diff --git a/scaleway-async/scaleway_async/key_manager/v1alpha1/__init__.py b/scaleway-async/scaleway_async/key_manager/v1alpha1/__init__.py index 16d533331..14eff78cd 100644 --- a/scaleway-async/scaleway_async/key_manager/v1alpha1/__init__.py +++ b/scaleway-async/scaleway_async/key_manager/v1alpha1/__init__.py @@ -1,6 +1,8 @@ # This file was automatically generated. DO NOT EDIT. # If you have any remark or suggestion do not hesitate to open an issue. from .types import DataKeyAlgorithmSymmetricEncryption +from .types import KeyAlgorithmAsymmetricEncryption +from .types import KeyAlgorithmAsymmetricSigning from .types import KeyAlgorithmSymmetricEncryption from .types import KeyOrigin from .types import KeyState @@ -27,12 +29,18 @@ from .types import ProtectKeyRequest from .types import PublicKey from .types import RotateKeyRequest +from .types import SignRequest +from .types import SignResponse from .types import UnprotectKeyRequest from .types import UpdateKeyRequest +from .types import VerifyRequest +from .types import VerifyResponse from .api import KeyManagerV1Alpha1API __all__ = [ "DataKeyAlgorithmSymmetricEncryption", + "KeyAlgorithmAsymmetricEncryption", + "KeyAlgorithmAsymmetricSigning", "KeyAlgorithmSymmetricEncryption", "KeyOrigin", "KeyState", @@ -59,7 +67,11 @@ "ProtectKeyRequest", "PublicKey", "RotateKeyRequest", + "SignRequest", + "SignResponse", "UnprotectKeyRequest", "UpdateKeyRequest", + "VerifyRequest", + "VerifyResponse", "KeyManagerV1Alpha1API", ] diff --git a/scaleway-async/scaleway_async/key_manager/v1alpha1/api.py b/scaleway-async/scaleway_async/key_manager/v1alpha1/api.py index b14dbaa6e..fbb4a78d5 100644 --- a/scaleway-async/scaleway_async/key_manager/v1alpha1/api.py +++ b/scaleway-async/scaleway_async/key_manager/v1alpha1/api.py @@ -28,7 +28,11 @@ KeyUsage, ListKeysResponse, PublicKey, + SignRequest, + SignResponse, UpdateKeyRequest, + VerifyRequest, + VerifyResponse, ) from .marshalling import ( unmarshal_Key, @@ -37,12 +41,16 @@ unmarshal_EncryptResponse, unmarshal_ListKeysResponse, unmarshal_PublicKey, + unmarshal_SignResponse, + unmarshal_VerifyResponse, marshal_CreateKeyRequest, marshal_DecryptRequest, marshal_EncryptRequest, marshal_GenerateDataKeyRequest, marshal_ImportKeyMaterialRequest, + marshal_SignRequest, marshal_UpdateKeyRequest, + marshal_VerifyRequest, ) @@ -602,10 +610,10 @@ async def encrypt( """ Encrypt a payload. Encrypt a payload using an existing key, specified by the `key_id` parameter. Only keys with a usage set to `symmetric_encryption` are supported by this method. The maximum payload size that can be encrypted is 64 KB of plaintext. - :param key_id: ID of the key to encrypt. + :param key_id: The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. :param plaintext: Data size must be between 1 and 65535 bytes. :param region: Region to target. If none is passed will use default region from the config. - :param associated_data: Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. + :param associated_data: Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. Only supported by keys with a usage set to `symmetric_encryption`. :return: :class:`EncryptResponse ` Usage: @@ -650,10 +658,10 @@ async def decrypt( """ Decrypt an encrypted payload. Decrypt an encrypted payload using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is equivalent to the encrypted output of 64 KB of data (around 131 KB). - :param key_id: ID of the key to decrypt. + :param key_id: The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. :param ciphertext: Data size must be between 1 and 131071 bytes. :param region: Region to target. If none is passed will use default region from the config. - :param associated_data: The additional data must match the value passed in the encryption request. + :param associated_data: The additional data must match the value passed in the encryption request. Only supported by keys with a usage set to `symmetric_encryption`. :return: :class:`DecryptResponse ` Usage: @@ -687,6 +695,100 @@ async def decrypt( self._throw_on_error(res) return unmarshal_DecryptResponse(res.json()) + async def sign( + self, + *, + key_id: str, + digest: str, + region: Optional[ScwRegion] = None, + ) -> SignResponse: + """ + Sign a message digest. + Use a given key to sign a message digest. The key must have its usage set to `asymmetric_signing`. The digest must be created using the same digest algorithm that is defined in the key's algorithm configuration. + :param key_id: ID of the key to use for signing. + :param digest: The digest must be generated using the same algorithm defined in the key’s algorithm settings. + :param region: Region to target. If none is passed will use default region from the config. + :return: :class:`SignResponse ` + + Usage: + :: + + result = await api.sign( + key_id="example", + digest="example", + ) + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_key_id = validate_path_param("key_id", key_id) + + res = self._request( + "POST", + f"/key-manager/v1alpha1/regions/{param_region}/keys/{param_key_id}/sign", + body=marshal_SignRequest( + SignRequest( + key_id=key_id, + digest=digest, + region=region, + ), + self.client, + ), + ) + + self._throw_on_error(res) + return unmarshal_SignResponse(res.json()) + + async def verify( + self, + *, + key_id: str, + digest: str, + signature: str, + region: Optional[ScwRegion] = None, + ) -> VerifyResponse: + """ + Verify a message signature. + Use a given key to verify a message signature against a message digest. The key must have its usage set to `asymmetric_signing`. The message digest must be generated using the same digest algorithm that is defined in the key's algorithm configuration. + :param key_id: ID of the key to use for signature verification. + :param digest: Must be generated using the same algorithm specified in the key’s configuration. + :param signature: The message signature to verify. + :param region: Region to target. If none is passed will use default region from the config. + :return: :class:`VerifyResponse ` + + Usage: + :: + + result = await api.verify( + key_id="example", + digest="example", + signature="example", + ) + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_key_id = validate_path_param("key_id", key_id) + + res = self._request( + "POST", + f"/key-manager/v1alpha1/regions/{param_region}/keys/{param_key_id}/verify", + body=marshal_VerifyRequest( + VerifyRequest( + key_id=key_id, + digest=digest, + signature=signature, + region=region, + ), + self.client, + ), + ) + + self._throw_on_error(res) + return unmarshal_VerifyResponse(res.json()) + async def import_key_material( self, *, diff --git a/scaleway-async/scaleway_async/key_manager/v1alpha1/marshalling.py b/scaleway-async/scaleway_async/key_manager/v1alpha1/marshalling.py index da3f350de..2f1cab952 100644 --- a/scaleway-async/scaleway_async/key_manager/v1alpha1/marshalling.py +++ b/scaleway-async/scaleway_async/key_manager/v1alpha1/marshalling.py @@ -18,12 +18,16 @@ EncryptResponse, ListKeysResponse, PublicKey, + SignResponse, + VerifyResponse, CreateKeyRequest, DecryptRequest, EncryptRequest, GenerateDataKeyRequest, ImportKeyMaterialRequest, + SignRequest, UpdateKeyRequest, + VerifyRequest, ) @@ -66,6 +70,18 @@ def unmarshal_KeyUsage(data: Any) -> KeyUsage: else: args["symmetric_encryption"] = None + field = data.get("asymmetric_encryption", None) + if field is not None: + args["asymmetric_encryption"] = field + else: + args["asymmetric_encryption"] = None + + field = data.get("asymmetric_signing", None) + if field is not None: + args["asymmetric_signing"] = field + else: + args["asymmetric_signing"] = None + return KeyUsage(**args) @@ -269,6 +285,44 @@ def unmarshal_PublicKey(data: Any) -> PublicKey: return PublicKey(**args) +def unmarshal_SignResponse(data: Any) -> SignResponse: + if not isinstance(data, dict): + raise TypeError( + "Unmarshalling the type 'SignResponse' failed as data isn't a dictionary." + ) + + args: Dict[str, Any] = {} + + field = data.get("key_id", None) + if field is not None: + args["key_id"] = field + + field = data.get("signature", None) + if field is not None: + args["signature"] = field + + return SignResponse(**args) + + +def unmarshal_VerifyResponse(data: Any) -> VerifyResponse: + if not isinstance(data, dict): + raise TypeError( + "Unmarshalling the type 'VerifyResponse' failed as data isn't a dictionary." + ) + + args: Dict[str, Any] = {} + + field = data.get("key_id", None) + if field is not None: + args["key_id"] = field + + field = data.get("valid", None) + if field is not None: + args["valid"] = field + + return VerifyResponse(**args) + + def marshal_KeyRotationPolicy( request: KeyRotationPolicy, defaults: ProfileDefaults, @@ -293,6 +347,10 @@ def marshal_KeyUsage( resolve_one_of( [ OneOfPossibility("symmetric_encryption", request.symmetric_encryption), + OneOfPossibility( + "asymmetric_encryption", request.asymmetric_encryption + ), + OneOfPossibility("asymmetric_signing", request.asymmetric_signing), ] ), ) @@ -395,6 +453,18 @@ def marshal_ImportKeyMaterialRequest( return output +def marshal_SignRequest( + request: SignRequest, + defaults: ProfileDefaults, +) -> Dict[str, Any]: + output: Dict[str, Any] = {} + + if request.digest is not None: + output["digest"] = request.digest + + return output + + def marshal_UpdateKeyRequest( request: UpdateKeyRequest, defaults: ProfileDefaults, @@ -416,3 +486,18 @@ def marshal_UpdateKeyRequest( ) return output + + +def marshal_VerifyRequest( + request: VerifyRequest, + defaults: ProfileDefaults, +) -> Dict[str, Any]: + output: Dict[str, Any] = {} + + if request.digest is not None: + output["digest"] = request.digest + + if request.signature is not None: + output["signature"] = request.signature + + return output diff --git a/scaleway-async/scaleway_async/key_manager/v1alpha1/types.py b/scaleway-async/scaleway_async/key_manager/v1alpha1/types.py index 99c8bab9b..7e46ac2ac 100644 --- a/scaleway-async/scaleway_async/key_manager/v1alpha1/types.py +++ b/scaleway-async/scaleway_async/key_manager/v1alpha1/types.py @@ -23,6 +23,31 @@ def __str__(self) -> str: return str(self.value) +class KeyAlgorithmAsymmetricEncryption(str, Enum, metaclass=StrEnumMeta): + UNKNOWN_ASYMMETRIC_ENCRYPTION = "unknown_asymmetric_encryption" + RSA_OAEP_2048_SHA256 = "rsa_oaep_2048_sha256" + RSA_OAEP_3072_SHA256 = "rsa_oaep_3072_sha256" + RSA_OAEP_4096_SHA256 = "rsa_oaep_4096_sha256" + + def __str__(self) -> str: + return str(self.value) + + +class KeyAlgorithmAsymmetricSigning(str, Enum, metaclass=StrEnumMeta): + UNKNOWN_ASYMMETRIC_SIGNING = "unknown_asymmetric_signing" + EC_P256_SHA256 = "ec_p256_sha256" + EC_P384_SHA384 = "ec_p384_sha384" + RSA_PSS_2048_SHA256 = "rsa_pss_2048_sha256" + RSA_PSS_3072_SHA256 = "rsa_pss_3072_sha256" + RSA_PSS_4096_SHA256 = "rsa_pss_4096_sha256" + RSA_PKCS1_2048_SHA256 = "rsa_pkcs1_2048_sha256" + RSA_PKCS1_3072_SHA256 = "rsa_pkcs1_3072_sha256" + RSA_PKCS1_4096_SHA256 = "rsa_pkcs1_4096_sha256" + + def __str__(self) -> str: + return str(self.value) + + class KeyAlgorithmSymmetricEncryption(str, Enum, metaclass=StrEnumMeta): UNKNOWN_SYMMETRIC_ENCRYPTION = "unknown_symmetric_encryption" AES_256_GCM = "aes_256_gcm" @@ -79,6 +104,10 @@ class KeyRotationPolicy: class KeyUsage: symmetric_encryption: Optional[KeyAlgorithmSymmetricEncryption] + asymmetric_encryption: Optional[KeyAlgorithmAsymmetricEncryption] + + asymmetric_signing: Optional[KeyAlgorithmAsymmetricSigning] + @dataclass class Key: @@ -243,7 +272,7 @@ class DataKey: class DecryptRequest: key_id: str """ - ID of the key to decrypt. + The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. """ ciphertext: str @@ -258,7 +287,7 @@ class DecryptRequest: associated_data: Optional[str] """ - The additional data must match the value passed in the encryption request. + The additional data must match the value passed in the encryption request. Only supported by keys with a usage set to `symmetric_encryption`. """ @@ -336,7 +365,7 @@ class EnableKeyRequest: class EncryptRequest: key_id: str """ - ID of the key to encrypt. + The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. """ plaintext: str @@ -351,7 +380,7 @@ class EncryptRequest: associated_data: Optional[str] """ - Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. + Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. Only supported by keys with a usage set to `symmetric_encryption`. """ @@ -519,6 +548,37 @@ class RotateKeyRequest: """ +@dataclass +class SignRequest: + key_id: str + """ + ID of the key to use for signing. + """ + + digest: str + """ + The digest must be generated using the same algorithm defined in the key’s algorithm settings. + """ + + region: Optional[ScwRegion] + """ + Region to target. If none is passed will use default region from the config. + """ + + +@dataclass +class SignResponse: + key_id: str + """ + ID of the key used to generate the signature. + """ + + signature: str + """ + The message signature. + """ + + @dataclass class UnprotectKeyRequest: key_id: str @@ -563,3 +623,39 @@ class UpdateKeyRequest: """ If not specified, the key's existing rotation policy applies. """ + + +@dataclass +class VerifyRequest: + key_id: str + """ + ID of the key to use for signature verification. + """ + + digest: str + """ + Must be generated using the same algorithm specified in the key’s configuration. + """ + + signature: str + """ + The message signature to verify. + """ + + region: Optional[ScwRegion] + """ + Region to target. If none is passed will use default region from the config. + """ + + +@dataclass +class VerifyResponse: + key_id: str + """ + ID of the key used for verification. + """ + + valid: bool + """ + Returns `true` if the signature is valid for the digest and key, `false` otherwise. + """ diff --git a/scaleway/scaleway/key_manager/v1alpha1/__init__.py b/scaleway/scaleway/key_manager/v1alpha1/__init__.py index 16d533331..14eff78cd 100644 --- a/scaleway/scaleway/key_manager/v1alpha1/__init__.py +++ b/scaleway/scaleway/key_manager/v1alpha1/__init__.py @@ -1,6 +1,8 @@ # This file was automatically generated. DO NOT EDIT. # If you have any remark or suggestion do not hesitate to open an issue. from .types import DataKeyAlgorithmSymmetricEncryption +from .types import KeyAlgorithmAsymmetricEncryption +from .types import KeyAlgorithmAsymmetricSigning from .types import KeyAlgorithmSymmetricEncryption from .types import KeyOrigin from .types import KeyState @@ -27,12 +29,18 @@ from .types import ProtectKeyRequest from .types import PublicKey from .types import RotateKeyRequest +from .types import SignRequest +from .types import SignResponse from .types import UnprotectKeyRequest from .types import UpdateKeyRequest +from .types import VerifyRequest +from .types import VerifyResponse from .api import KeyManagerV1Alpha1API __all__ = [ "DataKeyAlgorithmSymmetricEncryption", + "KeyAlgorithmAsymmetricEncryption", + "KeyAlgorithmAsymmetricSigning", "KeyAlgorithmSymmetricEncryption", "KeyOrigin", "KeyState", @@ -59,7 +67,11 @@ "ProtectKeyRequest", "PublicKey", "RotateKeyRequest", + "SignRequest", + "SignResponse", "UnprotectKeyRequest", "UpdateKeyRequest", + "VerifyRequest", + "VerifyResponse", "KeyManagerV1Alpha1API", ] diff --git a/scaleway/scaleway/key_manager/v1alpha1/api.py b/scaleway/scaleway/key_manager/v1alpha1/api.py index 13c8b7a90..95ff28444 100644 --- a/scaleway/scaleway/key_manager/v1alpha1/api.py +++ b/scaleway/scaleway/key_manager/v1alpha1/api.py @@ -28,7 +28,11 @@ KeyUsage, ListKeysResponse, PublicKey, + SignRequest, + SignResponse, UpdateKeyRequest, + VerifyRequest, + VerifyResponse, ) from .marshalling import ( unmarshal_Key, @@ -37,12 +41,16 @@ unmarshal_EncryptResponse, unmarshal_ListKeysResponse, unmarshal_PublicKey, + unmarshal_SignResponse, + unmarshal_VerifyResponse, marshal_CreateKeyRequest, marshal_DecryptRequest, marshal_EncryptRequest, marshal_GenerateDataKeyRequest, marshal_ImportKeyMaterialRequest, + marshal_SignRequest, marshal_UpdateKeyRequest, + marshal_VerifyRequest, ) @@ -602,10 +610,10 @@ def encrypt( """ Encrypt a payload. Encrypt a payload using an existing key, specified by the `key_id` parameter. Only keys with a usage set to `symmetric_encryption` are supported by this method. The maximum payload size that can be encrypted is 64 KB of plaintext. - :param key_id: ID of the key to encrypt. + :param key_id: The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. :param plaintext: Data size must be between 1 and 65535 bytes. :param region: Region to target. If none is passed will use default region from the config. - :param associated_data: Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. + :param associated_data: Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. Only supported by keys with a usage set to `symmetric_encryption`. :return: :class:`EncryptResponse ` Usage: @@ -650,10 +658,10 @@ def decrypt( """ Decrypt an encrypted payload. Decrypt an encrypted payload using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is equivalent to the encrypted output of 64 KB of data (around 131 KB). - :param key_id: ID of the key to decrypt. + :param key_id: The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. :param ciphertext: Data size must be between 1 and 131071 bytes. :param region: Region to target. If none is passed will use default region from the config. - :param associated_data: The additional data must match the value passed in the encryption request. + :param associated_data: The additional data must match the value passed in the encryption request. Only supported by keys with a usage set to `symmetric_encryption`. :return: :class:`DecryptResponse ` Usage: @@ -687,6 +695,100 @@ def decrypt( self._throw_on_error(res) return unmarshal_DecryptResponse(res.json()) + def sign( + self, + *, + key_id: str, + digest: str, + region: Optional[ScwRegion] = None, + ) -> SignResponse: + """ + Sign a message digest. + Use a given key to sign a message digest. The key must have its usage set to `asymmetric_signing`. The digest must be created using the same digest algorithm that is defined in the key's algorithm configuration. + :param key_id: ID of the key to use for signing. + :param digest: The digest must be generated using the same algorithm defined in the key’s algorithm settings. + :param region: Region to target. If none is passed will use default region from the config. + :return: :class:`SignResponse ` + + Usage: + :: + + result = api.sign( + key_id="example", + digest="example", + ) + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_key_id = validate_path_param("key_id", key_id) + + res = self._request( + "POST", + f"/key-manager/v1alpha1/regions/{param_region}/keys/{param_key_id}/sign", + body=marshal_SignRequest( + SignRequest( + key_id=key_id, + digest=digest, + region=region, + ), + self.client, + ), + ) + + self._throw_on_error(res) + return unmarshal_SignResponse(res.json()) + + def verify( + self, + *, + key_id: str, + digest: str, + signature: str, + region: Optional[ScwRegion] = None, + ) -> VerifyResponse: + """ + Verify a message signature. + Use a given key to verify a message signature against a message digest. The key must have its usage set to `asymmetric_signing`. The message digest must be generated using the same digest algorithm that is defined in the key's algorithm configuration. + :param key_id: ID of the key to use for signature verification. + :param digest: Must be generated using the same algorithm specified in the key’s configuration. + :param signature: The message signature to verify. + :param region: Region to target. If none is passed will use default region from the config. + :return: :class:`VerifyResponse ` + + Usage: + :: + + result = api.verify( + key_id="example", + digest="example", + signature="example", + ) + """ + + param_region = validate_path_param( + "region", region or self.client.default_region + ) + param_key_id = validate_path_param("key_id", key_id) + + res = self._request( + "POST", + f"/key-manager/v1alpha1/regions/{param_region}/keys/{param_key_id}/verify", + body=marshal_VerifyRequest( + VerifyRequest( + key_id=key_id, + digest=digest, + signature=signature, + region=region, + ), + self.client, + ), + ) + + self._throw_on_error(res) + return unmarshal_VerifyResponse(res.json()) + def import_key_material( self, *, diff --git a/scaleway/scaleway/key_manager/v1alpha1/marshalling.py b/scaleway/scaleway/key_manager/v1alpha1/marshalling.py index da3f350de..2f1cab952 100644 --- a/scaleway/scaleway/key_manager/v1alpha1/marshalling.py +++ b/scaleway/scaleway/key_manager/v1alpha1/marshalling.py @@ -18,12 +18,16 @@ EncryptResponse, ListKeysResponse, PublicKey, + SignResponse, + VerifyResponse, CreateKeyRequest, DecryptRequest, EncryptRequest, GenerateDataKeyRequest, ImportKeyMaterialRequest, + SignRequest, UpdateKeyRequest, + VerifyRequest, ) @@ -66,6 +70,18 @@ def unmarshal_KeyUsage(data: Any) -> KeyUsage: else: args["symmetric_encryption"] = None + field = data.get("asymmetric_encryption", None) + if field is not None: + args["asymmetric_encryption"] = field + else: + args["asymmetric_encryption"] = None + + field = data.get("asymmetric_signing", None) + if field is not None: + args["asymmetric_signing"] = field + else: + args["asymmetric_signing"] = None + return KeyUsage(**args) @@ -269,6 +285,44 @@ def unmarshal_PublicKey(data: Any) -> PublicKey: return PublicKey(**args) +def unmarshal_SignResponse(data: Any) -> SignResponse: + if not isinstance(data, dict): + raise TypeError( + "Unmarshalling the type 'SignResponse' failed as data isn't a dictionary." + ) + + args: Dict[str, Any] = {} + + field = data.get("key_id", None) + if field is not None: + args["key_id"] = field + + field = data.get("signature", None) + if field is not None: + args["signature"] = field + + return SignResponse(**args) + + +def unmarshal_VerifyResponse(data: Any) -> VerifyResponse: + if not isinstance(data, dict): + raise TypeError( + "Unmarshalling the type 'VerifyResponse' failed as data isn't a dictionary." + ) + + args: Dict[str, Any] = {} + + field = data.get("key_id", None) + if field is not None: + args["key_id"] = field + + field = data.get("valid", None) + if field is not None: + args["valid"] = field + + return VerifyResponse(**args) + + def marshal_KeyRotationPolicy( request: KeyRotationPolicy, defaults: ProfileDefaults, @@ -293,6 +347,10 @@ def marshal_KeyUsage( resolve_one_of( [ OneOfPossibility("symmetric_encryption", request.symmetric_encryption), + OneOfPossibility( + "asymmetric_encryption", request.asymmetric_encryption + ), + OneOfPossibility("asymmetric_signing", request.asymmetric_signing), ] ), ) @@ -395,6 +453,18 @@ def marshal_ImportKeyMaterialRequest( return output +def marshal_SignRequest( + request: SignRequest, + defaults: ProfileDefaults, +) -> Dict[str, Any]: + output: Dict[str, Any] = {} + + if request.digest is not None: + output["digest"] = request.digest + + return output + + def marshal_UpdateKeyRequest( request: UpdateKeyRequest, defaults: ProfileDefaults, @@ -416,3 +486,18 @@ def marshal_UpdateKeyRequest( ) return output + + +def marshal_VerifyRequest( + request: VerifyRequest, + defaults: ProfileDefaults, +) -> Dict[str, Any]: + output: Dict[str, Any] = {} + + if request.digest is not None: + output["digest"] = request.digest + + if request.signature is not None: + output["signature"] = request.signature + + return output diff --git a/scaleway/scaleway/key_manager/v1alpha1/types.py b/scaleway/scaleway/key_manager/v1alpha1/types.py index 99c8bab9b..7e46ac2ac 100644 --- a/scaleway/scaleway/key_manager/v1alpha1/types.py +++ b/scaleway/scaleway/key_manager/v1alpha1/types.py @@ -23,6 +23,31 @@ def __str__(self) -> str: return str(self.value) +class KeyAlgorithmAsymmetricEncryption(str, Enum, metaclass=StrEnumMeta): + UNKNOWN_ASYMMETRIC_ENCRYPTION = "unknown_asymmetric_encryption" + RSA_OAEP_2048_SHA256 = "rsa_oaep_2048_sha256" + RSA_OAEP_3072_SHA256 = "rsa_oaep_3072_sha256" + RSA_OAEP_4096_SHA256 = "rsa_oaep_4096_sha256" + + def __str__(self) -> str: + return str(self.value) + + +class KeyAlgorithmAsymmetricSigning(str, Enum, metaclass=StrEnumMeta): + UNKNOWN_ASYMMETRIC_SIGNING = "unknown_asymmetric_signing" + EC_P256_SHA256 = "ec_p256_sha256" + EC_P384_SHA384 = "ec_p384_sha384" + RSA_PSS_2048_SHA256 = "rsa_pss_2048_sha256" + RSA_PSS_3072_SHA256 = "rsa_pss_3072_sha256" + RSA_PSS_4096_SHA256 = "rsa_pss_4096_sha256" + RSA_PKCS1_2048_SHA256 = "rsa_pkcs1_2048_sha256" + RSA_PKCS1_3072_SHA256 = "rsa_pkcs1_3072_sha256" + RSA_PKCS1_4096_SHA256 = "rsa_pkcs1_4096_sha256" + + def __str__(self) -> str: + return str(self.value) + + class KeyAlgorithmSymmetricEncryption(str, Enum, metaclass=StrEnumMeta): UNKNOWN_SYMMETRIC_ENCRYPTION = "unknown_symmetric_encryption" AES_256_GCM = "aes_256_gcm" @@ -79,6 +104,10 @@ class KeyRotationPolicy: class KeyUsage: symmetric_encryption: Optional[KeyAlgorithmSymmetricEncryption] + asymmetric_encryption: Optional[KeyAlgorithmAsymmetricEncryption] + + asymmetric_signing: Optional[KeyAlgorithmAsymmetricSigning] + @dataclass class Key: @@ -243,7 +272,7 @@ class DataKey: class DecryptRequest: key_id: str """ - ID of the key to decrypt. + The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. """ ciphertext: str @@ -258,7 +287,7 @@ class DecryptRequest: associated_data: Optional[str] """ - The additional data must match the value passed in the encryption request. + The additional data must match the value passed in the encryption request. Only supported by keys with a usage set to `symmetric_encryption`. """ @@ -336,7 +365,7 @@ class EnableKeyRequest: class EncryptRequest: key_id: str """ - ID of the key to encrypt. + The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`. """ plaintext: str @@ -351,7 +380,7 @@ class EncryptRequest: associated_data: Optional[str] """ - Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. + Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. Only supported by keys with a usage set to `symmetric_encryption`. """ @@ -519,6 +548,37 @@ class RotateKeyRequest: """ +@dataclass +class SignRequest: + key_id: str + """ + ID of the key to use for signing. + """ + + digest: str + """ + The digest must be generated using the same algorithm defined in the key’s algorithm settings. + """ + + region: Optional[ScwRegion] + """ + Region to target. If none is passed will use default region from the config. + """ + + +@dataclass +class SignResponse: + key_id: str + """ + ID of the key used to generate the signature. + """ + + signature: str + """ + The message signature. + """ + + @dataclass class UnprotectKeyRequest: key_id: str @@ -563,3 +623,39 @@ class UpdateKeyRequest: """ If not specified, the key's existing rotation policy applies. """ + + +@dataclass +class VerifyRequest: + key_id: str + """ + ID of the key to use for signature verification. + """ + + digest: str + """ + Must be generated using the same algorithm specified in the key’s configuration. + """ + + signature: str + """ + The message signature to verify. + """ + + region: Optional[ScwRegion] + """ + Region to target. If none is passed will use default region from the config. + """ + + +@dataclass +class VerifyResponse: + key_id: str + """ + ID of the key used for verification. + """ + + valid: bool + """ + Returns `true` if the signature is valid for the digest and key, `false` otherwise. + """