Skip to content

fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle #538

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Dec 22, 2022
Merged

fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle #538

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a45a3a9
fix: Use FORBID_ENCRYPT_ALLOW_DECRYPT policy for decrypt oracle
Dec 19, 2022
83253ea
Merge remote-tracking branch 'aws/master'
Dec 19, 2022
9d03bed
fix: pin tox version < 4.0
Dec 21, 2022
85b7e7a
Update decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py
Dec 21, 2022
a096c65
fix: change forward-slashes to pound for comment
Dec 21, 2022
5a22749
fix: linting issue - ran autoformatter
Dec 21, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion codebuild/coverage/coverage.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ phases:
python: latest
build:
commands:
- pip install tox
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py310/awses_local.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ phases:
commands:
- pyenv install 3.10.0
- pyenv local 3.10.0
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- cd test_vector_handlers
- tox
2 changes: 1 addition & 1 deletion codebuild/py310/examples.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.10.0
- pyenv local 3.10.0
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py310/integ.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.10.0
- pyenv local 3.10.0
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py37/awses_local.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ phases:
commands:
- pyenv install 3.7.12
- pyenv local 3.7.12
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- cd test_vector_handlers
- tox
2 changes: 1 addition & 1 deletion codebuild/py37/examples.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.7.12
- pyenv local 3.7.12
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py37/integ.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.7.12
- pyenv local 3.7.12
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py38/awses_local.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ phases:
commands:
- pyenv install 3.8.12
- pyenv local 3.8.12
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- cd test_vector_handlers
- tox
2 changes: 1 addition & 1 deletion codebuild/py38/examples.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.8.12
- pyenv local 3.8.12
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py38/integ.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.8.12
- pyenv local 3.8.12
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py39/awses_1.7.1.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ phases:
commands:
- pyenv install 3.9.7
- pyenv local 3.9.7
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- cd test_vector_handlers
- tox
2 changes: 1 addition & 1 deletion codebuild/py39/awses_2.0.0.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ phases:
commands:
- pyenv install 3.9.7
- pyenv local 3.9.7
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- cd test_vector_handlers
- tox
2 changes: 1 addition & 1 deletion codebuild/py39/awses_latest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ phases:
commands:
- pyenv install 3.9.7
- pyenv local 3.9.7
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- cd test_vector_handlers
- tox
2 changes: 1 addition & 1 deletion codebuild/py39/examples.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.9.7
- pyenv local 3.9.7
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/py39/integ.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,5 +20,5 @@ phases:
commands:
- pyenv install 3.9.7
- pyenv local 3.9.7
- pip install tox tox-pyenv
- pip install "tox < 4.0"
- tox
2 changes: 1 addition & 1 deletion codebuild/release/prod-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ env:
phases:
install:
commands:
- pip install tox
- pip install "tox < 4.0"
- pip install --upgrade pip
runtime-versions:
python: latest
Expand Down
2 changes: 1 addition & 1 deletion codebuild/release/test-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ env:
phases:
install:
commands:
- pip install tox
- pip install "tox < 4.0"
- pip install --upgrade pip
runtime-versions:
python: latest
Expand Down
4 changes: 2 additions & 2 deletions codebuild/release/validate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ version: 0.2
phases:
install:
commands:
- pip install tox
- pip install "tox < 4.0"
runtime-versions:
python: latest
pre_build:
Expand All @@ -13,7 +13,7 @@ phases:
- sed -i "s/aws_encryption_sdk/aws_encryption_sdk==$VERSION/" requirements-dev.txt
- pyenv install 3.8.12
- pyenv local 3.8.12
- pip install tox tox-pyenv
- pip install "tox < 4.0"
build:
commands:
- NUM_RETRIES=3
Expand Down
5 changes: 4 additions & 1 deletion decrypt_oracle/src/aws_encryption_sdk_decrypt_oracle/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import os

import aws_encryption_sdk
from aws_encryption_sdk.identifiers import CommitmentPolicy
from aws_encryption_sdk.key_providers.kms import DiscoveryAwsKmsMasterKeyProvider
from chalice import Chalice, Response

Expand Down Expand Up @@ -59,7 +60,9 @@ def basic_decrypt() -> Response:
APP.log.debug(APP.current_request.raw_body)

try:
client = aws_encryption_sdk.EncryptionSDKClient()
# The decrypt oracle needs to be able to decrypt any message
# it does not encrypt messages for anyone.
client = aws_encryption_sdk.EncryptionSDKClient(commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT)
ciphertext = APP.current_request.raw_body
plaintext, _header = client.decrypt(source=ciphertext, key_provider=_master_key_provider())
APP.log.debug("Plaintext:")
Expand Down