Skip to content

Commit

Permalink
test(test_vectors): Support reading manifests that specify a hierarch…
Browse files Browse the repository at this point in the history
…y keyring (#649)
  • Loading branch information
lucasmcdonald3 authored Oct 3, 2024
1 parent 56fcd13 commit a7466e6
Show file tree
Hide file tree
Showing 5 changed files with 92 additions and 1 deletion.
17 changes: 17 additions & 0 deletions .github/workflows/library_interop_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,14 @@ jobs:
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES
- name: Compile MPL TestVectors implementation
shell: bash
working-directory: ./mpl/TestVectorsAwsCryptographicMaterialProviders
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES
- name: Fetch Python 2.3.0 Test Vectors
working-directory: ./
Expand Down Expand Up @@ -166,6 +174,15 @@ jobs:
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES
- name: Compile MPL TestVectors implementation
shell: bash
working-directory: ./mpl/TestVectorsAwsCryptographicMaterialProviders
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES

# # TODO: Fix Zip file creation on Windows
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/library_net_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,15 @@ jobs:
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES
- name: Compile MPL TestVectors implementation
shell: bash
working-directory: ./mpl/TestVectorsAwsCryptographicMaterialProviders
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES
- name: Test .NET Framework net48
working-directory: ./AwsEncryptionSDK
if: matrix.os == 'windows-latest'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@
<ItemGroup>
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
<ProjectReference Include="../../ESDK.csproj" />

<!-- TODO: Reference published MPL TestVectors project -->
<ProjectReference Include="../../../../../mpl/TestVectorsAwsCryptographicMaterialProviders/runtimes/net/TestVectors.csproj" />
</ItemGroup>

</Project>
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,13 @@
// SPDX-License-Identifier: Apache-2.0

using System.Diagnostics;
using Newtonsoft.Json;
using Amazon;
using Amazon.DynamoDBv2;
using Amazon.KeyManagementService;
using AWS.Cryptography.KeyStore;
using AWS.Cryptography.MaterialProviders;
using AWS.Cryptography.MaterialProvidersTestVectorKeys;

using RSAEncryption;

Expand All @@ -18,6 +22,7 @@ public enum CryptoOperation
public static class MaterialProviderFactory
{
private static readonly MaterialProviders materialProviders = new(new MaterialProvidersConfig());
private static KeyVectors singletonKeyVectors;

public static ICryptographicMaterialsManager CreateDecryptCmm(
DecryptVector vector,
Expand Down Expand Up @@ -160,6 +165,57 @@ private static IKeyring CreateKeyring(MasterKey keyInfo, Key key, CryptoOperatio
return materialProviders.CreateAwsKmsMrkDiscoveryKeyring(createKeyringInput);
}

if (keyInfo.Type == "aws-kms-hierarchy") {
// Lazily create a singleton KeyVectors client.
// A KeyVectors manifest is only required if a test vector specifies a hierarchy keyring.
// This specification can only be determined at runtime while reading the test vector manifest.
if (singletonKeyVectors == null) {
string manifestPath;
try
{
manifestPath = Utils.GetEnvironmentVariableOrError("DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH");
}
catch (ArgumentException e)
{
throw new ArgumentException("Hierarchy keyring test vectors must supply a KeyVectors manifest", e);
}
DecryptManifest manifest = Utils.LoadObjectFromPath<DecryptManifest>(manifestPath);
KeyVectorsConfig keyVectorsConfig = new KeyVectorsConfig
{
KeyManifestPath = Utils.ManifestUriToPath(manifest.KeysUri, manifestPath)
};
singletonKeyVectors = new(keyVectorsConfig);
}

// Convert JSON to bytes for KeyVectors input
string jsonString = JsonConvert.SerializeObject(keyInfo);

var stream = new MemoryStream();
var writer = new StreamWriter(stream);
writer.Write(jsonString);
writer.Flush();
stream.Position = 0;

// Create KeyVectors keyring
var getKeyDescriptionInput = new GetKeyDescriptionInput
{
Json = stream
};

var desc = singletonKeyVectors.GetKeyDescription(getKeyDescriptionInput);

var testVectorKeyringInput = new TestVectorKeyringInput
{
KeyDescription = desc.KeyDescription
};

var keyring = singletonKeyVectors.CreateTestVectorKeyring(
testVectorKeyringInput
);

return keyring!;
}

if (keyInfo.Type == "raw" && keyInfo.EncryptionAlgorithm == "aes") {
CreateRawAesKeyringInput createKeyringInput = new CreateRawAesKeyringInput
{
Expand Down Expand Up @@ -209,7 +265,7 @@ private static IKeyring CreateKeyring(MasterKey keyInfo, Key key, CryptoOperatio
// string operationStr = operation == CryptoOperation.ENCRYPT
// ? "encryption"
// : "decryption";
throw new Exception($"Unsupported keyring type for {operation}");
throw new Exception($"Unsupported keyring {keyInfo.Type} type for {operation}");
}

private static AesWrappingAlg AesAlgorithmFromBits(ushort bits) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ public class Key {
public string? Encoding { get; set; }
[JsonProperty("material")]
public string? Material { get; set; }
[JsonProperty("branchKeyVersion")]
public string? BranchKeyVersion { get; set; }
[JsonProperty("branchKey")]
public string? BranchKey { get; set; }
[JsonProperty("beaconKey")]
public string? BeaconKey { get; set; }
}

public class KeyManifest
Expand Down

0 comments on commit a7466e6

Please sign in to comment.