feat: [kms] add interoperable symmetric encryption system (#4389)

* feat: add interoperable symmetric encryption system PiperOrigin-RevId: 544660001 Source-Link: googleapis/googleapis@511319c Source-Link: googleapis/googleapis-gen@812def9 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLWttcy8uT3dsQm90LnlhbWwiLCJoIjoiODEyZGVmOTU5NGU5ZmEwODc2ZTBlMDExOTUxZGMwYmVjN2EwYTVmZCJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com> Co-authored-by: Denis DelGrosso <85250797+ddelgrosso1@users.noreply.github.com>
googleapis · Jul 6, 2023 · 685b1ad · 685b1ad
1 parent 67a4cef
commit 685b1ad
Show file tree

Hide file tree

Showing 15 changed files with 4,732 additions and 693 deletions.
diff --git a/packages/google-cloud-kms/README.md b/packages/google-cloud-kms/README.md
@@ -125,6 +125,8 @@ Samples are in the [`samples/`](https://github.com/googleapis/google-cloud-node/
 | Key_management_service.list_key_rings | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.list_key_rings.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.list_key_rings.js,packages/google-cloud-kms/samples/README.md) |
 | Key_management_service.mac_sign | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.mac_sign.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.mac_sign.js,packages/google-cloud-kms/samples/README.md) |
 | Key_management_service.mac_verify | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.mac_verify.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.mac_verify.js,packages/google-cloud-kms/samples/README.md) |
+| Key_management_service.raw_decrypt | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.raw_decrypt.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.raw_decrypt.js,packages/google-cloud-kms/samples/README.md) |
+| Key_management_service.raw_encrypt | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.raw_encrypt.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.raw_encrypt.js,packages/google-cloud-kms/samples/README.md) |
 | Key_management_service.restore_crypto_key_version | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.restore_crypto_key_version.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.restore_crypto_key_version.js,packages/google-cloud-kms/samples/README.md) |
 | Key_management_service.update_crypto_key | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.update_crypto_key.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.update_crypto_key.js,packages/google-cloud-kms/samples/README.md) |
 | Key_management_service.update_crypto_key_primary_version | [source code](https://github.com/googleapis/google-cloud-node/blob/main/packages/google-cloud-kms/samples/generated/v1/key_management_service.update_crypto_key_primary_version.js) | [![Open in Cloud Shell][shell_img]](https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/google-cloud-node&page=editor&open_in_editor=packages/google-cloud-kms/samples/generated/v1/key_management_service.update_crypto_key_primary_version.js,packages/google-cloud-kms/samples/README.md) |

diff --git a/packages/google-cloud-kms/protos/google/cloud/kms/v1/ekm_service.proto b/packages/google-cloud-kms/protos/google/cloud/kms/v1/ekm_service.proto
@@ -448,4 +448,4 @@ message VerifyConnectivityRequest {
 
 // Response message for
 // [EkmService.VerifyConnectivity][google.cloud.kms.v1.EkmService.VerifyConnectivity].
-message VerifyConnectivityResponse {}
+message VerifyConnectivityResponse {}
diff --git a/packages/google-cloud-kms/protos/google/cloud/kms/v1/resources.proto b/packages/google-cloud-kms/protos/google/cloud/kms/v1/resources.proto
@@ -89,6 +89,13 @@ message CryptoKey {
     // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
     ASYMMETRIC_DECRYPT = 6;
 
+    // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
+    // with [RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]
+    // and [RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
+    // This purpose is meant to be used for interoperable symmetric
+    // encryption and does not support automatic CryptoKey rotation.
+    RAW_ENCRYPT_DECRYPT = 7;
+
     // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
     // with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
     MAC = 9;
@@ -339,6 +346,12 @@ message CryptoKeyVersion {
     // Creates symmetric encryption keys.
     GOOGLE_SYMMETRIC_ENCRYPTION = 1;
 
+    // AES-GCM (Galois Counter Mode) using 128-bit keys.
+    AES_128_GCM = 41;
+
+    // AES-GCM (Galois Counter Mode) using 256-bit keys.
+    AES_256_GCM = 19;
+
     // RSASSA-PSS 2048 bit key with a SHA256 digest.
     RSA_SIGN_PSS_2048_SHA256 = 2;