aws_encryption_sdk.internal.utils¶
Helper utility functions for AWS Encryption SDK.
Functions
content_type (frame_length) |
Returns the appropriate content type based on the frame length. |
get_aad_content_string (content_type, …) |
Prepares the appropriate Body AAD Value for a message body. |
message_id () |
Generates a new message ID. |
prep_stream_data (data) |
Take an input and prepare it for use as a stream. |
prepare_data_keys (primary_master_key, …) |
Prepares a DataKey to be used for encrypting message and list of EncryptedDataKey objects to be serialized into header. |
source_data_key_length_check (…) |
Validates that the supplied source_data_key’s data_key is the correct length for the supplied algorithm’s kdf_input_len value. |
validate_frame_length (frame_length, algorithm) |
Validates that frame length is within the defined limits and is compatible with the selected algorithm. |
-
aws_encryption_sdk.internal.utils.
content_type
(frame_length)¶ Returns the appropriate content type based on the frame length.
Parameters: frame_length (int) – Message frame length Returns: Appropriate content type based on frame length Return type: aws_encryption_sdk.identifiers.ContentType
-
aws_encryption_sdk.internal.utils.
get_aad_content_string
(content_type, is_final_frame)¶ Prepares the appropriate Body AAD Value for a message body.
Parameters: - content_type (aws_encryption_sdk.identifiers.ContentType) – Defines the type of content for which to prepare AAD String
- is_final_frame (bool) – Boolean stating whether this is the final frame in a body
Returns: Appropriate AAD Content String
Return type: Raises: UnknownIdentityError – if unknown content type
-
aws_encryption_sdk.internal.utils.
message_id
()¶ Generates a new message ID.
Returns: Message ID Return type: bytes
-
aws_encryption_sdk.internal.utils.
prep_stream_data
(data)¶ Take an input and prepare it for use as a stream.
Parameters: data – Input data Returns: Prepared stream Return type: InsistentReaderBytesIO
-
aws_encryption_sdk.internal.utils.
prepare_data_keys
(primary_master_key, master_keys, algorithm, encryption_context)¶ Prepares a DataKey to be used for encrypting message and list of EncryptedDataKey objects to be serialized into header.
Parameters: - primary_master_key (aws_encryption_sdk.key_providers.base.MasterKey) – Master key with which to generate the encryption data key
- master_keys (list of
aws_encryption_sdk.key_providers.base.MasterKey
) – All master keys with which to encrypt data keys - algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
- encryption_context (dict) – Encryption context to use when generating data key
Return type: tuple containing
aws_encryption_sdk.structures.DataKey
and set ofaws_encryption_sdk.structures.EncryptedDataKey
-
aws_encryption_sdk.internal.utils.
source_data_key_length_check
(source_data_key, algorithm)¶ Validates that the supplied source_data_key’s data_key is the correct length for the supplied algorithm’s kdf_input_len value.
Parameters: - source_data_key (
aws_encryption_sdk.structures.RawDataKey
oraws_encryption_sdk.structures.DataKey
) – Source data key object received from MasterKey decrypt or generate data_key methods - algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm object which directs how this data key will be used
Raises: InvalidDataKeyError – if data key length does not match required kdf input length
- source_data_key (
-
aws_encryption_sdk.internal.utils.
validate_frame_length
(frame_length, algorithm)¶ Validates that frame length is within the defined limits and is compatible with the selected algorithm.
Parameters: - frame_length (int) – Frame size in bytes
- algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
Raises: - SerializationError – if frame size is negative or not a multiple of the algorithm block size
- SerializationError – if frame size is larger than the maximum allowed frame size