Merge pull request #292 from OpenKMIP/feat/add-decrypt-payloads

Add request and response payloads for the Decrypt operation

kmip/core/factories/payloads/request.py

@@ -18,6 +18,7 @@ from kmip.core.factories.payloads import PayloadFactory
 from kmip.core.messages.payloads import activate
 from kmip.core.messages.payloads import create
 from kmip.core.messages.payloads import create_key_pair
+from kmip.core.messages.payloads import decrypt
 from kmip.core.messages.payloads import destroy
 from kmip.core.messages.payloads import discover_versions
 from kmip.core.messages.payloads import encrypt
@@ -78,3 +79,6 @@ class RequestPayloadFactory(PayloadFactory):
 
     def _create_encrypt_payload(self):
         return encrypt.EncryptRequestPayload()
+
+    def _create_decrypt_payload(self):
+        return decrypt.DecryptRequestPayload()

kmip/core/factories/payloads/response.py

@@ -18,6 +18,7 @@ from kmip.core.factories.payloads import PayloadFactory
 from kmip.core.messages.payloads import activate
 from kmip.core.messages.payloads import create
 from kmip.core.messages.payloads import create_key_pair
+from kmip.core.messages.payloads import decrypt
 from kmip.core.messages.payloads import destroy
 from kmip.core.messages.payloads import discover_versions
 from kmip.core.messages.payloads import encrypt
@@ -78,3 +79,6 @@ class ResponsePayloadFactory(PayloadFactory):
 
     def _create_encrypt_payload(self):
         return encrypt.EncryptResponsePayload()
+
+    def _create_decrypt_payload(self):
+        return decrypt.DecryptResponsePayload()

kmip/core/messages/payloads/decrypt.py

@@ -0,0 +1,430 @@
+# Copyright (c) 2017 The Johns Hopkins University/Applied Physics Laboratory
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import six
+
+from kmip.core import attributes
+from kmip.core import enums
+from kmip.core import primitives
+from kmip.core import utils
+
+
+class DecryptRequestPayload(primitives.Struct):
+    """
+    A request payload for the Decrypt operation.
+
+    Attributes:
+        unique_identifier: The unique ID of the managed object to be used for
+            decryption.
+        cryptographic_parameters: A collection of settings relevant for
+            the decryption operation.
+        data: The data to be decrypted in the form of a binary string.
+        iv_counter_nonce: An IV/counter/nonce to be used with the decryption
+            algorithm. Comes in the form of a binary string.
+    """
+
+    def __init__(self,
+                 unique_identifier=None,
+                 cryptographic_parameters=None,
+                 data=None,
+                 iv_counter_nonce=None):
+        """
+        Construct a Decrypt request payload struct.
+
+        Args:
+            unique_identifier (string): The ID of the managed object (e.g.,
+                a symmetric key) to be used for decryption. Optional, defaults
+                to None. If not included, the ID placeholder will be used.
+            cryptographic_parameters (CryptographicParameters): A
+                CryptographicParameters struct containing the settings for
+                the decryption algorithm. Optional, defaults to None. If not
+                included, the CryptographicParameters associated with the
+                managed object will be used instead.
+            data (bytes): The data to decrypt in binary form. Required for
+                encoding and decoding.
+            iv_counter_nonce (bytes): The IV/counter/nonce value to be used
+                with the decryption algorithm. Optional, defaults to None.
+        """
+        super(DecryptRequestPayload, self).__init__(
+            enums.Tags.REQUEST_PAYLOAD
+        )
+
+        self._unique_identifier = None
+        self._cryptographic_parameters = None
+        self._data = None
+        self._iv_counter_nonce = None
+
+        self.unique_identifier = unique_identifier
+        self.cryptographic_parameters = cryptographic_parameters
+        self.data = data
+        self.iv_counter_nonce = iv_counter_nonce
+
+    @property
+    def unique_identifier(self):
+        if self._unique_identifier:
+            return self._unique_identifier.value
+        else:
+            return None
+
+    @unique_identifier.setter
+    def unique_identifier(self, value):
+        if value is None:
+            self._unique_identifier = None
+        elif isinstance(value, six.string_types):
+            self._unique_identifier = primitives.TextString(
+                value=value,
+                tag=enums.Tags.UNIQUE_IDENTIFIER
+            )
+        else:
+            raise TypeError("unique identifier must be a string")
+
+    @property
+    def cryptographic_parameters(self):
+        return self._cryptographic_parameters
+
+    @cryptographic_parameters.setter
+    def cryptographic_parameters(self, value):
+        if value is None:
+            self._cryptographic_parameters = None
+        elif isinstance(value, attributes.CryptographicParameters):
+            self._cryptographic_parameters = value
+        else:
+            raise TypeError(
+                "cryptographic parameters must be a CryptographicParameters "
+                "struct"
+            )
+
+    @property
+    def data(self):
+        if self._data:
+            return self._data.value
+        else:
+            return None
+
+    @data.setter
+    def data(self, value):
+        if value is None:
+            self._data = None
+        elif isinstance(value, six.binary_type):
+            self._data = primitives.ByteString(
+                value=value,
+                tag=enums.Tags.DATA
+            )
+        else:
+            raise TypeError("data must be bytes")
+
+    @property
+    def iv_counter_nonce(self):
+        if self._iv_counter_nonce:
+            return self._iv_counter_nonce.value
+        else:
+            return None
+
+    @iv_counter_nonce.setter
+    def iv_counter_nonce(self, value):
+        if value is None:
+            self._iv_counter_nonce = None
+        elif isinstance(value, six.binary_type):
+            self._iv_counter_nonce = primitives.ByteString(
+                value=value,
+                tag=enums.Tags.IV_COUNTER_NONCE
+            )
+        else:
+            raise TypeError("IV/counter/nonce must be bytes")
+
+    def read(self, input_stream):
+        """
+        Read the data encoding the Decrypt request payload and decode it
+        into its constituent parts.
+
+        Args:
+            input_stream (stream): A data stream containing encoded object
+                data, supporting a read method; usually a BytearrayStream
+                object.
+
+        Raises:
+            ValueError: Raised if the data attribute is missing from the
+                encoded payload.
+        """
+        super(DecryptRequestPayload, self).read(input_stream)
+        local_stream = utils.BytearrayStream(input_stream.read(self.length))
+
+        if self.is_tag_next(enums.Tags.UNIQUE_IDENTIFIER, local_stream):
+            self._unique_identifier = primitives.TextString(
+                tag=enums.Tags.UNIQUE_IDENTIFIER
+            )
+            self._unique_identifier.read(local_stream)
+
+        if self.is_tag_next(
+                enums.Tags.CRYPTOGRAPHIC_PARAMETERS,
+                local_stream
+        ):
+            self._cryptographic_parameters = \
+                attributes.CryptographicParameters()
+            self._cryptographic_parameters.read(local_stream)
+
+        if self.is_tag_next(enums.Tags.DATA, local_stream):
+            self._data = primitives.ByteString(tag=enums.Tags.DATA)
+            self._data.read(local_stream)
+        else:
+            raise ValueError("invalid payload missing the data attribute")
+
+        if self.is_tag_next(enums.Tags.IV_COUNTER_NONCE, local_stream):
+            self._iv_counter_nonce = primitives.ByteString(
+                tag=enums.Tags.IV_COUNTER_NONCE
+            )
+            self._iv_counter_nonce.read(local_stream)
+
+        self.is_oversized(local_stream)
+
+    def write(self, output_stream):
+        """
+        Write the data encoding the Decrypt request payload to a stream.
+
+        Args:
+            output_stream (stream): A data stream in which to encode object
+                data, supporting a write method; usually a BytearrayStream
+                object.
+
+        Raises:
+            ValueError: Raised if the data attribute is not defined.
+        """
+        local_stream = utils.BytearrayStream()
+
+        if self._unique_identifier:
+            self._unique_identifier.write(local_stream)
+        if self._cryptographic_parameters:
+            self._cryptographic_parameters.write(local_stream)
+
+        if self._data:
+            self._data.write(local_stream)
+        else:
+            raise ValueError("invalid payload missing the data attribute")
+
+        if self._iv_counter_nonce:
+            self._iv_counter_nonce.write(local_stream)
+
+        self.length = local_stream.length()
+        super(DecryptRequestPayload, self).write(output_stream)
+        output_stream.write(local_stream.buffer)
+
+    def __eq__(self, other):
+        if isinstance(other, DecryptRequestPayload):
+            if self.unique_identifier != other.unique_identifier:
+                return False
+            elif self.cryptographic_parameters != \
+                    other.cryptographic_parameters:
+                return False
+            elif self.data != other.data:
+                return False
+            elif self.iv_counter_nonce != other.iv_counter_nonce:
+                return False
+            else:
+                return True
+        else:
+            return NotImplemented
+
+    def __ne__(self, other):
+        if isinstance(other, DecryptRequestPayload):
+            return not (self == other)
+        else:
+            return NotImplemented
+
+    def __repr__(self):
+        args = ", ".join([
+            "unique_identifier='{0}'".format(self.unique_identifier),
+            "cryptographic_parameters={0}".format(
+                repr(self.cryptographic_parameters)
+            ),
+            "data={0}".format(self.data),
+            "iv_counter_nonce={0}".format(self.iv_counter_nonce)
+        ])
+        return "DecryptRequestPayload({0})".format(args)
+
+    def __str__(self):
+        return str({
+            'unique_identifier': self.unique_identifier,
+            'cryptographic_parameters': self.cryptographic_parameters,
+            'data': self.data,
+            'iv_counter_nonce': self.iv_counter_nonce
+        })
+
+
+class DecryptResponsePayload(primitives.Struct):
+    """
+    A response payload for the Decrypt operation.
+
+    Attributes:
+        unique_identifier: The unique ID of the managed object used for the
+            decryption.
+        data: The decrypted data in the form of a binary string.
+    """
+
+    def __init__(self,
+                 unique_identifier=None,
+                 data=None):
+        """
+        Construct a Decrypt response payload struct.
+
+        Args:
+            unique_identifier (string): The ID of the managed object (e.g.,
+                a symmetric key) used for decryption. Required for encoding
+                and decoding.
+            data (bytes): The decrypted data in binary form. Required for
+                encoding and decoding.
+        """
+        super(DecryptResponsePayload, self).__init__(
+            enums.Tags.RESPONSE_PAYLOAD
+        )
+
+        self._unique_identifier = None
+        self._data = None
+
+        self.unique_identifier = unique_identifier
+        self.data = data
+
+    @property
+    def unique_identifier(self):
+        if self._unique_identifier:
+            return self._unique_identifier.value
+        else:
+            return None
+
+    @unique_identifier.setter
+    def unique_identifier(self, value):
+        if value is None:
+            self._unique_identifier = None
+        elif isinstance(value, six.string_types):
+            self._unique_identifier = primitives.TextString(
+                value=value,
+                tag=enums.Tags.UNIQUE_IDENTIFIER
+            )
+        else:
+            raise TypeError("unique identifier must be a string")
+
+    @property
+    def data(self):
+        if self._data:
+            return self._data.value
+        else:
+            return None
+
+    @data.setter
+    def data(self, value):
+        if value is None:
+            self._data = None
+        elif isinstance(value, six.binary_type):
+            self._data = primitives.ByteString(
+                value=value,
+                tag=enums.Tags.DATA
+            )
+        else:
+            raise TypeError("data must be bytes")
+
+    def read(self, input_stream):
+        """
+        Read the data encoding the Decrypt response payload and decode it
+        into its constituent parts.
+
+        Args:
+            input_stream (stream): A data stream containing encoded object
+                data, supporting a read method; usually a BytearrayStream
+                object.
+
+        Raises:
+            ValueError: Raised if the unique_identifier or data attributes
+                are missing from the encoded payload.
+        """
+        super(DecryptResponsePayload, self).read(input_stream)
+        local_stream = utils.BytearrayStream(input_stream.read(self.length))
+
+        if self.is_tag_next(enums.Tags.UNIQUE_IDENTIFIER, local_stream):
+            self._unique_identifier = primitives.TextString(
+                tag=enums.Tags.UNIQUE_IDENTIFIER
+            )
+            self._unique_identifier.read(local_stream)
+        else:
+            raise ValueError(
+                "invalid payload missing the unique identifier attribute"
+            )
+
+        if self.is_tag_next(enums.Tags.DATA, local_stream):
+            self._data = primitives.ByteString(tag=enums.Tags.DATA)
+            self._data.read(local_stream)
+        else:
+            raise ValueError("invalid payload missing the data attribute")
+
+        self.is_oversized(local_stream)
+
+    def write(self, output_stream):
+        """
+        Write the data encoding the Decrypt response payload to a stream.
+
+        Args:
+            output_stream (stream): A data stream in which to encode object
+                data, supporting a write method; usually a BytearrayStream
+                object.
+
+        Raises:
+            ValueError: Raised if the unique_identifier or data attributes
+                are not defined.
+        """
+        local_stream = utils.BytearrayStream()
+
+        if self._unique_identifier:
+            self._unique_identifier.write(local_stream)
+        else:
+            raise ValueError(
+                "invalid payload missing the unique identifier attribute"
+            )
+
+        if self._data:
+            self._data.write(local_stream)
+        else:
+            raise ValueError("invalid payload missing the data attribute")
+
+        self.length = local_stream.length()
+        super(DecryptResponsePayload, self).write(output_stream)
+        output_stream.write(local_stream.buffer)
+
+    def __eq__(self, other):
+        if isinstance(other, DecryptResponsePayload):
+            if self.unique_identifier != other.unique_identifier:
+                return False
+            elif self.data != other.data:
+                return False
+            else:
+                return True
+        else:
+            return NotImplemented
+
+    def __ne__(self, other):
+        if isinstance(other, DecryptResponsePayload):
+            return not (self == other)
+        else:
+            return NotImplemented
+
+    def __repr__(self):
+        args = ", ".join([
+            "unique_identifier='{0}'".format(self.unique_identifier),
+            "data={0}".format(self.data)
+        ])
+        return "DecryptResponsePayload({0})".format(args)
+
+    def __str__(self):
+        return str({
+            'unique_identifier': self.unique_identifier,
+            'data': self.data
+        })

kmip/tests/unit/core/factories/payloads/test_request.py

@@ -21,6 +21,7 @@ from kmip.core.factories.payloads.request import RequestPayloadFactory
 from kmip.core.messages.payloads import activate
 from kmip.core.messages.payloads import create
 from kmip.core.messages.payloads import create_key_pair
+from kmip.core.messages.payloads import decrypt
 from kmip.core.messages.payloads import destroy
 from kmip.core.messages.payloads import discover_versions
 from kmip.core.messages.payloads import encrypt
@@ -213,10 +214,8 @@ class TestRequestPayloadFactory(testtools.TestCase):
         self._test_payload_type(payload, encrypt.EncryptRequestPayload)
 
     def test_create_decrypt_payload(self):
-        self._test_not_implemented(
-            self.factory.create,
-            enums.Operation.DECRYPT
-        )
+        payload = self.factory.create(enums.Operation.DECRYPT)
+        self._test_payload_type(payload, decrypt.DecryptRequestPayload)
 
     def test_create_sign_payload(self):
         self._test_not_implemented(self.factory.create, enums.Operation.SIGN)

kmip/tests/unit/core/factories/payloads/test_response.py

@@ -21,6 +21,7 @@ from kmip.core.factories.payloads.response import ResponsePayloadFactory
 from kmip.core.messages.payloads import activate
 from kmip.core.messages.payloads import create
 from kmip.core.messages.payloads import create_key_pair
+from kmip.core.messages.payloads import decrypt
 from kmip.core.messages.payloads import destroy
 from kmip.core.messages.payloads import discover_versions
 from kmip.core.messages.payloads import encrypt
@@ -211,10 +212,8 @@ class TestResponsePayloadFactory(testtools.TestCase):
         self._test_payload_type(payload, encrypt.EncryptResponsePayload)
 
     def test_create_decrypt_payload(self):
-        self._test_not_implemented(
-            self.factory.create,
-            enums.Operation.DECRYPT
-        )
+        payload = self.factory.create(enums.Operation.DECRYPT)
+        self._test_payload_type(payload, decrypt.DecryptResponsePayload)
 
     def test_create_sign_payload(self):
         self._test_not_implemented(self.factory.create, enums.Operation.SIGN)