feat(key_manager): add sign and verify methods

scaleway-async/scaleway_async/key_manager/v1alpha1/__init__.py

@@ -1,6 +1,8 @@
 # This file was automatically generated. DO NOT EDIT.
 # If you have any remark or suggestion do not hesitate to open an issue.
 from .types import DataKeyAlgorithmSymmetricEncryption
+from .types import KeyAlgorithmAsymmetricEncryption
+from .types import KeyAlgorithmAsymmetricSigning
 from .types import KeyAlgorithmSymmetricEncryption
 from .types import KeyOrigin
 from .types import KeyState
@@ -27,12 +29,18 @@
 from .types import ProtectKeyRequest
 from .types import PublicKey
 from .types import RotateKeyRequest
+from .types import SignRequest
+from .types import SignResponse
 from .types import UnprotectKeyRequest
 from .types import UpdateKeyRequest
+from .types import VerifyRequest
+from .types import VerifyResponse
 from .api import KeyManagerV1Alpha1API
 
 __all__ = [
     "DataKeyAlgorithmSymmetricEncryption",
+    "KeyAlgorithmAsymmetricEncryption",
+    "KeyAlgorithmAsymmetricSigning",
     "KeyAlgorithmSymmetricEncryption",
     "KeyOrigin",
     "KeyState",
@@ -59,7 +67,11 @@
     "ProtectKeyRequest",
     "PublicKey",
     "RotateKeyRequest",
+    "SignRequest",
+    "SignResponse",
     "UnprotectKeyRequest",
     "UpdateKeyRequest",
+    "VerifyRequest",
+    "VerifyResponse",
     "KeyManagerV1Alpha1API",
 ]

scaleway-async/scaleway_async/key_manager/v1alpha1/api.py

@@ -28,7 +28,11 @@
     KeyUsage,
     ListKeysResponse,
     PublicKey,
+    SignRequest,
+    SignResponse,
     UpdateKeyRequest,
+    VerifyRequest,
+    VerifyResponse,
 )
 from .marshalling import (
     unmarshal_Key,
@@ -37,12 +41,16 @@
     unmarshal_EncryptResponse,
     unmarshal_ListKeysResponse,
     unmarshal_PublicKey,
+    unmarshal_SignResponse,
+    unmarshal_VerifyResponse,
     marshal_CreateKeyRequest,
     marshal_DecryptRequest,
     marshal_EncryptRequest,
     marshal_GenerateDataKeyRequest,
     marshal_ImportKeyMaterialRequest,
+    marshal_SignRequest,
     marshal_UpdateKeyRequest,
+    marshal_VerifyRequest,
 )
 
 
@@ -602,10 +610,10 @@ async def encrypt(
         """
         Encrypt a payload.
         Encrypt a payload using an existing key, specified by the `key_id` parameter. Only keys with a usage set to `symmetric_encryption` are supported by this method. The maximum payload size that can be encrypted is 64 KB of plaintext.
-        :param key_id: ID of the key to encrypt.
+        :param key_id: The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`.
         :param plaintext: Data size must be between 1 and 65535 bytes.
         :param region: Region to target. If none is passed will use default region from the config.
-        :param associated_data: Additional data which will not be encrypted, but authenticated and appended to the encrypted payload.
+        :param associated_data: Additional data which will not be encrypted, but authenticated and appended to the encrypted payload. Only supported by keys with a usage set to `symmetric_encryption`.
         :return: :class:`EncryptResponse <EncryptResponse>`
 
         Usage:
@@ -650,10 +658,10 @@ async def decrypt(
         """
         Decrypt an encrypted payload.
         Decrypt an encrypted payload using an existing key, specified by the `key_id` parameter. The maximum payload size that can be decrypted is equivalent to the encrypted output of 64 KB of data (around 131 KB).
-        :param key_id: ID of the key to decrypt.
+        :param key_id: The key must have an usage set to `symmetric_encryption` or `asymmetric_encryption`.
         :param ciphertext: Data size must be between 1 and 131071 bytes.
         :param region: Region to target. If none is passed will use default region from the config.
-        :param associated_data: The additional data must match the value passed in the encryption request.
+        :param associated_data: The additional data must match the value passed in the encryption request. Only supported by keys with a usage set to `symmetric_encryption`.
         :return: :class:`DecryptResponse <DecryptResponse>`
 
         Usage:
@@ -687,6 +695,100 @@ async def decrypt(
         self._throw_on_error(res)
         return unmarshal_DecryptResponse(res.json())
 
+    async def sign(
+        self,
+        *,
+        key_id: str,
+        digest: str,
+        region: Optional[ScwRegion] = None,
+    ) -> SignResponse:
+        """
+        Sign a message digest.
+        Use a given key to sign a message digest. The key must have its usage set to `asymmetric_signing`. The digest must be created using the same digest algorithm that is defined in the key's algorithm configuration.
+        :param key_id: ID of the key to use for signing.
+        :param digest: The digest must be generated using the same algorithm defined in the key’s algorithm settings.
+        :param region: Region to target. If none is passed will use default region from the config.
+        :return: :class:`SignResponse <SignResponse>`
+
+        Usage:
+        ::
+
+            result = await api.sign(
+                key_id="example",
+                digest="example",
+            )
+        """
+
+        param_region = validate_path_param(
+            "region", region or self.client.default_region
+        )
+        param_key_id = validate_path_param("key_id", key_id)
+
+        res = self._request(
+            "POST",
+            f"/key-manager/v1alpha1/regions/{param_region}/keys/{param_key_id}/sign",
+            body=marshal_SignRequest(
+                SignRequest(
+                    key_id=key_id,
+                    digest=digest,
+                    region=region,
+                ),
+                self.client,
+            ),
+        )
+
+        self._throw_on_error(res)
+        return unmarshal_SignResponse(res.json())
+
+    async def verify(
+        self,
+        *,
+        key_id: str,
+        digest: str,
+        signature: str,
+        region: Optional[ScwRegion] = None,
+    ) -> VerifyResponse:
+        """
+        Verify a message signature.
+        Use a given key to verify a message signature against a message digest. The key must have its usage set to `asymmetric_signing`. The message digest must be generated using the same digest algorithm that is defined in the key's algorithm configuration.
+        :param key_id: ID of the key to use for signature verification.
+        :param digest: Must be generated using the same algorithm specified in the key’s configuration.
+        :param signature: The message signature to verify.
+        :param region: Region to target. If none is passed will use default region from the config.
+        :return: :class:`VerifyResponse <VerifyResponse>`
+
+        Usage:
+        ::
+
+            result = await api.verify(
+                key_id="example",
+                digest="example",
+                signature="example",
+            )
+        """
+
+        param_region = validate_path_param(
+            "region", region or self.client.default_region
+        )
+        param_key_id = validate_path_param("key_id", key_id)
+
+        res = self._request(
+            "POST",
+            f"/key-manager/v1alpha1/regions/{param_region}/keys/{param_key_id}/verify",
+            body=marshal_VerifyRequest(
+                VerifyRequest(
+                    key_id=key_id,
+                    digest=digest,
+                    signature=signature,
+                    region=region,
+                ),
+                self.client,
+            ),
+        )
+
+        self._throw_on_error(res)
+        return unmarshal_VerifyResponse(res.json())
+
     async def import_key_material(
         self,
         *,

scaleway-async/scaleway_async/key_manager/v1alpha1/marshalling.py

@@ -18,12 +18,16 @@
     EncryptResponse,
     ListKeysResponse,
     PublicKey,
+    SignResponse,
+    VerifyResponse,
     CreateKeyRequest,
     DecryptRequest,
     EncryptRequest,
     GenerateDataKeyRequest,
     ImportKeyMaterialRequest,
+    SignRequest,
     UpdateKeyRequest,
+    VerifyRequest,
 )
 
 
@@ -66,6 +70,18 @@ def unmarshal_KeyUsage(data: Any) -> KeyUsage:
     else:
         args["symmetric_encryption"] = None
 
+    field = data.get("asymmetric_encryption", None)
+    if field is not None:
+        args["asymmetric_encryption"] = field
+    else:
+        args["asymmetric_encryption"] = None
+
+    field = data.get("asymmetric_signing", None)
+    if field is not None:
+        args["asymmetric_signing"] = field
+    else:
+        args["asymmetric_signing"] = None
+
     return KeyUsage(**args)
 
 
@@ -269,6 +285,44 @@ def unmarshal_PublicKey(data: Any) -> PublicKey:
     return PublicKey(**args)
 
 
+def unmarshal_SignResponse(data: Any) -> SignResponse:
+    if not isinstance(data, dict):
+        raise TypeError(
+            "Unmarshalling the type 'SignResponse' failed as data isn't a dictionary."
+        )
+
+    args: Dict[str, Any] = {}
+
+    field = data.get("key_id", None)
+    if field is not None:
+        args["key_id"] = field
+
+    field = data.get("signature", None)
+    if field is not None:
+        args["signature"] = field
+
+    return SignResponse(**args)
+
+
+def unmarshal_VerifyResponse(data: Any) -> VerifyResponse:
+    if not isinstance(data, dict):
+        raise TypeError(
+            "Unmarshalling the type 'VerifyResponse' failed as data isn't a dictionary."
+        )
+
+    args: Dict[str, Any] = {}
+
+    field = data.get("key_id", None)
+    if field is not None:
+        args["key_id"] = field
+
+    field = data.get("valid", None)
+    if field is not None:
+        args["valid"] = field
+
+    return VerifyResponse(**args)
+
+
 def marshal_KeyRotationPolicy(
     request: KeyRotationPolicy,
     defaults: ProfileDefaults,
@@ -293,6 +347,10 @@ def marshal_KeyUsage(
         resolve_one_of(
             [
                 OneOfPossibility("symmetric_encryption", request.symmetric_encryption),
+                OneOfPossibility(
+                    "asymmetric_encryption", request.asymmetric_encryption
+                ),
+                OneOfPossibility("asymmetric_signing", request.asymmetric_signing),
             ]
         ),
     )
@@ -395,6 +453,18 @@ def marshal_ImportKeyMaterialRequest(
     return output
 
 
+def marshal_SignRequest(
+    request: SignRequest,
+    defaults: ProfileDefaults,
+) -> Dict[str, Any]:
+    output: Dict[str, Any] = {}
+
+    if request.digest is not None:
+        output["digest"] = request.digest
+
+    return output
+
+
 def marshal_UpdateKeyRequest(
     request: UpdateKeyRequest,
     defaults: ProfileDefaults,
@@ -416,3 +486,18 @@ def marshal_UpdateKeyRequest(
         )
 
     return output
+
+
+def marshal_VerifyRequest(
+    request: VerifyRequest,
+    defaults: ProfileDefaults,
+) -> Dict[str, Any]:
+    output: Dict[str, Any] = {}
+
+    if request.digest is not None:
+        output["digest"] = request.digest
+
+    if request.signature is not None:
+        output["signature"] = request.signature
+
+    return output