Skip to content

Commit

Permalink
feat(MPL): Add Raw ECDH and AWS KMS ECDH Keyrings (#419)
Browse files Browse the repository at this point in the history
Co-authored-by: Andrew Jewell <[email protected]>
Co-authored-by: Lucas McDonald <[email protected]>
Co-authored-by: seebees <[email protected]>
  • Loading branch information
4 people authored Jun 17, 2024
1 parent c5b961b commit 0946a7e
Show file tree
Hide file tree
Showing 165 changed files with 25,249 additions and 659 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/library_net_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,8 @@ jobs:
working-directory: ./${{ matrix.library }}
shell: bash
run: |
nuget locals all -clear
dotnet restore runtimes/net
make test_net FRAMEWORK=net48
- name: Test ${{ matrix.library }} .NET net6.0
Expand Down
6 changes: 3 additions & 3 deletions .gitmodules
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
[submodule "libraries"]
path = libraries
url = https://github.com/dafny-lang/libraries.git
[submodule "aws-encryption-sdk-specification"]
path = aws-encryption-sdk-specification
url = https://github.com/awslabs/aws-encryption-sdk-specification.git
[submodule "smithy-dafny"]
path = smithy-dafny
url = https://[email protected]/smithy-lang/smithy-dafny.git
[submodule "aws-encryption-sdk-specification"]
path = aws-encryption-sdk-specification
url = [email protected]:awslabs/aws-encryption-sdk-specification.git

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
namespace aws.cryptography.materialProviders

use aws.polymorph#javadoc

// Key Agreement Schemes
@javadoc("Supported ECDH Key Agreement Schemes.")
union KeyAgreementScheme {
StaticConfiguration: StaticConfigurations
}

@javadoc("Supported configurations for the StaticConfiguration Key Agreement Scheme.")
union StaticConfigurations {
AWS_KMS_ECDH: KmsEcdhStaticConfigurations,
RAW_ECDH: RawEcdhStaticConfigurations
}

@javadoc("Allowed configurations when using KmsEcdhStaticConfigurations.")
union KmsEcdhStaticConfigurations {
KmsPublicKeyDiscovery: KmsPublicKeyDiscoveryInput,
KmsPrivateKeyToStaticPublicKey: KmsPrivateKeyToStaticPublicKeyInput,
}

@javadoc("List of configurations when using RawEcdhStaticConfigurations.")
union RawEcdhStaticConfigurations {
PublicKeyDiscovery: PublicKeyDiscoveryInput,
RawPrivateKeyToStaticPublicKey: RawPrivateKeyToStaticPublicKeyInput,
EphemeralPrivateKeyToStaticPublicKey: EphemeralPrivateKeyToStaticPublicKeyInput
}


@javadoc("Inputs for creating a KmsPublicKeyDiscovery Configuration. This is a DECRYPT ONLY configuration.")
structure KmsPublicKeyDiscoveryInput {
@required
@javadoc("AWS KMS key identifier belonging to the recipient.")
recipientKmsIdentifier: KmsKeyId
}

@javadoc("Inputs for creating a KmsPrivateKeyToStaticPublicKey Configuration.")
structure KmsPrivateKeyToStaticPublicKeyInput {
@required
@javadoc("AWS KMS Key Identifier belonging to the sender.")
senderKmsIdentifier: KmsKeyId,
@javadoc("Sender Public Key. This is the raw public ECC key in DER format that belongs to the senderKmsIdentifier.")
senderPublicKey: Blob,
@required
@javadoc("Recipient Public Key. This MUST be a raw public ECC key in DER format.")
recipientPublicKey: Blob,
}

@javadoc("Inputs for creating a EphemeralPrivateKeyToStaticPublicKey Configuration.")
structure EphemeralPrivateKeyToStaticPublicKeyInput {
@required
@javadoc("The recipient's public key. MUST be DER encoded.")
recipientPublicKey: Blob,
}

@javadoc("Inputs for creating a PublicKeyDiscovery Configuration.")
structure PublicKeyDiscoveryInput {
@required
@javadoc("The sender's private key. MUST be PEM encoded.")
recipientStaticPrivateKey: Blob,
}

@javadoc("Inputs for creating a RawPrivateKeyToStaticPublicKey Configuration.")
structure RawPrivateKeyToStaticPublicKeyInput {
@required
@javadoc("The sender's private key. MUST be PEM encoded.")
senderStaticPrivateKey: Blob,
@required
@javadoc("The recipient's public key. MUST be DER encoded.")
recipientPublicKey: Blob,
}
Original file line number Diff line number Diff line change
Expand Up @@ -436,3 +436,46 @@ structure CreateRawAesKeyringInput {
@javadoc("A list of grant tokens to be used when calling KMS.")
grantTokens: GrantTokenList
}

@javadoc("Creates an AWS KMS ECDH Keyring, which wraps and unwraps data keys by deriving a shared data key from the established shared secret between parties through the ECDH protocol.")
operation CreateAwsKmsEcdhKeyring {
input: CreateAwsKmsEcdhKeyringInput,
output: CreateKeyringOutput
}

@javadoc("Inputs for creating an AWS KMS ECDH Keyring.")
structure CreateAwsKmsEcdhKeyringInput {

@required
@javadoc("The Key Agreement Scheme configuration that is responsible for how the shared secret is calculated.")
KeyAgreementScheme: KmsEcdhStaticConfigurations,

@required
@javadoc("The named curve that corresponds to the curve on which the sender's private and recipient's public key lie.")
curveSpec: aws.cryptography.primitives#ECDHCurveSpec,

@required
@javadoc("The KMS Client this Keyring will use to call KMS.")
kmsClient: KmsClientReference,

@javadoc("A list of grant tokens to be used when calling KMS.")
grantTokens: GrantTokenList
}

@javadoc("Creates a Raw ECDH Keyring, which wraps and unwraps data keys by deriving a shared data key from the established shared secret between parties through the ECDH protocol.")
operation CreateRawEcdhKeyring {
input: CreateRawEcdhKeyringInput,
output: CreateKeyringOutput
}

@javadoc("Inputs for creating a raw ECDH Keyring.")
structure CreateRawEcdhKeyringInput {

@required
@javadoc("The Key Agreement Scheme configuration that is responsible for how the shared secret is calculated.")
KeyAgreementScheme: RawEcdhStaticConfigurations,

@required
@javadoc("The the curve on which the points for the sender's private and recipient's public key lie.")
curveSpec: aws.cryptography.primitives#ECDHCurveSpec,
}
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,12 @@ service AwsCryptographicMaterialProviders {
CreateAwsKmsMrkDiscoveryKeyring,
CreateAwsKmsMrkDiscoveryMultiKeyring,
CreateAwsKmsHierarchicalKeyring,
CreateAwsKmsRsaKeyring,
CreateAwsKmsEcdhKeyring,
CreateMultiKeyring,
CreateRawAesKeyring,
CreateRawRsaKeyring,
CreateAwsKmsRsaKeyring,
CreateRawEcdhKeyring,

// CMMs
CreateDefaultCryptographicMaterialsManager,
Expand Down
Loading

0 comments on commit 0946a7e

Please sign in to comment.