in src/aws_encryption_sdk/internal/formatting/serialize.py [0:0]
def serialize_encrypted_data_key(encrypted_data_key):
"""Serializes an encrypted data key.
.. versionadded:: 1.3.0
:param encrypted_data_key: Encrypted data key to serialize
:type encrypted_data_key: aws_encryption_sdk.structures.EncryptedDataKey
:returns: Serialized encrypted data key
:rtype: bytes
"""
encrypted_data_key_format = (
">" # big endian
"H" # key provider ID length
"{provider_id_len}s" # key provider ID
"H" # key info length
"{provider_info_len}s" # key info
"H" # encrypted data key length
"{enc_data_key_len}s" # encrypted data key
)
# ESDK-Python <4.0.1 incorrectly computed len_key_provider_id_bytes for non-ASCII key provider IDs.
# len_key_provider_id_bytes was computed as the length of the key provider ID as a string instead of
# the length of the key provider ID as UTF-8 bytes.
# If a non-ASCII key provider ID were supplied, the key provider ID as UTF-8 bytes written to the header
# would be truncated, and attempting to decrypt the message would result in a deserialization error.
# The message can be decrypted by replacing the truncated provider ID with the expected provider ID
# in decryption code.
# Contact AWS for any questions about this approach.
# ESDK-Python >=4.0.1 corrects the serialization logic and writes the correct length and expected bytes
# to the message header.
key_provider_id_bytes = to_bytes(encrypted_data_key.key_provider.provider_id)
len_key_provider_id_bytes = len(key_provider_id_bytes)
key_info_bytes = to_bytes(encrypted_data_key.key_provider.key_info)
len_key_info_bytes = len(key_info_bytes)
return struct.pack(
encrypted_data_key_format.format(
provider_id_len=len_key_provider_id_bytes,
provider_info_len=len_key_info_bytes,
enc_data_key_len=len(encrypted_data_key.encrypted_data_key),
),
len_key_provider_id_bytes,
key_provider_id_bytes,
len_key_info_bytes,
key_info_bytes,
len(encrypted_data_key.encrypted_data_key),
encrypted_data_key.encrypted_data_key,
)