From eda4d5a5d8095e1a9cea284eaa449b0dfa232fe8 Mon Sep 17 00:00:00 2001 From: Charles Lowell Date: Thu, 10 Sep 2020 15:31:44 -0700 Subject: [PATCH] replace string literals with enums --- .../crypto/_internal/algorithms/aes_kw.py | 3 +- .../keys/crypto/_internal/algorithms/ecdsa.py | 10 ++-- .../_internal/algorithms/rsa_encryption.py | 7 +-- .../_internal/algorithms/rsa_signing.py | 13 ++--- .../keyvault/keys/crypto/_internal/ec_key.py | 30 ++++++----- .../keyvault/keys/crypto/_internal/rsa_key.py | 25 +++++---- .../keys/crypto/_internal/symmetric_key.py | 53 +++++++------------ 7 files changed, 69 insertions(+), 72 deletions(-) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/aes_kw.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/aes_kw.py index 4f0b24e1598b..e2a3845fd9d1 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/aes_kw.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/aes_kw.py @@ -7,6 +7,7 @@ from ..algorithm import AsymmetricEncryptionAlgorithm from ..transform import CryptoTransform +from ..._enums import KeyWrapAlgorithm class _AesKeyWrapTransform(CryptoTransform): @@ -59,7 +60,7 @@ class AesKw192(_AesKeyWrap): class AesKw256(_AesKeyWrap): _key_size = 256 - _name = "A256KW" + _name = KeyWrapAlgorithm.aes_256 AesKw128.register() diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/ecdsa.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/ecdsa.py index a5071afbc1e0..968fcdbf4375 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/ecdsa.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/ecdsa.py @@ -11,6 +11,7 @@ from ..algorithm import SignatureAlgorithm from ..transform import SignatureTransform +from ..._enums import SignatureAlgorithm as KeyVaultSignatureAlgorithm if sys.version_info < (3, 3): abstractproperty = abc.abstractproperty @@ -19,6 +20,7 @@ abstractproperty = functools.partial(property, abc.abstractmethod) + class _EcdsaSignatureTransform(SignatureTransform): def __init__(self, key, hash_algorithm): super(_EcdsaSignatureTransform, self).__init__() @@ -43,25 +45,25 @@ def coordinate_length(self): class Ecdsa256(_Ecdsa): - _name = "ES256K" + _name = KeyVaultSignatureAlgorithm.es256_k _default_hash_algorithm = hashes.SHA256() coordinate_length = 32 class Es256(_Ecdsa): - _name = "ES256" + _name = KeyVaultSignatureAlgorithm.es256 _default_hash_algorithm = hashes.SHA256() coordinate_length = 32 class Es384(_Ecdsa): - _name = "ES384" + _name = KeyVaultSignatureAlgorithm.es384 _default_hash_algorithm = hashes.SHA384() coordinate_length = 48 class Es512(_Ecdsa): - _name = "ES512" + _name = KeyVaultSignatureAlgorithm.es512 _default_hash_algorithm = hashes.SHA512() coordinate_length = 66 diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_encryption.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_encryption.py index e3b72fa8db59..df83c67365d2 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_encryption.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_encryption.py @@ -7,6 +7,7 @@ from ..algorithm import AsymmetricEncryptionAlgorithm from ..transform import CryptoTransform +from ..._enums import EncryptionAlgorithm class _Rsa1_5Encryptor(CryptoTransform): @@ -20,7 +21,7 @@ def transform(self, data): class Rsa1_5(AsymmetricEncryptionAlgorithm): # pylint:disable=client-incorrect-naming-convention - _name = "RSA1_5" + _name = EncryptionAlgorithm.rsa1_5 def create_encryptor(self, key): return _Rsa1_5Encryptor(key) @@ -54,7 +55,7 @@ def transform(self, data): class RsaOaep(AsymmetricEncryptionAlgorithm): - _name = "RSA-OAEP" + _name = EncryptionAlgorithm.rsa_oaep def create_encryptor(self, key): return _RsaOaepEncryptor(key, hashes.SHA1) @@ -64,7 +65,7 @@ def create_decryptor(self, key): class RsaOaep256(AsymmetricEncryptionAlgorithm): - _name = "RSA-OAEP-256" + _name = EncryptionAlgorithm.rsa_oaep_256 def create_encryptor(self, key): return _RsaOaepEncryptor(key, hashes.SHA256) diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_signing.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_signing.py index b9f714a66717..984befca583a 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_signing.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/algorithms/rsa_signing.py @@ -7,6 +7,7 @@ from ..algorithm import SignatureAlgorithm from ..transform import SignatureTransform +from ..._enums import SignatureAlgorithm as KeyVaultSignatureAlgorithm class RsaSignatureTransform(SignatureTransform): @@ -37,32 +38,32 @@ def _get_padding(self, digest): class Ps256(RsaSsaPss): - _name = "PS256" + _name = KeyVaultSignatureAlgorithm.ps256 _default_hash_algorithm = hashes.SHA256() class Ps384(RsaSsaPss): - _name = "PS384" + _name = KeyVaultSignatureAlgorithm.ps384 _default_hash_algorithm = hashes.SHA384() class Ps512(RsaSsaPss): - _name = "PS512" + _name = KeyVaultSignatureAlgorithm.ps512 _default_hash_algorithm = hashes.SHA512() class Rs256(RsaSsaPkcs1v15): - _name = "RS256" + _name = KeyVaultSignatureAlgorithm.rs256 _default_hash_algorithm = hashes.SHA256() class Rs384(RsaSsaPkcs1v15): - _name = "RS384" + _name = KeyVaultSignatureAlgorithm.rs384 _default_hash_algorithm = hashes.SHA384() class Rs512(RsaSsaPkcs1v15): - _name = "RS512" + _name = KeyVaultSignatureAlgorithm.rs512 _default_hash_algorithm = hashes.SHA512() diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/ec_key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/ec_key.py index 05c7eb59f3d6..4c88ee5dff20 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/ec_key.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/ec_key.py @@ -19,26 +19,32 @@ from ._internal import _bytes_to_int, asn1_der_to_ecdsa, ecdsa_to_asn1_der from .key import Key from .algorithms.ecdsa import Es256, Es512, Es384, Ecdsa256 +from ... import KeyCurveName -_crypto_crv_to_kv_crv = {"secp256r1": "P-256", "secp384r1": "P-384", "secp521r1": "P-521", "secp256k1": "P-256K"} +_crypto_crv_to_kv_crv = { + "secp256r1": KeyCurveName.p_256, + "secp384r1": KeyCurveName.p_384, + "secp521r1": KeyCurveName.p_521, + "secp256k1": KeyCurveName.p_256_k, +} _kv_crv_to_crypto_cls = { - "P-256": SECP256R1, - "P-256K": SECP256K1, - "P-384": SECP384R1, - "P-521": SECP521R1, - "SECP256K1": SECP256K1, + KeyCurveName.p_256: SECP256R1, + KeyCurveName.p_256_k: SECP256K1, + KeyCurveName.p_384: SECP384R1, + KeyCurveName.p_521: SECP521R1, + "SECP256K1": SECP256K1, # "SECP256K1" is from Key Vault 2016-10-01 } _curve_to_default_algo = { - "P-256": Es256.name(), - "P-256K": Ecdsa256.name(), - "P-384": Es384.name(), - "P-521": Es512.name(), - "SECP256K1": Ecdsa256.name(), + KeyCurveName.p_256: Es256.name(), + KeyCurveName.p_256_k: Ecdsa256.name(), + KeyCurveName.p_384: Es384.name(), + KeyCurveName.p_521: Es512.name(), + "SECP256K1": Ecdsa256.name(), # "SECP256K1" is from Key Vault 2016-10-01 } class EllipticCurveKey(Key): - _supported_signature_algorithms = _curve_to_default_algo.values() + _supported_signature_algorithms = frozenset(_curve_to_default_algo.values()) def __init__(self, x, y, d=None, kid=None, curve=None): super(EllipticCurveKey, self).__init__() diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py index 14da62b2e6f5..06852817717d 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/rsa_key.py @@ -16,27 +16,26 @@ rsa_crt_iqmp, ) -from azure.keyvault.keys._models import JsonWebKey from ._internal import _bytes_to_int, _int_to_bytes from .key import Key from .algorithms import Ps256, Ps384, Ps512, Rsa1_5, RsaOaep, RsaOaep256, Rs256, Rs384, Rs512 +from ... import JsonWebKey, KeyOperation class RsaKey(Key): # pylint:disable=too-many-public-methods - PUBLIC_KEY_DEFAULT_OPS = ["encrypt", "wrapKey", "verify"] - PRIVATE_KEY_DEFAULT_OPS = ["encrypt", "decrypt", "wrapKey", "unwrapKey", "verify", "sign"] - - _supported_encryption_algorithms = [Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name()] - _supported_key_wrap_algorithms = [Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name()] - _supported_signature_algorithms = [ - Ps256.name(), - Ps384.name(), - Ps512.name(), - Rs256.name(), - Rs384.name(), - Rs512.name(), + PUBLIC_KEY_DEFAULT_OPS = [KeyOperation.encrypt, KeyOperation.wrap_key, KeyOperation.verify] + PRIVATE_KEY_DEFAULT_OPS = PUBLIC_KEY_DEFAULT_OPS + [ + KeyOperation.decrypt, + KeyOperation.unwrap_key, + KeyOperation.sign, ] + _supported_encryption_algorithms = frozenset((Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name())) + _supported_key_wrap_algorithms = frozenset((Rsa1_5.name(), RsaOaep.name(), RsaOaep256.name())) + _supported_signature_algorithms = frozenset( + (Ps256.name(), Ps384.name(), Ps512.name(), Rs256.name(), Rs384.name(), Rs512.name(),) + ) + def __init__(self, kid=None): super(RsaKey, self).__init__() self._kid = kid diff --git a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/symmetric_key.py b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/symmetric_key.py index 5aeab728f952..e2cfdb4d6610 100644 --- a/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/symmetric_key.py +++ b/sdk/keyvault/azure-keyvault-keys/azure/keyvault/keys/crypto/_internal/symmetric_key.py @@ -55,6 +55,26 @@ def __init__(self, kid=None, key_bytes=None, key_size=None): self._key = key_bytes + supported_encryption_algorithms = [] + supported_key_wrap_algorithms = [] + key_size = len(self._key) + if key_size >= key_size_128: + supported_encryption_algorithms.append(Aes128Cbc.name()) + supported_key_wrap_algorithms.append(AesKw128.name()) + if key_size >= key_size_192: + supported_encryption_algorithms.append(Aes192Cbc.name()) + supported_key_wrap_algorithms.append(AesKw192.name()) + if key_size >= key_size_256: + supported_encryption_algorithms.append(Aes256Cbc.name()) + supported_encryption_algorithms.append(Aes128CbcHmacSha256.name()) + supported_key_wrap_algorithms.append(AesKw256.name()) + if key_size >= key_size_384: + supported_encryption_algorithms.append(Aes192CbcHmacSha384.name()) + if key_size >= key_size_512: + supported_encryption_algorithms.append(Aes256CbcHmacSha512.name()) + self._supported_encryption_algorithms = frozenset(supported_encryption_algorithms) + self._supported_key_wrap_algorithms = frozenset(supported_key_wrap_algorithms) + def is_private_key(self): return True @@ -74,39 +94,6 @@ def default_encryption_algorithm(self): def default_key_wrap_algorithm(self): return _default_kw_alg_by_size[len(self._key)] - @property - def supported_encryption_algorithms(self): - supported = [] - key_size = len(self._key) - - if key_size >= key_size_128: - supported.append(Aes128Cbc.name()) - if key_size >= key_size_192: - supported.append(Aes192Cbc.name()) - if key_size >= key_size_256: - supported.append(Aes256Cbc.name()) - supported.append(Aes128CbcHmacSha256.name()) - if key_size >= key_size_384: - supported.append(Aes192CbcHmacSha384.name()) - if key_size >= key_size_512: - supported.append(Aes256CbcHmacSha512.name()) - - return supported - - @property - def supported_key_wrap_algorithms(self): - supported = [] - key_size = len(self._key) - - if key_size >= key_size_128: - supported.append(AesKw128.name()) - if key_size >= key_size_192: - supported.append(AesKw192.name()) - if key_size >= key_size_256: - supported.append(AesKw256.name()) - - return supported - def encrypt(self, plain_text, iv, **kwargs): # pylint:disable=arguments-differ algorithm = self._get_algorithm("encrypt", **kwargs) encryptor = algorithm.create_encryptor(key=self._key, iv=iv)