def encrypt_symmetric()

in helpers/wrapped-key/wrapped_key.py [0:0]

• 17 lines of code
• 1 McCabe index (conditional complexity)

def encrypt_symmetric(project_id, location_id, key_ring_id, key_id, client):
    """
    Encrypt securely generated random bytes using a confidential
    computing symmetric key.

    Args:
        project_id (string): Google Cloud project ID.
        location_id (string): Cloud KMS location.
        key_ring_id (string): ID of the Cloud KMS key ring.
        key_id (string): ID of the key to use.
        client (KeyManagementServiceClient):
        Google Cloud Key Management Service.
    Returns:
        bytes: Encrypted ciphertext.
    """

    # Generate random bytes.
    plaintext_bytes = generate_random_bytes(
        project_id, location_id, 32, client)

    # Optional, but recommended: compute plaintext's CRC32C.
    # See crc32c() function defined below.
    plaintext_crc32c = crc32c(plaintext_bytes)

    # Build the key name.
    key_name = client.crypto_key_path(
        project_id, location_id, key_ring_id, key_id)

    # Call the API.
    encrypt_response = client.encrypt(
        request={'name': key_name, 'plaintext': plaintext_bytes,
                 'plaintext_crc32c': plaintext_crc32c})

    # Optional, but recommended: perform integrity verification
    # on encrypt_response.
    # For more details on ensuring E2E in-transit integrity to
    # and from Cloud KMS visit:
    # https://cloud.google.com/kms/docs/data-integrity-guidelines
    if not encrypt_response.verified_plaintext_crc32c:
        raise Exception(
            'The request sent to the server was corrupted in-transit.')
    if not encrypt_response.ciphertext_crc32c == \
            crc32c(encrypt_response.ciphertext):
        raise Exception(
            'The response received from the server was corrupted in-transit.')
    # End integrity verification

    return encrypt_response