aws_encryption_sdk.internal.formatting.deserialize

Components for handling AWS Encryption SDK message deserialization.

Functions

deserialize_footer(stream[, verifier]) Deserializes a footer.
deserialize_frame(stream, header[, verifier]) Deserializes a frame from a body.
deserialize_header(stream) Deserializes the header from a source stream
deserialize_header_auth(version, stream, …) Deserializes a MessageHeaderAuthentication object from a source stream.
deserialize_non_framed_values(stream, header) Deserializes the IV and body length from a non-framed stream.
deserialize_tag(stream, header[, verifier]) Deserialize the Tag value from a non-framed stream.
deserialize_wrapped_key(wrapping_algorithm, …) Extracts and deserializes EncryptedData from a Wrapped EncryptedDataKey.
unpack_values(format_string, stream[, verifier]) Helper function to unpack struct data from a stream and update the signature verifier.
validate_header(header, header_auth, …) Validates the header using the header authentication data.

Deserializes a footer.

Parameters:
  • stream (io.BytesIO) – Source data stream
  • verifier (aws_encryption_sdk.internal.crypto.Verifier) – Signature verifier object (optional)
Returns:

Deserialized footer

Return type:

aws_encryption_sdk.internal.structures.MessageFooter

Raises:

SerializationError – if verifier supplied and no footer found

aws_encryption_sdk.internal.formatting.deserialize.deserialize_frame(stream, header, verifier=None)

Deserializes a frame from a body.

Parameters:
Returns:

Deserialized frame and a boolean stating if this is the final frame

Return type:

aws_encryption_sdk.internal.structures.MessageFrameBody and bool

aws_encryption_sdk.internal.formatting.deserialize.deserialize_header(stream)

Deserializes the header from a source stream

Parameters:

stream (io.BytesIO) – Source data stream

Returns:

Deserialized MessageHeader object

Return type:

aws_encryption_sdk.structures.MessageHeader and bytes

Raises:
aws_encryption_sdk.internal.formatting.deserialize.deserialize_header_auth(version, stream, algorithm, verifier=None)

Deserializes a MessageHeaderAuthentication object from a source stream.

Parameters:
  • version (int) – The serialization version of the message
  • stream (io.BytesIO) – Source data stream
  • algorithm – The AlgorithmSuite object type contained in the header
  • verifier (aws_encryption_sdk.internal.crypto.Verifier) – Signature verifier object (optional)
Returns:

Deserialized MessageHeaderAuthentication object

Return type:

aws_encryption_sdk.internal.structures.MessageHeaderAuthentication

aws_encryption_sdk.internal.formatting.deserialize.deserialize_non_framed_values(stream, header, verifier=None)

Deserializes the IV and body length from a non-framed stream.

Parameters:
Returns:

IV and Data Length values for body

Return type:

tuple of bytes and int

aws_encryption_sdk.internal.formatting.deserialize.deserialize_tag(stream, header, verifier=None)

Deserialize the Tag value from a non-framed stream.

Parameters:
Returns:

Tag value for body

Return type:

bytes

aws_encryption_sdk.internal.formatting.deserialize.deserialize_wrapped_key(wrapping_algorithm, wrapping_key_id, wrapped_encrypted_key)

Extracts and deserializes EncryptedData from a Wrapped EncryptedDataKey.

Parameters:
Returns:

EncryptedData of deserialized Wrapped EncryptedKey

Return type:

aws_encryption_sdk.internal.structures.EncryptedData

Raises:
  • SerializationError – if wrapping_key_id does not match deserialized wrapping key id
  • SerializationError – if wrapping_algorithm IV length does not match deserialized IV length
aws_encryption_sdk.internal.formatting.deserialize.unpack_values(format_string, stream, verifier=None)

Helper function to unpack struct data from a stream and update the signature verifier.

Parameters:
  • format_string (str) – Struct format string
  • stream (io.BytesIO) – Source data stream
  • verifier (aws_encryption_sdk.internal.crypto.Verifier) – Signature verifier object
Returns:

Unpacked values

Return type:

tuple

aws_encryption_sdk.internal.formatting.deserialize.validate_header(header, header_auth, raw_header, data_key)

Validates the header using the header authentication data.

Parameters:
Raises:

SerializationError – if header authorization fails