[Key Vault Keys] Add new algorithms (#11380)

* [Key Vault Keys] Add new algorithms * seems like this was necessary. Not sure how I didnt catch it before * Renamed aad as additionalAuthenticatedData * formatting * this seems better * API changes after recent feedback * lint fix * swagger property rename WIP * generated changes * removed console.log
Azure · Sep 24, 2020 · 3c96491 · 3c96491
1 parent fe06264
commit 3c96491
Show file tree

Hide file tree

Showing 8 changed files with 134 additions and 71 deletions.
diff --git a/sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md b/sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md
@@ -71,7 +71,7 @@ export interface CryptographyOptions extends coreHttp.OperationOptions {
 }
 
 // @public
-export interface DecryptOptions extends CryptographyOptions {
+export interface DecryptOptions extends KeyOperationsOptions {
 }
 
 // @public
@@ -99,10 +99,10 @@ export interface DeletedKey {
 export type DeletionRecoveryLevel = 'Purgeable' | 'Recoverable+Purgeable' | 'Recoverable' | 'Recoverable+ProtectedSubscription' | 'CustomizedRecoverable+Purgeable' | 'CustomizedRecoverable' | 'CustomizedRecoverable+ProtectedSubscription';
 
 // @public
-export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5";
+export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5" | "A128GCM" | "A192GCM" | "A256GCM" | "A128KW" | "A192KW" | "A256KW" | "A128CBC" | "A192CBC" | "A256CBC" | "A128CBCPAD" | "A192CBCPAD" | "A256CBCPAD";
 
 // @public
-export interface EncryptOptions extends CryptographyOptions {
+export interface EncryptOptions extends KeyOperationsOptions {
 }
 
 // @public
@@ -184,6 +184,13 @@ export type KeyCurveName = "P-256" | "P-384" | "P-521" | "P-256K";
 // @public
 export type KeyOperation = "encrypt" | "decrypt" | "sign" | "verify" | "wrapKey" | "unwrapKey" | "import";
 
+// @public
+export interface KeyOperationsOptions extends CryptographyOptions {
+    additionalAuthenticatedData?: Uint8Array;
+    iv?: Uint8Array;
+    tag?: Uint8Array;
+}
+
 // @public
 export interface KeyPollerOptions extends coreHttp.OperationOptions {
     intervalInMs?: number;
@@ -295,7 +302,7 @@ export interface SignResult {
 }
 
 // @public
-export interface UnwrapKeyOptions extends CryptographyOptions {
+export interface UnwrapKeyOptions extends KeyOperationsOptions {
 }
 
 // @public
@@ -326,7 +333,7 @@ export interface VerifyResult {
 }
 
 // @public
-export interface WrapKeyOptions extends CryptographyOptions {
+export interface WrapKeyOptions extends KeyOperationsOptions {
 }
 
 // @public

diff --git a/sdk/keyvault/keyvault-keys/src/cryptographyClient.ts b/sdk/keyvault/keyvault-keys/src/cryptographyClient.ts
@@ -32,7 +32,6 @@ import {
   GetKeyOptions,
   KeyVaultKey,
   LATEST_API_VERSION,
-  CryptographyOptions,
   CryptographyClientOptions,
   KeyOperation
 } from "./keysModels";
@@ -46,7 +45,13 @@ import {
   SignatureAlgorithm,
   SignResult,
   VerifyResult,
-  EncryptResult
+  EncryptResult,
+  EncryptOptions,
+  DecryptOptions,
+  WrapKeyOptions,
+  UnwrapKeyOptions,
+  SignOptions,
+  VerifyOptions
 } from "./cryptographyClientModels";
 import { KeyBundle } from "./generated/models";
 import { parseKeyVaultKeyId } from "./identifier";
@@ -55,7 +60,7 @@ import { parseKeyVaultKeyId } from "./identifier";
  * Checks whether a key can be used at that specific moment,
  * by comparing the current date with the bundle's notBefore and expires values.
  */
-export function checkKeyValidity(keyId?: string, keyBundle?: KeyBundle) {
+export function checkKeyValidity(keyId?: string, keyBundle?: KeyBundle): void {
   const attributes = keyBundle?.attributes || {};
   const { notBefore, expires } = attributes;
   const now = new Date();
@@ -177,7 +182,7 @@ export class CryptographyClient {
    * ```
    * @param {EncryptionAlgorithm} algorithm The algorithm to use.
    * @param {Uint8Array} ciphertext The text to decrypt.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {DecryptOptions} [options] Additional options.
    */
 
   public async decrypt(
@@ -221,7 +226,7 @@ export class CryptographyClient {
    * ```
    * @param {KeyWrapAlgorithm} algorithm The encryption algorithm to use to wrap the given key.
    * @param {Uint8Array} key The key to wrap.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {WrapKeyOptions} [options] Additional options.
    */
   public async wrapKey(
     algorithm: KeyWrapAlgorithm,
@@ -276,7 +281,7 @@ export class CryptographyClient {
    * ```
    * @param {KeyWrapAlgorithm} algorithm The decryption algorithm to use to unwrap the key.
    * @param {Uint8Array} encryptedKey The encrypted key to unwrap.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {UnwrapKeyOptions} [options] Additional options.
    */
   public async unwrapKey(
     algorithm: KeyWrapAlgorithm,
@@ -319,7 +324,7 @@ export class CryptographyClient {
    * ```
    * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use.
    * @param {Uint8Array} digest The digest of the data to sign.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {SignOptions} [options] Additional options.
    */
   public async sign(
     algorithm: SignatureAlgorithm,
@@ -361,7 +366,7 @@ export class CryptographyClient {
    * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use to verify with.
    * @param {Uint8Array} digest The digest to verify.
    * @param {Uint8Array} signature The signature to verify the digest against.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {VerifyOptions} [options] Additional options.
    */
   public async verify(
     algorithm: SignatureAlgorithm,
@@ -404,7 +409,7 @@ export class CryptographyClient {
    * ```
    * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use.
    * @param {Uint8Array} data The data to sign.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {SignOptions} [options] Additional options.
    */
   public async signData(
     algorithm: SignatureAlgorithm,
@@ -459,7 +464,7 @@ export class CryptographyClient {
    * @param {KeySignatureAlgorithm} algorithm The algorithm to use to verify with.
    * @param {Uint8Array} data The signed block of data to verify.
    * @param {Uint8Array} signature The signature to verify the block against.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {VerifyOptions} [options] Additional options.
    */
   public async verifyData(
     algorithm: SignatureAlgorithm,
@@ -737,33 +742,3 @@ export class CryptographyClient {
     }
   }
 }
-
-/**
- * Options for {@link encrypt}.
- */
-export interface EncryptOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link decrypt}.
- */
-export interface DecryptOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link sign}.
- */
-export interface SignOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link verify}.
- */
-export interface VerifyOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link wrapKey}.
- */
-export interface WrapKeyOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link unwrapKey}.
- */
-export interface UnwrapKeyOptions extends CryptographyOptions {}
diff --git a/sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts b/sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts
@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 
+import { CryptographyOptions } from "./keysModels";
+
 /**
  * Defines values for SignatureAlgorithm.
  * @readonly
@@ -20,11 +22,26 @@ export type SignatureAlgorithm =
 
 /**
  * Defines values for EncryptionAlgorithm.
- * Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
+ * Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5', 'A128GCM', 'A192GCM', 'A256GCM', 'A128KW', 'A192KW', 'A256KW', 'A128CBC', 'A192CBC', 'A256CBC', 'A128CBCPAD', 'A192CBCPAD', 'A256CBCPAD'
  * @readonly
  * @enum {string}
  */
-export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5";
+export type EncryptionAlgorithm =
+  | "RSA-OAEP"
+  | "RSA-OAEP-256"
+  | "RSA1_5"
+  | "A128GCM"
+  | "A192GCM"
+  | "A256GCM"
+  | "A128KW"
+  | "A192KW"
+  | "A256KW"
+  | "A128CBC"
+  | "A192CBC"
+  | "A256CBC"
+  | "A128CBCPAD"
+  | "A192CBCPAD"
+  | "A256CBCPAD";
 
 /**
  * Defines values for KeyCurveName.
@@ -137,3 +154,52 @@ export interface VerifyResult {
    */
   keyID?: string;
 }
+
+/**
+ * Common optional properties for encrypt, decrypt, wrap and unwrap.
+ */
+export interface KeyOperationsOptions extends CryptographyOptions {
+  /**
+   * Initialization vector for symmetric algorithms.
+   */
+  iv?: Uint8Array;
+  /**
+   * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto
+   * algorithms.
+   */
+  additionalAuthenticatedData?: Uint8Array;
+  /**
+   * The tag to authenticate when performing decryption with an authenticated algorithm.
+   */
+  tag?: Uint8Array;
+}
+
+/**
+ * Options for {@link encrypt}.
+ */
+export interface EncryptOptions extends KeyOperationsOptions {}
+
+/**
+ * Options for {@link decrypt}.
+ */
+export interface DecryptOptions extends KeyOperationsOptions {}
+
+/**
+ * Options for {@link sign}.
+ */
+export interface SignOptions extends CryptographyOptions {}
+
+/**
+ * Options for {@link verify}.
+ */
+export interface VerifyOptions extends CryptographyOptions {}
+
+/**
+ * Options for {@link wrapKey}.
+ */
+export interface WrapKeyOptions extends KeyOperationsOptions {}
+
+/**
+ * Options for {@link unwrapKey}.
+ */
+export interface UnwrapKeyOptions extends KeyOperationsOptions {}
diff --git a/sdk/keyvault/keyvault-keys/src/generated/keyVaultClient.ts b/sdk/keyvault/keyvault-keys/src/generated/keyVaultClient.ts
@@ -1204,9 +1204,9 @@ const encryptOperationSpec: coreHttp.OperationSpec = {
         "options",
         "iv"
       ],
-      aad: [
+      additionalAuthenticatedData: [
         "options",
-        "aad"
+        "additionalAuthenticatedData"
       ],
       tag: [
         "options",
@@ -1248,9 +1248,9 @@ const decryptOperationSpec: coreHttp.OperationSpec = {
         "options",
         "iv"
       ],
-      aad: [
+      additionalAuthenticatedData: [
         "options",
-        "aad"
+        "additionalAuthenticatedData"
       ],
       tag: [
         "options",
@@ -1357,9 +1357,9 @@ const wrapKeyOperationSpec: coreHttp.OperationSpec = {
         "options",
         "iv"
       ],
-      aad: [
+      additionalAuthenticatedData: [
         "options",
-        "aad"
+        "additionalAuthenticatedData"
       ],
       tag: [
         "options",
@@ -1401,9 +1401,9 @@ const unwrapKeyOperationSpec: coreHttp.OperationSpec = {
         "options",
         "iv"
       ],
-      aad: [
+      additionalAuthenticatedData: [
         "options",
-        "aad"
+        "additionalAuthenticatedData"
       ],
       tag: [
         "options",

diff --git a/sdk/keyvault/keyvault-keys/src/generated/models/index.ts b/sdk/keyvault/keyvault-keys/src/generated/models/index.ts
@@ -379,7 +379,7 @@ export interface KeyOperationsParameters {
    * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto
    * algorithms.
    */
-  aad?: Uint8Array;
+  additionalAuthenticatedData?: Uint8Array;
   /**
    * The tag to authenticate when performing decryption with an authenticated algorithm.
    */
@@ -655,7 +655,7 @@ export interface KeyVaultClientEncryptOptionalParams extends coreHttp.RequestOpt
    * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto
    * algorithms.
    */
-  aad?: Uint8Array;
+  additionalAuthenticatedData?: Uint8Array;
   /**
    * The tag to authenticate when performing decryption with an authenticated algorithm.
    */
@@ -674,7 +674,7 @@ export interface KeyVaultClientDecryptOptionalParams extends coreHttp.RequestOpt
    * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto
    * algorithms.
    */
-  aad?: Uint8Array;
+  additionalAuthenticatedData?: Uint8Array;
   /**
    * The tag to authenticate when performing decryption with an authenticated algorithm.
    */
@@ -693,7 +693,7 @@ export interface KeyVaultClientWrapKeyOptionalParams extends coreHttp.RequestOpt
    * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto
    * algorithms.
    */
-  aad?: Uint8Array;
+  additionalAuthenticatedData?: Uint8Array;
   /**
    * The tag to authenticate when performing decryption with an authenticated algorithm.
    */
@@ -712,7 +712,7 @@ export interface KeyVaultClientUnwrapKeyOptionalParams extends coreHttp.RequestO
    * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto
    * algorithms.
    */
-  aad?: Uint8Array;
+  additionalAuthenticatedData?: Uint8Array;
   /**
    * The tag to authenticate when performing decryption with an authenticated algorithm.
    */

diff --git a/sdk/keyvault/keyvault-keys/src/generated/models/mappers.ts b/sdk/keyvault/keyvault-keys/src/generated/models/mappers.ts
@@ -651,7 +651,7 @@ export const KeyOperationsParameters: coreHttp.CompositeMapper = {
           name: "Base64Url"
         }
       },
-      aad: {
+      additionalAuthenticatedData: {
         serializedName: "aad",
         type: {
           name: "Base64Url"