├── .coveragerc ├── .coveragercmpl ├── .github ├── CODEOWNERS ├── ISSUE_TEMPLATE │ └── aws-encryption-sdk-issue.md ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── ci_codebuild-tests.yml │ ├── ci_decrypt-oracle.yaml │ ├── ci_static-analysis.yaml │ ├── ci_test-vector-handler.yaml │ ├── ci_tests.yaml │ ├── dependabot-auto-merge.yml │ └── repo-sync.yml ├── .gitignore ├── .gitmodules ├── .readthedocs.yaml ├── CHANGELOG.rst ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── MANIFEST.in ├── NOTICE ├── README.rst ├── SUPPORT_POLICY.rst ├── VERSIONING.rst ├── buildspec.yml ├── cfn ├── ESDK-Python.yml └── Public-ESDK-Python-CI.yml ├── codebuild ├── compliance │ └── compliance.yml ├── coverage │ ├── coverage.yml │ └── coverage_mpl.yml ├── py310 │ ├── awses_local.yml │ ├── decrypt_dafny_esdk_vectors.yml │ ├── decrypt_masterkey_with_js.yml │ ├── decrypt_masterkey_with_masterkey.yml │ ├── decrypt_net_401_vectors.yml │ ├── encrypt_masterkey.yml │ ├── examples.yml │ ├── generate_decrypt_vectors_masterkey.yml │ └── integ.yml ├── py311 │ ├── awses_local.yml │ ├── awses_local_mpl.yml │ ├── decrypt_dafny_esdk_vectors_keyrings.yml │ ├── decrypt_dafny_esdk_vectors_masterkey.yml │ ├── decrypt_golden_manifest_with_keyrings.yml │ ├── decrypt_golden_manifest_with_masterkey.yml │ ├── decrypt_keyrings_with_js.yml │ ├── decrypt_keyrings_with_keyrings.yml │ ├── decrypt_keyrings_with_masterkey.yml │ ├── decrypt_masterkey_with_js.yml │ ├── decrypt_masterkey_with_keyrings.yml │ ├── decrypt_masterkey_with_masterkey.yml │ ├── decrypt_net_401_vectors_keyrings.yml │ ├── decrypt_net_401_vectors_masterkey.yml │ ├── encrypt_keyrings.yml │ ├── encrypt_masterkey.yml │ ├── examples.yml │ ├── examples_mpl.yml │ ├── generate_decrypt_vectors_keyrings.yml │ ├── generate_decrypt_vectors_masterkey.yml │ ├── integ.yml │ ├── integ_mpl.yml │ └── performance_tests_mpl.yml ├── py312 │ ├── awses_local.yml │ ├── awses_local_mpl.yml │ ├── decrypt_dafny_esdk_vectors_keyrings.yml │ ├── decrypt_dafny_esdk_vectors_masterkey.yml │ ├── decrypt_golden_manifest_with_keyrings.yml │ ├── decrypt_golden_manifest_with_masterkey.yml │ ├── decrypt_hkeyring_with_keyrings.yml │ ├── decrypt_hkeyring_with_masterkey.yml │ ├── decrypt_hkeyring_with_net.yml │ ├── decrypt_keyrings_with_js.yml │ ├── decrypt_keyrings_with_keyrings.yml │ ├── decrypt_keyrings_with_masterkey.yml │ ├── decrypt_masterkey_with_js.yml │ ├── decrypt_masterkey_with_keyrings.yml │ ├── decrypt_masterkey_with_masterkey.yml │ ├── decrypt_net_401_vectors_keyrings.yml │ ├── decrypt_net_401_vectors_masterkey.yml │ ├── encrypt_keyrings.yml │ ├── encrypt_masterkey.yml │ ├── examples.yml │ ├── examples_mpl.yml │ ├── generate_decrypt_vectors_keyrings.yml │ ├── generate_decrypt_vectors_masterkey.yml │ ├── generate_hkeyring_decrypt_vectors.yml │ ├── integ.yml │ ├── integ_mpl.yml │ └── performance_tests_mpl.yml ├── py38 │ ├── awses_local.yml │ ├── decrypt_dafny_esdk_vectors.yml │ ├── decrypt_masterkey_with_js.yml │ ├── decrypt_masterkey_with_masterkey.yml │ ├── decrypt_net_401_vectors.yml │ ├── encrypt_masterkey.yml │ ├── examples.yml │ ├── generate_decrypt_vectors_masterkey.yml │ └── integ.yml ├── py39 │ ├── awses_1.7.1.yml │ ├── awses_2.0.0.yml │ ├── awses_latest.yml │ ├── awses_local.yml │ ├── decrypt_dafny_esdk_vectors.yml │ ├── decrypt_masterkey_with_js.yml │ ├── decrypt_masterkey_with_masterkey.yml │ ├── decrypt_net_401_vectors.yml │ ├── encrypt_masterkey.yml │ ├── examples.yml │ ├── generate_decrypt_vectors_masterkey.yml │ └── integ.yml └── release │ ├── prod-release.yml │ ├── test-release.yml │ └── validate.yml ├── compliance_exceptions ├── aws-kms-mrk-aware-master-key-provider.py ├── aws-kms-mrk-aware-master-key.py ├── aws-kms-mrk-aware-multi-keyrings.py ├── aws-kms-mrk-aware-symmetric-keyring.py └── aws-kms-mrk-aware-symmetric-region-discovery-keyring.py ├── decrypt_oracle ├── .chalice │ ├── build-requirements.py │ ├── buildspec.yaml │ ├── config.json │ ├── pipeline.py │ └── policy-dev.json ├── LICENSE ├── MANIFEST.in ├── README.rst ├── app.py ├── requirements-actual.txt ├── requirements.txt ├── setup.cfg ├── setup.py ├── src │ ├── aws_encryption_sdk_decrypt_oracle │ │ ├── __init__.py │ │ ├── app.py │ │ └── key_providers │ │ │ ├── __init__.py │ │ │ ├── counting.py │ │ │ └── null.py │ └── pylintrc ├── test │ ├── __init__.py │ ├── integration │ │ ├── __init__.py │ │ ├── integration_test_utils.py │ │ └── test_i_decrypt_oracle.py │ ├── pylintrc │ ├── requirements.txt │ ├── test_n_generate_test_vectors.py │ ├── unit │ │ ├── __init__.py │ │ └── key_providers │ │ │ ├── __init__.py │ │ │ ├── test_u_counting.py │ │ │ └── test_u_null.py │ └── vectors │ │ └── decrypt_vectors.json └── tox.ini ├── dev_requirements ├── ci-requirements.txt ├── doc-requirements.txt ├── linter-requirements.txt ├── release-requirements.txt └── test-requirements.txt ├── doc ├── conf.py └── index.rst ├── examples ├── __init__.py ├── src │ ├── __init__.py │ ├── aws_kms_discovery_keyring_example.py │ ├── aws_kms_discovery_multi_keyring_example.py │ ├── aws_kms_keyring_example.py │ ├── aws_kms_mrk_discovery_keyring_example.py │ ├── aws_kms_mrk_discovery_multi_keyring_example.py │ ├── aws_kms_mrk_keyring_example.py │ ├── aws_kms_mrk_multi_keyring_example.py │ ├── aws_kms_multi_keyring_example.py │ ├── aws_kms_rsa_keyring_example.py │ ├── branch_key_id_supplier_example.py │ ├── custom_mpl_cmm_example.py │ ├── default_cryptographic_materials_manager_example.py │ ├── file_streaming_example.py │ ├── hierarchical_keyring_example.py │ ├── legacy │ │ ├── __init__.py │ │ ├── basic_encryption.py │ │ ├── basic_file_encryption_with_multiple_providers.py │ │ ├── basic_file_encryption_with_raw_key_provider.py │ │ ├── custom_cmm_example.py │ │ ├── custom_kms_client_for_kms_provider.py │ │ ├── data_key_caching_basic.py │ │ ├── discovery_kms_provider.py │ │ ├── mrk_aware_kms_provider.py │ │ ├── multiple_kms_cmk.py │ │ ├── one_kms_cmk.py │ │ ├── one_kms_cmk_streaming_data.py │ │ ├── one_kms_cmk_unsigned.py │ │ ├── pylintrc │ │ └── set_commitment.py │ ├── migration │ │ ├── README.rst │ │ ├── migration_aws_kms_key_example.py │ │ ├── migration_raw_aes_key_example.py │ │ ├── migration_raw_rsa_key_example.py │ │ └── migration_set_commitment_policy_example.py │ ├── multi_keyring_example.py │ ├── multithreading │ │ ├── __init__.py │ │ ├── raw_aes_keyring.py │ │ └── raw_rsa_keyring.py │ ├── pylintrc │ ├── raw_aes_keyring_example.py │ ├── raw_rsa_keyring_example.py │ ├── required_encryption_context_cmm.py │ └── set_encryption_algorithm_suite_example.py └── test │ ├── README │ ├── __init__.py │ ├── legacy │ ├── __init__.py │ ├── examples_test_utils.py │ ├── pylintrc │ ├── test_i_basic_encryption.py │ ├── test_i_basic_file_encryption_with_multiple_providers.py │ ├── test_i_basic_file_encryption_with_raw_key_provider.py │ ├── test_i_custom_cmm_example.py │ ├── test_i_data_key_caching_basic.py │ ├── test_i_discovery_kms_provider.py │ ├── test_i_mrk_aware_kms_provider.py │ ├── test_i_multiple_kms_cmk.py │ ├── test_i_one_kms_cmk.py │ ├── test_i_one_kms_cmk_streaming_data.py │ ├── test_i_one_kms_cmk_unsigned.py │ ├── test_i_set_commitment.py │ └── v3_default_cmm.py │ ├── migration │ ├── __init__.py │ ├── test_i_migration_aws_kms_key_example.py │ ├── test_i_migration_raw_aes_key_example.py │ ├── test_i_migration_raw_rsa_key_example.py │ └── test_i_migration_set_commitment_policy_example.py │ ├── multithreading │ ├── __init__.py │ ├── test_i_raw_aes_keyring_multithreaded_example.py │ └── test_i_raw_rsa_keyring_multithreaded_example.py │ ├── pylintrc │ ├── test_i_aws_kms_discovery_keyring_example.py │ ├── test_i_aws_kms_discovery_multi_keyring_example.py │ ├── test_i_aws_kms_keyring_example.py │ ├── test_i_aws_kms_mrk_discovery_keyring_example.py │ ├── test_i_aws_kms_mrk_discovery_multi_keyring_example.py │ ├── test_i_aws_kms_mrk_keyring_example.py │ ├── test_i_aws_kms_mrk_multi_keyring_example.py │ ├── test_i_aws_kms_multi_keyring_example.py │ ├── test_i_aws_kms_rsa_keyring_example.py │ ├── test_i_custom_mpl_cmm_example.py │ ├── test_i_default_cryptographic_materials_manager_example.py │ ├── test_i_file_streaming_example.py │ ├── test_i_hierarchical_keyring_example.py │ ├── test_i_multi_keyring_example.py │ ├── test_i_raw_aes_keyring_example.py │ ├── test_i_raw_rsa_keyring_example.py │ ├── test_i_required_encryption_context_cmm.py │ └── test_i_set_encryption_algorithm_suite_example.py ├── park.cfg ├── performance_tests ├── README.rst ├── __init__.py ├── consolidate_results.py ├── pylintrc ├── requirements.txt ├── requirements_mpl.txt ├── results │ └── .gitkeep ├── setup.cfg ├── setup.py ├── src │ └── aws_encryption_sdk_performance_tests │ │ ├── __init__.py │ │ ├── keyrings │ │ ├── __init__.py │ │ ├── aws_kms_keyring.py │ │ ├── hierarchy_keyring.py │ │ ├── raw_aes_keyring.py │ │ └── raw_rsa_keyring.py │ │ ├── master_key_providers │ │ ├── __init__.py │ │ ├── aws_kms_master_key_provider.py │ │ ├── caching_cmm.py │ │ ├── raw_aes_master_key_provider.py │ │ └── raw_rsa_master_key_provider.py │ │ └── utils │ │ ├── __init__.py │ │ └── util.py ├── test │ ├── keyrings │ │ ├── __init__.py │ │ ├── test_aws_kms_keyring.py │ │ ├── test_hierarchy_keyring.py │ │ ├── test_raw_aes_keyring.py │ │ └── test_raw_rsa_keyring.py │ ├── master_key_providers │ │ ├── __init__.py │ │ ├── test_aws_kms_master_key_provider.py │ │ ├── test_caching_cmm.py │ │ ├── test_raw_aes_master_key_provider.py │ │ └── test_raw_rsa_master_key_provider.py │ └── resources │ │ ├── __init__.py │ │ ├── ciphertext │ │ ├── caching_cmm │ │ │ ├── ciphertext-data-empty.ct │ │ │ ├── ciphertext-data-large.ct │ │ │ ├── ciphertext-data-medium.ct │ │ │ └── ciphertext-data-small.ct │ │ ├── hierarchy │ │ │ ├── ciphertext-data-empty.ct │ │ │ ├── ciphertext-data-large.ct │ │ │ ├── ciphertext-data-medium.ct │ │ │ └── ciphertext-data-small.ct │ │ ├── kms │ │ │ ├── ciphertext-data-empty.ct │ │ │ ├── ciphertext-data-large.ct │ │ │ ├── ciphertext-data-medium.ct │ │ │ └── ciphertext-data-small.ct │ │ ├── raw_aes │ │ │ ├── ciphertext-data-empty.ct │ │ │ ├── ciphertext-data-large.ct │ │ │ ├── ciphertext-data-medium.ct │ │ │ └── ciphertext-data-small.ct │ │ └── raw_rsa │ │ │ ├── ciphertext-data-empty.ct │ │ │ ├── ciphertext-data-large.ct │ │ │ ├── ciphertext-data-medium.ct │ │ │ └── ciphertext-data-small.ct │ │ └── plaintext │ │ ├── plaintext-data-empty.dat │ │ ├── plaintext-data-large.dat │ │ ├── plaintext-data-medium.dat │ │ └── plaintext-data-small.dat └── tox.ini ├── requirements.txt ├── requirements_mpl.txt ├── setup.cfg ├── setup.py ├── src ├── aws_encryption_sdk │ ├── __init__.py │ ├── caches │ │ ├── __init__.py │ │ ├── base.py │ │ ├── local.py │ │ └── null.py │ ├── compatability.py │ ├── exceptions.py │ ├── identifiers.py │ ├── internal │ │ ├── __init__.py │ │ ├── arn.py │ │ ├── crypto │ │ │ ├── __init__.py │ │ │ ├── authentication.py │ │ │ ├── data_keys.py │ │ │ ├── elliptic_curve.py │ │ │ ├── encryption.py │ │ │ ├── iv.py │ │ │ └── wrapping_keys.py │ │ ├── defaults.py │ │ ├── deprecation.py │ │ ├── formatting │ │ │ ├── __init__.py │ │ │ ├── deserialize.py │ │ │ ├── encryption_context.py │ │ │ └── serialize.py │ │ ├── str_ops.py │ │ ├── structures.py │ │ └── utils │ │ │ ├── __init__.py │ │ │ ├── commitment.py │ │ │ ├── signature.py │ │ │ └── streams.py │ ├── key_providers │ │ ├── __init__.py │ │ ├── base.py │ │ ├── kms.py │ │ └── raw.py │ ├── materials_managers │ │ ├── __init__.py │ │ ├── base.py │ │ ├── caching.py │ │ ├── default.py │ │ └── mpl │ │ │ ├── __init__.py │ │ │ ├── cmm.py │ │ │ └── materials.py │ ├── streaming_client.py │ └── structures.py └── pylintrc ├── test ├── __init__.py ├── freeze-upstream-requirements.sh ├── functional │ ├── __init__.py │ ├── key_providers │ │ ├── __init__.py │ │ └── test_base.py │ ├── test_f_aws_encryption_sdk_client.py │ ├── test_f_commitment.py │ ├── test_f_crypto.py │ ├── test_f_crypto_iv.py │ └── test_f_xcompat.py ├── integration │ ├── README.rst │ ├── __init__.py │ ├── integration_test_utils.py │ ├── test_i_aws_encrytion_sdk_client.py │ ├── test_i_thread_safety.py │ ├── test_i_xcompat_kms.py │ └── test_kat_commitment.py ├── mpl │ ├── README.md │ ├── __init__.py │ ├── integ │ │ ├── __init__.py │ │ └── test_required_ec_cmm.py │ ├── unit │ │ ├── test_material_managers_mpl_cmm.py │ │ └── test_material_managers_mpl_materials.py │ └── utils.py ├── pylintrc ├── resources │ └── commitment-test-vectors.json ├── unit │ ├── __init__.py │ ├── test_algorithm_suite.py │ ├── test_arn.py │ ├── test_caches.py │ ├── test_caches_base.py │ ├── test_caches_crypto_cache_entry.py │ ├── test_caches_local.py │ ├── test_caches_null.py │ ├── test_commitment.py │ ├── test_compatability.py │ ├── test_crypto.py │ ├── test_crypto_authentication_signer.py │ ├── test_crypto_authentication_verifier.py │ ├── test_crypto_data_keys.py │ ├── test_crypto_elliptic_curve.py │ ├── test_crypto_encryption_decryptor.py │ ├── test_crypto_encryption_encryptor.py │ ├── test_crypto_prehashing_authenticator.py │ ├── test_crypto_wrapping_keys.py │ ├── test_defaults.py │ ├── test_deserialize.py │ ├── test_encryption_client.py │ ├── test_encryption_context.py │ ├── test_identifiers.py │ ├── test_internal_structures.py │ ├── test_material_managers.py │ ├── test_material_managers_base.py │ ├── test_material_managers_caching.py │ ├── test_material_managers_default.py │ ├── test_providers_base_master_key.py │ ├── test_providers_base_master_key_config.py │ ├── test_providers_base_master_key_provider.py │ ├── test_providers_base_master_key_provider_config.py │ ├── test_providers_kms_master_key.py │ ├── test_providers_kms_master_key_config.py │ ├── test_providers_kms_master_key_provider.py │ ├── test_providers_kms_master_key_provider_config.py │ ├── test_providers_raw_master_key.py │ ├── test_providers_raw_master_key_config.py │ ├── test_providers_raw_master_key_provider.py │ ├── test_serialize.py │ ├── test_streaming_client_configs.py │ ├── test_streaming_client_encryption_stream.py │ ├── test_streaming_client_mpl_import.py │ ├── test_streaming_client_stream_decryptor.py │ ├── test_streaming_client_stream_encryptor.py │ ├── test_structures.py │ ├── test_util_str_ops.py │ ├── test_util_streams.py │ ├── test_utils.py │ ├── test_values.py │ └── unit_test_utils.py ├── upstream-requirements-py311.txt └── upstream.md ├── test_vector_handlers ├── LICENSE ├── MANIFEST.in ├── README.rst ├── compatibility-requirements │ ├── 1.3.3 │ ├── 1.3.max │ ├── 1.7.1 │ ├── 2.0.0 │ └── latest ├── requirements.txt ├── requirements_mpl.txt ├── scripts │ └── install_mpl_test_vector_runner.sh ├── setup.cfg ├── setup.py ├── src │ ├── awses_test_vectors │ │ ├── __init__.py │ │ ├── commands │ │ │ ├── __init__.py │ │ │ ├── full_message_decrypt.py │ │ │ ├── full_message_decrypt_generate.py │ │ │ └── full_message_encrypt.py │ │ ├── internal │ │ │ ├── __init__.py │ │ │ ├── aws_kms.py │ │ │ ├── defaults.py │ │ │ ├── mpl │ │ │ │ ├── __init__.py │ │ │ │ ├── keyvectors_provider.py │ │ │ │ └── tampering_mpl_materials.py │ │ │ ├── mypy_types.py │ │ │ └── util.py │ │ └── manifests │ │ │ ├── __init__.py │ │ │ ├── full_message │ │ │ ├── __init__.py │ │ │ ├── decrypt.py │ │ │ ├── decrypt_generation.py │ │ │ └── encrypt.py │ │ │ ├── keys.py │ │ │ ├── master_key.py │ │ │ └── mpl_keyring.py │ └── pylintrc ├── test │ ├── integration │ │ ├── __init__.py │ │ ├── commands │ │ │ ├── __init__.py │ │ │ └── test_i_full_message_encrypt.py │ │ └── integration_test_utils.py │ ├── pylintrc │ └── requirements.txt └── tox.ini └── tox.ini /.coveragerc: -------------------------------------------------------------------------------- 1 | # .coveragerc file when running coverage WITHOUT coverage for the MPL 2 | # This prevents the ESDK without the MPL from considering the MPL-specific modules as "missed" coverage 3 | [run] 4 | omit = */aws_encryption_sdk/materials_managers/mpl/* 5 | 6 | [report] 7 | omit = */aws_encryption_sdk/materials_managers/mpl/* -------------------------------------------------------------------------------- /.coveragercmpl: -------------------------------------------------------------------------------- 1 | # .coveragerc file when running coverage WITH coverage for the MPL 2 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Each line is a file pattern followed by one or more owners. 2 | # https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners 3 | 4 | # Default code owner for everything is our aws-crypto-tools group 5 | * @aws/aws-crypto-tools 6 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/aws-encryption-sdk-issue.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: AWS Encryption SDK Issue 3 | about: AWS Encryption SDK Issue 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | ### Security issue notifications 11 | 12 | If you discover a potential security issue in the AWS Encryption SDK we ask that you notify AWS Security via our [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue. 13 | 14 | ### Problem: 15 | 16 | A short description of what the problem is and why we need to fix it. Add reproduction steps if necessary. 17 | 18 | ### Solution: 19 | 20 | A description of the possible solution in terms of Encryption SDK architecture. 21 | 22 | ### Out of scope: 23 | 24 | Is there anything the solution will intentionally NOT address? 25 | 26 | [//]: # (NOTE: If you believe this might be a security issue, please email aws-security@amazon.com instead of creating a GitHub issue. For more details, see the AWS Vulnerability Reporting Guide: https://aws.amazon.com/security/vulnerability-reporting/ ) 27 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | *Issue #, if available:* 2 | 3 | *Description of changes:* 4 | 5 | 6 | By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. 7 | 8 | # Check any applicable: 9 | - [ ] Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files. 10 | 11 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | # master 4 | - package-ecosystem: "pip" 5 | directory: "/dev_requirements" 6 | schedule: 7 | interval: "daily" 8 | 9 | # Github Actions 10 | - package-ecosystem: "github-actions" 11 | directory: "/" 12 | schedule: 13 | interval: "daily" -------------------------------------------------------------------------------- /.github/workflows/ci_codebuild-tests.yml: -------------------------------------------------------------------------------- 1 | name: AWS CodeBuild CI 2 | 3 | on: 4 | pull_request: 5 | push: 6 | # Run once a day 7 | schedule: 8 | - cron: "0 0 * * *" 9 | 10 | permissions: 11 | id-token: write 12 | contents: read 13 | 14 | jobs: 15 | codebuild-tests: 16 | name: AWS CodeBuild CI 17 | runs-on: ubuntu-latest 18 | strategy: 19 | matrix: 20 | python: 21 | - python_version: "38" 22 | image: "aws/codebuild/standard:5.0" 23 | - python_version: "39" 24 | image: "aws/codebuild/standard:5.0" 25 | - python_version: "310" 26 | image: "aws/codebuild/standard:6.0" 27 | - python_version: "311" 28 | image: "aws/codebuild/standard:7.0" 29 | - python_version: "312" 30 | image: "aws/codebuild/standard:7.0" 31 | codebuild_file_name: 32 | - "awses_local.yml" 33 | - "examples.yml" 34 | - "integ.yml" 35 | steps: 36 | - name: Configure AWS Credentials 37 | uses: aws-actions/configure-aws-credentials@v2 38 | with: 39 | role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }} 40 | aws-region: us-west-2 41 | role-duration-seconds: 4200 42 | - name: Run python-${{ matrix.python.python_version }} ${{ matrix.codebuild_file_name }} 43 | uses: aws-actions/aws-codebuild-run-build@v1 44 | timeout-minutes: 70 45 | with: 46 | project-name: python-esdk 47 | buildspec-override: codebuild/py${{ matrix.python.python_version }}/${{ matrix.codebuild_file_name }} 48 | image-override: ${{ matrix.python.image }} 49 | -------------------------------------------------------------------------------- /.github/workflows/ci_decrypt-oracle.yaml: -------------------------------------------------------------------------------- 1 | name: Continuous Integration tests for the decrypt oracle 2 | 3 | on: 4 | pull_request: 5 | push: 6 | # Run once a day 7 | schedule: 8 | - cron: '0 0 * * *' 9 | 10 | jobs: 11 | tests: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@v4 15 | - uses: actions/setup-python@v4 16 | with: 17 | # The oracle will run on a Python 3.9 Lamba 18 | python-version: 3.9 19 | - run: | 20 | python -m pip install --upgrade pip 21 | pip install --upgrade -r dev_requirements/ci-requirements.txt 22 | - name: run test 23 | env: 24 | TOXENV: local 25 | run: | 26 | cd decrypt_oracle 27 | tox -- -vv 28 | static-analysis: 29 | runs-on: ubuntu-latest 30 | strategy: 31 | fail-fast: false 32 | matrix: 33 | category: 34 | - bandit 35 | - readme 36 | - flake8 37 | - pylint 38 | - flake8-tests 39 | - pylint-tests 40 | steps: 41 | - uses: actions/checkout@v4 42 | - uses: actions/setup-python@v4 43 | with: 44 | python-version: 3.9 45 | - run: | 46 | python -m pip install --upgrade pip 47 | pip install --upgrade -r dev_requirements/ci-requirements.txt 48 | - name: run test 49 | env: 50 | TOXENV: ${{ matrix.category }} 51 | run: | 52 | cd decrypt_oracle 53 | tox -- -vv 54 | -------------------------------------------------------------------------------- /.github/workflows/ci_static-analysis.yaml: -------------------------------------------------------------------------------- 1 | name: Static analysis checks 2 | 3 | on: 4 | pull_request: 5 | push: 6 | # Run once a day 7 | schedule: 8 | - cron: '0 0 * * *' 9 | 10 | jobs: 11 | analysis: 12 | runs-on: ubuntu-latest 13 | strategy: 14 | fail-fast: false 15 | matrix: 16 | category: 17 | - bandit 18 | - doc8 19 | - docs 20 | - readme 21 | - flake8 22 | - pylint 23 | - flake8-tests 24 | - pylint-tests 25 | - flake8-examples 26 | - pylint-examples 27 | - black-check 28 | - isort-check 29 | steps: 30 | - uses: actions/checkout@v4 31 | - uses: actions/setup-python@v4 32 | with: 33 | python-version: 3.8 34 | - run: | 35 | python -m pip install --upgrade pip 36 | pip install --upgrade -r dev_requirements/ci-requirements.txt 37 | - name: run test 38 | env: 39 | TOXENV: ${{ matrix.category }} 40 | run: tox -- -vv 41 | -------------------------------------------------------------------------------- /.github/workflows/dependabot-auto-merge.yml: -------------------------------------------------------------------------------- 1 | # Copied from GitHub docs: 2 | # https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request 3 | 4 | name: Dependabot auto-merge 5 | on: pull_request 6 | 7 | permissions: 8 | pull-requests: write 9 | contents: write 10 | 11 | jobs: 12 | dependabot: 13 | runs-on: ubuntu-latest 14 | if: ${{ github.actor == 'dependabot[bot]' }} 15 | steps: 16 | - name: Dependabot metadata 17 | id: metadata 18 | uses: dependabot/fetch-metadata@v1.3.6 19 | with: 20 | github-token: "${{ secrets.GITHUB_TOKEN }}" 21 | - name: Enable auto-merge for Dependabot PRs 22 | if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}} 23 | run: gh pr merge --auto --merge "$PR_URL" 24 | env: 25 | PR_URL: ${{github.event.pull_request.html_url}} 26 | GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} 27 | -------------------------------------------------------------------------------- /.github/workflows/repo-sync.yml: -------------------------------------------------------------------------------- 1 | name: Repo Sync 2 | 3 | on: 4 | workflow_dispatch: # allows triggering this manually through the Actions UI 5 | 6 | jobs: 7 | repo-sync: 8 | name: Repo Sync 9 | environment: repo-sync 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | - uses: repo-sync/github-sync@v2 14 | name: Sync repo to branch 15 | with: 16 | source_repo: ${{ secrets.SOURCE_REPO }} 17 | source_branch: master 18 | destination_branch: ${{ secrets.INTERMEDIATE_BRANCH }} 19 | github_token: ${{ secrets.GITHUB_TOKEN }} 20 | - uses: repo-sync/pull-request@v2 21 | name: Create pull request 22 | with: 23 | source_branch: ${{ secrets.INTERMEDIATE_BRANCH }} 24 | destination_branch: master 25 | github_token: ${{ secrets.GITHUB_TOKEN }} 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | 3 | # Test vectors (legacy) 4 | aws_encryption_sdk_resources 5 | 6 | # OS Artifacts 7 | .DS_Store 8 | 9 | # Build Artifacts 10 | build 11 | dist 12 | docs/build 13 | /doc/generated/* 14 | 15 | # Bytecode Artifacts 16 | *.pyc 17 | *.pyo 18 | .cache* 19 | __pycache__ 20 | *.egg-info 21 | 22 | # Coverage.py, NOT .coveragerc nor .coveragercmpl 23 | .coverage 24 | .coverage.py 25 | 26 | # MyPy 27 | .mypy_cache 28 | 29 | # PyEnv 30 | .python-version 31 | 32 | # PyTest 33 | .pytest_cache 34 | # Ignore key materials generated by examples or tests 35 | test_keyrings/ 36 | # Ignore results of performance test 37 | performance_tests/results/*.csv 38 | performance_tests/results/*.pstats 39 | performance_tests/results/*.png 40 | # Ignore the memory profile logs 41 | mprofile_* 42 | 43 | # PyCharm 44 | .idea/ 45 | venv/ 46 | 47 | # Tox 48 | .tox 49 | 50 | # Chalice 51 | */.chalice/deployments 52 | */.chalice/venv 53 | /.history 54 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "test_vector_handlers/test/aws-crypto-tools-test-vector-framework"] 2 | path = test_vector_handlers/test/aws-crypto-tools-test-vector-framework 3 | url = https://github.com/awslabs/aws-crypto-tools-test-vector-framework.git 4 | [submodule "aws-encryption-sdk-specification"] 5 | path = aws-encryption-sdk-specification 6 | url = https://github.com/awslabs/aws-encryption-sdk-specification.git 7 | [submodule "test_vector_handlers/test/aws-encryption-sdk-test-vectors"] 8 | path = test_vector_handlers/test/aws-encryption-sdk-test-vectors 9 | url = https://github.com/awslabs/aws-encryption-sdk-test-vectors.git 10 | -------------------------------------------------------------------------------- /.readthedocs.yaml: -------------------------------------------------------------------------------- 1 | # .readthedocs.yaml 2 | # Read the Docs configuration file 3 | # See https://docs.readthedocs.io/en/stable/config-file/v2.html for details 4 | 5 | # Required 6 | version: 2 7 | 8 | # Set the OS, Python version and other tools you might need 9 | build: 10 | os: ubuntu-22.04 11 | tools: 12 | python: "3.8" 13 | 14 | # Build documentation in the doc/ directory with Sphinx 15 | sphinx: 16 | configuration: doc/conf.py 17 | 18 | # Don't need to build documentation for test vectors or any other 19 | # sub modules 20 | submodules: 21 | exclude: all 22 | 23 | python: 24 | install: 25 | - requirements: dev_requirements/doc-requirements.txt 26 | - method: pip 27 | path: . 28 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | ## Code of Conduct 2 | This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). 3 | For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact 4 | opensource-codeofconduct@amazon.com with any additional questions or comments. 5 | -------------------------------------------------------------------------------- /MANIFEST.in: -------------------------------------------------------------------------------- 1 | include README.rst 2 | include CHANGELOG.rst 3 | include CONTRIBUTING.rst 4 | include LICENSE 5 | include requirements.txt 6 | 7 | recursive-include doc * 8 | recursive-include test *.py 9 | recursive-include test *.json 10 | recursive-include examples *.py 11 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | AWS Encryption SDK for Python 2 | Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 | -------------------------------------------------------------------------------- /SUPPORT_POLICY.rst: -------------------------------------------------------------------------------- 1 | Overview 2 | ======== 3 | This page describes the support policy for the AWS Encryption SDK. We regularly provide the AWS Encryption SDK with updates that may contain support for new or updated APIs, new features, enhancements, bug fixes, security patches, or documentation updates. Updates may also address changes with dependencies, language runtimes, and operating systems. 4 | 5 | We recommend users to stay up-to-date with Encryption SDK releases to keep up with the latest features, security updates, and underlying dependencies. Continued use of an unsupported SDK version is not recommended and is done at the user’s discretion 6 | 7 | 8 | Major Version Lifecycle 9 | ======================== 10 | The AWS Encryption SDK follows the same major version lifecycle as the AWS SDK. For details on this lifecycle, see `AWS SDKs and Tools Maintenance Policy`_. 11 | 12 | Version Support Matrix 13 | ====================== 14 | This table describes the current support status of each major version of the AWS Encryption SDK for Python. It also shows the next status each major version will transition to, and the date at which that transition will happen. 15 | 16 | .. list-table:: 17 | :widths: 30 50 50 50 18 | :header-rows: 1 19 | 20 | * - Major version 21 | - Current status 22 | - Next status 23 | - Next status date 24 | * - 1.x 25 | - End of Support 26 | - 27 | - 28 | * - 2.x 29 | - End of Support 30 | - 31 | - 32 | * - 3.x 33 | - Maintenance 34 | - End of Support 35 | - 2026-05-20 36 | * - 4.x 37 | - General Availability 38 | - 39 | - 40 | 41 | .. _AWS SDKs and Tools Maintenance Policy: https://docs.aws.amazon.com/sdkref/latest/guide/maint-policy.html#version-life-cycle 42 | -------------------------------------------------------------------------------- /VERSIONING.rst: -------------------------------------------------------------------------------- 1 | ***************** 2 | Versioning Policy 3 | ***************** 4 | 5 | We use a three-part X.Y.Z (Major.Minor.Patch) versioning definition, as follows: 6 | 7 | * **X (Major)** version changes are significant and expected to break backwards compatibility. 8 | * **Y (Minor)** version changes are moderate changes. These include: 9 | 10 | * Significant non-breaking feature additions. 11 | * Any change to the version of a dependency. 12 | * Possible backwards-incompatible changes. These changes will be noted and explained in detail in the release notes. 13 | 14 | * **Z (Patch)** version changes are small changes. These changes will not break backwards compatibility. 15 | 16 | * Z releases will also include warning of upcoming breaking changes, whenever possible. 17 | 18 | What this means for you 19 | ======================= 20 | 21 | We recommend running the most recent version. Here are our suggestions for managing updates: 22 | 23 | * X changes will require some effort to incorporate. 24 | * Y changes will not require significant effort to incorporate. 25 | 26 | * If you have good unit and integration tests, these changes are generally safe to pick up automatically. 27 | 28 | * Z changes will not require any changes to your code. Z changes are intended to be picked up automatically. 29 | 30 | * Good unit and integration tests are always recommended. 31 | -------------------------------------------------------------------------------- /codebuild/compliance/compliance.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | phases: 4 | install: 5 | runtime-versions: 6 | nodejs: latest 7 | build: 8 | commands: 9 | - aws-encryption-sdk-specification/util/test_conditions -s 'src/**/**/*.py' -s 'compliance_exceptions/*.py' -t 'test/**/*.py' 10 | -------------------------------------------------------------------------------- /codebuild/coverage/coverage.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "coverage" 6 | 7 | phases: 8 | install: 9 | runtime-versions: 10 | python: latest 11 | build: 12 | commands: 13 | - pip install "tox < 4.0" 14 | - tox 15 | -------------------------------------------------------------------------------- /codebuild/coverage/coverage_mpl.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "mplcoverage-mpl" 6 | 7 | phases: 8 | install: 9 | runtime-versions: 10 | python: 3.11 11 | build: 12 | commands: 13 | - pip install "tox < 4.0" 14 | - tox 15 | -------------------------------------------------------------------------------- /codebuild/py310/awses_local.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py310-awses_local" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.10 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py310/decrypt_masterkey_with_js.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 6 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 8 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 10 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 12 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | 14 | phases: 15 | install: 16 | runtime-versions: 17 | python: 3.10 18 | commands: 19 | - n 16 20 | # Install the Javascript ESDK run test vectors 21 | - npm install -g @aws-crypto/integration-node 22 | 23 | pre_build: 24 | commands: 25 | # Download previously generated vectors 26 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/310_masterkey.zip 310_masterkey.zip 27 | # Repackage zip in expected format 28 | - unzip 310_masterkey.zip 29 | - cd 310_masterkey 30 | - zip -r vectors.zip . 31 | build: 32 | commands: 33 | # Decrypt generated vectors with Javascript ESDK 34 | - integration-node decrypt -v vectors.zip -------------------------------------------------------------------------------- /codebuild/py310/decrypt_masterkey_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py310-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.10 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/310_masterkey.zip 310_masterkey.zip 23 | - unzip 310_masterkey.zip 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../310_masterkey/manifest.json -------------------------------------------------------------------------------- /codebuild/py310/decrypt_net_401_vectors.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | # Runs Only the ESDK-NET v4.0.1 Decryption Vectors, testing Required EC CMM 3 | 4 | env: 5 | variables: 6 | TOXENV: "py310-full_decrypt" 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 8 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 10 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 12 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 14 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | 16 | phases: 17 | install: 18 | runtime-versions: 19 | python: 3.10 20 | pre_build: 21 | commands: 22 | # Fetch ESDK .NET v4.0.1 Test Vectors 23 | - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip 24 | - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip 25 | - curl -s --output $VECTOR_ZIP --location $VECTORS_URL 26 | - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors 27 | - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR 28 | build: 29 | commands: 30 | # NOTE: We need to pass the absolute path of the vectors 31 | - pip install "tox < 4.0" 32 | - cd $CODEBUILD_SRC_DIR/test_vector_handlers 33 | - | 34 | tox -- \ 35 | --input $UNZIPPED_VECTORS_DIR/manifest.json 36 | -------------------------------------------------------------------------------- /codebuild/py310/encrypt_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py310-full_encrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.10 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0003-awses-message-encryption.v2.json 26 | -------------------------------------------------------------------------------- /codebuild/py310/examples.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py310-examples" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.10 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py310/generate_decrypt_vectors_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py310-full_decrypt_generate" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.10 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0006-awses-message-decryption-generation.v2.json \ 26 | --output 310_masterkey 27 | - zip -r 310_masterkey.zip 310_masterkey 28 | - aws s3 cp 310_masterkey.zip s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/310_masterkey.zip 29 | -------------------------------------------------------------------------------- /codebuild/py310/integ.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py310-integ" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.10 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py311/awses_local.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-awses_local" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.11 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py311/awses_local_mpl.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-awses_local-mpl" 6 | REGION: "us-west-2" 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 8 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 10 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 12 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 14 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 16 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 17 | 18 | phases: 19 | install: 20 | runtime-versions: 21 | python: 3.11 22 | build: 23 | commands: 24 | # Build Python MPL TestVector runner from source 25 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - tox 29 | -------------------------------------------------------------------------------- /codebuild/py311/decrypt_golden_manifest_with_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | pre_build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | # Download "golden manifest" 24 | - curl -L -o python-2.3.0.zip https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip 25 | - unzip python-2.3.0.zip -d python-2.3.0 26 | build: 27 | commands: 28 | - pip install "tox < 4.0" 29 | - cd test_vector_handlers 30 | - | 31 | tox -- \ 32 | --input ../python-2.3.0/manifest.json \ 33 | --keyrings 34 | -------------------------------------------------------------------------------- /codebuild/py311/decrypt_golden_manifest_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | pre_build: 20 | commands: 21 | # Download "golden manifest" 22 | - curl -L -o python-2.3.0.zip https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip 23 | - unzip python-2.3.0.zip -d python-2.3.0 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../python-2.3.0/manifest.json 31 | -------------------------------------------------------------------------------- /codebuild/py311/decrypt_keyrings_with_js.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 6 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 8 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 10 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 12 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | 14 | phases: 15 | install: 16 | runtime-versions: 17 | python: 3.11 18 | commands: 19 | - n 16 20 | # Install the Javascript ESDK run test vectors 21 | - npm install -g @aws-crypto/integration-node 22 | 23 | pre_build: 24 | commands: 25 | # Download previously generated vectors 26 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_keyrings.zip 311_keyrings.zip 27 | # Repackage zip in expected format 28 | - unzip 311_keyrings.zip 29 | - cd 311_keyrings 30 | - zip -r vectors.zip . 31 | build: 32 | commands: 33 | # Decrypt generated vectors with Javascript ESDK 34 | - integration-node decrypt -v vectors.zip -------------------------------------------------------------------------------- /codebuild/py311/decrypt_keyrings_with_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | pre_build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | # Download previously generated vectors 24 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_keyrings.zip 311_keyrings.zip 25 | - unzip 311_keyrings.zip 26 | build: 27 | commands: 28 | - pip install "tox < 4.0" 29 | - cd test_vector_handlers 30 | - | 31 | tox -- \ 32 | --input ../311_keyrings/manifest.json \ 33 | --keyrings -------------------------------------------------------------------------------- /codebuild/py311/decrypt_keyrings_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_keyrings.zip 311_keyrings.zip 23 | - unzip 311_keyrings.zip 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../311_keyrings/manifest.json -------------------------------------------------------------------------------- /codebuild/py311/decrypt_masterkey_with_js.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 6 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 8 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 10 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 12 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | 14 | phases: 15 | install: 16 | runtime-versions: 17 | python: 3.11 18 | commands: 19 | - n 16 20 | # Install the Javascript ESDK run test vectors 21 | - npm install -g @aws-crypto/integration-node 22 | 23 | pre_build: 24 | commands: 25 | # Download previously generated vectors 26 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_masterkey.zip 311_masterkey.zip 27 | # Repackage zip in expected format 28 | - unzip 311_masterkey.zip 29 | - cd 311_masterkey 30 | - zip -r vectors.zip . 31 | build: 32 | commands: 33 | # Decrypt generated vectors with Javascript ESDK 34 | - integration-node decrypt -v vectors.zip -------------------------------------------------------------------------------- /codebuild/py311/decrypt_masterkey_with_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | pre_build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | # Download previously generated vectors 24 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_masterkey.zip 311_masterkey.zip 25 | - unzip 311_masterkey.zip 26 | build: 27 | commands: 28 | - pip install "tox < 4.0" 29 | - cd test_vector_handlers 30 | - | 31 | tox -- \ 32 | --input ../311_masterkey/manifest.json \ 33 | --keyrings -------------------------------------------------------------------------------- /codebuild/py311/decrypt_masterkey_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_masterkey.zip 311_masterkey.zip 23 | - unzip 311_masterkey.zip 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../311_masterkey/manifest.json -------------------------------------------------------------------------------- /codebuild/py311/encrypt_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_encrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - | 26 | tox -- \ 27 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0003-awses-message-encryption.v2.json \ 28 | --keyrings -------------------------------------------------------------------------------- /codebuild/py311/encrypt_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_encrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0003-awses-message-encryption.v2.json 26 | -------------------------------------------------------------------------------- /codebuild/py311/examples.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-examples" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py311/examples_mpl.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | # No TOXENV. This runs multiple environments. 6 | REGION: "us-west-2" 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 8 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 10 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 12 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 14 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | 16 | phases: 17 | install: 18 | runtime-versions: 19 | python: 3.11 20 | build: 21 | commands: 22 | - pip install "tox < 4.0" 23 | # Run non-MPL-specific tests with the MPL installed 24 | - tox -e py311-examples-mpl 25 | # Assume special role to access keystore 26 | - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Python-Role-us-west-2" --role-session-name "CB-Py311ExamplesMpl") 27 | - export TMP_ROLE 28 | - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId') 29 | - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey') 30 | - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken') 31 | - aws sts get-caller-identity 32 | # Run MPL-specific tests with special role 33 | - tox -e py311-mplexamples-mpl 34 | 35 | -------------------------------------------------------------------------------- /codebuild/py311/generate_decrypt_vectors_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt_generate-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - | 26 | tox -- \ 27 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0006-awses-message-decryption-generation.v2.json \ 28 | --output 311_keyrings \ 29 | --keyrings 30 | - zip -r 311_keyrings.zip 311_keyrings 31 | - aws s3 cp 311_keyrings.zip s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_keyrings.zip 32 | -------------------------------------------------------------------------------- /codebuild/py311/generate_decrypt_vectors_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-full_decrypt_generate" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0006-awses-message-decryption-generation.v2.json \ 26 | --output 311_masterkey 27 | - zip -r 311_masterkey.zip 311_masterkey 28 | - aws s3 cp 311_masterkey.zip s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/311_masterkey.zip 29 | -------------------------------------------------------------------------------- /codebuild/py311/integ.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-integ" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.11 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py311/integ_mpl.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py311-integ-mpl" 6 | REGION: "us-west-2" 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 8 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 10 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 12 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 14 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | 16 | phases: 17 | install: 18 | runtime-versions: 19 | python: 3.11 20 | build: 21 | commands: 22 | - pip install "tox < 4.0" 23 | - tox 24 | -------------------------------------------------------------------------------- /codebuild/py312/awses_local.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-awses_local" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.12 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py312/awses_local_mpl.yml: -------------------------------------------------------------------------------- 1 | # Runs the same tests as awses_local in an environment with the MPL installed. 2 | # This asserts existing tests continue to pass with the MPL installed. 3 | version: 0.2 4 | 5 | env: 6 | variables: 7 | TOXENV: "py312-awses_local-mpl" 8 | REGION: "us-west-2" 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 10 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 12 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 14 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 16 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 17 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 18 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 19 | 20 | phases: 21 | install: 22 | runtime-versions: 23 | python: 3.12 24 | build: 25 | commands: 26 | # Build Python MPL TestVector runner from source 27 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 28 | - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - 29 | - pyenv install --skip-existing 3.12.0 30 | - pyenv local 3.12.0 31 | - pip install --upgrade pip 32 | - pip install setuptools 33 | - pip install "tox < 4.0" 34 | - cd test_vector_handlers 35 | - tox 36 | -------------------------------------------------------------------------------- /codebuild/py312/decrypt_golden_manifest_with_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | # Download "golden manifest" 24 | - curl -L -o python-2.3.0.zip https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip 25 | - unzip python-2.3.0.zip -d python-2.3.0 26 | build: 27 | commands: 28 | - pip install "tox < 4.0" 29 | - cd test_vector_handlers 30 | - | 31 | tox -- \ 32 | --input ../python-2.3.0/manifest.json \ 33 | --keyrings 34 | -------------------------------------------------------------------------------- /codebuild/py312/decrypt_golden_manifest_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Download "golden manifest" 22 | - curl -L -o python-2.3.0.zip https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip 23 | - unzip python-2.3.0.zip -d python-2.3.0 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../python-2.3.0/manifest.json 31 | -------------------------------------------------------------------------------- /codebuild/py312/decrypt_hkeyring_with_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | # Download previously generated vectors 24 | # This manifest has coverage for both HKeyring and required encryption context CMM 25 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_hkeyring_reccmm_manifest.zip 312_hkeyring_reccmm_manifest.zip 26 | - unzip 312_hkeyring_reccmm_manifest.zip 27 | build: 28 | commands: 29 | - pip install "tox < 4.0" 30 | - cd test_vector_handlers 31 | - | 32 | tox -- \ 33 | --input ../312_hkeyring_reccmm_manifest/manifest.json \ 34 | --keyrings -------------------------------------------------------------------------------- /codebuild/py312/decrypt_hkeyring_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | # This manifest has coverage for both HKeyring and required encryption context CMM 23 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_hkeyring_reccmm_manifest.zip 312_hkeyring_reccmm_manifest.zip 24 | - unzip 312_hkeyring_reccmm_manifest.zip 25 | build: 26 | commands: 27 | - pip install "tox < 4.0" 28 | - cd test_vector_handlers 29 | - | 30 | tox -- \ 31 | --input ../312_hkeyring_reccmm_manifest/manifest.json 32 | -------------------------------------------------------------------------------- /codebuild/py312/decrypt_keyrings_with_js.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 6 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 8 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 10 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 12 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | 14 | phases: 15 | install: 16 | runtime-versions: 17 | python: 3.12 18 | commands: 19 | - n 16 20 | # Install the Javascript ESDK run test vectors 21 | - npm install -g @aws-crypto/integration-node 22 | 23 | pre_build: 24 | commands: 25 | # Download previously generated vectors 26 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_keyrings.zip 312_keyrings.zip 27 | # Repackage zip in expected format 28 | - unzip 312_keyrings.zip 29 | - cd 312_keyrings 30 | - zip -r vectors.zip . 31 | build: 32 | commands: 33 | # Decrypt generated vectors with Javascript ESDK 34 | - integration-node decrypt -v vectors.zip -------------------------------------------------------------------------------- /codebuild/py312/decrypt_keyrings_with_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | # Download previously generated vectors 24 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_keyrings.zip 312_keyrings.zip 25 | - unzip 312_keyrings.zip 26 | build: 27 | commands: 28 | - pip install "tox < 4.0" 29 | - cd test_vector_handlers 30 | - | 31 | tox -- \ 32 | --input ../312_keyrings/manifest.json \ 33 | --keyrings -------------------------------------------------------------------------------- /codebuild/py312/decrypt_keyrings_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_keyrings.zip 312_keyrings.zip 23 | - unzip 312_keyrings.zip 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../312_keyrings/manifest.json -------------------------------------------------------------------------------- /codebuild/py312/decrypt_masterkey_with_js.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 6 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 8 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 10 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 12 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | 14 | phases: 15 | install: 16 | runtime-versions: 17 | python: 3.12 18 | commands: 19 | - n 16 20 | # Install the Javascript ESDK run test vectors 21 | - npm install -g @aws-crypto/integration-node 22 | 23 | pre_build: 24 | commands: 25 | # Download previously generated vectors 26 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_masterkey.zip 312_masterkey.zip 27 | # Repackage zip in expected format 28 | - unzip 312_masterkey.zip 29 | - cd 312_masterkey 30 | - zip -r vectors.zip . 31 | build: 32 | commands: 33 | # Decrypt generated vectors with Javascript ESDK 34 | - integration-node decrypt -v vectors.zip -------------------------------------------------------------------------------- /codebuild/py312/decrypt_masterkey_with_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | # Download previously generated vectors 24 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_masterkey.zip 312_masterkey.zip 25 | - unzip 312_masterkey.zip 26 | build: 27 | commands: 28 | - pip install "tox < 4.0" 29 | - cd test_vector_handlers 30 | - | 31 | tox -- \ 32 | --input ../312_masterkey/manifest.json \ 33 | --keyrings -------------------------------------------------------------------------------- /codebuild/py312/decrypt_masterkey_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b35311ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_masterkey.zip 312_masterkey.zip 23 | - unzip 312_masterkey.zip 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../312_masterkey/manifest.json -------------------------------------------------------------------------------- /codebuild/py312/encrypt_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_encrypt-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - | 26 | tox -- \ 27 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0003-awses-message-encryption.v2.json \ 28 | --keyrings -------------------------------------------------------------------------------- /codebuild/py312/encrypt_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_encrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0003-awses-message-encryption.v2.json 26 | -------------------------------------------------------------------------------- /codebuild/py312/examples.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-examples" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py312/generate_decrypt_vectors_keyrings.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt_generate-mpl" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | build: 20 | commands: 21 | # Build Python MPL TestVector runner from source 22 | - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - | 26 | tox -- \ 27 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0006-awses-message-decryption-generation.v2.json \ 28 | --output 312_keyrings \ 29 | --keyrings 30 | - zip -r 312_keyrings.zip 312_keyrings 31 | - aws s3 cp 312_keyrings.zip s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_keyrings.zip 32 | -------------------------------------------------------------------------------- /codebuild/py312/generate_decrypt_vectors_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-full_decrypt_generate" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0006-awses-message-decryption-generation.v2.json \ 26 | --output 312_masterkey 27 | - zip -r 312_masterkey.zip 312_masterkey 28 | - aws s3 cp 312_masterkey.zip s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/312_masterkey.zip 29 | -------------------------------------------------------------------------------- /codebuild/py312/integ.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py312-integ" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.12 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py312/integ_mpl.yml: -------------------------------------------------------------------------------- 1 | # Runs the same tests as integ in an environment with the MPL installed. 2 | # This asserts existing tests continue to pass with the MPL installed. 3 | version: 0.2 4 | 5 | env: 6 | variables: 7 | TOXENV: "py312-integ-mpl" 8 | REGION: "us-west-2" 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 10 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 12 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 14 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 16 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 17 | 18 | phases: 19 | install: 20 | runtime-versions: 21 | python: 3.12 22 | build: 23 | commands: 24 | - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd - 25 | - pyenv install --skip-existing 3.12.0 26 | - pyenv local 3.12.0 27 | - pip install --upgrade pip 28 | - pip install setuptools 29 | - pip install "tox < 4.0" 30 | - tox 31 | -------------------------------------------------------------------------------- /codebuild/py38/awses_local.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py38-awses_local" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.8 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py38/decrypt_masterkey_with_js.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 6 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 8 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 10 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 12 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | 14 | phases: 15 | install: 16 | runtime-versions: 17 | python: 3.8 18 | commands: 19 | - n 16 20 | # Install the Javascript ESDK run test vectors 21 | - npm install -g @aws-crypto/integration-node 22 | 23 | pre_build: 24 | commands: 25 | # Download previously generated vectors 26 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/38_masterkey.zip 38_masterkey.zip 27 | # Repackage zip in expected format 28 | - unzip 38_masterkey.zip 29 | - cd 38_masterkey 30 | - zip -r vectors.zip . 31 | build: 32 | commands: 33 | # Decrypt generated vectors with Javascript ESDK 34 | - integration-node decrypt -v vectors.zip -------------------------------------------------------------------------------- /codebuild/py38/decrypt_masterkey_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py38-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.8 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/38_masterkey.zip 38_masterkey.zip 23 | - unzip 38_masterkey.zip 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../38_masterkey/manifest.json -------------------------------------------------------------------------------- /codebuild/py38/decrypt_net_401_vectors.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | # Runs Only the ESDK-NET v4.0.1 Decryption Vectors, testing Required EC CMM 3 | 4 | env: 5 | variables: 6 | TOXENV: "py38-full_decrypt" 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 8 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 10 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 12 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 14 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | 16 | phases: 17 | install: 18 | runtime-versions: 19 | python: 3.8 20 | pre_build: 21 | commands: 22 | # Fetch ESDK .NET v4.0.1 Test Vectors 23 | - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip 24 | - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip 25 | - curl -s --output $VECTOR_ZIP --location $VECTORS_URL 26 | - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors 27 | - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR 28 | build: 29 | commands: 30 | # NOTE: We need to pass the absolute path of the vectors 31 | - pip install "tox < 4.0" 32 | - cd $CODEBUILD_SRC_DIR/test_vector_handlers 33 | - | 34 | tox -- \ 35 | --input $UNZIPPED_VECTORS_DIR/manifest.json 36 | -------------------------------------------------------------------------------- /codebuild/py38/encrypt_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py38-full_encrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.8 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0003-awses-message-encryption.v2.json 26 | -------------------------------------------------------------------------------- /codebuild/py38/examples.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py38-examples" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.8 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py38/generate_decrypt_vectors_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py38-full_decrypt_generate" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.8 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0006-awses-message-decryption-generation.v2.json \ 26 | --output 38_masterkey 27 | - zip -r 38_masterkey.zip 38_masterkey 28 | - aws s3 cp 38_masterkey.zip s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/38_masterkey.zip 29 | -------------------------------------------------------------------------------- /codebuild/py38/integ.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py38-integ" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.8 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py39/awses_1.7.1.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-awses_1.7.1" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.9 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py39/awses_2.0.0.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-awses_2.0.0" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.9 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py39/awses_latest.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-awses_latest" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.9 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py39/awses_local.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-awses_local" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID: "xi1mwx3ttb" 15 | AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION: "us-west-2" 16 | 17 | phases: 18 | install: 19 | runtime-versions: 20 | python: 3.9 21 | build: 22 | commands: 23 | - pip install "tox < 4.0" 24 | - cd test_vector_handlers 25 | - tox 26 | -------------------------------------------------------------------------------- /codebuild/py39/decrypt_masterkey_with_js.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 6 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 8 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 10 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 12 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | 14 | phases: 15 | install: 16 | runtime-versions: 17 | python: 3.9 18 | commands: 19 | - n 16 20 | # Install the Javascript ESDK run test vectors 21 | - npm install -g @aws-crypto/integration-node 22 | 23 | pre_build: 24 | commands: 25 | # Download previously generated vectors 26 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/39_masterkey.zip 39_masterkey.zip 27 | # Repackage zip in expected format 28 | - unzip 39_masterkey.zip 29 | - cd 39_masterkey 30 | - zip -r vectors.zip . 31 | build: 32 | commands: 33 | # Decrypt generated vectors with Javascript ESDK 34 | - integration-node decrypt -v vectors.zip -------------------------------------------------------------------------------- /codebuild/py39/decrypt_masterkey_with_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-full_decrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.9 19 | pre_build: 20 | commands: 21 | # Download previously generated vectors 22 | - aws s3 cp s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/39_masterkey.zip 39_masterkey.zip 23 | - unzip 39_masterkey.zip 24 | build: 25 | commands: 26 | - pip install "tox < 4.0" 27 | - cd test_vector_handlers 28 | - | 29 | tox -- \ 30 | --input ../39_masterkey/manifest.json -------------------------------------------------------------------------------- /codebuild/py39/decrypt_net_401_vectors.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | # Runs Only the ESDK-NET v4.0.1 Decryption Vectors, testing Required EC CMM 3 | 4 | env: 5 | variables: 6 | TOXENV: "py39-full_decrypt" 7 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 8 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 9 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 10 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 11 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 12 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 13 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 14 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 15 | 16 | phases: 17 | install: 18 | runtime-versions: 19 | python: 3.9 20 | pre_build: 21 | commands: 22 | # Fetch ESDK .NET v4.0.1 Test Vectors 23 | - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip 24 | - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip 25 | - curl -s --output $VECTOR_ZIP --location $VECTORS_URL 26 | - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors 27 | - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR 28 | build: 29 | commands: 30 | # NOTE: We need to pass the absolute path of the vectors 31 | - pip install "tox < 4.0" 32 | - cd $CODEBUILD_SRC_DIR/test_vector_handlers 33 | - | 34 | tox -- \ 35 | --input $UNZIPPED_VECTORS_DIR/manifest.json 36 | -------------------------------------------------------------------------------- /codebuild/py39/encrypt_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-full_encrypt" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.9 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0003-awses-message-encryption.v2.json 26 | -------------------------------------------------------------------------------- /codebuild/py39/examples.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-examples" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.9 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/py39/generate_decrypt_vectors_masterkey.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-full_decrypt_generate" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.9 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - cd test_vector_handlers 23 | - | 24 | tox -- \ 25 | --input test/aws-crypto-tools-test-vector-framework/features/CANONICAL-GENERATED-MANIFESTS/0006-awses-message-decryption-generation.v2.json \ 26 | --output 39_masterkey 27 | - zip -r 39_masterkey.zip 39_masterkey 28 | - aws s3 cp 39_masterkey.zip s3://generated-vectors-artifacts-bucket/$CODEBUILD_RESOLVED_SOURCE_VERSION/39_masterkey.zip 29 | -------------------------------------------------------------------------------- /codebuild/py39/integ.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | TOXENV: "py39-integ" 6 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >- 7 | arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f 8 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2: >- 9 | arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2 10 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1: >- 11 | arn:aws:kms:us-west-2:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 12 | AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2: >- 13 | arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7 14 | 15 | phases: 16 | install: 17 | runtime-versions: 18 | python: 3.9 19 | build: 20 | commands: 21 | - pip install "tox < 4.0" 22 | - tox 23 | -------------------------------------------------------------------------------- /codebuild/release/prod-release.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | BRANCH: "master" 6 | secrets-manager: 7 | TWINE_USERNAME: PyPiAPIToken:username 8 | TWINE_PASSWORD: PyPiAPIToken:password 9 | 10 | phases: 11 | install: 12 | commands: 13 | - pip install "tox < 4.0" 14 | - pip install --upgrade pip 15 | runtime-versions: 16 | python: latest 17 | pre_build: 18 | commands: 19 | - git checkout $COMMIT_ID 20 | - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py) 21 | - | 22 | if expr ${FOUND_VERSION} != ${VERSION}; then 23 | echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" 24 | exit 1; 25 | fi 26 | build: 27 | commands: 28 | - tox -e park 29 | - tox -e release 30 | 31 | batch: 32 | fast-fail: true 33 | build-graph: 34 | - identifier: release_to_prod 35 | - identifier: validate_prod_release 36 | depend-on: 37 | - release_to_prod 38 | buildspec: codebuild/release/validate.yml 39 | env: 40 | variables: 41 | PIP_INDEX_URL: https://pypi.python.org/simple/ 42 | -------------------------------------------------------------------------------- /codebuild/release/test-release.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | env: 4 | variables: 5 | BRANCH: "master" 6 | secrets-manager: 7 | TWINE_USERNAME: TestPyPiAPIToken:username 8 | TWINE_PASSWORD: TestPyPiAPIToken:password 9 | 10 | phases: 11 | install: 12 | commands: 13 | - pip install "tox < 4.0" 14 | - pip install --upgrade pip 15 | runtime-versions: 16 | python: latest 17 | pre_build: 18 | commands: 19 | - git checkout $COMMIT_ID 20 | - FOUND_VERSION=$(sed -n 's/__version__ = "\(.*\)"/\1/p' src/aws_encryption_sdk/identifiers.py) 21 | - | 22 | if expr ${FOUND_VERSION} != ${VERSION}; then 23 | echo "identifiers.py version (${FOUND_VERSION}) does not match expected version (${VERSION}), stopping" 24 | exit 1; 25 | fi 26 | build: 27 | commands: 28 | - tox -e park 29 | - tox -e test-release 30 | 31 | 32 | batch: 33 | fast-fail: true 34 | build-graph: 35 | - identifier: release_to_staging 36 | - identifier: validate_staging_release 37 | depend-on: 38 | - release_to_staging 39 | buildspec: codebuild/release/validate.yml 40 | env: 41 | variables: 42 | PIP_INDEX_URL: https://test.pypi.org/simple/ 43 | PIP_EXTRA_INDEX_URL: https://pypi.python.org/simple/ 44 | -------------------------------------------------------------------------------- /codebuild/release/validate.yml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | 3 | phases: 4 | install: 5 | commands: 6 | - pip install "tox < 4.0" 7 | runtime-versions: 8 | python: latest 9 | pre_build: 10 | commands: 11 | - git clone https://github.com/aws-samples/busy-engineers-document-bucket.git 12 | - cd busy-engineers-document-bucket/exercises/python/encryption-context-complete 13 | - sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt 14 | - pyenv install --skip-existing 3.8.12 15 | - pyenv local 3.8.12 16 | - pip install "tox < 4.0" 17 | build: 18 | commands: 19 | - NUM_RETRIES=3 20 | - | 21 | while [ $NUM_RETRIES -gt 0 ] 22 | do 23 | tox -re test 24 | if [ $? -eq 0 ]; then 25 | break 26 | fi 27 | NUM_RETRIES=$((NUM_RETRIES-1)) 28 | if [ $NUM_RETRIES -eq 0 ]; then 29 | echo "All validation attempts failed, stopping" 30 | exit 1; 31 | else 32 | echo "Validation failed, retrying in 60 seconds; will retry $NUM_RETRIES more times" && sleep 60 33 | fi 34 | done 35 | -------------------------------------------------------------------------------- /compliance_exceptions/aws-kms-mrk-aware-master-key.py: -------------------------------------------------------------------------------- 1 | # Due to how Python MasterKeys and MasterKeyProviders are set up, 2 | # there are some parts of the Java-focused spec which are non-applicable 3 | 4 | # //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 5 | # //= type=exception 6 | # //# For each encrypted data key in the filtered set, one at a time, the 7 | # //# master key MUST attempt to decrypt the data key. 8 | # // Python MKs only ever attempt one EDK during one Decrypt Data Key call 9 | 10 | # //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.6 11 | # //= type=exception 12 | # //# This configuration SHOULD be on initialization and SHOULD be immutable. 13 | # // Python does not provide a good way of making fields immutable 14 | 15 | # //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 16 | # //= type=exception 17 | # //# If this attempt results in an error, then these errors MUST be collected. 18 | # // Python logs errors instead of collecting them. 19 | 20 | # //= compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt#2.9 21 | # //= type=exception 22 | # //# The set of encrypted data keys MUST first be filtered to match this 23 | # //# master key's configuration. 24 | # // Python MKs only ever deal with one EDK at a time. They are responsible 25 | # // for determining whether they should attempt to decrypt with owns_data_key. 26 | 27 | -------------------------------------------------------------------------------- /decrypt_oracle/.chalice/build-requirements.py: -------------------------------------------------------------------------------- 1 | """ 2 | Intended to be run after building the package locally, 3 | this helper tool overwrites the "requirements.txt" file that Chalice uses. 4 | This is necessary to work around how Chalice handles package source. 5 | """ 6 | import os 7 | 8 | BASE = os.path.join(os.path.abspath(os.path.dirname(__file__)), '..') 9 | 10 | 11 | def main(): 12 | """Write the requirements file for Chalice to use.""" 13 | with open(os.path.join(BASE, 'requirements.txt'), 'wb') as requirements: 14 | requirements.write(b'# Requirements for Chalice packager.' + os.linesep.encode('utf-8')) 15 | requirements.write(b'# Autogenerated. Do not hand-edit.' + os.linesep.encode('utf-8')) 16 | 17 | dist_dir = os.path.join(BASE, 'dist') 18 | for found_file in os.listdir(dist_dir): 19 | full_path = os.path.join(dist_dir, found_file) 20 | if os.path.isfile(full_path) and found_file.endswith('.whl'): 21 | requirements.write(full_path.encode('utf-8') + os.linesep.encode('utf-8')) 22 | 23 | 24 | if __name__ == '__main__': 25 | main() 26 | -------------------------------------------------------------------------------- /decrypt_oracle/.chalice/buildspec.yaml: -------------------------------------------------------------------------------- 1 | version: 0.2 2 | phases: 3 | install: 4 | commands: 5 | - pip install "tox < 4.0" 6 | build: 7 | commands: 8 | - cd decrypt_oracle 9 | - tox -e chalice-deploy 10 | artifacts: 11 | type: zip 12 | files: 13 | - decrypt_oracle/transformed.yaml 14 | -------------------------------------------------------------------------------- /decrypt_oracle/.chalice/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": "2.0", 3 | "app_name": "aws-encryption-sdk-decryption-oracle", 4 | "autogen_policy": false, 5 | "stages": { 6 | "dev": { 7 | "api_gateway_stage": "api", 8 | "environment_variables": { 9 | "CHALICE_DEBUG": "yes" 10 | } 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /decrypt_oracle/.chalice/policy-dev.json: -------------------------------------------------------------------------------- 1 | { 2 | "Version": "2012-10-17", 3 | "Statement": [ 4 | { 5 | "Effect": "Allow", 6 | "Action": [ 7 | "kms:Decrypt", 8 | "kms:Encrypt", 9 | "kms:GenerateDataKey" 10 | ], 11 | "Resource": [ 12 | "arn:aws:kms:us-west-2:658956600833:key/590fd781-ddde-4036-abec-3e1ab5a5d2ad", 13 | "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | ] 15 | }, 16 | { 17 | "Effect": "Allow", 18 | "Action": [ 19 | "logs:CreateLogGroup", 20 | "logs:CreateLogStream", 21 | "logs:PutLogEvents" 22 | ], 23 | "Resource": [ 24 | "arn:aws:logs:*:*:log-group", 25 | "arn:aws:logs:*:*:log-group:*" 26 | ] 27 | }, 28 | { 29 | "Effect": "Deny", 30 | "NotAction": [ 31 | "kms:Decrypt", 32 | "kms:Encrypt", 33 | "kms:GenerateDataKey", 34 | "logs:CreateLogGroup", 35 | "logs:CreateLogStream", 36 | "logs:PutLogEvents" 37 | ], 38 | "NotResource": [ 39 | "arn:aws:kms:us-west-2:658956600833:key/590fd781-ddde-4036-abec-3e1ab5a5d2ad", 40 | "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f", 41 | "arn:aws:logs:*:*:log-group", 42 | "arn:aws:logs:*:*:log-group:*" 43 | ] 44 | } 45 | ] 46 | } -------------------------------------------------------------------------------- /decrypt_oracle/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include README.rst 2 | include CHANGELOG.rst 3 | include CONTRIBUTING.rst 4 | include LICENSE 5 | include requirements-actual.txt 6 | 7 | recursive-include doc * 8 | recursive-include test *.py 9 | recursive-include examples *.py -------------------------------------------------------------------------------- /decrypt_oracle/README.rst: -------------------------------------------------------------------------------- 1 | #################################### 2 | aws-encryption-sdk-decryption-oracle 3 | #################################### 4 | 5 | 6 | This project provides a REST API to be used as a decryption oracle to verify 7 | that ciphertext can be successfully decrypted by the AWS Encryption SDK for Python. 8 | 9 | The API is deployed on Amazon API Gateway and backed by AWS Lambda. 10 | 11 | API v0 12 | ====== 13 | 14 | **Path** 15 | 16 | ``/v0/decrypt`` 17 | 18 | **Request** 19 | 20 | * **Method**: POST 21 | * **Body**: Raw ciphertext bytes 22 | * **Headers**: 23 | 24 | * **Content-Type**: ``application/octet-stream`` 25 | * **Accept**: ``application/octet-stream`` 26 | 27 | **Response** 28 | 29 | * 200 response code with the raw plaintext bytes as the body 30 | * 400 response code with whatever error code was encountered as the body 31 | 32 | Development 33 | =========== 34 | 35 | Building 36 | ******** 37 | 38 | The Lambda package must be built on an Amazon Linux platform as close as possible to the AWS 39 | Lambda environment. 40 | 41 | 42 | To build the Lambda package, run: ``tox -e chalice -- package {TARGET DIR}`` 43 | 44 | Deployment 45 | ********** 46 | 47 | This API is built using Chalice and can be deployed independently of any other infrastructure. 48 | 49 | To build and deploy the API, run: ``tox -e chalice -- deploy`` 50 | -------------------------------------------------------------------------------- /decrypt_oracle/app.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Shim to pull decryption oracle app into expected location for Chalice.""" 4 | from aws_encryption_sdk_decrypt_oracle.app import APP as app # noqa pylint: disable=unused-import 5 | -------------------------------------------------------------------------------- /decrypt_oracle/requirements-actual.txt: -------------------------------------------------------------------------------- 1 | # Requirements for actual package 2 | chalice 3 | aws-encryption-sdk 4 | -------------------------------------------------------------------------------- /decrypt_oracle/requirements.txt: -------------------------------------------------------------------------------- 1 | # Requirements for Chalice packager. 2 | # Autogenerated. Do not hand-edit. 3 | -------------------------------------------------------------------------------- /decrypt_oracle/setup.cfg: -------------------------------------------------------------------------------- 1 | [wheel] 2 | universal = 1 3 | 4 | [metadata] 5 | license_file = LICENSE 6 | 7 | [coverage:run] 8 | branch = True 9 | 10 | [coverage:report] 11 | show_missing = True 12 | 13 | [mypy] 14 | ignore_missing_imports = True 15 | 16 | [flake8] 17 | max_complexity = 10 18 | max_line_length = 120 19 | import_order_style = google 20 | application_import_names = aws_encryption_sdk_decryption_oracle 21 | builtins = raw_input 22 | ignore = 23 | # Ignoring D205, D400, and D401 because of false positives 24 | D205, D400, D401, 25 | # E203 is not PEP8 compliant https://github.com/ambv/black#slices 26 | E203, 27 | # W503 is not PEP8 compliant https://github.com/ambv/black#line-breaks--binary-operators 28 | W503 29 | 30 | [doc8] 31 | max-line-length = 120 32 | 33 | [isort] 34 | line_length = 120 35 | # https://github.com/timothycrosley/isort#multi-line-output-modes 36 | multi_line_output = 3 37 | include_trailing_comma = True 38 | force_grid_wrap = 0 39 | combine_as_imports = True 40 | not_skip = __init__.py 41 | known_first_party = aws_encryption_sdk_decryption_oracle 42 | known_third_party =awacs,aws_encryption_sdk,aws_encryption_sdk_decrypt_oracle,boto3,botocore,chalice,pytest,requests,setuptools,troposphere 43 | -------------------------------------------------------------------------------- /decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Decrypt Oracle using the AWS Encryption SDK for Python.""" 4 | __version__ = "0.0.1" 5 | -------------------------------------------------------------------------------- /decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/key_providers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Special key providers for use by the decrypt oracle.""" 4 | -------------------------------------------------------------------------------- /decrypt_oracle/src/pylintrc: -------------------------------------------------------------------------------- 1 | [MESSAGES CONTROL] 2 | # Disabling messages that we either don't care about for tests or are necessary to break for tests. 3 | disable = 4 | ungrouped-imports, # we let isort handle this 5 | consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation 6 | 7 | [FORMAT] 8 | max-line-length = 120 9 | 10 | [REPORTS] 11 | msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg} 12 | -------------------------------------------------------------------------------- /decrypt_oracle/test/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Dummy stub to make linters work better.""" 4 | -------------------------------------------------------------------------------- /decrypt_oracle/test/integration/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Dummy stub to make linters work better.""" 4 | -------------------------------------------------------------------------------- /decrypt_oracle/test/integration/test_i_decrypt_oracle.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Integration tests for deployed API.""" 4 | import pytest 5 | import requests 6 | 7 | from .integration_test_utils import all_test_vectors, decrypt_endpoint 8 | 9 | pytestmark = [pytest.mark.integ] 10 | 11 | 12 | @pytest.mark.parametrize("vector", all_test_vectors()) 13 | def test_all_vectors(vector): 14 | response = requests.post( 15 | decrypt_endpoint(), 16 | data=vector.ciphertext, 17 | headers={"Content-Type": "application/octet-stream", "Accept": "application/octet-stream"}, 18 | ) 19 | assert response.status_code == 200 20 | assert response.content == vector.plaintext 21 | -------------------------------------------------------------------------------- /decrypt_oracle/test/pylintrc: -------------------------------------------------------------------------------- 1 | [MESSAGES CONTROL] 2 | # Disabling messages that we either don't care about for tests or are necessary to break for tests. 3 | disable = 4 | invalid-name, # we prefer long, descriptive, names for tests 5 | missing-docstring, # we don't write docstrings for tests 6 | bad-continuation, # we let black handle this 7 | ungrouped-imports, # we let isort handle this 8 | consider-using-f-string, # disable until 2022-05-05; 6 months after 3.5 deprecation 9 | missing-timeout # disabling until we come up with a reasonable number 10 | 11 | [FORMAT] 12 | max-line-length = 120 13 | 14 | [REPORTS] 15 | msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg} 16 | -------------------------------------------------------------------------------- /decrypt_oracle/test/requirements.txt: -------------------------------------------------------------------------------- 1 | mock 2 | pytest>=3.3.1 3 | pytest-cov 4 | pytest-mock 5 | requests 6 | -------------------------------------------------------------------------------- /decrypt_oracle/test/unit/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Dummy stub to make linters work better.""" 4 | -------------------------------------------------------------------------------- /decrypt_oracle/test/unit/key_providers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Dummy stub to make linters work better.""" 4 | -------------------------------------------------------------------------------- /decrypt_oracle/test/unit/key_providers/test_u_counting.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test for ``aws_encryption_sdk_decrypt_oracle.key_providers.counting``.""" 4 | import pytest 5 | from aws_encryption_sdk_decrypt_oracle.key_providers.counting import CountingMasterKey 6 | 7 | from ...integration.integration_test_utils import CLIENT, filtered_test_vectors 8 | 9 | pytestmark = [pytest.mark.unit, pytest.mark.local] 10 | 11 | 12 | @pytest.mark.parametrize("vector", filtered_test_vectors(lambda x: x.key_type == "test_counting")) 13 | def test_counting_master_key_decrypt_vectors(vector): 14 | master_key = CountingMasterKey() 15 | 16 | plaintext, _header = CLIENT.decrypt(source=vector.ciphertext, key_provider=master_key) 17 | 18 | assert plaintext == vector.plaintext 19 | 20 | 21 | def test_counting_master_key_cycle(): 22 | plaintext = b"some super secret plaintext" 23 | master_key = CountingMasterKey() 24 | 25 | ciphertext, _header = CLIENT.encrypt(source=plaintext, key_provider=master_key) 26 | decrypted, _header = CLIENT.decrypt(source=ciphertext, key_provider=master_key) 27 | 28 | assert plaintext != ciphertext 29 | assert plaintext == decrypted 30 | -------------------------------------------------------------------------------- /decrypt_oracle/test/unit/key_providers/test_u_null.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test for ``aws_encryption_sdk_decrypt_oracle.key_providers.null``.""" 4 | import pytest 5 | from aws_encryption_sdk_decrypt_oracle.key_providers.null import NullMasterKey 6 | 7 | from ...integration.integration_test_utils import CLIENT, filtered_test_vectors 8 | 9 | pytestmark = [pytest.mark.unit, pytest.mark.local] 10 | 11 | 12 | @pytest.mark.parametrize("vector", filtered_test_vectors(lambda x: x.key_type == "null")) 13 | def test_null_master_key_decrypt_vectors(vector): 14 | master_key = NullMasterKey() 15 | plaintext, _header = CLIENT.decrypt(source=vector.ciphertext, key_provider=master_key) 16 | 17 | assert plaintext == vector.plaintext 18 | 19 | 20 | def test_null_master_key_cycle(): 21 | plaintext = b"some super secret plaintext" 22 | master_key = NullMasterKey() 23 | 24 | ciphertext, _header = CLIENT.encrypt(source=plaintext, key_provider=master_key) 25 | decrypted, _header = CLIENT.decrypt(source=ciphertext, key_provider=master_key) 26 | 27 | assert plaintext != ciphertext 28 | assert plaintext == decrypted 29 | -------------------------------------------------------------------------------- /dev_requirements/ci-requirements.txt: -------------------------------------------------------------------------------- 1 | setuptools 2 | tox==3.27.1 3 | -------------------------------------------------------------------------------- /dev_requirements/doc-requirements.txt: -------------------------------------------------------------------------------- 1 | sphinx==5.3.0 2 | sphinx_rtd_theme==1.0.0 3 | -------------------------------------------------------------------------------- /dev_requirements/linter-requirements.txt: -------------------------------------------------------------------------------- 1 | bandit==1.7.4 2 | black==24.2.0 3 | doc8==0.10.1 4 | flake8==4.0.1 5 | flake8-bugbear==22.9.11 6 | flake8-docstrings==1.7.0 7 | flake8-print==5.0.0 8 | isort==5.11.4 9 | pyflakes==2.4.0 10 | pylint==2.13.5 11 | readme_renderer==37.3 12 | seed-isort-config==2.2.0 13 | vulture==2.9.1 14 | -------------------------------------------------------------------------------- /dev_requirements/release-requirements.txt: -------------------------------------------------------------------------------- 1 | pypi-parker==0.1.2 2 | setuptools==70.0.0 3 | twine==5.1.1 4 | wheel==0.38.4 -------------------------------------------------------------------------------- /dev_requirements/test-requirements.txt: -------------------------------------------------------------------------------- 1 | mock==4.0.3 2 | pytest==7.2.1 3 | pytest-cov==4.0.0 4 | pytest-mock==3.6.1 5 | -------------------------------------------------------------------------------- /doc/index.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../README.rst 2 | 3 | ******* 4 | Modules 5 | ******* 6 | 7 | .. autosummary:: 8 | :toctree: generated 9 | 10 | aws_encryption_sdk 11 | aws_encryption_sdk.exceptions 12 | aws_encryption_sdk.identifiers 13 | aws_encryption_sdk.caches 14 | aws_encryption_sdk.caches.base 15 | aws_encryption_sdk.caches.local 16 | aws_encryption_sdk.caches.null 17 | aws_encryption_sdk.key_providers.base 18 | aws_encryption_sdk.key_providers.kms 19 | aws_encryption_sdk.key_providers.raw 20 | aws_encryption_sdk.materials_managers 21 | aws_encryption_sdk.materials_managers.base 22 | aws_encryption_sdk.materials_managers.caching 23 | aws_encryption_sdk.materials_managers.default 24 | aws_encryption_sdk.streaming_client 25 | aws_encryption_sdk.structures 26 | aws_encryption_sdk.internal 27 | aws_encryption_sdk.internal.crypto.authentication 28 | aws_encryption_sdk.internal.crypto.data_keys 29 | aws_encryption_sdk.internal.crypto.elliptic_curve 30 | aws_encryption_sdk.internal.crypto.encryption 31 | aws_encryption_sdk.internal.crypto.iv 32 | aws_encryption_sdk.internal.crypto.wrapping_keys 33 | aws_encryption_sdk.internal.defaults 34 | aws_encryption_sdk.internal.formatting 35 | aws_encryption_sdk.internal.formatting.deserialize 36 | aws_encryption_sdk.internal.formatting.encryption_context 37 | aws_encryption_sdk.internal.formatting.serialize 38 | aws_encryption_sdk.internal.str_ops 39 | aws_encryption_sdk.internal.structures 40 | aws_encryption_sdk.internal.utils 41 | 42 | .. include:: ../CHANGELOG.rst 43 | -------------------------------------------------------------------------------- /examples/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub to allow relative imports of examples from tests.""" 4 | -------------------------------------------------------------------------------- /examples/src/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /examples/src/legacy/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /examples/src/migration/README.rst: -------------------------------------------------------------------------------- 1 | ################## 2 | Migration Examples 3 | ################## 4 | 5 | The `Encryption SDK for Python`_ now uses the `AWS Cryptographic Material Providers Library`_. The MPL abstracts lower 6 | level cryptographic materials management of encryption and decryption materials. 7 | 8 | This directory contains migration examples for: 9 | 10 | #. Moving to Keyrings from Master Key Providers: 11 | * Migration example to AWS KMS keyring from AWS KMS Master Key Provider. 12 | * Migration example to Raw AES keyring from Raw AES Master Key Provider. 13 | * Migration example to Raw RSA keyring from Raw RSA Master Key Provider. 14 | 15 | #. Migration to newer versions of the ESDK (4.x+) from 1.x versions: 16 | * Setting a 'CommitmentPolicy' during migration - If you have messages encrypted with 1.x versions of the ESDK (i.e. not using key commitment) and want to migrate to encrypt with key commitment using the keyring providers introduced in ESDK 4.x, this example will guide you on how to decrypt those messages using the new version of the ESDK. 17 | 18 | .. _AWS Cryptographic Material Providers Library: https://github.com/aws/aws-cryptographic-material-providers-library 19 | .. _Encryption SDK for Python: https://github.com/aws/aws-encryption-sdk-python/tree/9c34aad60fc918c1a9186ec5215a451e8bfd0f65 -------------------------------------------------------------------------------- /examples/src/multithreading/raw_aes_keyring.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """This file contains methods to use for testing multi-threading for Raw AES keyring.""" 4 | 5 | import secrets 6 | 7 | from aws_cryptographic_material_providers.mpl import AwsCryptographicMaterialProviders 8 | from aws_cryptographic_material_providers.mpl.config import MaterialProvidersConfig 9 | from aws_cryptographic_material_providers.mpl.models import AesWrappingAlg, CreateRawAesKeyringInput 10 | from aws_cryptographic_material_providers.mpl.references import IKeyring 11 | 12 | 13 | def create_keyring(): 14 | """Demonstrate how to create a Raw AES keyring. 15 | 16 | Usage: create_keyring() 17 | """ 18 | key_name_space = "Some managed raw keys" 19 | key_name = "My 256-bit AES wrapping key" 20 | 21 | static_key = secrets.token_bytes(32) 22 | 23 | mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders( 24 | config=MaterialProvidersConfig() 25 | ) 26 | 27 | keyring_input: CreateRawAesKeyringInput = CreateRawAesKeyringInput( 28 | key_namespace=key_name_space, 29 | key_name=key_name, 30 | wrapping_key=static_key, 31 | wrapping_alg=AesWrappingAlg.ALG_AES256_GCM_IV12_TAG16 32 | ) 33 | 34 | keyring: IKeyring = mat_prov.create_raw_aes_keyring( 35 | input=keyring_input 36 | ) 37 | 38 | return keyring 39 | -------------------------------------------------------------------------------- /examples/test/README: -------------------------------------------------------------------------------- 1 | The tests in this directory all rely on the same configuration as this library's integration tests. 2 | 3 | For more information see test/integration/README 4 | -------------------------------------------------------------------------------- /examples/test/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /examples/test/legacy/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /examples/test/legacy/pylintrc: -------------------------------------------------------------------------------- 1 | [MESSAGES CONTROL] 2 | # Disabling messages that we either don't care about for tests or are necessary to break for tests. 3 | disable = 4 | invalid-name, # we prefer long, descriptive, names for tests 5 | missing-docstring, # we don't write docstrings for tests 6 | wrong-import-position, # similar to E0401, pylint does not appear to identify 7 | # unknown modules as non-standard-library. flake8 tests for this as well 8 | # and does treat them properly 9 | duplicate-code, # tests for similar things tend to be similar 10 | consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation 11 | 12 | [VARIABLES] 13 | additional-builtins = raw_input 14 | 15 | [DESIGN] 16 | max-args = 10 17 | 18 | [FORMAT] 19 | max-line-length = 120 20 | 21 | [REPORTS] 22 | msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg} 23 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_basic_encryption.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the Strings examples in the AWS-hosted documentation.""" 4 | import botocore.session 5 | import pytest 6 | 7 | from ...src.legacy.basic_encryption import cycle_string 8 | from .examples_test_utils import get_cmk_arn, static_plaintext 9 | 10 | pytestmark = [pytest.mark.examples] 11 | 12 | 13 | def test_cycle_string(): 14 | plaintext = static_plaintext 15 | cmk_arn = get_cmk_arn() 16 | cycle_string(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session()) 17 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_basic_file_encryption_with_multiple_providers.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the Bytes Streams Multiple Providers examples in the AWS-hosted documentation.""" 4 | import os 5 | import tempfile 6 | 7 | import botocore.session 8 | import pytest 9 | 10 | from ...src.legacy.basic_file_encryption_with_multiple_providers import cycle_file 11 | from .examples_test_utils import get_cmk_arn, static_plaintext 12 | 13 | pytestmark = [pytest.mark.examples] 14 | 15 | 16 | def test_cycle_file(): 17 | cmk_arn = get_cmk_arn() 18 | handle, filename = tempfile.mkstemp() 19 | with open(filename, "wb") as f: 20 | f.write(static_plaintext) 21 | try: 22 | new_files = cycle_file( 23 | key_arn=cmk_arn, source_plaintext_filename=filename, botocore_session=botocore.session.Session() 24 | ) 25 | for f in new_files: 26 | os.remove(f) 27 | finally: 28 | os.close(handle) 29 | os.remove(filename) 30 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_basic_file_encryption_with_raw_key_provider.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the Bytes Streams examples in the AWS-hosted documentation.""" 4 | import os 5 | import tempfile 6 | 7 | import pytest 8 | 9 | from ...src.legacy.basic_file_encryption_with_raw_key_provider import cycle_file 10 | from .examples_test_utils import static_plaintext 11 | 12 | pytestmark = [pytest.mark.examples] 13 | 14 | 15 | def test_cycle_file(): 16 | handle, filename = tempfile.mkstemp() 17 | with open(filename, "wb") as f: 18 | f.write(static_plaintext) 19 | try: 20 | new_files = cycle_file(source_plaintext_filename=filename) 21 | for f in new_files: 22 | os.remove(f) 23 | finally: 24 | os.close(handle) 25 | os.remove(filename) 26 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_data_key_caching_basic.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the basic data key caching example in the AWS-hosted documentation.""" 4 | import pytest 5 | 6 | from ...src.legacy.data_key_caching_basic import encrypt_with_caching 7 | from .examples_test_utils import get_cmk_arn 8 | 9 | pytestmark = [pytest.mark.examples] 10 | 11 | 12 | def test_encrypt_with_caching(): 13 | cmk_arn = get_cmk_arn() 14 | encrypt_with_caching(kms_cmk_arn=cmk_arn, max_age_in_cache=10.0, cache_capacity=10) 15 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_discovery_kms_provider.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the encryption and decryption using one KMS CMK example.""" 4 | 5 | import botocore.session 6 | import pytest 7 | 8 | from ...src.legacy.discovery_kms_provider import encrypt_decrypt 9 | from .examples_test_utils import get_cmk_arn, static_plaintext 10 | 11 | pytestmark = [pytest.mark.examples] 12 | 13 | 14 | def test_discovery_kms_provider(): 15 | plaintext = static_plaintext 16 | cmk_arn = get_cmk_arn() 17 | encrypt_decrypt(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session()) 18 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_mrk_aware_kms_provider.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the encryption and decryption using one KMS CMK example.""" 4 | 5 | import pytest 6 | 7 | from ...src.legacy.mrk_aware_kms_provider import encrypt_decrypt 8 | from .examples_test_utils import get_mrk_arn, get_second_mrk_arn, static_plaintext 9 | 10 | pytestmark = [pytest.mark.examples] 11 | 12 | 13 | def test_discovery_kms_provider(): 14 | plaintext = static_plaintext 15 | cmk_arn_1 = get_mrk_arn() 16 | cmk_arn_2 = get_second_mrk_arn() 17 | encrypt_decrypt(mrk_arn=cmk_arn_1, mrk_arn_second_region=cmk_arn_2, source_plaintext=plaintext) 18 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_multiple_kms_cmk.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the encryption and decryption using one KMS CMK example.""" 4 | 5 | import botocore.session 6 | import pytest 7 | 8 | from ...src.legacy.multiple_kms_cmk import encrypt_decrypt 9 | from .examples_test_utils import get_cmk_arn, get_second_cmk_arn, static_plaintext 10 | 11 | pytestmark = [pytest.mark.examples] 12 | 13 | 14 | def test_one_kms_cmk(): 15 | plaintext = static_plaintext 16 | cmk_arns = [get_cmk_arn(), get_second_cmk_arn()] 17 | encrypt_decrypt(key_arns=cmk_arns, source_plaintext=plaintext, botocore_session=botocore.session.Session()) 18 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_one_kms_cmk.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the encryption and decryption using one KMS CMK example.""" 4 | 5 | import botocore.session 6 | import pytest 7 | 8 | from ...src.legacy.one_kms_cmk import encrypt_decrypt 9 | from .examples_test_utils import get_cmk_arn, static_plaintext 10 | 11 | pytestmark = [pytest.mark.examples] 12 | 13 | 14 | def test_one_kms_cmk(): 15 | plaintext = static_plaintext 16 | cmk_arn = get_cmk_arn() 17 | encrypt_decrypt(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session()) 18 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_one_kms_cmk_streaming_data.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the encryption and decryption of streaming data using one KMS CMK example.""" 4 | import os 5 | import tempfile 6 | 7 | import botocore.session 8 | import pytest 9 | 10 | from ...src.legacy.one_kms_cmk_streaming_data import encrypt_decrypt_stream 11 | from .examples_test_utils import get_cmk_arn, static_plaintext 12 | 13 | pytestmark = [pytest.mark.examples] 14 | 15 | 16 | def test_one_kms_cmk_streaming_data(): 17 | cmk_arn = get_cmk_arn() 18 | handle, filename = tempfile.mkstemp() 19 | with open(filename, "wb") as f: 20 | f.write(static_plaintext) 21 | try: 22 | new_files = encrypt_decrypt_stream( 23 | key_arn=cmk_arn, source_plaintext_filename=filename, botocore_session=botocore.session.Session() 24 | ) 25 | for f in new_files: 26 | os.remove(f) 27 | finally: 28 | os.close(handle) 29 | os.remove(filename) 30 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_one_kms_cmk_unsigned.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the encryption and decryption using one KMS CMK with an unsigned algorithm example.""" 4 | 5 | import botocore.session 6 | import pytest 7 | 8 | from ...src.legacy.one_kms_cmk_unsigned import encrypt_decrypt 9 | from .examples_test_utils import get_cmk_arn, static_plaintext 10 | 11 | pytestmark = [pytest.mark.examples] 12 | 13 | 14 | def test_one_kms_cmk_unsigned(): 15 | plaintext = static_plaintext 16 | cmk_arn = get_cmk_arn() 17 | encrypt_decrypt(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session()) 18 | -------------------------------------------------------------------------------- /examples/test/legacy/test_i_set_commitment.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for the encryption and decryption using one KMS CMK example.""" 4 | 5 | import botocore.session 6 | import pytest 7 | 8 | from ...src.legacy.set_commitment import encrypt_decrypt 9 | from .examples_test_utils import get_cmk_arn, static_plaintext 10 | 11 | pytestmark = [pytest.mark.examples] 12 | 13 | 14 | def test_disable_commitment(): 15 | plaintext = static_plaintext 16 | cmk_arn = get_cmk_arn() 17 | encrypt_decrypt(key_arn=cmk_arn, source_plaintext=plaintext, botocore_session=botocore.session.Session()) 18 | -------------------------------------------------------------------------------- /examples/test/migration/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /examples/test/migration/test_i_migration_aws_kms_key_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the migration_aws_kms_key_example.""" 4 | import pytest 5 | 6 | from ...src.migration.migration_aws_kms_key_example import migration_aws_kms_key 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_migration_aws_kms_key(): 12 | """Test function for migration of AWS KMS Keys.""" 13 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | migration_aws_kms_key(kms_key_id) 15 | -------------------------------------------------------------------------------- /examples/test/migration/test_i_migration_raw_aes_key_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the migration_raw_aes_key_example.""" 4 | import pytest 5 | 6 | from ...src.migration.migration_raw_aes_key_example import migration_raw_aes_key 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_migration_raw_aes_key(): 12 | """Test function for migration of Raw AES keys.""" 13 | migration_raw_aes_key() 14 | -------------------------------------------------------------------------------- /examples/test/migration/test_i_migration_raw_rsa_key_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the migration_raw_rsa_key_example.""" 4 | import pytest 5 | 6 | from ...src.migration.migration_raw_rsa_key_example import migration_raw_rsa_key 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_migration_raw_rsa_key(): 12 | """Test function for migration of Raw RSA keys.""" 13 | migration_raw_rsa_key() 14 | -------------------------------------------------------------------------------- /examples/test/migration/test_i_migration_set_commitment_policy_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the migration_set_commitment_policy_example.""" 4 | import pytest 5 | 6 | from ...src.migration.migration_set_commitment_policy_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for setting commitment policy using the AWS KMS Keyring example.""" 13 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | encrypt_and_decrypt_with_keyring(kms_key_id) 15 | -------------------------------------------------------------------------------- /examples/test/multithreading/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /examples/test/pylintrc: -------------------------------------------------------------------------------- 1 | [MESSAGES CONTROL] 2 | # Disabling messages that we either don't care about for tests or are necessary to break for tests. 3 | disable = 4 | import-error, # ignore mpl import errors 5 | invalid-name, # we prefer long, descriptive, names for tests 6 | missing-docstring, # we don't write docstrings for tests 7 | wrong-import-position, # similar to E0401, pylint does not appear to identify 8 | # unknown modules as non-standard-library. flake8 tests for this as well 9 | # and does treat them properly 10 | duplicate-code, # tests for similar things tend to be similar 11 | consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation 12 | 13 | [VARIABLES] 14 | additional-builtins = raw_input 15 | 16 | [DESIGN] 17 | max-args = 10 18 | 19 | [FORMAT] 20 | max-line-length = 120 21 | 22 | [REPORTS] 23 | msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg} 24 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_discovery_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS Discovery keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_discovery_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS Discovery Keyring example.""" 13 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | aws_account_id = "658956600833" 15 | aws_region = "us-west-2" 16 | encrypt_and_decrypt_with_keyring(kms_key_id, aws_account_id, aws_region) 17 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_discovery_multi_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS Discovery Multi keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_discovery_multi_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS Discovery Multi Keyring example.""" 13 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | aws_account_id = "658956600833" 15 | aws_regions = ["us-east-1", "us-west-2"] 16 | encrypt_and_decrypt_with_keyring(kms_key_id, aws_account_id, aws_regions) 17 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS Keyring example.""" 13 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | encrypt_and_decrypt_with_keyring(kms_key_id) 15 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_mrk_discovery_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS MRK Discovery keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_mrk_discovery_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS MRK Discovery Keyring example.""" 13 | mrk_key_id_encrypt = \ 14 | "arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" 15 | aws_account_id = "658956600833" 16 | mrk_encrypt_region = "us-east-1" 17 | mrk_replica_decrypt_region = "eu-west-1" 18 | encrypt_and_decrypt_with_keyring(mrk_key_id_encrypt, 19 | aws_account_id, 20 | mrk_encrypt_region, 21 | mrk_replica_decrypt_region) 22 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_mrk_discovery_multi_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS MRK Discovery Multi keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_mrk_discovery_multi_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using AWS KMS MRK Discovery Multi Keyring example.""" 13 | mrk_key_id_encrypt = \ 14 | "arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" 15 | mrk_encrypt_region = "us-east-1" 16 | aws_account_id = "658956600833" 17 | aws_regions = ["us-west-2", "us-east-1"] 18 | encrypt_and_decrypt_with_keyring(mrk_key_id_encrypt, 19 | mrk_encrypt_region, 20 | aws_account_id, 21 | aws_regions) 22 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_mrk_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS MRK keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_mrk_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS MRK Keyring example.""" 13 | mrk_key_id_encrypt = \ 14 | "arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" 15 | mrk_replica_key_id_decrypt = \ 16 | "arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" 17 | mrk_encrypt_region = "us-east-1" 18 | mrk_replica_decrypt_region = "eu-west-1" 19 | encrypt_and_decrypt_with_keyring(mrk_key_id_encrypt, 20 | mrk_replica_key_id_decrypt, 21 | mrk_encrypt_region, 22 | mrk_replica_decrypt_region) 23 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_mrk_multi_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS MRK Multi keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_mrk_multi_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS MRK Multi Keyring example.""" 13 | mrk_key_id = \ 14 | "arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" 15 | kms_key_id = \ 16 | "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 17 | mrk_replica_key_id = \ 18 | "arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7" 19 | mrk_replica_decrypt_region = "eu-west-1" 20 | encrypt_and_decrypt_with_keyring(mrk_key_id, 21 | kms_key_id, 22 | mrk_replica_key_id, 23 | mrk_replica_decrypt_region) 24 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_multi_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS multi keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_multi_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS Multi Keyring example.""" 13 | default_region_kms_key_id = \ 14 | "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 15 | second_region_kms_key_id = \ 16 | "arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2" 17 | default_region = "us-west-2" 18 | second_region = "eu-central-1" 19 | encrypt_and_decrypt_with_keyring(default_region_kms_key_id, 20 | second_region_kms_key_id, 21 | default_region, 22 | second_region) 23 | -------------------------------------------------------------------------------- /examples/test/test_i_aws_kms_rsa_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the AWS KMS RSA keyring example.""" 4 | import pytest 5 | 6 | from ..src.aws_kms_rsa_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS RSA Keyring example.""" 13 | kms_rsa_key_id = "arn:aws:kms:us-west-2:370957321024:key/mrk-63d386cb70614ea59b32ad65c9315297" 14 | 15 | # THIS IS A PUBLIC RESOURCE AND SHOULD NOT BE USED IN A PRODUCTION ENVIRONMENT 16 | public_key = bytes("-----BEGIN PUBLIC KEY-----\n" 17 | + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA27Uc/fBaMVhxCE/SpCMQ" 18 | + "oSBRSzQJw+o2hBaA+FiPGtiJ/aPy7sn18aCkelaSj4kwoC79b/arNHlkjc7OJFsN" 19 | + "/GoFKgNvaiY4lOeJqEiWQGSSgHtsJLdbO2u4OOSxh8qIRAMKbMgQDVX4FR/PLKeK" 20 | + "fc2aCDvcNSpAM++8NlNmv7+xQBJydr5ce91eISbHkFRkK3/bAM+1iddupoRw4Wo2" 21 | + "r3avzrg5xBHmzR7u1FTab22Op3Hgb2dBLZH43wNKAceVwKqKA8UNAxashFON7xK9" 22 | + "yy4kfOL0Z/nhxRKe4jRZ/5v508qIzgzCksYy7Y3QbMejAtiYnr7s5/d5KWw0swou" 23 | + "twIDAQAB" 24 | + "\n-----END PUBLIC KEY-----", 'utf-8') 25 | encrypt_and_decrypt_with_keyring(kms_rsa_key_id, public_key) 26 | -------------------------------------------------------------------------------- /examples/test/test_i_custom_mpl_cmm_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for encryption and decryption using custom CMM.""" 4 | import boto3 5 | import pytest 6 | from aws_cryptographic_material_providers.mpl import AwsCryptographicMaterialProviders 7 | from aws_cryptographic_material_providers.mpl.config import MaterialProvidersConfig 8 | from aws_cryptographic_material_providers.mpl.models import CreateAwsKmsKeyringInput 9 | from aws_cryptographic_material_providers.mpl.references import IKeyring 10 | 11 | from ..src.custom_mpl_cmm_example import MPLCustomSigningSuiteOnlyCMM, encrypt_decrypt_with_cmm 12 | 13 | pytestmark = [pytest.mark.examples] 14 | 15 | 16 | def test_custom_cmm_example(): 17 | """Test method for encryption and decryption using V3 default CMM.""" 18 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 19 | 20 | # Create KMS keyring to use with the CMM 21 | kms_client = boto3.client('kms', region_name="us-west-2") 22 | 23 | mat_prov: AwsCryptographicMaterialProviders = AwsCryptographicMaterialProviders( 24 | config=MaterialProvidersConfig() 25 | ) 26 | 27 | keyring_input: CreateAwsKmsKeyringInput = CreateAwsKmsKeyringInput( 28 | kms_key_id=kms_key_id, 29 | kms_client=kms_client 30 | ) 31 | 32 | kms_keyring: IKeyring = mat_prov.create_aws_kms_keyring( 33 | input=keyring_input 34 | ) 35 | 36 | # Create the custom MPL signing CMM using the keyring 37 | cmm = MPLCustomSigningSuiteOnlyCMM(keyring=kms_keyring) 38 | 39 | encrypt_decrypt_with_cmm(cmm=cmm) 40 | -------------------------------------------------------------------------------- /examples/test/test_i_default_cryptographic_materials_manager_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the default Cryptographic Materials Manager example.""" 4 | import pytest 5 | 6 | from ..src.default_cryptographic_materials_manager_example import encrypt_and_decrypt_with_default_cmm 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_default_cmm(): 12 | """Test function for encrypt and decrypt using the default Cryptographic Materials Manager example.""" 13 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | encrypt_and_decrypt_with_default_cmm(kms_key_id) 15 | -------------------------------------------------------------------------------- /examples/test/test_i_hierarchical_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the hierarchical keyring example.""" 4 | import pytest 5 | 6 | from ..src.hierarchical_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the AWS KMS Hierarchical Keyring example.""" 13 | key_store_table_name = "KeyStoreDdbTable" 14 | kms_key_id = "arn:aws:kms:us-west-2:370957321024:key/9d989aa2-2f9c-438c-a745-cc57d3ad0126" 15 | encrypt_and_decrypt_with_keyring(key_store_table_name, key_store_table_name, kms_key_id) 16 | -------------------------------------------------------------------------------- /examples/test/test_i_multi_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the multi keyring example.""" 4 | import pytest 5 | 6 | from ..src.multi_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the Multi Keyring example.""" 13 | kms_key_id = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 14 | encrypt_and_decrypt_with_keyring(kms_key_id) 15 | -------------------------------------------------------------------------------- /examples/test/test_i_raw_aes_keyring_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the Raw AES keyring example.""" 4 | import pytest 5 | 6 | from ..src.raw_aes_keyring_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for encrypt and decrypt using the Raw AES Keyring example.""" 13 | encrypt_and_decrypt_with_keyring() 14 | -------------------------------------------------------------------------------- /examples/test/test_i_required_encryption_context_cmm.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the required encryption context CMM example.""" 4 | import pytest 5 | 6 | from ..src.required_encryption_context_cmm import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | key_arn = "arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f" 13 | encrypt_and_decrypt_with_keyring(key_arn) 14 | -------------------------------------------------------------------------------- /examples/test/test_i_set_encryption_algorithm_suite_example.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for the Set Algorithm Suite example for a Raw AES keyring.""" 4 | import pytest 5 | 6 | from ..src.set_encryption_algorithm_suite_example import encrypt_and_decrypt_with_keyring 7 | 8 | pytestmark = [pytest.mark.examples] 9 | 10 | 11 | def test_encrypt_and_decrypt_with_keyring(): 12 | """Test function for setting an algorithm suite in a Raw AES Keyring.""" 13 | encrypt_and_decrypt_with_keyring() 14 | -------------------------------------------------------------------------------- /park.cfg: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | version: 1.0.2 3 | author: Amazon Web Services 4 | author_email: aws-cryptools@amazon.com 5 | url: http://aws-encryption-sdk-python.readthedocs.io/en/latest/ 6 | description: Did you mean to install aws-encryption-sdk? 7 | long_description: 8 | This package has been parked by {author} to protect you against packages 9 | adopting names that might be common mistakes when looking for ours. You probably 10 | wanted to install aws-encryption-sdk. For more information, see {url}. 11 | description_keys: 12 | author 13 | url 14 | 15 | [names] 16 | awsencryptionsdk: 17 | aws-encyrption-sdk: 18 | awsencyrptionsdk: 19 | aws-encrpytion-sdk: 20 | awsencrpytionsdk: 21 | aws-encrytpion-sdk: 22 | awsencrytpionsdk: 23 | aws-encryption: 24 | awsencryption: 25 | aws-encyrption: 26 | awsencyrption: 27 | aws-encrpytion: 28 | awsencrpytion: 29 | aws-encrytpion: 30 | awsencrytpion: -------------------------------------------------------------------------------- /performance_tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /performance_tests/requirements.txt: -------------------------------------------------------------------------------- 1 | attrs >= 17.4.0 2 | aws-encryption-sdk>=2.3.0 3 | pytest>=3.3.1 4 | tqdm 5 | click 6 | -------------------------------------------------------------------------------- /performance_tests/requirements_mpl.txt: -------------------------------------------------------------------------------- 1 | aws-cryptographic-material-providers>=1.7.4,<=1.10.0 -------------------------------------------------------------------------------- /performance_tests/results/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/results/.gitkeep -------------------------------------------------------------------------------- /performance_tests/setup.cfg: -------------------------------------------------------------------------------- 1 | [wheel] 2 | universal = 1 3 | 4 | [metadata] 5 | license_file = LICENSE 6 | 7 | [coverage:run] 8 | branch = True 9 | 10 | [coverage:report] 11 | show_missing = True 12 | 13 | [mypy] 14 | ignore_missing_imports = True 15 | 16 | [flake8] 17 | max_complexity = 10 18 | max_line_length = 120 19 | import_order_style = google 20 | application_import_names = aws_encryption_sdk_cli 21 | builtins = raw_input 22 | ignore = 23 | # Ignoring D205 and D400 because of false positives 24 | D205, D400, 25 | # E203 is not PEP8 compliant https://github.com/ambv/black#slices 26 | E203, 27 | # W503 is not PEP8 compliant https://github.com/ambv/black#line-breaks--binary-operators 28 | W503 29 | 30 | [doc8] 31 | max-line-length = 120 32 | 33 | [isort] 34 | line_length = 120 35 | # https://github.com/timothycrosley/isort#multi-line-output-modes 36 | multi_line_output = 3 37 | include_trailing_comma = True 38 | force_grid_wrap = 0 39 | combine_as_imports = True 40 | not_skip = __init__.py 41 | known_third_party = attr,aws_encryption_sdk,pytest,setuptools,six 42 | -------------------------------------------------------------------------------- /performance_tests/setup.py: -------------------------------------------------------------------------------- 1 | """Performance test for the AWS Encryption SDK for Python.""" 2 | import os 3 | import re 4 | 5 | from setuptools import find_packages, setup 6 | 7 | VERSION_RE = re.compile(r"""__version__ = ['"]([0-9.]+)['"]""") 8 | HERE = os.path.abspath(os.path.dirname(__file__)) 9 | 10 | 11 | def read(*args): 12 | """Read complete file contents.""" 13 | return open(os.path.join(HERE, *args), encoding="utf-8").read() # pylint: disable=consider-using-with 14 | 15 | 16 | def get_version(): 17 | """Read the version from this module.""" 18 | init = read("src", "aws_encryption_sdk_performance_tests", "__init__.py") 19 | return VERSION_RE.search(init).group(1) 20 | 21 | 22 | setup( 23 | name="aws-encryption-sdk-performance-tests", 24 | packages=find_packages("src"), 25 | package_dir={"": "src"}, 26 | author="Amazon Web Services", 27 | maintainer="Amazon Web Services", 28 | author_email="aws-cryptools@amazon.com", 29 | url="https://github.com/awslabs/aws-encryption-sdk-python", 30 | description="Performance tests for the AWS Encryption SDK for Python", 31 | keywords="aws-encryption-sdk aws kms encryption", 32 | license="Apache License 2.0", 33 | version=get_version(), 34 | ) 35 | -------------------------------------------------------------------------------- /performance_tests/src/aws_encryption_sdk_performance_tests/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | __version__ = "0.1.0" 5 | -------------------------------------------------------------------------------- /performance_tests/src/aws_encryption_sdk_performance_tests/keyrings/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /performance_tests/src/aws_encryption_sdk_performance_tests/master_key_providers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /performance_tests/src/aws_encryption_sdk_performance_tests/utils/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /performance_tests/test/keyrings/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /performance_tests/test/master_key_providers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /performance_tests/test/resources/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Stub module indicator to make linter configuration simpler.""" 4 | -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-empty.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-large.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-large.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-medium.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-medium.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/caching_cmm/ciphertext-data-small.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-empty.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-empty.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-large.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-large.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-medium.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-medium.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-small.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/hierarchy/ciphertext-data-small.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/kms/ciphertext-data-empty.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/kms/ciphertext-data-empty.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/kms/ciphertext-data-large.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/kms/ciphertext-data-large.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/kms/ciphertext-data-medium.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/kms/ciphertext-data-medium.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/kms/ciphertext-data-small.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/kms/ciphertext-data-small.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-empty.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-empty.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-large.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-large.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-medium.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-medium.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-small.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_aes/ciphertext-data-small.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-empty.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-empty.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-large.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-large.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-medium.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-medium.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-small.ct: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/ciphertext/raw_rsa/ciphertext-data-small.ct -------------------------------------------------------------------------------- /performance_tests/test/resources/plaintext/plaintext-data-empty.dat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/performance_tests/test/resources/plaintext/plaintext-data-empty.dat -------------------------------------------------------------------------------- /performance_tests/test/resources/plaintext/plaintext-data-small.dat: -------------------------------------------------------------------------------- 1 | Lorem ipsum dolor sit amet, consect. -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | boto3>=1.10.0 2 | cryptography>=3.4.6 3 | attrs>=17.4.0 4 | wrapt>=1.10.11 5 | -------------------------------------------------------------------------------- /requirements_mpl.txt: -------------------------------------------------------------------------------- 1 | aws-cryptographic-material-providers>=1.7.4,<=1.10.0 2 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/compatability.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Contains logic for checking ESDK and Python Version""" 4 | import sys 5 | import warnings 6 | 7 | DEPRECATION_DATE_MAP = {"1.x": "2022-06-30", "2.x": "2022-07-01"} 8 | 9 | 10 | def _warn_deprecated_python(): 11 | """Template for deprecation of Python warning.""" 12 | deprecated_versions = { 13 | (2, 7): {"date": DEPRECATION_DATE_MAP["2.x"]}, 14 | (3, 4): {"date": DEPRECATION_DATE_MAP["2.x"]}, 15 | (3, 5): {"date": "2021-11-10"}, 16 | (3, 7): {"date": "2024-03-04"}, 17 | } 18 | py_version = (sys.version_info.major, sys.version_info.minor) 19 | minimum_version = (3, 8) 20 | 21 | if py_version in deprecated_versions: 22 | params = deprecated_versions[py_version] 23 | warning = ( 24 | "aws-encryption-sdk will no longer support Python {}.{} " 25 | "starting {}. To continue receiving service updates, " 26 | "bug fixes, and security updates please upgrade to Python {}.{} or " 27 | "later. For more information, see SUPPORT_POLICY.rst: " 28 | "https://github.com/aws/aws-encryption-sdk-python/blob/master/SUPPORT_POLICY.rst" 29 | ).format(py_version[0], py_version[1], params["date"], minimum_version[0], minimum_version[1]) 30 | warnings.warn(warning, DeprecationWarning) 31 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/internal/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Internal Implementation Details 4 | 5 | .. warning:: 6 | No guarantee is provided on the modules and APIs within this 7 | namespace staying consistent. Directly reference at your own risk. 8 | """ 9 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/internal/crypto/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Cryptographic modules.""" 4 | # Backwards compatible import for use by RawMasterKeyProvider implementations. 5 | from .wrapping_keys import WrappingKey # noqa 6 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/internal/deprecation.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Module containing utilities for deprecated components.""" 4 | import functools 5 | import warnings 6 | 7 | 8 | def deprecated(reason): 9 | """Decorator to apply to classes to emit deprecation warnings.""" 10 | def decorator(cls): 11 | # If class does not define init, 12 | # its default init it Python's object.__init__, 13 | # which does nothing, but cannot be wrapped. 14 | if cls.__init__ is object.__init__: 15 | # Make a new init that just emits this deprecation warning. 16 | def new_init(self, *args, **kwargs): # pylint: disable=unused-argument 17 | warnings.warn(f"{cls.__name__} is deprecated: {reason}", 18 | category=DeprecationWarning, stacklevel=2) 19 | else: 20 | original_init = cls.__init__ 21 | 22 | # Wrap the original init method with a deprecation warning. 23 | @functools.wraps(cls.__init__) 24 | def new_init(self, *args, **kwargs): 25 | warnings.warn(f"{cls.__name__} is deprecated: {reason}", 26 | category=DeprecationWarning, stacklevel=2) 27 | original_init(self, *args, **kwargs) 28 | 29 | cls.__init__ = new_init 30 | return cls 31 | 32 | return decorator 33 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/internal/str_ops.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Helper functions for consistently obtaining str and bytes objects in both Python2 and Python3.""" 4 | import codecs 5 | 6 | import six 7 | 8 | import aws_encryption_sdk.internal.defaults 9 | 10 | 11 | def to_str(data): 12 | """Takes an input str or bytes object and returns an equivalent str object. 13 | 14 | :param data: Input data 15 | :type data: str or bytes 16 | :returns: Data normalized to str 17 | :rtype: str 18 | """ 19 | if isinstance(data, bytes): 20 | return codecs.decode(data, aws_encryption_sdk.internal.defaults.ENCODING) 21 | return data 22 | 23 | 24 | def to_bytes(data): 25 | """Takes an input str or bytes object and returns an equivalent bytes object. 26 | 27 | :param data: Input data 28 | :type data: str or bytes 29 | :returns: Data normalized to bytes 30 | :rtype: bytes 31 | """ 32 | if isinstance(data, six.string_types) and not isinstance(data, bytes): 33 | return codecs.encode(data, aws_encryption_sdk.internal.defaults.ENCODING) 34 | return data 35 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/internal/utils/signature.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Helper functions for validating signature policies and algorithms for the AWS Encryption SDK.""" 4 | 5 | from enum import Enum 6 | 7 | from aws_encryption_sdk.exceptions import ActionNotAllowedError 8 | 9 | 10 | class SignaturePolicy(Enum): 11 | """Controls algorithm suites that can be used on encryption and decryption.""" 12 | 13 | ALLOW_ENCRYPT_ALLOW_DECRYPT = 0 14 | ALLOW_ENCRYPT_FORBID_DECRYPT = 1 15 | 16 | 17 | def validate_signature_policy_on_decrypt(signature_policy, algorithm): 18 | """Validates that the provided algorithm does not violate the signature policy for a decrypt request.""" 19 | if signature_policy == SignaturePolicy.ALLOW_ENCRYPT_FORBID_DECRYPT and algorithm.is_signing(): 20 | error_message = ( 21 | "Configuration conflict. Cannot decrypt signed message in decrypt-unsigned mode. Algorithm ID was {}. " 22 | ) 23 | raise ActionNotAllowedError(error_message.format(algorithm.algorithm_id)) 24 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/key_providers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """All provided master key provider and master keys.""" 4 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/materials_managers/base.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Base class interface for crypto material managers.""" 4 | import abc 5 | 6 | import six 7 | 8 | 9 | @six.add_metaclass(abc.ABCMeta) 10 | class CryptoMaterialsManager(object): 11 | """Parent interface for crypto material manager classes. 12 | 13 | .. versionadded:: 1.3.0 14 | """ 15 | 16 | @abc.abstractmethod 17 | def get_encryption_materials(self, request): 18 | """Provides encryption materials appropriate for the request. 19 | 20 | .. note:: 21 | Must be implemented by specific CryptoMaterialsManager implementations. 22 | 23 | :param request: encryption materials request 24 | :type request: aws_encryption_sdk.materials_managers.EncryptionMaterialsRequest 25 | :returns: encryption materials 26 | :rtype: aws_encryption_sdk.materials_managers.EncryptionMaterials 27 | """ 28 | 29 | @abc.abstractmethod 30 | def decrypt_materials(self, request): 31 | """Provides decryption materials appropriate for the request. 32 | 33 | .. note:: 34 | Must be implemented by specific CryptoMaterialsManager implementations. 35 | 36 | :param request: decrypt materials request 37 | :type request: aws_encryption_sdk.materials_managers.DecryptionMaterialsRequest 38 | :returns: decryption materials 39 | :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials 40 | """ 41 | -------------------------------------------------------------------------------- /src/aws_encryption_sdk/materials_managers/mpl/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Modules related to the MPL's materials managers interfaces. 4 | 5 | The aws-cryptographic-materials-library MUST be installed to use these modules. 6 | """ 7 | -------------------------------------------------------------------------------- /test/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | -------------------------------------------------------------------------------- /test/freeze-upstream-requirements.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Minimal wrapper script for upstream requirements install and freeze. 3 | # We do this here rather than as tox commands because tox does not support output redirection. 4 | if [ -z ${1} ]; then 5 | exit 1 6 | fi 7 | 8 | pip install -r requirements.txt 9 | pip install -r dev_requirements/test-requirements.txt 10 | pip freeze > ${1} 11 | -------------------------------------------------------------------------------- /test/functional/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | -------------------------------------------------------------------------------- /test/functional/key_providers/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | -------------------------------------------------------------------------------- /test/integration/README.rst: -------------------------------------------------------------------------------- 1 | ************************************ 2 | aws-encryption-sdk Integration Tests 3 | ************************************ 4 | 5 | In order to run these integration tests successfully, these things must be configured. 6 | 7 | #. Ensure that AWS credentials are available in one of the `automatically discoverable credential locations`_. 8 | #. Set environment the following environment variables to valid 9 | `AWS KMS key id`_ to use for integration tests: 10 | 11 | * AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID 12 | * AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2 13 | 14 | #. Set environment the following environment variables to two related 15 | AWS KMS Multi-Region key ids in different regions to use for integration tests: 16 | 17 | * AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1 18 | * AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 19 | 20 | .. _automatically discoverable credential locations: http://boto3.readthedocs.io/en/latest/guide/configuration.html 21 | .. _AWS KMS key id: http://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html 22 | -------------------------------------------------------------------------------- /test/integration/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | -------------------------------------------------------------------------------- /test/mpl/README.md: -------------------------------------------------------------------------------- 1 | Tests in this directory REQUIRE the [aws-cryptographic-material-providers](https://github.com/aws/aws-cryptographic-material-providers-library) library to execute. -------------------------------------------------------------------------------- /test/mpl/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Module testing components that use the MPL. 4 | 5 | The aws-cryptographic-materials-library MUST be installed to run tests in this module. 6 | """ 7 | -------------------------------------------------------------------------------- /test/mpl/integ/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | -------------------------------------------------------------------------------- /test/unit/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | -------------------------------------------------------------------------------- /test/unit/test_algorithm_suite.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for aws_encryption_sdk.identifiers.AlgorithmSuite.""" 4 | import pytest 5 | 6 | from aws_encryption_sdk.identifiers import AlgorithmSuite 7 | 8 | 9 | @pytest.mark.parametrize( 10 | "suite", 11 | ( 12 | AlgorithmSuite.AES_256_GCM_HKDF_SHA512_COMMIT_KEY, 13 | AlgorithmSuite.AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384, 14 | ), 15 | ) 16 | def test_committing_suites_properties(suite): 17 | assert suite.is_committing() 18 | assert suite.message_format_version == 0x02 19 | assert suite.message_id_length() == 32 20 | 21 | 22 | @pytest.mark.parametrize( 23 | "suite", 24 | ( 25 | AlgorithmSuite.AES_128_GCM_IV12_TAG16, 26 | AlgorithmSuite.AES_192_GCM_IV12_TAG16, 27 | AlgorithmSuite.AES_256_GCM_IV12_TAG16, 28 | AlgorithmSuite.AES_128_GCM_IV12_TAG16_HKDF_SHA256, 29 | AlgorithmSuite.AES_192_GCM_IV12_TAG16_HKDF_SHA256, 30 | AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA256, 31 | AlgorithmSuite.AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256, 32 | AlgorithmSuite.AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, 33 | AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, 34 | ), 35 | ) 36 | def test_noncommitting_suites_properties(suite): 37 | assert not suite.is_committing() 38 | assert suite.message_format_version == 0x01 39 | assert suite.message_id_length() == 16 40 | -------------------------------------------------------------------------------- /test/unit/test_caches_base.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for CryptoMaterialsCache""" 4 | import pytest 5 | 6 | from aws_encryption_sdk.caches.base import CryptoMaterialsCache 7 | 8 | pytestmark = [pytest.mark.unit, pytest.mark.local] 9 | 10 | 11 | def test_abstracts(): 12 | with pytest.raises(TypeError, match='instantiate abstract class CryptoMaterialsCache') as excinfo: 13 | CryptoMaterialsCache() 14 | 15 | exception = str(excinfo.value) 16 | method_names = [ 17 | "get_decryption_materials", 18 | "get_encryption_materials", 19 | "put_decryption_materials", 20 | "put_encryption_materials" 21 | ] 22 | for name in method_names: 23 | if exception.rfind(name) == -1: 24 | raise AssertionError("{} missing from Exception Message".format(name)) 25 | -------------------------------------------------------------------------------- /test/unit/test_compatability.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite for aws_encryption_sdk.compatability""" 4 | import sys 5 | 6 | import mock 7 | import pytest 8 | 9 | from aws_encryption_sdk.compatability import _warn_deprecated_python 10 | 11 | pytestmark = [pytest.mark.unit, pytest.mark.local] 12 | 13 | 14 | class TestWarnDeprecatedPython: 15 | def test_happy_version(self): 16 | with mock.patch.object(sys, "version_info") as v_info: 17 | v_info.major = 3 18 | v_info.minor = 6 19 | with pytest.warns(None) as record: 20 | _warn_deprecated_python() 21 | assert len(record) == 0 22 | 23 | def test_below_warn(self): 24 | with mock.patch.object(sys, "version_info") as v_info: 25 | v_info.major = 2 26 | v_info.minor = 7 27 | with pytest.warns(DeprecationWarning): 28 | _warn_deprecated_python() 29 | -------------------------------------------------------------------------------- /test/unit/test_defaults.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite to verify calculated values in aws_encryption_sdk.internal.defaults""" 4 | import pytest 5 | 6 | import aws_encryption_sdk.internal.defaults 7 | 8 | pytestmark = [pytest.mark.unit, pytest.mark.local] 9 | 10 | 11 | class TestDefaults(object): 12 | def test_max_frame_count(self): 13 | max_frame_count = pow(2, 32) - 1 14 | assert aws_encryption_sdk.internal.defaults.MAX_FRAME_COUNT == max_frame_count 15 | 16 | def test_max_frame_size(self): 17 | max_frame_size = pow(2, 31) - 1 18 | assert aws_encryption_sdk.internal.defaults.MAX_FRAME_SIZE == max_frame_size 19 | 20 | def test_max_non_framed_size(self): 21 | max_non_framed_size = pow(2, 36) - 32 22 | assert aws_encryption_sdk.internal.defaults.MAX_NON_FRAMED_SIZE == max_non_framed_size 23 | 24 | def test_max_byte_array_size(self): 25 | max_byte_array_size = pow(2, 16) - 1 26 | assert aws_encryption_sdk.internal.defaults.MAX_BYTE_ARRAY_SIZE == max_byte_array_size 27 | -------------------------------------------------------------------------------- /test/unit/test_material_managers_base.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test suite for aws_encryption_sdk.materials_managers.base""" 4 | import pytest 5 | 6 | from aws_encryption_sdk.materials_managers.base import CryptoMaterialsManager 7 | 8 | pytestmark = [pytest.mark.unit, pytest.mark.local] 9 | 10 | 11 | def test_abstracts(): 12 | with pytest.raises(TypeError, match='instantiate abstract class CryptoMaterialsManager') as excinfo: 13 | CryptoMaterialsManager() 14 | method_names = ["decrypt_materials", "get_encryption_materials"] 15 | exception = str(excinfo.value) 16 | for name in method_names: 17 | if exception.rfind(name) == -1: 18 | raise AssertionError("{} missing from Exception Message".format(name)) 19 | -------------------------------------------------------------------------------- /test/unit/test_providers_base_master_key_config.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite to validate aws_encryption_sdk.key_providers.base.MasterKeyConfig""" 4 | import pytest 5 | 6 | from aws_encryption_sdk.key_providers.base import MasterKeyConfig 7 | 8 | from .unit_test_utils import all_invalid_kwargs, all_valid_kwargs 9 | 10 | pytestmark = [pytest.mark.unit, pytest.mark.local] 11 | 12 | 13 | class FakeMasterKeyConfig(MasterKeyConfig): 14 | provider_id = None 15 | 16 | 17 | VALID_KWARGS = {FakeMasterKeyConfig: [dict(key_id="a key id"), dict(key_id=b"a key id")]} 18 | 19 | 20 | @pytest.mark.parametrize("cls, kwargs", all_valid_kwargs(VALID_KWARGS)) 21 | def test_attributes_valid_kwargs(cls, kwargs): 22 | cls(**kwargs) 23 | 24 | 25 | @pytest.mark.parametrize("cls, kwargs", all_invalid_kwargs(VALID_KWARGS)) 26 | def test_attributes_invalid_kwargs(cls, kwargs): 27 | with pytest.raises(TypeError): 28 | cls(**kwargs) 29 | 30 | 31 | @pytest.mark.parametrize("key_id", (b"key", "key")) 32 | def test_attributes_converts(key_id): 33 | test = FakeMasterKeyConfig(key_id=key_id) 34 | assert isinstance(test.key_id, bytes) 35 | 36 | 37 | def test_provider_id_enforcement(): 38 | class TestConfig(MasterKeyConfig): 39 | pass 40 | 41 | with pytest.raises(TypeError) as excinfo: 42 | TestConfig(key_id="a key") 43 | 44 | excinfo.match(r'Instances of MasterKeyConfig must have a "provider_id" attribute defined.') 45 | -------------------------------------------------------------------------------- /test/unit/test_providers_base_master_key_provider_config.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite to validate aws_encryption_sdk.key_providers.base.MasterKeyProviderConfig""" 4 | from aws_encryption_sdk.key_providers.base import MasterKeyProviderConfig # noqa pylint: disable=unused-import 5 | 6 | # Nothing to test at this time, but import will ensure that it exists. 7 | # If this MasterKeyProviderConfig has attributes added in the future, they should be tested here. 8 | -------------------------------------------------------------------------------- /test/unit/test_streaming_client_mpl_import.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Unit test suite to validate aws_encryption_sdk.streaming_client MPL import logic.""" 4 | 5 | import pytest 6 | 7 | import aws_encryption_sdk.streaming_client 8 | 9 | pytestmark = [pytest.mark.unit, pytest.mark.local] 10 | 11 | 12 | # Check if MPL is installed, and skip tests based on its installation status 13 | # Ideally, this logic would be based on mocking imports and testing logic, 14 | # but doing that introduces errors that cause other tests to fail. 15 | try: 16 | import aws_cryptographic_material_providers # noqa pylint: disable=unused-import 17 | HAS_MPL = True 18 | except ImportError: 19 | HAS_MPL = False 20 | 21 | 22 | @pytest.mark.skipif(not HAS_MPL, reason="Test should only be executed with MPL in installation") 23 | def test_GIVEN_test_has_mpl_is_True_THEN_streaming_client_has_mpl_is_True(): 24 | """If the MPL IS installed in the runtime environment, 25 | assert the streaming client has _HAS_MPL set to True""" 26 | 27 | assert hasattr(aws_encryption_sdk.streaming_client, "_HAS_MPL") 28 | assert aws_encryption_sdk.streaming_client._HAS_MPL is True 29 | 30 | 31 | @pytest.mark.skipif(HAS_MPL, reason="Test should only be executed without MPL in installation") 32 | def test_GIVEN_test_has_mpl_is_False_THEN_streaming_client_has_mpl_is_False(): 33 | """If the MPL IS NOT installed in the runtime environment, 34 | assert the streaming client has _HAS_MPL set to False""" 35 | 36 | assert hasattr(aws_encryption_sdk.streaming_client, "_HAS_MPL") 37 | assert aws_encryption_sdk.streaming_client._HAS_MPL is False 38 | -------------------------------------------------------------------------------- /test/unit/test_util_str_ops.py: -------------------------------------------------------------------------------- 1 | # -*- coding: utf-8 -*- 2 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 3 | # SPDX-License-Identifier: Apache-2.0 4 | """Test suite for aws_encryption_sdk.internal.str_ops""" 5 | import codecs 6 | 7 | import pytest 8 | 9 | import aws_encryption_sdk.internal.str_ops 10 | 11 | pytestmark = [pytest.mark.unit, pytest.mark.local] 12 | 13 | 14 | class TestStrOps(object): 15 | def test_to_str_str2str(self): 16 | test = aws_encryption_sdk.internal.str_ops.to_str("asdf") 17 | assert test == "asdf" 18 | 19 | def test_to_str_bytes2str(self): 20 | test = aws_encryption_sdk.internal.str_ops.to_str(b"asdf") 21 | assert test == "asdf" 22 | 23 | def test_to_bytes_str2bytes(self): 24 | test = aws_encryption_sdk.internal.str_ops.to_bytes("asdf") 25 | assert test == b"asdf" 26 | 27 | def test_to_bytes_bytes2bytes(self): 28 | test = aws_encryption_sdk.internal.str_ops.to_bytes(b"\x3a\x00\x99") 29 | assert test == b"\x3a\x00\x99" 30 | 31 | def test_to_str_bytes2unicode(self): 32 | test = aws_encryption_sdk.internal.str_ops.to_str(codecs.encode("Предисловие", "utf-8")) 33 | assert test == "Предисловие" 34 | 35 | def test_to_str_unicode2unicode(self): 36 | test = aws_encryption_sdk.internal.str_ops.to_str("Предисловие") 37 | assert test == "Предисловие" 38 | 39 | def test_to_str_unicode2bytes(self): 40 | test = aws_encryption_sdk.internal.str_ops.to_bytes("Предисловие") 41 | assert test == codecs.encode("Предисловие", "utf-8") 42 | 43 | def test_to_bytes_utf82utf8(self): 44 | test = aws_encryption_sdk.internal.str_ops.to_bytes(codecs.encode("Предисловие", "utf-8")) 45 | assert test == codecs.encode("Предисловие", "utf-8") 46 | -------------------------------------------------------------------------------- /test/upstream-requirements-py311.txt: -------------------------------------------------------------------------------- 1 | attrs==22.2.0 2 | boto3==1.26.54 3 | botocore==1.29.54 4 | cffi==1.15.1 5 | coverage==7.0.5 6 | cryptography==42.0.4 7 | iniconfig==2.0.0 8 | jmespath==1.0.1 9 | mock==4.0.3 10 | packaging==23.0 11 | pluggy==1.0.0 12 | pycparser==2.21 13 | pytest==7.2.0 14 | pytest-cov==3.0.0 15 | pytest-mock==3.6.1 16 | python-dateutil==2.8.2 17 | s3transfer==0.6.0 18 | six==1.16.0 19 | urllib3==1.26.18 20 | wrapt==1.14.1 21 | -------------------------------------------------------------------------------- /test/upstream.md: -------------------------------------------------------------------------------- 1 | AWS Crypto Tools maintains `test/upstream-requirements-py.txt` in our Python products such that 2 | our Cryptographic Primitive Provider for Python ([pyca/cryptography](https://github.com/pyca/cryptography)) 3 | may execute downstream tests against AWS Crypto Tools Python products. 4 | These files allow pyca to install and test the Crypto Tools products. 5 | Additionally, Crypto Tools should maintain a test configuration that can be completed without using any AWS resources. 6 | If Crypto Tools needs to contact pyca about this expectation, 7 | they should cut a issue to the pyca/cryptography repo. 8 | -------------------------------------------------------------------------------- /test_vector_handlers/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include README.rst 2 | include LICENSE 3 | include requirements.txt 4 | 5 | recursive-include test *.py 6 | -------------------------------------------------------------------------------- /test_vector_handlers/compatibility-requirements/1.3.3: -------------------------------------------------------------------------------- 1 | aws-encryption-sdk==1.3.3 2 | attrs<19.2.0 3 | -------------------------------------------------------------------------------- /test_vector_handlers/compatibility-requirements/1.3.max: -------------------------------------------------------------------------------- 1 | aws-encryption-sdk >= 1.3.3, < 1.4.0 2 | -------------------------------------------------------------------------------- /test_vector_handlers/compatibility-requirements/1.7.1: -------------------------------------------------------------------------------- 1 | aws-encryption-sdk==1.7.1 2 | -------------------------------------------------------------------------------- /test_vector_handlers/compatibility-requirements/2.0.0: -------------------------------------------------------------------------------- 1 | aws-encryption-sdk==2.0.0 2 | -------------------------------------------------------------------------------- /test_vector_handlers/compatibility-requirements/latest: -------------------------------------------------------------------------------- 1 | aws-encryption-sdk 2 | -------------------------------------------------------------------------------- /test_vector_handlers/requirements.txt: -------------------------------------------------------------------------------- 1 | attrs >= 17.4.0 2 | aws-encryption-sdk>=2.3.0 3 | pytest>=3.3.1 4 | six 5 | -------------------------------------------------------------------------------- /test_vector_handlers/requirements_mpl.txt: -------------------------------------------------------------------------------- 1 | aws-cryptographic-material-providers>=1.7.4,<=1.10.0 2 | -------------------------------------------------------------------------------- /test_vector_handlers/scripts/install_mpl_test_vector_runner.sh: -------------------------------------------------------------------------------- 1 | # Builds the Python MPL TestVector runner from source. 2 | # This package is used by the ESDK-Python test vectors for testing with the MPL. 3 | 4 | # This script is intended to be used by ESDK-Python's integration tests. 5 | # You may need or want to make local changes to get this work on your machine. 6 | 7 | # Change to the directory of the script 8 | cd "$(dirname "$0")" 9 | 10 | # Get highest MPL version specified in requirements.txt 11 | export mplVersion=$(grep 'aws-cryptographic-material-providers' ../requirements_mpl.txt | tr ',' '\n' | grep '<=' | sed -E 's/[^0-9]*//') 12 | 13 | # Clone MPL repo to get test vectors runner source code and the Dafny version to use 14 | git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git 15 | 16 | # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file 17 | export dafnyVersion=$(grep '^dafnyVersion=' aws-cryptographic-material-providers-library/project.properties | cut -d '=' -f 2) 18 | curl https://github.com/dafny-lang/dafny/releases/download/v$dafnyVersion/dafny-$dafnyVersion-x64-ubuntu-20.04.zip -L -o dafny.zip 19 | unzip -qq dafny.zip && rm dafny.zip 20 | export PATH="$PWD/dafny:$PATH" 21 | 22 | # Build MPL test vector runner from source 23 | cd aws-cryptographic-material-providers-library/TestVectorsAwsCryptographicMaterialProviders/ 24 | make transpile_python 25 | -------------------------------------------------------------------------------- /test_vector_handlers/setup.cfg: -------------------------------------------------------------------------------- 1 | [wheel] 2 | universal = 1 3 | 4 | [metadata] 5 | license_file = LICENSE 6 | 7 | [coverage:run] 8 | branch = True 9 | 10 | [coverage:report] 11 | show_missing = True 12 | 13 | [mypy] 14 | ignore_missing_imports = True 15 | 16 | [flake8] 17 | max_complexity = 10 18 | max_line_length = 120 19 | import_order_style = google 20 | application_import_names = aws_encryption_sdk_cli 21 | builtins = raw_input 22 | ignore = 23 | # Ignoring D205 and D400 because of false positives 24 | D205, D400, 25 | # E203 is not PEP8 compliant https://github.com/ambv/black#slices 26 | E203, 27 | # W503 is not PEP8 compliant https://github.com/ambv/black#line-breaks--binary-operators 28 | W503 29 | 30 | [doc8] 31 | max-line-length = 120 32 | 33 | [isort] 34 | line_length = 120 35 | # https://github.com/timothycrosley/isort#multi-line-output-modes 36 | multi_line_output = 3 37 | include_trailing_comma = True 38 | force_grid_wrap = 0 39 | combine_as_imports = True 40 | not_skip = __init__.py 41 | known_first_party = awses_test_vectors 42 | known_third_party = attr,aws_encryption_sdk,pytest,setuptools,six 43 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Static test vector handling logic for the AWS Encyrption SDK.""" 4 | __version__ = "2.0.0" 5 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/commands/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """CLI commands.""" 4 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/internal/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Internal implementation details. 4 | 5 | .. warning:: 6 | No guarantee is provided on the modules and APIs within this 7 | namespace staying consistent. Directly reference at your own risk. 8 | """ 9 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/internal/aws_kms.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Helper utilities for interacting with AWS KMS.""" 4 | try: 5 | from aws_encryption_sdk.identifiers import AlgorithmSuite 6 | except ImportError: 7 | from aws_encryption_sdk.identifiers import Algorithm as AlgorithmSuite 8 | from aws_encryption_sdk.key_providers.kms import ( 9 | DiscoveryAwsKmsMasterKeyProvider, 10 | MRKAwareDiscoveryAwsKmsMasterKeyProvider, 11 | StrictAwsKmsMasterKeyProvider, 12 | ) 13 | 14 | from awses_test_vectors.internal.defaults import ENCODING 15 | 16 | # This lets us easily use a single boto3 client per region for all KMS master keys. 17 | KMS_MASTER_KEY_PROVIDER = DiscoveryAwsKmsMasterKeyProvider() 18 | KMS_MRK_AWARE_MASTER_KEY_PROVIDER = MRKAwareDiscoveryAwsKmsMasterKeyProvider(discovery_region="us-west-2") 19 | 20 | 21 | def arn_from_key_id(key_id): 22 | # type: (str) -> str 23 | """Determine the KMS CMK Arn for the identified key ID. 24 | 25 | To avoid needing additional KMS permissions, we just call ``generate_data_key`` 26 | using a master key identified by ``key_id``. 27 | 28 | :param str key_id: Original key ID 29 | :returns: Full Arn for KMS CMK that key ID identifies 30 | :rtype: str 31 | """ 32 | provider = StrictAwsKmsMasterKeyProvider(key_ids=[key_id]) 33 | encrypted_data_key = provider.master_key(key_id.encode(ENCODING)).generate_data_key( 34 | algorithm=AlgorithmSuite.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, encryption_context={} 35 | ) 36 | return encrypted_data_key.key_provider.key_info.decode(ENCODING) 37 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/internal/defaults.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Default values for use in AWS Encryption SDK test vector handlers.""" 4 | 5 | ENCODING = "utf-8" 6 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/internal/mpl/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Internal modules that require the aws-cryptographic-material-providers library.""" 4 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/internal/mpl/keyvectors_provider.py: -------------------------------------------------------------------------------- 1 | """Singleton provider for the KeyVectors client.""" 2 | # # Ignore missing MPL TestVectors for pylint, but the MPL TestVectors is required for this file 3 | # pylint: disable=import-error 4 | from aws_cryptography_materialproviders_test_vectors.smithygenerated.\ 5 | aws_cryptography_materialproviderstestvectorkeys.client import ( 6 | KeyVectors, 7 | ) 8 | from aws_cryptography_materialproviders_test_vectors.smithygenerated.\ 9 | aws_cryptography_materialproviderstestvectorkeys.config import ( 10 | KeyVectorsConfig 11 | ) 12 | 13 | keyvectors_instances = {} 14 | 15 | 16 | # pylint: disable=too-few-public-methods 17 | class KeyVectorsProvider: 18 | """Singleton manager for the KeyVectors client.""" 19 | 20 | instance: KeyVectors 21 | 22 | @classmethod 23 | def get_keyvectors(cls, keys_path): 24 | """Return the singleton KeyVectors client.""" 25 | if keys_path not in keyvectors_instances: 26 | keyvectors_instances[keys_path] = KeyVectors(KeyVectorsConfig(key_manifest_path=keys_path)) 27 | return keyvectors_instances[keys_path] 28 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/internal/mypy_types.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """MyPy types for use in AWS Encryption SDK test vector handlers.""" 4 | # mypy types confuse pylint: disable=invalid-name 5 | 6 | try: # Python 3.5.0 and 3.5.1 have incompatible typing modules 7 | from typing import ( # noqa pylint: disable=unused-import 8 | IO, 9 | Any, 10 | Callable, 11 | Dict, 12 | Iterable, 13 | Optional, 14 | Tuple, 15 | Type, 16 | Union, 17 | ) 18 | 19 | ISINSTANCE = Union[type, Tuple[Union[type, Tuple[Any, ...]], ...]] 20 | 21 | MANIFEST_VERSION = Dict[str, Union[str, int]] 22 | 23 | AWS_KMS_KEY_SPEC = Dict[str, Union[bool, str]] 24 | MANUAL_KEY_SPEC = Dict[str, Union[bool, str, int]] 25 | KEY_SPEC = Union[AWS_KMS_KEY_SPEC, MANUAL_KEY_SPEC] 26 | KEYS_MANIFEST = Dict[str, Union[MANIFEST_VERSION, Iterable[KEY_SPEC]]] 27 | 28 | ENCRYPTION_CONTEXT = Dict[str, str] 29 | PLAINTEXTS_SPEC = Dict[str, int] 30 | MASTER_KEY_SPEC = Dict[str, str] 31 | ENCRYPT_SCENARIO_SPEC = Dict[str, Union[str, int, ENCRYPTION_CONTEXT, Iterable[MASTER_KEY_SPEC]]] 32 | FULL_MESSAGE_ENCRYPT_MANIFEST = Dict[ 33 | str, Union[MANIFEST_VERSION, str, PLAINTEXTS_SPEC, Iterable[ENCRYPT_SCENARIO_SPEC]] 34 | ] 35 | 36 | CLIENT_VERSION = Dict[str, str] 37 | DECRYPT_SCENARIO_SPEC = Dict[str, Union[str, Iterable[MASTER_KEY_SPEC]]] 38 | FULL_MESSAGE_DECRYPT_MANIFEST = Dict[ 39 | str, Union[MANIFEST_VERSION, CLIENT_VERSION, str, Iterable[DECRYPT_SCENARIO_SPEC]] 40 | ] 41 | except ImportError: # pragma: no cover 42 | # We only actually need these imports when running the mypy checks 43 | pass 44 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/manifests/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Test vector manifest handlers.""" 4 | -------------------------------------------------------------------------------- /test_vector_handlers/src/awses_test_vectors/manifests/full_message/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """Full-message test vector manifest handlers.""" 4 | -------------------------------------------------------------------------------- /test_vector_handlers/src/pylintrc: -------------------------------------------------------------------------------- 1 | [MESSAGE CONTROL] 2 | # Disabling messages that we either don't care about for tests or are necessary to break for tests. 3 | disable = 4 | bad-continuation, # we let black handle this 5 | ungrouped-imports, # we let isort handle this 6 | duplicate-code, # the manifest handlers have a lot of similar code 7 | # All below are disabled because we need to support Python 2 8 | useless-object-inheritance, 9 | raise-missing-from, 10 | super-with-arguments, 11 | consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation 12 | 13 | [FORMAT] 14 | max-line-length = 120 15 | 16 | [REPORTS] 17 | msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg} 18 | -------------------------------------------------------------------------------- /test_vector_handlers/test/integration/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/test_vector_handlers/test/integration/__init__.py -------------------------------------------------------------------------------- /test_vector_handlers/test/integration/commands/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aws/aws-encryption-sdk-python/0dd4e16d10fc139e24908bfd0008d57680b064e9/test_vector_handlers/test/integration/commands/__init__.py -------------------------------------------------------------------------------- /test_vector_handlers/test/integration/commands/test_i_full_message_encrypt.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """ 4 | Integration tests for ``awses_test_vectors.commands``. 5 | """ 6 | import pytest 7 | 8 | from awses_test_vectors.commands import full_message_decrypt, full_message_decrypt_generate, full_message_encrypt 9 | 10 | from ..integration_test_utils import ( # noqa pylint: disable=unused-import 11 | full_message_decrypt_generation_vectors, 12 | full_message_encrypt_vectors, 13 | ) 14 | 15 | pytestmark = [pytest.mark.integ] 16 | 17 | 18 | def test_full_message_encrypt_canonical_full(full_message_encrypt_vectors): 19 | full_message_encrypt.cli(["--input", full_message_encrypt_vectors]) 20 | 21 | 22 | def test_full_message_cycle_canonical_full(tmpdir, full_message_decrypt_generation_vectors): 23 | output_dir = tmpdir.join("output") 24 | full_message_decrypt_generate.cli(["--output", str(output_dir), "--input", full_message_decrypt_generation_vectors]) 25 | 26 | decrypt_manifest_file = output_dir.join("manifest.json") 27 | full_message_decrypt.cli(["--input", str(decrypt_manifest_file)]) 28 | -------------------------------------------------------------------------------- /test_vector_handlers/test/integration/integration_test_utils.py: -------------------------------------------------------------------------------- 1 | # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. 2 | # SPDX-License-Identifier: Apache-2.0 3 | """ 4 | Integration test utilities. 5 | """ 6 | import os 7 | 8 | import pytest 9 | 10 | 11 | def vectors_dir(): 12 | here = os.path.abspath(os.path.dirname(__file__)) 13 | return os.path.abspath(os.path.join(here, "..", "aws-crypto-tools-test-vector-framework")) 14 | 15 | 16 | @pytest.fixture 17 | def full_message_encrypt_vectors(): 18 | return os.path.join( 19 | vectors_dir(), "features", "CANONICAL-GENERATED-MANIFESTS", "0003-awses-message-encryption.v2.json" 20 | ) 21 | 22 | 23 | @pytest.fixture 24 | def full_message_decrypt_generation_vectors(): 25 | return os.path.join( 26 | vectors_dir(), "features", "CANONICAL-GENERATED-MANIFESTS", "0006-awses-message-decryption-generation.v2.json" 27 | ) 28 | -------------------------------------------------------------------------------- /test_vector_handlers/test/pylintrc: -------------------------------------------------------------------------------- 1 | [MESSAGES CONTROL] 2 | # Disabling messages that we either don't care about for tests or are necessary to break for tests. 3 | disable = 4 | invalid-name, # we prefer long, descriptive, names for tests 5 | missing-docstring, # we don't write docstrings for tests 6 | bad-continuation, # we let black handle this 7 | ungrouped-imports, # we let isort handle this 8 | duplicate-code, # unit tests for similar things tend to be similar 9 | redefined-outer-name, # raised when using decorators 10 | # All below are disabled because we need to support Python 2 11 | useless-object-inheritance, 12 | raise-missing-from, 13 | super-with-arguments, 14 | consider-using-f-string # disable until 2022-05-05; 6 months after 3.5 deprecation 15 | 16 | [FORMAT] 17 | max-line-length = 120 18 | 19 | [REPORTS] 20 | msg-template = {path}:{line}: [{msg_id}({symbol}), {obj}] {msg} 21 | -------------------------------------------------------------------------------- /test_vector_handlers/test/requirements.txt: -------------------------------------------------------------------------------- 1 | mock 2 | pytest>=3.3.1 3 | pytest-cov 4 | pytest-mock 5 | --------------------------------------------------------------------------------