ó 9(Zc@sÙdZddlZddlZddlmZddlmZddlmZddl m Z m Z dd l m Z dd lmZd d lmZmZd d lmZmZejeƒZdefd„ƒYZdS(s!Contains wrapping key primitives.iÿÿÿÿN(tdefault_backend(t serializationi(tderive_data_encryption_key(tdecrypttencrypti(tserialize_encryption_context(t EncryptedDatai(tIncorrectMasterKeyErrortInvalidDataKeyError(tEncryptionKeyTypetEncryptionTypet WrappingKeycBs,eZdZdd„Zd„Zd„ZRS(s¼Creates a wrapping encryption key object to encrypt and decrypt data keys. For use inside :class:`aws_encryption_sdk.key_providers.raw.RawMasterKeyProvider` objects. :param wrapping_algorithm: Wrapping Algorithm with which to wrap plaintext_data_key :type wrapping_algorithm: aws_encryption_sdk.identifiers.WrappingAlgorithm :param bytes wrapping_key: Encryption key with which to wrap plaintext_data_key :param wrapping_key_type: Type of encryption key with which to wrap plaintext_data_key :type wrapping_key_type: aws_encryption_sdk.identifiers.EncryptionKeyType :param bytes password: Password to decrypt wrapping_key (optional, currently only relevant for RSA) cCsÓ||_||_|tjkrHtjd|d|dtƒƒ|_n‡|tjkrxtj d|dtƒƒ|_nW|tj krº||_t d|jd|jj ddƒ|_ntdj|ƒƒ‚dS( sPrepares initial values.tdatatpasswordtbackendt source_keyt algorithmt message_idsInvalid wrapping_key_type: {}N(twrapping_algorithmtwrapping_key_typeR tPRIVATERtload_pem_private_keyRt _wrapping_keytPUBLICtload_pem_public_keyt SYMMETRICRRtNonet_derived_wrapping_keyRtformat(tselfRt wrapping_keyRR ((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/wrapping_keys.pyt__init__+s$       c Csà|jjtjkr‹|jtjkrQ|jjƒj d|d|jj ƒ}n!|jj d|d|jj ƒ}t dd d|dd ƒSt d|ƒ}tj|jjjƒ}t d|jjd|jd|d |d|ƒS( sKEncrypts a data key using a direct wrapping key. :param bytes plaintext_data_key: Data key to encrypt :param dict encryption_context: Encryption context to use in encryption :returns: Deserialized object containing encrypted key :rtype: aws_encryption_sdk.internal.structures.EncryptedData t plaintexttpaddingtivt ciphertextttagtencryption_contextRtkeytassociated_dataN(Rtencryption_typeR t ASYMMETRICRR RRt public_keyRR!RRRtosturandomRtiv_lenR(Rtplaintext_data_keyR%t encrypted_keytserialized_encryption_contextR"((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/wrapping_keys.pyRDs*    c CsŒ|jtjkr!tdƒ‚n|jtjkrU|jjd|jd|jj ƒSt d|ƒ}td|jj d|j d|d|ƒS( sgDecrypts a wrapped, encrypted, data key. :param encrypted_wrapped_data_key: Encrypted, wrapped, data key :type encrypted_wrapped_data_key: aws_encryption_sdk.internal.structures.EncryptedData :param dict encryption_context: Encryption context to use in decryption :returns: Plaintext of data key :rtype: bytes sPublic key cannot decryptR#R!R%RR&tencrypted_dataR'( RR RRRRRR#RR!RRR(Rtencrypted_wrapped_data_keyR%R0((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/wrapping_keys.pyRhs       N(t__name__t __module__t__doc__RRRR(((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/wrapping_keys.pyR s   $(R5tloggingR+tcryptography.hazmat.backendsRtcryptography.hazmat.primitivesRt data_keysRt encryptionRRtformatting.encryption_contextRt structuresRt exceptionsRRt identifiersR R t getLoggerR3t_LOGGERtobjectR (((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/crypto/wrapping_keys.pyt s