From 3c96491df7eaf0e5e065a61b594bdd6f23baf404 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Rodr=C3=ADguez?= Date: Thu, 24 Sep 2020 15:42:34 -0400 Subject: [PATCH] [Key Vault Keys] Add new algorithms (#11380) * [Key Vault Keys] Add new algorithms * seems like this was necessary. Not sure how I didnt catch it before * Renamed aad as additionalAuthenticatedData * formatting * this seems better * API changes after recent feedback * lint fix * swagger property rename WIP * generated changes * removed console.log --- .../keyvault-keys/review/keyvault-keys.api.md | 17 +++-- .../keyvault-keys/src/cryptographyClient.ts | 55 ++++----------- .../src/cryptographyClientModels.ts | 70 ++++++++++++++++++- .../src/generated/keyVaultClient.ts | 16 ++--- .../src/generated/models/index.ts | 10 +-- .../src/generated/models/mappers.ts | 2 +- sdk/keyvault/keyvault-keys/src/index.ts | 20 +++--- sdk/keyvault/keyvault-keys/swagger/README.md | 15 ++++ 8 files changed, 134 insertions(+), 71 deletions(-) diff --git a/sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md b/sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md index 5ab40ebece62..1610b8567ff2 100644 --- a/sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md +++ b/sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md @@ -71,7 +71,7 @@ export interface CryptographyOptions extends coreHttp.OperationOptions { } // @public -export interface DecryptOptions extends CryptographyOptions { +export interface DecryptOptions extends KeyOperationsOptions { } // @public @@ -99,10 +99,10 @@ export interface DeletedKey { export type DeletionRecoveryLevel = 'Purgeable' | 'Recoverable+Purgeable' | 'Recoverable' | 'Recoverable+ProtectedSubscription' | 'CustomizedRecoverable+Purgeable' | 'CustomizedRecoverable' | 'CustomizedRecoverable+ProtectedSubscription'; // @public -export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5"; +export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5" | "A128GCM" | "A192GCM" | "A256GCM" | "A128KW" | "A192KW" | "A256KW" | "A128CBC" | "A192CBC" | "A256CBC" | "A128CBCPAD" | "A192CBCPAD" | "A256CBCPAD"; // @public -export interface EncryptOptions extends CryptographyOptions { +export interface EncryptOptions extends KeyOperationsOptions { } // @public @@ -184,6 +184,13 @@ export type KeyCurveName = "P-256" | "P-384" | "P-521" | "P-256K"; // @public export type KeyOperation = "encrypt" | "decrypt" | "sign" | "verify" | "wrapKey" | "unwrapKey" | "import"; +// @public +export interface KeyOperationsOptions extends CryptographyOptions { + additionalAuthenticatedData?: Uint8Array; + iv?: Uint8Array; + tag?: Uint8Array; +} + // @public export interface KeyPollerOptions extends coreHttp.OperationOptions { intervalInMs?: number; @@ -295,7 +302,7 @@ export interface SignResult { } // @public -export interface UnwrapKeyOptions extends CryptographyOptions { +export interface UnwrapKeyOptions extends KeyOperationsOptions { } // @public @@ -326,7 +333,7 @@ export interface VerifyResult { } // @public -export interface WrapKeyOptions extends CryptographyOptions { +export interface WrapKeyOptions extends KeyOperationsOptions { } // @public diff --git a/sdk/keyvault/keyvault-keys/src/cryptographyClient.ts b/sdk/keyvault/keyvault-keys/src/cryptographyClient.ts index e9af78404ac8..d856d3a41e04 100644 --- a/sdk/keyvault/keyvault-keys/src/cryptographyClient.ts +++ b/sdk/keyvault/keyvault-keys/src/cryptographyClient.ts @@ -32,7 +32,6 @@ import { GetKeyOptions, KeyVaultKey, LATEST_API_VERSION, - CryptographyOptions, CryptographyClientOptions, KeyOperation } from "./keysModels"; @@ -46,7 +45,13 @@ import { SignatureAlgorithm, SignResult, VerifyResult, - EncryptResult + EncryptResult, + EncryptOptions, + DecryptOptions, + WrapKeyOptions, + UnwrapKeyOptions, + SignOptions, + VerifyOptions } from "./cryptographyClientModels"; import { KeyBundle } from "./generated/models"; import { parseKeyVaultKeyId } from "./identifier"; @@ -55,7 +60,7 @@ import { parseKeyVaultKeyId } from "./identifier"; * Checks whether a key can be used at that specific moment, * by comparing the current date with the bundle's notBefore and expires values. */ -export function checkKeyValidity(keyId?: string, keyBundle?: KeyBundle) { +export function checkKeyValidity(keyId?: string, keyBundle?: KeyBundle): void { const attributes = keyBundle?.attributes || {}; const { notBefore, expires } = attributes; const now = new Date(); @@ -177,7 +182,7 @@ export class CryptographyClient { * ``` * @param {EncryptionAlgorithm} algorithm The algorithm to use. * @param {Uint8Array} ciphertext The text to decrypt. - * @param {EncryptOptions} [options] Additional options. + * @param {DecryptOptions} [options] Additional options. */ public async decrypt( @@ -221,7 +226,7 @@ export class CryptographyClient { * ``` * @param {KeyWrapAlgorithm} algorithm The encryption algorithm to use to wrap the given key. * @param {Uint8Array} key The key to wrap. - * @param {EncryptOptions} [options] Additional options. + * @param {WrapKeyOptions} [options] Additional options. */ public async wrapKey( algorithm: KeyWrapAlgorithm, @@ -276,7 +281,7 @@ export class CryptographyClient { * ``` * @param {KeyWrapAlgorithm} algorithm The decryption algorithm to use to unwrap the key. * @param {Uint8Array} encryptedKey The encrypted key to unwrap. - * @param {EncryptOptions} [options] Additional options. + * @param {UnwrapKeyOptions} [options] Additional options. */ public async unwrapKey( algorithm: KeyWrapAlgorithm, @@ -319,7 +324,7 @@ export class CryptographyClient { * ``` * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use. * @param {Uint8Array} digest The digest of the data to sign. - * @param {EncryptOptions} [options] Additional options. + * @param {SignOptions} [options] Additional options. */ public async sign( algorithm: SignatureAlgorithm, @@ -361,7 +366,7 @@ export class CryptographyClient { * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use to verify with. * @param {Uint8Array} digest The digest to verify. * @param {Uint8Array} signature The signature to verify the digest against. - * @param {EncryptOptions} [options] Additional options. + * @param {VerifyOptions} [options] Additional options. */ public async verify( algorithm: SignatureAlgorithm, @@ -404,7 +409,7 @@ export class CryptographyClient { * ``` * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use. * @param {Uint8Array} data The data to sign. - * @param {EncryptOptions} [options] Additional options. + * @param {SignOptions} [options] Additional options. */ public async signData( algorithm: SignatureAlgorithm, @@ -459,7 +464,7 @@ export class CryptographyClient { * @param {KeySignatureAlgorithm} algorithm The algorithm to use to verify with. * @param {Uint8Array} data The signed block of data to verify. * @param {Uint8Array} signature The signature to verify the block against. - * @param {EncryptOptions} [options] Additional options. + * @param {VerifyOptions} [options] Additional options. */ public async verifyData( algorithm: SignatureAlgorithm, @@ -737,33 +742,3 @@ export class CryptographyClient { } } } - -/** - * Options for {@link encrypt}. - */ -export interface EncryptOptions extends CryptographyOptions {} - -/** - * Options for {@link decrypt}. - */ -export interface DecryptOptions extends CryptographyOptions {} - -/** - * Options for {@link sign}. - */ -export interface SignOptions extends CryptographyOptions {} - -/** - * Options for {@link verify}. - */ -export interface VerifyOptions extends CryptographyOptions {} - -/** - * Options for {@link wrapKey}. - */ -export interface WrapKeyOptions extends CryptographyOptions {} - -/** - * Options for {@link unwrapKey}. - */ -export interface UnwrapKeyOptions extends CryptographyOptions {} diff --git a/sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts b/sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts index 239a89db9d5b..e5764a864657 100644 --- a/sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts +++ b/sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts @@ -1,6 +1,8 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT license. +import { CryptographyOptions } from "./keysModels"; + /** * Defines values for SignatureAlgorithm. * @readonly @@ -20,11 +22,26 @@ export type SignatureAlgorithm = /** * Defines values for EncryptionAlgorithm. - * Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5' + * Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5', 'A128GCM', 'A192GCM', 'A256GCM', 'A128KW', 'A192KW', 'A256KW', 'A128CBC', 'A192CBC', 'A256CBC', 'A128CBCPAD', 'A192CBCPAD', 'A256CBCPAD' * @readonly * @enum {string} */ -export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5"; +export type EncryptionAlgorithm = + | "RSA-OAEP" + | "RSA-OAEP-256" + | "RSA1_5" + | "A128GCM" + | "A192GCM" + | "A256GCM" + | "A128KW" + | "A192KW" + | "A256KW" + | "A128CBC" + | "A192CBC" + | "A256CBC" + | "A128CBCPAD" + | "A192CBCPAD" + | "A256CBCPAD"; /** * Defines values for KeyCurveName. @@ -137,3 +154,52 @@ export interface VerifyResult { */ keyID?: string; } + +/** + * Common optional properties for encrypt, decrypt, wrap and unwrap. + */ +export interface KeyOperationsOptions extends CryptographyOptions { + /** + * Initialization vector for symmetric algorithms. + */ + iv?: Uint8Array; + /** + * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto + * algorithms. + */ + additionalAuthenticatedData?: Uint8Array; + /** + * The tag to authenticate when performing decryption with an authenticated algorithm. + */ + tag?: Uint8Array; +} + +/** + * Options for {@link encrypt}. + */ +export interface EncryptOptions extends KeyOperationsOptions {} + +/** + * Options for {@link decrypt}. + */ +export interface DecryptOptions extends KeyOperationsOptions {} + +/** + * Options for {@link sign}. + */ +export interface SignOptions extends CryptographyOptions {} + +/** + * Options for {@link verify}. + */ +export interface VerifyOptions extends CryptographyOptions {} + +/** + * Options for {@link wrapKey}. + */ +export interface WrapKeyOptions extends KeyOperationsOptions {} + +/** + * Options for {@link unwrapKey}. + */ +export interface UnwrapKeyOptions extends KeyOperationsOptions {} diff --git a/sdk/keyvault/keyvault-keys/src/generated/keyVaultClient.ts b/sdk/keyvault/keyvault-keys/src/generated/keyVaultClient.ts index a4ed581c8888..2b49060d50a5 100644 --- a/sdk/keyvault/keyvault-keys/src/generated/keyVaultClient.ts +++ b/sdk/keyvault/keyvault-keys/src/generated/keyVaultClient.ts @@ -1204,9 +1204,9 @@ const encryptOperationSpec: coreHttp.OperationSpec = { "options", "iv" ], - aad: [ + additionalAuthenticatedData: [ "options", - "aad" + "additionalAuthenticatedData" ], tag: [ "options", @@ -1248,9 +1248,9 @@ const decryptOperationSpec: coreHttp.OperationSpec = { "options", "iv" ], - aad: [ + additionalAuthenticatedData: [ "options", - "aad" + "additionalAuthenticatedData" ], tag: [ "options", @@ -1357,9 +1357,9 @@ const wrapKeyOperationSpec: coreHttp.OperationSpec = { "options", "iv" ], - aad: [ + additionalAuthenticatedData: [ "options", - "aad" + "additionalAuthenticatedData" ], tag: [ "options", @@ -1401,9 +1401,9 @@ const unwrapKeyOperationSpec: coreHttp.OperationSpec = { "options", "iv" ], - aad: [ + additionalAuthenticatedData: [ "options", - "aad" + "additionalAuthenticatedData" ], tag: [ "options", diff --git a/sdk/keyvault/keyvault-keys/src/generated/models/index.ts b/sdk/keyvault/keyvault-keys/src/generated/models/index.ts index 9133dd6dae23..2db8c8603dd4 100644 --- a/sdk/keyvault/keyvault-keys/src/generated/models/index.ts +++ b/sdk/keyvault/keyvault-keys/src/generated/models/index.ts @@ -379,7 +379,7 @@ export interface KeyOperationsParameters { * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto * algorithms. */ - aad?: Uint8Array; + additionalAuthenticatedData?: Uint8Array; /** * The tag to authenticate when performing decryption with an authenticated algorithm. */ @@ -655,7 +655,7 @@ export interface KeyVaultClientEncryptOptionalParams extends coreHttp.RequestOpt * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto * algorithms. */ - aad?: Uint8Array; + additionalAuthenticatedData?: Uint8Array; /** * The tag to authenticate when performing decryption with an authenticated algorithm. */ @@ -674,7 +674,7 @@ export interface KeyVaultClientDecryptOptionalParams extends coreHttp.RequestOpt * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto * algorithms. */ - aad?: Uint8Array; + additionalAuthenticatedData?: Uint8Array; /** * The tag to authenticate when performing decryption with an authenticated algorithm. */ @@ -693,7 +693,7 @@ export interface KeyVaultClientWrapKeyOptionalParams extends coreHttp.RequestOpt * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto * algorithms. */ - aad?: Uint8Array; + additionalAuthenticatedData?: Uint8Array; /** * The tag to authenticate when performing decryption with an authenticated algorithm. */ @@ -712,7 +712,7 @@ export interface KeyVaultClientUnwrapKeyOptionalParams extends coreHttp.RequestO * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto * algorithms. */ - aad?: Uint8Array; + additionalAuthenticatedData?: Uint8Array; /** * The tag to authenticate when performing decryption with an authenticated algorithm. */ diff --git a/sdk/keyvault/keyvault-keys/src/generated/models/mappers.ts b/sdk/keyvault/keyvault-keys/src/generated/models/mappers.ts index 78e7aa15d7f5..d1d4cda647be 100644 --- a/sdk/keyvault/keyvault-keys/src/generated/models/mappers.ts +++ b/sdk/keyvault/keyvault-keys/src/generated/models/mappers.ts @@ -651,7 +651,7 @@ export const KeyOperationsParameters: coreHttp.CompositeMapper = { name: "Base64Url" } }, - aad: { + additionalAuthenticatedData: { serializedName: "aad", type: { name: "Base64Url" diff --git a/sdk/keyvault/keyvault-keys/src/index.ts b/sdk/keyvault/keyvault-keys/src/index.ts index 059ca8d16da4..c0f1402255d0 100644 --- a/sdk/keyvault/keyvault-keys/src/index.ts +++ b/sdk/keyvault/keyvault-keys/src/index.ts @@ -76,15 +76,7 @@ import { CryptographyClientOptions } from "./keysModels"; -import { - CryptographyClient, - DecryptOptions, - EncryptOptions, - SignOptions, - UnwrapKeyOptions, - VerifyOptions, - WrapKeyOptions -} from "./cryptographyClient"; +import { CryptographyClient } from "./cryptographyClient"; import { LocalCryptographyClient } from "./localCryptographyClient"; @@ -98,7 +90,14 @@ import { UnwrapResult, VerifyResult, WrapResult, - EncryptResult + KeyOperationsOptions, + EncryptResult, + DecryptOptions, + EncryptOptions, + SignOptions, + UnwrapKeyOptions, + VerifyOptions, + WrapKeyOptions } from "./cryptographyClientModels"; import { LocalSupportedAlgorithmName } from "./localCryptography/algorithms"; @@ -106,6 +105,7 @@ import { parseKeyVaultKeyId, KeyVaultKeyId } from "./identifier"; export { CryptographyClientOptions, + KeyOperationsOptions, KeyClientOptions, BackupKeyOptions, CreateEcKeyOptions, diff --git a/sdk/keyvault/keyvault-keys/swagger/README.md b/sdk/keyvault/keyvault-keys/swagger/README.md index 80e8a578f3ec..09029af8a134 100644 --- a/sdk/keyvault/keyvault-keys/swagger/README.md +++ b/sdk/keyvault/keyvault-keys/swagger/README.md @@ -15,3 +15,18 @@ input-file: https://raw.githubusercontent.com/Azure/azure-rest-api-specs/f9caf92 output-folder: ../ source-code-folder-path: ./src/generated ``` + +## Customizations for Track 2 Generator + +See the [AutoRest samples](https://github.com/Azure/autorest/tree/master/Samples/3b-custom-transformations) +for more about how we're customizing things. + +### Rename aad as KeyOperationsParameters + +```yaml +directive: + - from: swagger-document + where: $.definitions.KeyOperationsParameters.properties.aad + transform: > + $["x-ms-client-name"] = "additionalAuthenticatedData"; +```