aws_encryption_sdk.internal.utils¶
Helper utility functions for AWS Encryption SDK.
Functions
content_type(frame_length) |
Returns the appropriate content type based on the frame length. |
get_aad_content_string(content_type, …) |
Prepares the appropriate Body AAD Value for a message body. |
message_id() |
Generates a new message ID. |
prep_stream_data(data) |
Take an input and prepare it for use as a stream. |
prepare_data_keys(primary_master_key, …) |
Prepares a DataKey to be used for encrypting message and list of EncryptedDataKey objects to be serialized into header. |
source_data_key_length_check(…) |
Validates that the supplied source_data_key’s data_key is the correct length for the supplied algorithm’s kdf_input_len value. |
validate_frame_length(frame_length, algorithm) |
Validates that frame length is within the defined limits and is compatible with the selected algorithm. |
-
aws_encryption_sdk.internal.utils.content_type(frame_length)¶ Returns the appropriate content type based on the frame length.
Parameters: frame_length (int) – Message frame length Returns: Appropriate content type based on frame length Return type: aws_encryption_sdk.identifiers.ContentType
-
aws_encryption_sdk.internal.utils.get_aad_content_string(content_type, is_final_frame)¶ Prepares the appropriate Body AAD Value for a message body.
Parameters: - content_type (aws_encryption_sdk.identifiers.ContentType) – Defines the type of content for which to prepare AAD String
- is_final_frame (bool) – Boolean stating whether this is the final frame in a body
Returns: Appropriate AAD Content String
Return type: Raises: UnknownIdentityError – if unknown content type
-
aws_encryption_sdk.internal.utils.message_id()¶ Generates a new message ID.
Returns: Message ID Return type: bytes
-
aws_encryption_sdk.internal.utils.prep_stream_data(data)¶ Take an input and prepare it for use as a stream.
Parameters: data – Input data Returns: Prepared stream Return type: InsistentReaderBytesIO
-
aws_encryption_sdk.internal.utils.prepare_data_keys(primary_master_key, master_keys, algorithm, encryption_context)¶ Prepares a DataKey to be used for encrypting message and list of EncryptedDataKey objects to be serialized into header.
Parameters: - primary_master_key (aws_encryption_sdk.key_providers.base.MasterKey) – Master key with which to generate the encryption data key
- master_keys (list of
aws_encryption_sdk.key_providers.base.MasterKey) – All master keys with which to encrypt data keys - algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
- encryption_context (dict) – Encryption context to use when generating data key
Return type: tuple containing
aws_encryption_sdk.structures.DataKeyand set ofaws_encryption_sdk.structures.EncryptedDataKey
-
aws_encryption_sdk.internal.utils.source_data_key_length_check(source_data_key, algorithm)¶ Validates that the supplied source_data_key’s data_key is the correct length for the supplied algorithm’s kdf_input_len value.
Parameters: - source_data_key (
aws_encryption_sdk.structures.RawDataKeyoraws_encryption_sdk.structures.DataKey) – Source data key object received from MasterKey decrypt or generate data_key methods - algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm object which directs how this data key will be used
Raises: InvalidDataKeyError – if data key length does not match required kdf input length
- source_data_key (
-
aws_encryption_sdk.internal.utils.validate_frame_length(frame_length, algorithm)¶ Validates that frame length is within the defined limits and is compatible with the selected algorithm.
Parameters: - frame_length (int) – Frame size in bytes
- algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
Raises: - SerializationError – if frame size is negative or not a multiple of the algorithm block size
- SerializationError – if frame size is larger than the maximum allowed frame size