ó 9(Zc@s!dZddlZddlZddlmZddlmZmZmZddl m Z ddl m Z m Z ddlZddlZddlmZddlmZmZejeƒZd „Zdd „Zdd „Zdd „Zdd „Zdd„Zd„Z d„Z!d„Z"dS(sAComponents for handling AWS Encryption SDK message serialization.iÿÿÿÿN(tSerializationError(tContentAADStringtEncryptionTypetSequenceIdentifier(tencrypt(tframe_ivtheader_auth_iv(tto_bytes(tEncryptedDataKeyt MasterKeyInfoc Csšd}tj|jdt|jjƒdt|jjƒdt|jƒƒt|jjƒt|jjƒt|jjƒt|jjƒt|jƒ|jƒS(sSerializes an encrypted data key. .. versionadded:: 1.3.0 :param encrypted_data_key: Encrypted data key to serialize :type encrypted_data_key: aws_encryption_sdk.structures.EncryptedDataKey :returns: Serialized encrypted data key :rtype: bytes s=>H{provider_id_len}sH{provider_info_len}sH{enc_data_key_len}stprovider_id_lentprovider_info_lentenc_data_key_len( tstructtpacktformattlent key_providert provider_idtkey_infotencrypted_data_keyR(Rtencrypted_data_key_format((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_encrypted_data_keys   c Cs;tjjjj|jƒ}djt|ƒƒ}tƒ}|jt j ||j j |j j |jj|jt|ƒ|ƒƒtƒ}x$|jD]}|jt|ƒƒqW|jt j dt|jƒƒƒ|j|ƒd}|jt j ||jj |jj|jƒƒt|ƒ}|dk r7|j|ƒn|S(s.Serializes a header object. :param header: Header to serialize :type header: aws_encryption_sdk.structures.MessageHeader :param signer: Cryptographic signer object (optional) :type signer: aws_encryption_sdk.internal.crypto.Signer :returns: Serialized header :rtype: bytes s >BBH16sH{}ss>Hs>B4xBIN(taws_encryption_sdktinternalt formattingtencryption_contexttserialize_encryption_contextRRt bytearraytextendR Rtversiontvaluettypet algorithmt algorithm_idt message_idtencrypted_data_keysRt content_typetiv_lent frame_lengthtbytestNonetupdate( theadertsignert ec_serializedtheader_start_formatt header_bytestserialized_data_keystdata_keytheader_close_formattoutput((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_header?s8          "       c Cs€td|d|ddd|dt|ƒƒ}tjdjd|jd |jƒ|j|jƒ}|d k r||j |ƒn|S( sÔCreates serialized header authentication data. :param algorithm: Algorithm to use for encryption :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes header: Serialized message header :param bytes data_encryption_key: Data key with which to encrypt message :param signer: Cryptographic signer object (optional) :type signer: aws_encryption_sdk.Signer :returns: Serialized header authentication data :rtype: bytes R!tkeyt plaintextttassociated_datativs>{iv_len}s{tag_len}sR&ttag_lenN( RRR RRR&R:R9ttagR)R*(R!R+tdata_encryption_keyR,t header_authR3((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_header_authzs      cCsDdjd|jƒ}tj|||ƒ}|r@|j|ƒn|S(síSerializes the opening block for a non-framed message body. :param algorithm: Algorithm to use for encryption :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes iv: IV value used to encrypt body :param int plaintext_length: Length of plaintext (and thus ciphertext) in body :param signer: Cryptographic signer object (optional) :type signer: aws_encryption_sdk.internal.crypto.Signer :returns: Serialized body start block :rtype: bytes s>{iv_length}sQt iv_length(RR&R RR*(R!R9tplaintext_lengthR,tbody_start_formatt body_start((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_non_framed_openšs   cCs>tjdjdt|ƒƒ|ƒ}|r:|j|ƒn|S(s,Serializes the closing block for a non-framed message body. :param bytes tag: Auth tag value from body encryptor :param signer: Cryptographic signer object (optional) :type signer: aws_encryption_sdk.internal.crypto.Signer :returns: Serialized body close block :rtype: bytes s {auth_len}stauth_len(R RRRR*(R;R,t body_close((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_non_framed_close·s  c Cs¶|dkrtdƒ‚n|tjjjkr?tdƒ‚n|rQtj}n tj}|| } td|d|d| dtjj j j d|d |d |d t | ƒƒd t ||ƒƒ} ||}|rAtjd ƒtjdjd|jdt | jƒd|jƒtjj|| jt | jƒ| j| jƒ} nOtjdƒtjdjd|jd|d|jƒ|| j| j| jƒ} |dk r¬|j| ƒn| |fS(sŸReceives a message plaintext, breaks off a frame, encrypts and serializes the frame, and returns the encrypted frame and the remaining plaintext. :param algorithm: Algorithm to use for encryption :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes plaintext: Source plaintext to encrypt and serialize :param bytes message_id: Message ID :param bytes data_encryption_key: Data key with which to encrypt message :param int frame_length: Length of the framed data :param int sequence_number: Sequence number for frame to be generated :param bool is_final_frame: Boolean stating whether or not this frame is a final frame :param signer: Cryptographic signer object (optional) :type signer: aws_encryption_sdk.Signer :returns: Serialized frame and remaining plaintext :rtype: tuple of bytes :raises SerializationError: if number of frames is too large is,Frame sequence number must be greater than 0sMax frame count exceededR!R5R6R8R#taad_content_stringtseq_numtlengthR9sSerializing final frames&>II{iv_len}sI{content_len}s{auth_len}sR&t content_lenRDsSerializing frames$>I{iv_len}s{content_len}s{auth_len}sN(RRRtdefaultstMAX_FRAME_COUNTRtFINAL_FRAME_STRING_IDtFRAME_STRING_IDRRRtassemble_content_aadRRt_LOGGERtdebugR RRR&t ciphertextRDRtSEQUENCE_NUMBER_ENDRR9R;R)R*( R!R6R#R<R'tsequence_numbertis_final_frameR,tcontent_stringtframe_plaintexttframe_ciphertextt packed_frame((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_frameÉsZ                 cCsRd}|dk rN|jƒ}tjdjdt|ƒƒt|ƒ|ƒ}n|S(s Uses the signer object which has been used to sign the message to generate the signature, then serializes that signature. :param signer: Cryptographic signer object :type signer: aws_encryption_sdk.internal.crypto.Signer :returns: Serialized footer :rtype: bytes R7s >H{sig_len}stsig_lenN(R)tfinalizeR RRR(R,tfootert signature((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_footers     cCs{|jjjjtjkr(t|jƒStj dj t |jƒƒt|jƒ|jjjj j d|jjjj jƒS(sSProduces the prefix that a RawMasterKey will always use for the key_info value of keys which require additional information. :param raw_master_key: RawMasterKey for which to produce a prefix :type raw_master_key: aws_encryption_sdk.key_providers.raw.RawMasterKey :returns: Serialized key_info prefix :rtype: bytes s>{}sIIi(tconfigt wrapping_keytwrapping_algorithmtencryption_typeRt ASYMMETRICRtkey_idR RRRR!R:R&(traw_master_key((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_raw_master_key_prefix/s   cCs«|jd kr!|}|j}netjdjdt|ƒd|jjƒt |ƒt|j ƒd|jj|jƒ}|j|j }t dt d|j d|ƒd|ƒS( s‹Serializes EncryptedData into a Wrapped EncryptedDataKey. :param key_provider: Info for Wrapping MasterKey :type key_provider: aws_encryption_sdk.structures.MasterKeyInfo :param wrapping_algorithm: Wrapping Algorithm with which to wrap plaintext_data_key :type wrapping_algorithm: aws_encryption_sdk.identifiers.WrappingAlgorithm :param bytes wrapping_key_id: Key ID of wrapping MasterKey :param encrypted_wrapped_key: Encrypted data key :type encrypted_wrapped_key: aws_encryption_sdk.internal.structures.EncryptedData :returns: Wrapped EncryptedDataKey :rtype: aws_encryption_sdk.structures.EncryptedDataKey s>{key_id_len}sII{iv_len}st key_id_lenR&iRRRRN(R9R)RRR RRRR!R&RR;RR R(RRbtwrapping_key_idtencrypted_wrapped_keyRtkey_ciphertext((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pytserialize_wrapped_keyCs"          (#t__doc__tloggingR taws_encryption_sdk.exceptionsRtaws_encryption_sdk.identifiersRRRt-aws_encryption_sdk.internal.crypto.encryptionRt%aws_encryption_sdk.internal.crypto.ivRRt$aws_encryption_sdk.internal.defaultsRt9aws_encryption_sdk.internal.formatting.encryption_contextt#aws_encryption_sdk.internal.str_opsRtaws_encryption_sdk.structuresRR t getLoggert__name__RPRR)R4R>RCRFRZR_RgRl(((s\/tmp/pip-build-wDUJoH/aws-encryption-sdk/aws_encryption_sdk/internal/formatting/serialize.pyt s(     " ;   J