src/aws_encryption_sdk/internal/formatting/serialize.py [197:240]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - algorithm, header, data_encryption_key, signer=None, required_ec_bytes=None ): """Creates serialized header authentication data for messages in serialization version V1. :param algorithm: Algorithm to use for encryption :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes header: Serialized message header :param bytes data_encryption_key: Data key with which to encrypt message :param signer: Cryptographic signer object (optional) :type signer: aws_encryption_sdk.Signer :param required_encryption_context_bytes: Serialized encryption context items for all items whose keys are in the required_encryption_context list. This is ONLY processed if using the aws-cryptographic-material-providers library AND its required encryption context CMM. (optional) :type required_encryption_context_bytes: bytes :returns: Serialized header authentication data :rtype: bytes """ if required_ec_bytes is None: header_auth = encrypt( algorithm=algorithm, key=data_encryption_key, plaintext=b"", associated_data=header, iv=header_auth_iv(algorithm), ) else: header_auth = encrypt( algorithm=algorithm, key=data_encryption_key, plaintext=b"", # The AAD MUST be the concatenation of the serialized message header body and the serialization # of encryption context to only authenticate. The encryption context to only authenticate MUST # be the encryption context in the encryption materials filtered to only contain key value # pairs listed in the encryption material's required encryption context keys serialized # according to the encryption context serialization specification. associated_data=header + required_ec_bytes, iv=header_auth_iv(algorithm), ) output = struct.pack( - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - src/aws_encryption_sdk/internal/formatting/serialize.py [251:294]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - algorithm, header, data_encryption_key, signer=None, required_ec_bytes=None ): """Creates serialized header authentication data for messages in serialization version V2. :param algorithm: Algorithm to use for encryption :type algorithm: aws_encryption_sdk.identifiers.Algorithm :param bytes header: Serialized message header :param bytes data_encryption_key: Data key with which to encrypt message :param signer: Cryptographic signer object (optional) :type signer: aws_encryption_sdk.Signer :param required_encryption_context_bytes: Serialized encryption context items for all items whose keys are in the required_encryption_context list. This is ONLY processed if using the aws-cryptographic-material-providers library AND its required encryption context CMM. (optional) :type required_encryption_context_bytes: bytes :returns: Serialized header authentication data :rtype: bytes """ if required_ec_bytes is None: header_auth = encrypt( algorithm=algorithm, key=data_encryption_key, plaintext=b"", associated_data=header, iv=header_auth_iv(algorithm), ) else: header_auth = encrypt( algorithm=algorithm, key=data_encryption_key, plaintext=b"", # The AAD MUST be the concatenation of the serialized message header body and the serialization # of encryption context to only authenticate. The encryption context to only authenticate MUST # be the encryption context in the encryption materials filtered to only contain key value # pairs listed in the encryption material's required encryption context keys serialized # according to the encryption context serialization specification. associated_data=header + required_ec_bytes, iv=header_auth_iv(algorithm), ) output = struct.pack( - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -