliant https://github.com/ambv/black#slices
+    E203,
+    # W503 is not PEP8 compliant https://github.com/ambv/black#line-breaks--binary-operators
+    W503
+
+[doc8]
+max-line-length = 120
+
+[isort]
+line_length = 120
+# https://github.com/timothycrosley/isort#multi-line-output-modes
+multi_line_output = 3
+include_trailing_comma = True
+force_grid_wrap = 0
+combine_as_imports = True
+not_skip = __init__.py
+known_first_party = awses_test_vectors
+known_third_party = attr,aws_encryption_sdk,pytest,setuptools,six

test_vector_generator/setup.py

@@ -0,0 +1,65 @@
+"""Test vector handlers for the AWS Encryption SDK for Python."""
+import os
+import re
+
+from setuptools import find_packages, setup
+
+VERSION_RE = re.compile(r"""__version__ = ['"]([0-9.]+)['"]""")
+HERE = os.path.abspath(os.path.dirname(__file__))
+
+
+def read(*args):
+    """Read complete file contents."""
+    return open(os.path.join(HERE, *args)).read()
+
+
+def get_version():
+    """Read the version from this module."""
+    init = read("src", "awses_test_vectors", "__init__.py")
+    return VERSION_RE.search(init).group(1)
+
+
+def get_requirements():
+    """Read the requirements file."""
+    requirements = read("requirements.txt")
+    return [r for r in requirements.strip().splitlines()]
+
+
+setup(
+    name="aws-encryption-sdk-vector-handlers",
+    packages=find_packages("src"),
+    package_dir={"": "src"},
+    version=get_version(),
+    author="Amazon Web Services",
+    maintainer="Amazon Web Services",
+    author_email="aws-cryptools@amazon.com",
+    url="https://github.com/awslabs/aws-encryption-sdk-python",
+    description="Test vector handlers for the AWS Encryption SDK for Python",
+    long_description=read("README.rst"),
+    keywords="aws-encryption-sdk aws kms encryption",
+    license="Apache License 2.0",
+    install_requires=get_requirements(),
+    classifiers=[
+        "Development Status :: 5 - Production/Stable",
+        "Intended Audience :: Developers",
+        "Natural Language :: English",
+        "License :: OSI Approved :: Apache Software License",
+        "Programming Language :: Python",
+        "Programming Language :: Python :: 2",
+        "Programming Language :: Python :: 2.7",
+        "Programming Language :: Python :: 3",
+        "Programming Language :: Python :: 3.4",
+        "Programming Language :: Python :: 3.5",
+        "Programming Language :: Python :: 3.6",
+        "Programming Language :: Python :: 3.7",
+        "Programming Language :: Python :: Implementation :: CPython",
+        "Topic :: Security",
+        "Topic :: Security :: Cryptography",
+    ],
+    entry_points={
+        "console_scripts": [
+            "awses-full-message-encrypt=awses_test_vectors.commands.full_message_encrypt:cli",
+            "awses-full-message-decrypt=awses_test_vectors.commands.full_message_decrypt:cli",
+        ]
+    },
+)

test_vector_generator/src/awses_test_vectors/__init__.py

@@ -0,0 +1,13 @@
+# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+__version__ = "0.0.0"

test_vector_generator/src/awses_test_vectors/commands/__init__.py

@@ -0,0 +1,12 @@
+# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.

test_vector_generator/src/awses_test_vectors/commands/full_message_decrypt.py

@@ -0,0 +1,37 @@
+# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+"""
+AWS Encryption SDK full message decrypt command.
+"""
+import argparse
+
+from awses_test_vectors.manifests.full_message.decrypt import MessageDecryptionManifest
+
+try:  # Python 3.5.0 and 3.5.1 have incompatible typing modules
+    from typing import Iterable, Optional  # noqa pylint: disable=unused-import
+except ImportError:  # pragma: no cover
+    # We only actually need these imports when running the mypy checks
+    pass
+
+
+def cli(args=None):
+    # type: (Optional[Iterable[str]]) -> None
+    """CLI entry point for processing AWS Encryption SDK Decrypt Message manifests."""
+    parser = argparse.ArgumentParser(description="Decrypt ciphertexts generated by awses-full-message-encrypt")
+    parser.add_argument("--input", type=argparse.FileType("r"), help="Existing full message decrypt manifest")
+
+    parsed = parser.parse_args(args)
+
+    decrypt_manifest = MessageDecryptionManifest.from_file(parsed.input)
+
+    decrypt_manifest.run()

test_vector_generator/src/awses_test_vectors/commands/full_message_encrypt.py

@@ -0,0 +1,49 @@
+# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+"""
+AWS Encryption SDK full message encrypt command.
+"""
+import argparse
+
+from awses_test_vectors.manifests.full_message.encrypt import MessageEncryptionManifest
+
+try:  # Python 3.5.0 and 3.5.1 have incompatible typing modules
+    from typing import Iterable, Optional  # noqa pylint: disable=unused-import
+except ImportError:  # pragma: no cover
+    # We only actually need these imports when running the mypy checks
+    pass
+
+
+def cli(args=None):
+    # type: (Optional[Iterable[str]]) -> None
+    """CLI entry point for processing AWS Encryption SDK Encrypt Message manifests."""
+    parser = argparse.ArgumentParser(
+        description="Build ciphertexts and decrypt manifest from keys and encrypt manifests"
+    )
+    parser.add_argument("--output", help="Directory in which to store results")
+    parser.add_argument("--input", type=argparse.FileType("r"), help="Existing full message encrypt manifest")
+    parser.add_argument(
+        "--human",
+        required=False,
+        default=None,
+        action="store_const",
+        const=4,
+        dest="json_indent",
+        help="Output human-readable JSON",
+    )
+
+    parsed = parser.parse_args(args)
+
+    encrypt_manifest = MessageEncryptionManifest.from_file(parsed.input)
+
+    encrypt_manifest.run_and_write_to_dir(target_directory=parsed.output, json_indent=parsed.json_indent)

test_vector_generator/src/awses_test_vectors/internal/__init__.py

@@ -0,0 +1,12 @@
+# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.

test_vector_generator/src/awses_test_vectors/internal/aws_kms.py

@@ -0,0 +1,39 @@
+# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+"""
+Helper utilities for interacting with AWS KMS.
+"""
+from aws_encryption_sdk.identifiers import AlgorithmSuite
+from aws_encryption_sdk.key_providers.kms import KMSMasterKeyProvider
+
+from awses_test_vectors.internal.defaults import ENCODING
+
+# This lets us easily use a single boto3 client per region for all KMS master keys.
+KMS_MASTER_KEY_PROVIDER = KMSMasterKeyProvider()
+
+
+def arn_from_key_id(key_id):
+    # type: (str) -> str
+    """Determine the KMS CMK Arn for the identified key ID.
+
+    To avoid needing additional KMS permissions, we just call ``generate_data_key``
+    using a master key identified by ``key_id``.
+
+    :param str key_id: Original key ID
+    :returns: Full Arn for KMS CMK that key ID identifies
+    :rtype: str
+    """
+    encrypted_data_key = KMS_MASTER_KEY_PROVIDER.master_key(key_id.encode(ENCODING)).generate_data_key(
+        algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, encryption_context={}
+    )
+    return encrypted_data_key.key_provider.key_info.decode(ENCODING)

test_vector_generator/src/awses_test_vectors/internal/defaults.py

@@ -0,0 +1,17 @@
+# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+# http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+"""
+Default values for use in AWS Encryption SDK test vector handlers.
+"""
+
+ENCODING = "utf-8"