Update the object data model to support storing key wrapping data

This change updates the KMIP object model to support explicitly
storing key wrapping data attributes. Key wrapping data is treated
externally as a dictionary and is stored as individual fields in
the back end. Various unit tests have been updated and added to
support these additions.

kmip/tests/unit/pie/objects/test_key.py

@@ -94,3 +94,17 @@ class TestKey(TestCase):
         """
         dummy = DummyKey()
         self.assertFalse(dummy != dummy)
+
+    def test_key_wrapping_data_invalid(self):
+        """
+        Test that the right error is raised when setting the key wrapping
+        data with an invalid value.
+        """
+        dummy = DummyKey()
+        args = (dummy, 'key_wrapping_data', 'invalid')
+        self.assertRaisesRegexp(
+            TypeError,
+            "Key wrapping data must be a dictionary.",
+            setattr,
+            *args
+        )

kmip/tests/unit/pie/objects/test_private_key.py

@@ -300,9 +300,13 @@ class TestPrivateKey(testtools.TestCase):
         key = PrivateKey(
             enums.CryptographicAlgorithm.RSA, 1024, self.bytes_1024,
             enums.KeyFormatType.PKCS_8)
-        args = "algorithm={0}, length={1}, value={2}, format_type={3}".format(
-            enums.CryptographicAlgorithm.RSA, 1024,
-            binascii.hexlify(self.bytes_1024), enums.KeyFormatType.PKCS_8)
+        args = "{0}, {1}, {2}, {3}, {4}".format(
+            "algorithm={0}".format(enums.CryptographicAlgorithm.RSA),
+            "length={0}".format(1024),
+            "value={0}".format(binascii.hexlify(self.bytes_1024)),
+            "format_type={0}".format(enums.KeyFormatType.PKCS_8),
+            "key_wrapping_data={0}".format({})
+        )
         expected = "PrivateKey({0})".format(args)
         observed = repr(key)
         self.assertEqual(expected, observed)
@@ -388,6 +392,31 @@ class TestPrivateKey(testtools.TestCase):
         self.assertFalse(a == b)
         self.assertFalse(b == a)
 
+    def test_equal_on_not_equal_key_wrapping_data(self):
+        """
+        Test that the equality operator returns False when comparing two
+        PrivateKey objects with different key wrapping data.
+        """
+        a = PrivateKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.PKCS_8,
+            key_wrapping_data={}
+        )
+        b = PrivateKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.PKCS_8,
+            key_wrapping_data={
+                'wrapping_method': enums.WrappingMethod.ENCRYPT
+            }
+        )
+
+        self.assertFalse(a == b)
+        self.assertFalse(b == a)
+
     def test_equal_on_type_mismatch(self):
         """
         Test that the equality operator returns False when comparing a
@@ -470,6 +499,31 @@ class TestPrivateKey(testtools.TestCase):
         self.assertTrue(a != b)
         self.assertTrue(b != a)
 
+    def test_not_equal_on_not_equal_key_wrapping_data(self):
+        """
+        Test that the inequality operator returns True when comparing two
+        PrivateKey objects with different key wrapping data.
+        """
+        a = PrivateKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.PKCS_8,
+            key_wrapping_data={}
+        )
+        b = PrivateKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.PKCS_8,
+            key_wrapping_data={
+                'wrapping_method': enums.WrappingMethod.ENCRYPT
+            }
+        )
+
+        self.assertTrue(a != b)
+        self.assertTrue(b != a)
+
     def test_not_equal_on_type_mismatch(self):
         """
         Test that the equality operator returns True when comparing a

kmip/tests/unit/pie/objects/test_public_key.py

@@ -198,9 +198,13 @@ class TestPublicKey(testtools.TestCase):
         key = PublicKey(
             enums.CryptographicAlgorithm.RSA, 1024, self.bytes_1024,
             enums.KeyFormatType.X_509)
-        args = "algorithm={0}, length={1}, value={2}, format_type={3}".format(
-            enums.CryptographicAlgorithm.RSA, 1024,
-            binascii.hexlify(self.bytes_1024), enums.KeyFormatType.X_509)
+        args = "{0}, {1}, {2}, {3}, {4}".format(
+            "algorithm={0}".format(enums.CryptographicAlgorithm.RSA),
+            "length={0}".format(1024),
+            "value={0}".format(binascii.hexlify(self.bytes_1024)),
+            "format_type={0}".format(enums.KeyFormatType.X_509),
+            "key_wrapping_data={0}".format({})
+        )
         expected = "PublicKey({0})".format(args)
         observed = repr(key)
         self.assertEqual(expected, observed)
@@ -286,6 +290,31 @@ class TestPublicKey(testtools.TestCase):
         self.assertFalse(a == b)
         self.assertFalse(b == a)
 
+    def test_equal_on_not_equal_key_wrapping_data(self):
+        """
+        Test that the equality operator returns False when comparing two
+        PublicKey objects with different key wrapping data.
+        """
+        a = PublicKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.X_509,
+            key_wrapping_data={}
+        )
+        b = PublicKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.X_509,
+            key_wrapping_data={
+                'wrapping_method': enums.WrappingMethod.ENCRYPT
+            }
+        )
+
+        self.assertFalse(a == b)
+        self.assertFalse(b == a)
+
     def test_equal_on_type_mismatch(self):
         """
         Test that the equality operator returns False when comparing a
@@ -368,6 +397,31 @@ class TestPublicKey(testtools.TestCase):
         self.assertTrue(a != b)
         self.assertTrue(b != a)
 
+    def test_not_equal_on_not_equal_key_wrapping_data(self):
+        """
+        Test that the inequality operator returns True when comparing two
+        PublicKey objects with different key wrapping data.
+        """
+        a = PublicKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.X_509,
+            key_wrapping_data={}
+        )
+        b = PublicKey(
+            enums.CryptographicAlgorithm.RSA,
+            1024,
+            self.bytes_1024,
+            enums.KeyFormatType.X_509,
+            key_wrapping_data={
+                'wrapping_method': enums.WrappingMethod.ENCRYPT
+            }
+        )
+
+        self.assertTrue(a != b)
+        self.assertTrue(b != a)
+
     def test_not_equal_on_type_mismatch(self):
         """
         Test that the equality operator returns True when comparing a

kmip/tests/unit/pie/objects/test_symmetric_key.py

@@ -179,11 +179,17 @@ class TestSymmetricKey(testtools.TestCase):
         Test that repr can be applied to a SymmetricKey.
         """
         key = SymmetricKey(
-            enums.CryptographicAlgorithm.AES, 128, self.bytes_128a)
+            enums.CryptographicAlgorithm.AES,
+            128,
+            self.bytes_128a
+        )
 
-        args = "algorithm={0}, length={1}, value={2}".format(
-            enums.CryptographicAlgorithm.AES, 128,
-            binascii.hexlify(self.bytes_128a))
+        args = "{0}, {1}, {2}, {3}".format(
+            "algorithm={0}".format(enums.CryptographicAlgorithm.AES),
+            "length={0}".format(128),
+            "value={0}".format(binascii.hexlify(self.bytes_128a)),
+            "key_wrapping_data={0}".format({})
+        )
         expected = "SymmetricKey({0})".format(args)
         observed = repr(key)
 
@@ -253,6 +259,29 @@ class TestSymmetricKey(testtools.TestCase):
         self.assertFalse(a == b)
         self.assertFalse(b == a)
 
+    def test_equal_on_not_equal_key_wrapping_data(self):
+        """
+        Test that the equality operator returns False when comparing two
+        SymmetricKey objects with different key wrapping data.
+        """
+        a = SymmetricKey(
+            enums.CryptographicAlgorithm.AES,
+            128,
+            self.bytes_128a,
+            key_wrapping_data={}
+        )
+        b = SymmetricKey(
+            enums.CryptographicAlgorithm.AES,
+            128,
+            self.bytes_128a,
+            key_wrapping_data={
+                'wrapping_method': enums.WrappingMethod.ENCRYPT
+            }
+        )
+
+        self.assertFalse(a == b)
+        self.assertFalse(b == a)
+
     def test_equal_on_type_mismatch(self):
         """
         Test that the equality operator returns False when comparing a
@@ -317,6 +346,29 @@ class TestSymmetricKey(testtools.TestCase):
         self.assertTrue(a != b)
         self.assertTrue(b != a)
 
+    def test_not_equal_on_not_equal_key_wrapping_data(self):
+        """
+        Test that the inequality operator returns True when comparing two
+        SymmetricKey objects with different key wrapping data.
+        """
+        a = SymmetricKey(
+            enums.CryptographicAlgorithm.AES,
+            128,
+            self.bytes_128a,
+            key_wrapping_data={}
+        )
+        b = SymmetricKey(
+            enums.CryptographicAlgorithm.AES,
+            128,
+            self.bytes_128a,
+            key_wrapping_data={
+                'wrapping_method': enums.WrappingMethod.ENCRYPT
+            }
+        )
+
+        self.assertTrue(a != b)
+        self.assertTrue(b != a)
+
     def test_not_equal_on_type_mismatch(self):
         """
         Test that the equality operator returns True when comparing a

kmip/tests/unit/pie/test_factory.py

@@ -562,3 +562,103 @@ class TestObjectFactory(testtools.TestCase):
         self.assertEqual(key.cryptographic_length, length)
         self.assertEqual(key.key_format_type, format_type)
         self.assertEqual(key.value, value)
+
+    def test_build_cryptographic_parameters(self):
+        cryptographic_parameters = cobjects.CryptographicParameters(
+            block_cipher_mode=enums.BlockCipherMode.CBC,
+            padding_method=enums.PaddingMethod.ANSI_X923,
+            hashing_algorithm=enums.HashingAlgorithm.SHA_256,
+            key_role_type=enums.KeyRoleType.KEK,
+            digital_signature_algorithm=enums.DigitalSignatureAlgorithm.
+            DSA_WITH_SHA1,
+            cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
+            random_iv=True,
+            iv_length=32,
+            tag_length=33,
+            fixed_field_length=34,
+            invocation_field_length=35,
+            counter_length=36,
+            initial_counter_value=0
+        )
+
+        result = self.factory._build_cryptographic_parameters(
+            cryptographic_parameters
+        )
+        self.assertIsInstance(result, dict)
+        self.assertEqual(
+            enums.BlockCipherMode.CBC,
+            result.get('block_cipher_mode')
+        )
+        self.assertEqual(
+            enums.PaddingMethod.ANSI_X923,
+            result.get('padding_method')
+        )
+        self.assertEqual(
+            enums.HashingAlgorithm.SHA_256,
+            result.get('hashing_algorithm')
+        )
+        self.assertEqual(
+            enums.KeyRoleType.KEK,
+            result.get('key_role_type')
+        )
+        self.assertEqual(
+            enums.DigitalSignatureAlgorithm.DSA_WITH_SHA1,
+            result.get('digital_signature_algorithm')
+        )
+        self.assertEqual(
+            enums.CryptographicAlgorithm.AES,
+            result.get('cryptographic_algorithm')
+        )
+        self.assertEqual(True, result.get('random_iv'))
+        self.assertEqual(32, result.get('iv_length'))
+        self.assertEqual(33, result.get('tag_length'))
+        self.assertEqual(34, result.get('fixed_field_length'))
+        self.assertEqual(35, result.get('invocation_field_length'))
+        self.assertEqual(36, result.get('counter_length'))
+        self.assertEqual(0, result.get('initial_counter_value'))
+
+    def test_build_key_wrapping_data(self):
+        key_wrapping_data = cobjects.KeyWrappingData(
+            wrapping_method=enums.WrappingMethod.ENCRYPT,
+            encryption_key_information=cobjects.EncryptionKeyInformation(
+                unique_identifier='1',
+                cryptographic_parameters=cobjects.CryptographicParameters(
+                    block_cipher_mode=enums.BlockCipherMode.CBC
+                )
+            ),
+            mac_signature_key_information=cobjects.MACSignatureKeyInformation(
+                unique_identifier='2',
+                cryptographic_parameters=cobjects.CryptographicParameters(
+                    block_cipher_mode=enums.BlockCipherMode.CCM
+                )
+            ),
+            mac_signature=b'\x01',
+            iv_counter_nonce=b'\x02',
+            encoding_option=enums.EncodingOption.NO_ENCODING
+        )
+
+        result = self.factory._build_key_wrapping_data(
+            key_wrapping_data
+        )
+        self.assertIsInstance(result, dict)
+        self.assertEqual(
+            enums.WrappingMethod.ENCRYPT,
+            result.get('wrapping_method')
+        )
+        self.assertIsInstance(result.get('encryption_key_information'), dict)
+        eki = result.get('encryption_key_information')
+        self.assertEqual('1', eki.get('unique_identifier'))
+        self.assertIsInstance(eki.get('cryptographic_parameters'), dict)
+        self.assertIsInstance(
+            result.get('mac_signature_key_information'),
+            dict
+        )
+        mski = result.get('mac_signature_key_information')
+        self.assertEqual('2', mski.get('unique_identifier'))
+        self.assertIsInstance(mski.get('cryptographic_parameters'), dict)
+        self.assertEqual(b'\x01', result.get('mac_signature'))
+        self.assertEqual(b'\x02', result.get('iv_counter_nonce'))
+        self.assertEqual(
+            enums.EncodingOption.NO_ENCODING,
+            result.get('encoding_option')
+        )