otdf-python 0.4.0__py3-none-any.whl → 0.4.2__py3-none-any.whl

otdf_python/ecc_constants.py

@@ -1,5 +1,4 @@
-"""
-Elliptic Curve Constants for NanoTDF.
+"""Elliptic Curve Constants for NanoTDF.
 
 This module defines shared constants for elliptic curve operations used across
 the SDK, particularly for NanoTDF encryption/decryption.
@@ -14,8 +13,7 @@ from cryptography.hazmat.primitives.asymmetric import ec
 
 
 class ECCConstants:
-    """
-    Centralized constants for elliptic curve cryptography operations.
+    """Centralized constants for elliptic curve cryptography operations.
 
     This class provides mappings between curve names, curve type integers,
     cryptography curve objects, and compressed public key sizes.
@@ -67,8 +65,7 @@ class ECCConstants:
 
     @classmethod
     def get_curve_name(cls, curve_type: int) -> str:
-        """
-        Get curve name from curve type integer.
+        """Get curve name from curve type integer.
 
         Args:
             curve_type: Curve type (0=secp256r1, 1=secp384r1, 2=secp521r1, 3=secp256k1)
@@ -78,6 +75,7 @@ class ECCConstants:
 
         Raises:
             ValueError: If curve_type is not supported
+
         """
         name = cls.CURVE_TYPE_TO_NAME.get(curve_type)
         if name is None:
@@ -89,8 +87,7 @@ class ECCConstants:
 
     @classmethod
     def get_curve_type(cls, curve_name: str) -> int:
-        """
-        Get curve type integer from curve name.
+        """Get curve type integer from curve name.
 
         Args:
             curve_name: Curve name (e.g., "secp256r1")
@@ -100,6 +97,7 @@ class ECCConstants:
 
         Raises:
             ValueError: If curve_name is not supported
+
         """
         curve_type = cls.CURVE_NAME_TO_TYPE.get(curve_name.lower())
         if curve_type is None:
@@ -111,8 +109,7 @@ class ECCConstants:
 
     @classmethod
     def get_compressed_key_size_by_type(cls, curve_type: int) -> int:
-        """
-        Get compressed public key size from curve type integer.
+        """Get compressed public key size from curve type integer.
 
         Args:
             curve_type: Curve type (0=secp256r1, 1=secp384r1, 2=secp521r1, 3=secp256k1)
@@ -122,6 +119,7 @@ class ECCConstants:
 
         Raises:
             ValueError: If curve_type is not supported
+
         """
         size = cls.COMPRESSED_KEY_SIZE_BY_TYPE.get(curve_type)
         if size is None:
@@ -133,8 +131,7 @@ class ECCConstants:
 
     @classmethod
     def get_compressed_key_size_by_name(cls, curve_name: str) -> int:
-        """
-        Get compressed public key size from curve name.
+        """Get compressed public key size from curve name.
 
         Args:
             curve_name: Curve name (e.g., "secp256r1")
@@ -144,6 +141,7 @@ class ECCConstants:
 
         Raises:
             ValueError: If curve_name is not supported
+
         """
         size = cls.COMPRESSED_KEY_SIZE_BY_NAME.get(curve_name.lower())
         if size is None:
@@ -155,8 +153,7 @@ class ECCConstants:
 
     @classmethod
     def get_curve_object(cls, curve_name: str) -> ec.EllipticCurve:
-        """
-        Get cryptography library curve object from curve name.
+        """Get cryptography library curve object from curve name.
 
         Args:
             curve_name: Curve name (e.g., "secp256r1")
@@ -166,6 +163,7 @@ class ECCConstants:
 
         Raises:
             ValueError: If curve_name is not supported
+
         """
         curve = cls.CURVE_OBJECTS.get(curve_name.lower())
         if curve is None:

otdf_python/ecc_mode.py

@@ -1,9 +1,10 @@
+"""Elliptic Curve Cryptography mode enumeration."""
+
 from otdf_python.ecc_constants import ECCConstants
 
 
 class ECCMode:
-    """
-    ECC (Elliptic Curve Cryptography) mode configuration for NanoTDF.
+    """ECC (Elliptic Curve Cryptography) mode configuration for NanoTDF.
 
     This class encapsulates the curve type and policy binding mode (GMAC vs ECDSA)
     that are encoded in the NanoTDF header. It delegates to ECCConstants for
@@ -11,6 +12,7 @@ class ECCMode:
     """
 
     def __init__(self, curve_mode: int = 0, use_ecdsa_binding: bool = False):
+        """Initialize ECC mode."""
         self.curve_mode = curve_mode
         self.use_ecdsa_binding = use_ecdsa_binding
 
@@ -34,6 +36,7 @@ class ECCMode:
 
         Raises:
             ValueError: If curve_mode is not supported
+
         """
         # Delegate to ECCConstants for the authoritative mapping
         return ECCConstants.get_curve_name(self.curve_mode)
@@ -50,6 +53,7 @@ class ECCMode:
 
         Raises:
             ValueError: If curve_type is not supported
+
         """
         # Delegate to ECCConstants for the authoritative mapping
         return ECCConstants.get_compressed_key_size_by_type(curve_type)
@@ -71,6 +75,7 @@ class ECCMode:
 
         Raises:
             ValueError: If curve_str is not a supported curve or binding type
+
         """
         # Handle policy binding types (always use secp256r1 as default curve)
         if curve_str.lower() == "gmac":

otdf_python/ecdh.py

@@ -1,5 +1,4 @@
-"""
-ECDH (Elliptic Curve Diffie-Hellman) key exchange for NanoTDF.
+"""ECDH (Elliptic Curve Diffie-Hellman) key exchange for NanoTDF.
 
 This module implements the ECDH key exchange protocol with HKDF key derivation
 as specified in the NanoTDF spec. It supports the following curves:
@@ -36,24 +35,17 @@ NANOTDF_HKDF_SALT = bytes.fromhex(
 class ECDHError(Exception):
     """Base exception for ECDH operations."""
 
-    pass
-
 
 class UnsupportedCurveError(ECDHError):
     """Raised when an unsupported curve is specified."""
 
-    pass
-
 
 class InvalidKeyError(ECDHError):
     """Raised when a key is invalid or malformed."""
 
-    pass
-
 
 def get_curve(curve_name: str) -> ec.EllipticCurve:
-    """
-    Get the cryptography curve object for a given curve name.
+    """Get the cryptography curve object for a given curve name.
 
     Args:
         curve_name: Name of the curve (e.g., "secp256r1")
@@ -63,6 +55,7 @@ def get_curve(curve_name: str) -> ec.EllipticCurve:
 
     Raises:
         UnsupportedCurveError: If the curve is not supported
+
     """
     try:
         # Delegate to ECCConstants for the authoritative mapping
@@ -72,8 +65,7 @@ def get_curve(curve_name: str) -> ec.EllipticCurve:
 
 
 def get_compressed_key_size(curve_name: str) -> int:
-    """
-    Get the size of a compressed public key for a given curve.
+    """Get the size of a compressed public key for a given curve.
 
     Args:
         curve_name: Name of the curve (e.g., "secp256r1")
@@ -83,6 +75,7 @@ def get_compressed_key_size(curve_name: str) -> int:
 
     Raises:
         UnsupportedCurveError: If the curve is not supported
+
     """
     try:
         # Delegate to ECCConstants for the authoritative mapping
@@ -94,8 +87,7 @@ def get_compressed_key_size(curve_name: str) -> int:
 def generate_ephemeral_keypair(
     curve_name: str,
 ) -> tuple[ec.EllipticCurvePrivateKey, ec.EllipticCurvePublicKey]:
-    """
-    Generate an ephemeral keypair for ECDH.
+    """Generate an ephemeral keypair for ECDH.
 
     Args:
         curve_name: Name of the curve (e.g., "secp256r1")
@@ -105,6 +97,7 @@ def generate_ephemeral_keypair(
 
     Raises:
         UnsupportedCurveError: If the curve is not supported
+
     """
     curve = get_curve(curve_name)
     private_key = ec.generate_private_key(curve, default_backend())
@@ -113,14 +106,14 @@ def generate_ephemeral_keypair(
 
 
 def compress_public_key(public_key: ec.EllipticCurvePublicKey) -> bytes:
-    """
-    Compress an EC public key to compressed point format.
+    """Compress an EC public key to compressed point format.
 
     Args:
         public_key: The EC public key to compress
 
     Returns:
         bytes: Compressed public key (33-67 bytes depending on curve)
+
     """
     return public_key.public_bytes(
         encoding=Encoding.X962, format=PublicFormat.CompressedPoint
@@ -130,8 +123,7 @@ def compress_public_key(public_key: ec.EllipticCurvePublicKey) -> bytes:
 def decompress_public_key(
     compressed_key: bytes, curve_name: str
 ) -> ec.EllipticCurvePublicKey:
-    """
-    Decompress a public key from compressed point format.
+    """Decompress a public key from compressed point format.
 
     Args:
         compressed_key: The compressed public key bytes
@@ -143,6 +135,7 @@ def decompress_public_key(
     Raises:
         InvalidKeyError: If the key cannot be decompressed
         UnsupportedCurveError: If the curve is not supported
+
     """
     try:
         curve = get_curve(curve_name)
@@ -156,14 +149,13 @@ def decompress_public_key(
 
         return ec.EllipticCurvePublicKey.from_encoded_point(curve, compressed_key)
     except (ValueError, TypeError) as e:
-        raise InvalidKeyError(f"Failed to decompress public key: {e}")
+        raise InvalidKeyError(f"Failed to decompress public key: {e}") from e
 
 
 def derive_shared_secret(
     private_key: ec.EllipticCurvePrivateKey, public_key: ec.EllipticCurvePublicKey
 ) -> bytes:
-    """
-    Derive a shared secret using ECDH.
+    """Derive a shared secret using ECDH.
 
     Args:
         private_key: The private key (can be ephemeral or recipient's key)
@@ -174,12 +166,13 @@ def derive_shared_secret(
 
     Raises:
         ECDHError: If ECDH fails
+
     """
     try:
         shared_secret = private_key.exchange(ec.ECDH(), public_key)
         return shared_secret
     except Exception as e:
-        raise ECDHError(f"Failed to derive shared secret: {e}")
+        raise ECDHError(f"Failed to derive shared secret: {e}") from e
 
 
 def derive_key_from_shared_secret(
@@ -188,8 +181,7 @@ def derive_key_from_shared_secret(
     salt: bytes | None = None,
     info: bytes = b"",
 ) -> bytes:
-    """
-    Derive a symmetric encryption key from the ECDH shared secret using HKDF.
+    """Derive a symmetric encryption key from the ECDH shared secret using HKDF.
 
     Args:
         shared_secret: The raw ECDH shared secret
@@ -202,6 +194,7 @@ def derive_key_from_shared_secret(
 
     Raises:
         ECDHError: If key derivation fails
+
     """
     if salt is None:
         salt = NANOTDF_HKDF_SALT
@@ -216,14 +209,13 @@ def derive_key_from_shared_secret(
         )
         return hkdf.derive(shared_secret)
     except Exception as e:
-        raise ECDHError(f"Failed to derive key from shared secret: {e}")
+        raise ECDHError(f"Failed to derive key from shared secret: {e}") from e
 
 
 def encrypt_key_with_ecdh(
     recipient_public_key_pem: str, curve_name: str = "secp256r1"
 ) -> tuple[bytes, bytes]:
-    """
-    High-level function: Generate ephemeral keypair and derive encryption key.
+    """High-level function: Generate ephemeral keypair and derive encryption key.
 
     This is used during NanoTDF encryption to derive the key that will be used
     to encrypt the payload. The ephemeral public key must be stored in the
@@ -242,6 +234,7 @@ def encrypt_key_with_ecdh(
         ECDHError: If key derivation fails
         InvalidKeyError: If recipient's public key is invalid
         UnsupportedCurveError: If the curve is not supported
+
     """
     # Load recipient's public key
     try:
@@ -251,7 +244,7 @@ def encrypt_key_with_ecdh(
         if not isinstance(recipient_public_key, ec.EllipticCurvePublicKey):
             raise InvalidKeyError("Recipient's public key is not an EC key")
     except Exception as e:
-        raise InvalidKeyError(f"Failed to load recipient's public key: {e}")
+        raise InvalidKeyError(f"Failed to load recipient's public key: {e}") from e
 
     # Generate ephemeral keypair
     ephemeral_private_key, ephemeral_public_key = generate_ephemeral_keypair(curve_name)
@@ -273,8 +266,7 @@ def decrypt_key_with_ecdh(
     compressed_ephemeral_public_key: bytes,
     curve_name: str = "secp256r1",
 ) -> bytes:
-    """
-    High-level function: Derive decryption key from ephemeral public key and recipient's private key.
+    """High-level function: Derive decryption key from ephemeral public key and recipient's private key.
 
     This is used during NanoTDF decryption to derive the same key that was used
     to encrypt the payload. The ephemeral public key is extracted from the
@@ -292,6 +284,7 @@ def decrypt_key_with_ecdh(
         ECDHError: If key derivation fails
         InvalidKeyError: If keys are invalid
         UnsupportedCurveError: If the curve is not supported
+
     """
     # Load recipient's private key
     try:
@@ -301,7 +294,7 @@ def decrypt_key_with_ecdh(
         if not isinstance(recipient_private_key, ec.EllipticCurvePrivateKey):
             raise InvalidKeyError("Recipient's private key is not an EC key")
     except Exception as e:
-        raise InvalidKeyError(f"Failed to load recipient's private key: {e}")
+        raise InvalidKeyError(f"Failed to load recipient's private key: {e}") from e
 
     # Decompress ephemeral public key
     ephemeral_public_key = decompress_public_key(

otdf_python/eckeypair.py

@@ -1,3 +1,5 @@
+"""Elliptic Curve key pair management."""
+
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.backends import default_backend
 from cryptography.hazmat.primitives import hashes, serialization
@@ -12,7 +14,10 @@ from cryptography.hazmat.primitives.serialization import (
 
 
 class ECKeyPair:
+    """Elliptic Curve key pair for cryptographic operations."""
+
     def __init__(self, curve=None):
+        """Initialize EC key pair."""
         if curve is None:
             curve = ec.SECP256R1()
         self.private_key = ec.generate_private_key(curve, default_backend())

otdf_python/header.py

@@ -1,3 +1,5 @@
+"""TDF header parsing and serialization."""
+
 from otdf_python.constants import MAGIC_NUMBER_AND_VERSION
 from otdf_python.ecc_mode import ECCMode
 from otdf_python.policy_info import PolicyInfo
@@ -6,10 +8,13 @@ from otdf_python.symmetric_and_payload_config import SymmetricAndPayloadConfig
 
 
 class Header:
+    """TDF header with encryption and policy information."""
+
     # Size of GMAC (Galois Message Authentication Code) for policy binding
     GMAC_SIZE = 8
 
     def __init__(self):
+        """Initialize TDF header."""
         self.kas_locator: ResourceLocator | None = None
         self.ecc_mode: ECCMode | None = None
         self.payload_config: SymmetricAndPayloadConfig | None = None

otdf_python/invalid_zip_exception.py

@@ -1,8 +1,12 @@
+"""Exception for invalid ZIP file errors."""
+
+
 class InvalidZipException(Exception):
-    """
-    Raised when a ZIP file is invalid or corrupted.
+    """Raised when a ZIP file is invalid or corrupted.
+
     Based on Java implementation.
     """
 
     def __init__(self, message: str):
+        """Initialize exception."""
         super().__init__(message)