refactor!: change raw keyring key_name type to str (#292)

* refactor!: change raw keyring key name type to str * refactor!: change raw keyring key name type to str * refactor: Update missed lines in enxamples * refactor(tests): Change _KEY_ID and _PROVIDER_ID var names to _KEY_NAME and _KEY_NAMESPACE
aws · Aug 17, 2020 · e46b757 · e46b757
1 parent 0d21816
commit e46b757
Show file tree

Hide file tree

Showing 13 changed files with 146 additions and 133 deletions.
diff --git a/examples/src/keyring/multi/aws_kms_with_escrow.py b/examples/src/keyring/multi/aws_kms_with_escrow.py
@@ -69,7 +69,7 @@ def run(aws_kms_cmk, source_plaintext):
         #
         # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring
         key_namespace="some managed raw keys",
-        key_name=b"my RSA wrapping key",
+        key_name="my RSA wrapping key",
         public_wrapping_key=public_key,
         # The wrapping algorithm tells the raw RSA keyring
         # how to use your wrapping key to encrypt data keys.
@@ -83,7 +83,7 @@ def run(aws_kms_cmk, source_plaintext):
     escrow_decrypt_keyring = RawRSAKeyring(
         # The key namespace and key name MUST match the encrypt keyring.
         key_namespace="some managed raw keys",
-        key_name=b"my RSA wrapping key",
+        key_name="my RSA wrapping key",
         private_wrapping_key=private_key,
         # The wrapping algorithm MUST match the encrypt keyring.
         wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1,

diff --git a/examples/src/keyring/raw_aes/raw_aes.py b/examples/src/keyring/raw_aes/raw_aes.py
@@ -44,7 +44,7 @@ def run(source_plaintext):
         #
         # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-aes-keyring
         key_namespace="some managed raw keys",
-        key_name=b"my AES wrapping key",
+        key_name="my AES wrapping key",
         wrapping_key=key,
     )
 

diff --git a/examples/src/keyring/raw_rsa/keypair.py b/examples/src/keyring/raw_rsa/keypair.py
@@ -54,7 +54,7 @@ def run(source_plaintext):
         #
         # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring
         key_namespace="some managed raw keys",
-        key_name=b"my RSA wrapping key",
+        key_name="my RSA wrapping key",
         private_wrapping_key=private_key,
         public_wrapping_key=private_key.public_key(),
         # The wrapping algorithm tells the raw RSA keyring

diff --git a/examples/src/keyring/raw_rsa/keypair_from_pem.py b/examples/src/keyring/raw_rsa/keypair_from_pem.py
@@ -70,7 +70,7 @@ def run(source_plaintext):
         #
         # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring
         key_namespace="some managed raw keys",
-        key_name=b"my RSA wrapping key",
+        key_name="my RSA wrapping key",
         private_encoded_key=private_key_pem,
         public_encoded_key=public_key_pem,
         # The wrapping algorithm tells the raw RSA keyring

diff --git a/examples/src/keyring/raw_rsa/public_private_key_separate.py b/examples/src/keyring/raw_rsa/public_private_key_separate.py
@@ -69,7 +69,7 @@ def run(source_plaintext):
         #
         # https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html#use-raw-rsa-keyring
         key_namespace="some managed raw keys",
-        key_name=b"my RSA wrapping key",
+        key_name="my RSA wrapping key",
         public_wrapping_key=public_key,
         # The wrapping algorithm tells the raw RSA keyring
         # how to use your wrapping key to encrypt data keys.
@@ -83,7 +83,7 @@ def run(source_plaintext):
     private_key_keyring = RawRSAKeyring(
         # The key namespace and key name MUST match the encrypt keyring.
         key_namespace="some managed raw keys",
-        key_name=b"my RSA wrapping key",
+        key_name="my RSA wrapping key",
         private_wrapping_key=private_key,
         # The wrapping algorithm MUST match the encrypt keyring.
         wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1,

diff --git a/src/aws_encryption_sdk/keyrings/raw.py b/src/aws_encryption_sdk/keyrings/raw.py
@@ -1,6 +1,7 @@
 # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 # SPDX-License-Identifier: Apache-2.0
 """Resources required for Raw Keyrings."""
+import codecs
 import logging
 import os
 
@@ -14,6 +15,7 @@
 from aws_encryption_sdk.exceptions import EncryptKeyError, GenerateKeyError
 from aws_encryption_sdk.identifiers import EncryptionKeyType, WrappingAlgorithm
 from aws_encryption_sdk.internal.crypto.wrapping_keys import EncryptedData, WrappingKey
+from aws_encryption_sdk.internal.defaults import ENCODING
 from aws_encryption_sdk.internal.formatting.deserialize import deserialize_wrapped_key
 from aws_encryption_sdk.internal.formatting.serialize import serialize_raw_master_key_prefix, serialize_wrapped_key
 from aws_encryption_sdk.key_providers.raw import RawMasterKey
@@ -73,7 +75,7 @@ class RawAESKeyring(Keyring):
     .. note::
         key_namespace MUST NOT equal "aws-kms".
 
-    :param bytes key_name: Key ID
+    :param str key_name: Key ID
     :param bytes wrapping_key: Encryption key with which to wrap plaintext data key.
 
     .. note::
@@ -82,7 +84,7 @@ class RawAESKeyring(Keyring):
     """
 
     key_namespace = attr.ib(validator=instance_of(six.string_types))
-    key_name = attr.ib(validator=instance_of(six.binary_type))
+    key_name = attr.ib(validator=instance_of(six.string_types))
     _wrapping_key = attr.ib(repr=False, validator=instance_of(six.binary_type))
 
     def __attrs_post_init__(self):
@@ -197,9 +199,11 @@ def on_decrypt(self, decryption_materials, encrypted_data_keys):
             ):
                 continue
 
+            encoded_key_name = codecs.encode(self.key_name, ENCODING)
+
             # Wrapped EncryptedDataKey to deserialized EncryptedData
             encrypted_wrapped_key = deserialize_wrapped_key(
-                wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=self.key_name, wrapped_encrypted_key=key
+                wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=encoded_key_name, wrapped_encrypted_key=key
             )
 
             # EncryptedData to raw key string
@@ -237,7 +241,7 @@ class RawRSAKeyring(Keyring):
     .. note::
         key_namespace MUST NOT equal "aws-kms".
 
-    :param bytes key_name: Key ID
+    :param str key_name: Key ID
     :param cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey private_wrapping_key:
         Private encryption key with which to wrap plaintext data key (optional)
     :param cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey public_wrapping_key:
@@ -251,7 +255,7 @@ class RawRSAKeyring(Keyring):
     """
 
     key_namespace = attr.ib(validator=instance_of(six.string_types))
-    key_name = attr.ib(validator=instance_of(six.binary_type))
+    key_name = attr.ib(validator=instance_of(six.string_types))
     _wrapping_algorithm = attr.ib(
         repr=False,
         validator=in_(
@@ -428,9 +432,11 @@ def on_decrypt(self, decryption_materials, encrypted_data_keys):
             if key.key_provider != self._key_provider:
                 continue
 
+            encoded_key_name = codecs.encode(self.key_name, ENCODING)
+
             # Wrapped EncryptedDataKey to deserialized EncryptedData
             encrypted_wrapped_key = deserialize_wrapped_key(
-                wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=self.key_name, wrapped_encrypted_key=key
+                wrapping_algorithm=self._wrapping_algorithm, wrapping_key_id=encoded_key_name, wrapped_encrypted_key=key
             )
             try:
                 plaintext_data_key = self._private_wrapping_key.decrypt(

diff --git a/test/functional/keyrings/raw/test_raw_aes.py b/test/functional/keyrings/raw/test_raw_aes.py
@@ -25,8 +25,8 @@
 pytestmark = [pytest.mark.functional, pytest.mark.local]
 
 _ENCRYPTION_CONTEXT = {"encryption": "context", "values": "here"}
-_PROVIDER_ID = "Random Raw Keys"
-_KEY_ID = b"5325b043-5843-4629-869c-64794af77ada"
+_KEY_NAMESPACE = "Random Raw Keys"
+_KEY_NAME = "5325b043-5843-4629-869c-64794af77ada"
 _WRAPPING_KEY = b"12345678901234567890123456789012"
 _SIGNING_KEY = b"aws-crypto-public-key"
 
@@ -43,7 +43,7 @@ def sample_encryption_materials():
         EncryptionMaterials(
             algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384,
             data_encryption_key=RawDataKey(
-                key_provider=MasterKeyInfo(provider_id=_PROVIDER_ID, key_info=_KEY_ID),
+                key_provider=MasterKeyInfo(provider_id=_KEY_NAMESPACE, key_info=_KEY_NAME),
                 data_key=b'*!\xa1"^-(\xf3\x105\x05i@B\xc2\xa2\xb7\xdd\xd5\xd5\xa9\xddm\xfae\xa8\\$\xf9d\x1e(',
             ),
             encryption_context=_ENCRYPTION_CONTEXT,
@@ -56,8 +56,8 @@ def sample_encryption_materials():
 def test_raw_aes_encryption_decryption(encryption_materials_samples):
 
     # Initializing attributes
-    key_namespace = _PROVIDER_ID
-    key_name = _KEY_ID
+    key_namespace = _KEY_NAMESPACE
+    key_name = _KEY_NAME
 
     # Creating an instance of a raw AES keyring
     test_raw_aes_keyring = RawAESKeyring(key_namespace=key_namespace, key_name=key_name, wrapping_key=_WRAPPING_KEY,)
@@ -85,8 +85,8 @@ def test_raw_aes_encryption_decryption(encryption_materials_samples):
 def test_raw_master_key_decrypts_what_raw_keyring_encrypts(encryption_materials_samples):
 
     # Initializing attributes
-    key_namespace = _PROVIDER_ID
-    key_name = _KEY_ID
+    key_namespace = _KEY_NAMESPACE
+    key_name = _KEY_NAME
 
     # Creating an instance of a raw AES keyring
     test_raw_aes_keyring = RawAESKeyring(key_namespace=key_namespace, key_name=key_name, wrapping_key=_WRAPPING_KEY,)
@@ -116,8 +116,8 @@ def test_raw_master_key_decrypts_what_raw_keyring_encrypts(encryption_materials_
 def test_raw_keyring_decrypts_what_raw_master_key_encrypts(encryption_materials_samples):
 
     # Initializing attributes
-    key_namespace = _PROVIDER_ID
-    key_name = _KEY_ID
+    key_namespace = _KEY_NAMESPACE
+    key_name = _KEY_NAME
 
     # Creating an instance of a raw AES keyring
     test_raw_aes_keyring = RawAESKeyring(key_namespace=key_namespace, key_name=key_name, wrapping_key=_WRAPPING_KEY,)
@@ -153,27 +153,28 @@ def test_raw_keyring_decrypts_what_raw_master_key_encrypts(encryption_materials_
 
 @pytest.mark.parametrize("wrapping_algorithm", _WRAPPING_ALGORITHM)
 def test_key_info_prefix_vectors(wrapping_algorithm):
+    expected_prefix = _KEY_NAME.encode() + b"\x00\x00\x00\x80\x00\x00\x00\x0c"
     assert (
         serialize_raw_master_key_prefix(
             raw_master_key=RawMasterKey(
-                provider_id=_PROVIDER_ID,
-                key_id=_KEY_ID,
+                provider_id=_KEY_NAMESPACE,
+                key_id=_KEY_NAME,
                 wrapping_key=WrappingKey(
                     wrapping_algorithm=wrapping_algorithm,
                     wrapping_key=_WRAPPING_KEY,
                     wrapping_key_type=EncryptionKeyType.SYMMETRIC,
                 ),
             )
         )
-        == _KEY_ID + b"\x00\x00\x00\x80\x00\x00\x00\x0c"
+        == expected_prefix
     )
 
 
 def test_must_not_accept_aws_kms():
 
     # Initializing attributes
     key_namespace = "aws-kms"
-    key_name = _KEY_ID
+    key_name = _KEY_NAME
 
     # Attempt to instantiate a raw AES keyring
     with pytest.raises(ValueError) as excinfo: