[Key Vault Keys] Add new algorithms

sdk/keyvault/keyvault-keys/review/keyvault-keys.api.md

@@ -71,7 +71,7 @@ export interface CryptographyOptions extends coreHttp.OperationOptions {
 }
 
 // @public
-export interface DecryptOptions extends CryptographyOptions {
+export interface DecryptOptions extends KeyOperationsOptions {
 }
 
 // @public
@@ -99,10 +99,10 @@ export interface DeletedKey {
 export type DeletionRecoveryLevel = 'Purgeable' | 'Recoverable+Purgeable' | 'Recoverable' | 'Recoverable+ProtectedSubscription' | 'CustomizedRecoverable+Purgeable' | 'CustomizedRecoverable' | 'CustomizedRecoverable+ProtectedSubscription';
 
 // @public
-export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5";
+export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5" | "A128GCM" | "A192GCM" | "A256GCM" | "A128KW" | "A192KW" | "A256KW" | "A128CBC" | "A192CBC" | "A256CBC" | "A128CBCPAD" | "A192CBCPAD" | "A256CBCPAD";
 
 // @public
-export interface EncryptOptions extends CryptographyOptions {
+export interface EncryptOptions extends KeyOperationsOptions {
 }
 
 // @public
@@ -184,6 +184,13 @@ export type KeyCurveName = "P-256" | "P-384" | "P-521" | "P-256K";
 // @public
 export type KeyOperation = "encrypt" | "decrypt" | "sign" | "verify" | "wrapKey" | "unwrapKey" | "import";
 
+// @public
+export interface KeyOperationsOptions extends CryptographyOptions {
+    additionalAuthenticatedData?: Uint8Array;
+    iv?: Uint8Array;
+    tag?: Uint8Array;
+}
+
 // @public
 export interface KeyPollerOptions extends coreHttp.OperationOptions {
     intervalInMs?: number;
@@ -295,7 +302,7 @@ export interface SignResult {
 }
 
 // @public
-export interface UnwrapKeyOptions extends CryptographyOptions {
+export interface UnwrapKeyOptions extends KeyOperationsOptions {
 }
 
 // @public
@@ -326,7 +333,7 @@ export interface VerifyResult {
 }
 
 // @public
-export interface WrapKeyOptions extends CryptographyOptions {
+export interface WrapKeyOptions extends KeyOperationsOptions {
 }
 
 // @public

sdk/keyvault/keyvault-keys/src/cryptographyClient.ts

@@ -32,7 +32,6 @@ import {
   GetKeyOptions,
   KeyVaultKey,
   LATEST_API_VERSION,
-  CryptographyOptions,
   CryptographyClientOptions,
   KeyOperation
 } from "./keysModels";
@@ -46,7 +45,13 @@ import {
   SignatureAlgorithm,
   SignResult,
   VerifyResult,
-  EncryptResult
+  EncryptResult,
+  EncryptOptions,
+  DecryptOptions,
+  WrapKeyOptions,
+  UnwrapKeyOptions,
+  SignOptions,
+  VerifyOptions
 } from "./cryptographyClientModels";
 import { KeyBundle } from "./generated/models";
 import { parseKeyVaultKeyId } from "./identifier";
@@ -55,7 +60,7 @@ import { parseKeyVaultKeyId } from "./identifier";
  * Checks whether a key can be used at that specific moment,
  * by comparing the current date with the bundle's notBefore and expires values.
  */
-export function checkKeyValidity(keyId?: string, keyBundle?: KeyBundle) {
+export function checkKeyValidity(keyId?: string, keyBundle?: KeyBundle): void {
   const attributes = keyBundle?.attributes || {};
   const { notBefore, expires } = attributes;
   const now = new Date();
@@ -148,6 +153,10 @@ export class CryptographyClient {
       }
     }
 
+    // Renaming parameters
+
+    requestOptions.aad = options.additionalAuthenticatedData;
+
     // Default to the service
 
     let result;
@@ -177,7 +186,7 @@ export class CryptographyClient {
    * ```
    * @param {EncryptionAlgorithm} algorithm The algorithm to use.
    * @param {Uint8Array} ciphertext The text to decrypt.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {DecryptOptions} [options] Additional options.
    */
 
   public async decrypt(
@@ -192,6 +201,10 @@ export class CryptographyClient {
     await this.getLocalCryptographyClient();
     checkKeyValidity(this.getKeyID(), this.keyBundle);
 
+    // Renaming parameters
+
+    requestOptions.aad = options.additionalAuthenticatedData;
+
     // Default to the service
 
     let result;
@@ -221,7 +234,7 @@ export class CryptographyClient {
    * ```
    * @param {KeyWrapAlgorithm} algorithm The encryption algorithm to use to wrap the given key.
    * @param {Uint8Array} key The key to wrap.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {WrapKeyOptions} [options] Additional options.
    */
   public async wrapKey(
     algorithm: KeyWrapAlgorithm,
@@ -247,6 +260,10 @@ export class CryptographyClient {
       }
     }
 
+    // Renaming parameters
+
+    requestOptions.aad = options.additionalAuthenticatedData;
+
     // Default to the service
 
     let result;
@@ -276,7 +293,7 @@ export class CryptographyClient {
    * ```
    * @param {KeyWrapAlgorithm} algorithm The decryption algorithm to use to unwrap the key.
    * @param {Uint8Array} encryptedKey The encrypted key to unwrap.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {UnwrapKeyOptions} [options] Additional options.
    */
   public async unwrapKey(
     algorithm: KeyWrapAlgorithm,
@@ -290,6 +307,10 @@ export class CryptographyClient {
     await this.getLocalCryptographyClient();
     checkKeyValidity(this.getKeyID(), this.keyBundle);
 
+    // Renaming parameters
+
+    requestOptions.aad = options.additionalAuthenticatedData;
+
     // Default to the service
 
     let result;
@@ -319,7 +340,7 @@ export class CryptographyClient {
    * ```
    * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use.
    * @param {Uint8Array} digest The digest of the data to sign.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {SignOptions} [options] Additional options.
    */
   public async sign(
     algorithm: SignatureAlgorithm,
@@ -361,7 +382,7 @@ export class CryptographyClient {
    * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use to verify with.
    * @param {Uint8Array} digest The digest to verify.
    * @param {Uint8Array} signature The signature to verify the digest against.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {VerifyOptions} [options] Additional options.
    */
   public async verify(
     algorithm: SignatureAlgorithm,
@@ -404,7 +425,7 @@ export class CryptographyClient {
    * ```
    * @param {KeySignatureAlgorithm} algorithm The signing algorithm to use.
    * @param {Uint8Array} data The data to sign.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {SignOptions} [options] Additional options.
    */
   public async signData(
     algorithm: SignatureAlgorithm,
@@ -459,7 +480,7 @@ export class CryptographyClient {
    * @param {KeySignatureAlgorithm} algorithm The algorithm to use to verify with.
    * @param {Uint8Array} data The signed block of data to verify.
    * @param {Uint8Array} signature The signature to verify the block against.
-   * @param {EncryptOptions} [options] Additional options.
+   * @param {VerifyOptions} [options] Additional options.
    */
   public async verifyData(
     algorithm: SignatureAlgorithm,
@@ -737,33 +758,3 @@ export class CryptographyClient {
     }
   }
 }
-
-/**
- * Options for {@link encrypt}.
- */
-export interface EncryptOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link decrypt}.
- */
-export interface DecryptOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link sign}.
- */
-export interface SignOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link verify}.
- */
-export interface VerifyOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link wrapKey}.
- */
-export interface WrapKeyOptions extends CryptographyOptions {}
-
-/**
- * Options for {@link unwrapKey}.
- */
-export interface UnwrapKeyOptions extends CryptographyOptions {}

sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts

@@ -1,6 +1,8 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT license.
 
+import { CryptographyOptions } from "./keysModels";
+
 /**
  * Defines values for SignatureAlgorithm.
  * @readonly
@@ -20,11 +22,26 @@ export type SignatureAlgorithm =
 
 /**
  * Defines values for EncryptionAlgorithm.
- * Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5'
+ * Possible values include: 'RSA-OAEP', 'RSA-OAEP-256', 'RSA1_5', 'A128GCM', 'A192GCM', 'A256GCM', 'A128KW', 'A192KW', 'A256KW', 'A128CBC', 'A192CBC', 'A256CBC', 'A128CBCPAD', 'A192CBCPAD', 'A256CBCPAD'
  * @readonly
  * @enum {string}
  */
-export type EncryptionAlgorithm = "RSA-OAEP" | "RSA-OAEP-256" | "RSA1_5";
+export type EncryptionAlgorithm =
+  | "RSA-OAEP"
+  | "RSA-OAEP-256"
+  | "RSA1_5"
+  | "A128GCM"
+  | "A192GCM"
+  | "A256GCM"
+  | "A128KW"
+  | "A192KW"
+  | "A256KW"
+  | "A128CBC"
+  | "A192CBC"
+  | "A256CBC"
+  | "A128CBCPAD"
+  | "A192CBCPAD"
+  | "A256CBCPAD";
 
 /**
  * Defines values for KeyCurveName.
@@ -137,3 +154,52 @@ export interface VerifyResult {
    */
   keyID?: string;
 }
+
+/**
+ * Common optional properties for encrypt, decrypt, wrap and unwrap.
+ */
+export interface KeyOperationsOptions extends CryptographyOptions {
+  /**
+   * Initialization vector for symmetric algorithms.
+   */
+  iv?: Uint8Array;
+  /**
+   * Additional data to authenticate but not encrypt/decrypt when using authenticated crypto
+   * algorithms.
+   */
+  additionalAuthenticatedData?: Uint8Array;
+  /**
+   * The tag to authenticate when performing decryption with an authenticated algorithm.
+   */
+  tag?: Uint8Array;
+}
+
+/**
+ * Options for {@link encrypt}.
+ */
+export interface EncryptOptions extends KeyOperationsOptions {}
+
+/**
+ * Options for {@link decrypt}.
+ */
+export interface DecryptOptions extends KeyOperationsOptions {}
+
+/**
+ * Options for {@link sign}.
+ */
+export interface SignOptions extends CryptographyOptions {}
+
+/**
+ * Options for {@link verify}.
+ */
+export interface VerifyOptions extends CryptographyOptions {}
+
+/**
+ * Options for {@link wrapKey}.
+ */
+export interface WrapKeyOptions extends KeyOperationsOptions {}
+
+/**
+ * Options for {@link unwrapKey}.
+ */
+export interface UnwrapKeyOptions extends KeyOperationsOptions {}

sdk/keyvault/keyvault-keys/src/index.ts

@@ -76,15 +76,7 @@ import {
   CryptographyClientOptions
 } from "./keysModels";
 
-import {
-  CryptographyClient,
-  DecryptOptions,
-  EncryptOptions,
-  SignOptions,
-  UnwrapKeyOptions,
-  VerifyOptions,
-  WrapKeyOptions
-} from "./cryptographyClient";
+import { CryptographyClient } from "./cryptographyClient";
 
 import { LocalCryptographyClient } from "./localCryptographyClient";
 
@@ -98,14 +90,22 @@ import {
   UnwrapResult,
   VerifyResult,
   WrapResult,
-  EncryptResult
+  KeyOperationsOptions,
+  EncryptResult,
+  DecryptOptions,
+  EncryptOptions,
+  SignOptions,
+  UnwrapKeyOptions,
+  VerifyOptions,
+  WrapKeyOptions
 } from "./cryptographyClientModels";
 import { LocalSupportedAlgorithmName } from "./localCryptography/algorithms";
 
 import { parseKeyVaultKeyId, KeyVaultKeyId } from "./identifier";
 
 export {
   CryptographyClientOptions,
+  KeyOperationsOptions,
   KeyClientOptions,
   BackupKeyOptions,
   CreateEcKeyOptions,

sdk/keyvault/keyvault-keys/test/public/crypto.spec.ts

@@ -107,6 +107,7 @@ describe("CryptographyClient (all decrypts happen remotely)", () => {
     const hash = createHash("sha256");
     hash.update(signatureValue);
     const digest = hash.digest();
+    console.log({ digest });
     const signature = await cryptoClient.sign("RS256", digest);
     const verifyResult = await cryptoClient.verify("RS256", digest, signature.result);
     assert.ok(verifyResult);