in src/aws_encryption_sdk/key_providers/raw.py [0:0]
def owns_data_key(self, data_key):
"""Determines if data_key object is owned by this RawMasterKey.
:param data_key: Data key to evaluate
:type data_key: :class:`aws_encryption_sdk.structures.DataKey`,
:class:`aws_encryption_sdk.structures.RawDataKey`,
or :class:`aws_encryption_sdk.structures.EncryptedDataKey`
:returns: Boolean statement of ownership
:rtype: bool
"""
expected_key_info_len = -1
if (
self.config.wrapping_key.wrapping_algorithm.encryption_type is EncryptionType.ASYMMETRIC
and data_key.key_provider == self.key_provider
):
return True
elif self.config.wrapping_key.wrapping_algorithm.encryption_type is EncryptionType.SYMMETRIC:
expected_key_info_len = (
len(self._key_info_prefix) + self.config.wrapping_key.wrapping_algorithm.algorithm.iv_len
)
if (
data_key.key_provider.provider_id == self.provider_id
and len(data_key.key_provider.key_info) == expected_key_info_len
and data_key.key_provider.key_info.startswith(self._key_info_prefix)
):
return True
_LOGGER.debug(
(
"RawMasterKey does not own data_key: %s\n"
"Expected provider_id: %s\n"
"Expected key_info len: %s\n"
"Expected key_info prefix: %s"
),
data_key,
self.provider_id,
expected_key_info_len,
self._key_info_prefix,
)
return False