aws-sdk-paymentcryptographydata 1.44.0 → 1.45.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8dc2a9302664ebd8bac6d64464cc4b3a53354ca2eb21a379eb826c79804c140a
-  data.tar.gz: cbdef2762e85beeb0a81edebfbd35ed372a35c0e32381b31a7946cc3b0c30a4d
+  metadata.gz: ff21887001aaf2cf33492d3c77b72cce29a87296e58f53812666004266b0a6bd
+  data.tar.gz: ba425d1d3bef675edc20735245d79c6805cbb0c1bab754eba91f61267cb88415
 SHA512:
-  metadata.gz: cc37d990731d94075edef0757a3fecabace449db1d5051d8add550651e9b7593545d45f9d1269ddbbf3276e0e57007490c8fe36a10c26f622feb864e3b187610
-  data.tar.gz: 716a09139585ed42ef26ffc6e2ebd823f13633fe1edce855d686fcf45459919ec2386b9d7a2b99d55a51a90f4f708e5506f1ad545690cd1e6c822ffa9650f7c7
+  metadata.gz: fedee9f38efd8ee58c30eaad7b18ab227a6740c730144f5e83794757713b0aa65effeb75f3974cba466d8b763948deb86ac584a5a9ff89a6357518a61b9cd9ca
+  data.tar.gz: 41248d20e036cfa63af43c3302de50c8b39b729fc702a91321e3ced7d5e78c1657272567a501605802abb0eb150c94ff3938936bbed74316bd89abc08bfe1e58

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.45.0 (2025-12-17)
+------------------
+
+* Feature - Support for AS2805 standard.  New API GenerateAs2805KekValidation and changes to translate pin, GenerateMac and VerifyMac to support AS2805 key variants.
+
 1.44.0 (2025-11-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.44.0
+1.45.0

data/lib/aws-sdk-paymentcryptographydata/client.rb

@@ -791,6 +791,92 @@ module Aws::PaymentCryptographyData
       req.send_request(options)
     end
 
+    # Establishes node-to-node initialization between payment processing
+    # nodes such as an acquirer, issuer or payment network using Australian
+    # Standard 2805 (AS2805).
+    #
+    # During node-to-node initialization, both communicating nodes must
+    # validate that they possess the correct Key Encrypting Keys (KEKs)
+    # before proceeding with session key exchange. In AS2805, the sending
+    # KEK (KEKs) of one node corresponds to the receiving KEK (KEKr) of its
+    # partner node. Each node uses its KEK to encrypt and decrypt session
+    # keys exchanged between the nodes. A KEK can be created or imported
+    # into Amazon Web Services Payment Cryptography using either the
+    # [CreateKey][1] or [ImportKey][2] operations.
+    #
+    # The node initiating communication can use
+    # `GenerateAS2805KekValidation` to generate a combined KEK validation
+    # request and KEK validation response to send to the partnering node for
+    # validation. When invoked, the API internally generates a random
+    # sending key encrypted under KEKs and provides a receiving key
+    # encrypted under KEKr as response. The initiating node sends the
+    # response returned by this API to its partner for validation.
+    #
+    # For information about valid keys for this operation, see
+    # [Understanding key attributes][3] and [Key types for specific data
+    # operations][4] in the *Amazon Web Services Payment Cryptography User
+    # Guide*.
+    #
+    # **Cross-account use**: This operation can't be used across different
+    # Amazon Web Services accounts.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
+    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
+    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
+    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    #
+    # @option params [required, String] :key_identifier
+    #   The `keyARN` of sending KEK that Amazon Web Services Payment
+    #   Cryptography uses for node-to-node initialization
+    #
+    # @option params [required, Types::As2805KekValidationType] :kek_validation_type
+    #   Parameter information for generating a random key for KEK validation
+    #   to perform node-to-node initialization.
+    #
+    # @option params [required, String] :random_key_send_variant_mask
+    #   The key variant to use for generating a random key for KEK validation
+    #   during node-to-node initialization.
+    #
+    # @return [Types::GenerateAs2805KekValidationOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GenerateAs2805KekValidationOutput#key_arn #key_arn} => String
+    #   * {Types::GenerateAs2805KekValidationOutput#key_check_value #key_check_value} => String
+    #   * {Types::GenerateAs2805KekValidationOutput#random_key_send #random_key_send} => String
+    #   * {Types::GenerateAs2805KekValidationOutput#random_key_receive #random_key_receive} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.generate_as_2805_kek_validation({
+    #     key_identifier: "KeyArnOrKeyAliasType", # required
+    #     kek_validation_type: { # required
+    #       kek_validation_request: {
+    #         derive_key_algorithm: "TDES_2KEY", # required, accepts TDES_2KEY, TDES_3KEY, AES_128, AES_192, AES_256, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, HMAC_SHA224
+    #       },
+    #       kek_validation_response: {
+    #         random_key_send: "As2805RandomKeyMaterial", # required
+    #       },
+    #     },
+    #     random_key_send_variant_mask: "VARIANT_MASK_82C0", # required, accepts VARIANT_MASK_82C0, VARIANT_MASK_82
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_arn #=> String
+    #   resp.key_check_value #=> String
+    #   resp.random_key_send #=> String
+    #   resp.random_key_receive #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateAs2805KekValidation AWS API Documentation
+    #
+    # @overload generate_as_2805_kek_validation(params = {})
+    # @param [Hash] params ({})
+    def generate_as_2805_kek_validation(params = {}, options = {})
+      req = build_request(:generate_as_2805_kek_validation, params)
+      req.send_request(options)
+    end
+
     # Generates card-related validation data using algorithms such as Card
     # Verification Values (CVV/CVV2), Dynamic Card Verification Values
     # (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see
@@ -922,7 +1008,7 @@ module Aws::PaymentCryptographyData
     # by setting generation attributes and algorithm to the associated
     # values. The MAC generation encryption key must have valid values for
     # `KeyUsage` such as `TR31_M7_HMAC_KEY` for HMAC generation, and the key
-    # must have `KeyModesOfUse` set to `Generate` and `Verify`.
+    # must have `KeyModesOfUse` set to `Generate`.
     #
     # For information about valid keys for this operation, see
     # [Understanding key attributes][1] and [Key types for specific data
@@ -969,7 +1055,7 @@ module Aws::PaymentCryptographyData
     #     key_identifier: "KeyArnOrKeyAliasType", # required
     #     message_data: "MessageDataType", # required
     #     generation_attributes: { # required
-    #       algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512
+    #       algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, AS2805_4_1
     #       emv_mac: {
     #         major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
     #         primary_account_number: "PrimaryAccountNumberType", # required
@@ -1259,8 +1345,7 @@ module Aws::PaymentCryptographyData
     #   except that the fill digits are random values from 10 to 15.
     #
     #   The `ISO_Format_4` PIN block format is the only one supporting AES
-    #   encryption. It is similar to `ISO_Format_3` but doubles the pin block
-    #   length by padding with fill digit A and random values from 10 to 15.
+    #   encryption.
     #
     # @option params [Types::WrappedKey] :encryption_wrapped_key
     #   Parameter information of a WrappedKeyBlock for encryption key
@@ -1517,16 +1602,16 @@ module Aws::PaymentCryptographyData
       req.send_request(options)
     end
 
-    # Translates an encryption key between different wrapping keys without
-    # importing the key into Amazon Web Services Payment Cryptography.
+    # Translates an cryptographic key between different wrapping keys
+    # without importing the key into Amazon Web Services Payment
+    # Cryptography.
     #
     # This operation can be used when key material is frequently rotated,
     # such as during every card transaction, and there is a need to avoid
     # importing short-lived keys into Amazon Web Services Payment
-    # Cryptography. It translates short-lived transaction keys such as Pin
-    # Encryption Key (PEK) generated for each transaction and wrapped with
-    # an ECDH (Elliptic Curve Diffie-Hellman) derived wrapping key to
-    # another KEK (Key Encryption Key) wrapping key.
+    # Cryptography. It translates short-lived transaction keys such as
+    # [PEK][1] generated for each transaction and wrapped with an [ECDH][2]
+    # derived wrapping key to another [KEK][3] wrapping key.
     #
     # Before using this operation, you must first request the public key
     # certificate of the ECC key pair generated within Amazon Web Services
@@ -1536,13 +1621,11 @@ module Aws::PaymentCryptographyData
     # parameters to generate a derived key. The service uses this derived
     # key to unwrap the incoming transaction key received as a
     # TR31WrappedKeyBlock and re-wrap using a user provided KEK to generate
-    # an outgoing Tr31WrappedKeyBlock. For more information on establishing
-    # ECDH derived keys, see the [Creating keys][1] in the *Amazon Web
-    # Services Payment Cryptography User Guide*.
+    # an outgoing Tr31WrappedKeyBlock.
     #
     # For information about valid keys for this operation, see
-    # [Understanding key attributes][2] and [Key types for specific data
-    # operations][3] in the *Amazon Web Services Payment Cryptography User
+    # [Understanding key attributes][4] and [Key types for specific data
+    # operations][5] in the *Amazon Web Services Payment Cryptography User
     # Guide*.
     #
     # **Cross-account use**: This operation can't be used across different
@@ -1550,20 +1633,22 @@ module Aws::PaymentCryptographyData
     #
     # **Related operations:**
     #
-    # * [CreateKey][4]
+    # * [CreateKey][6]
     #
-    # * [GetPublicCertificate][5]
+    # * [GetPublicCertificate][7]
     #
-    # * [ImportKey][6]
+    # * [ImportKey][8]
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/create-keys.html
-    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
-    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
-    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
-    # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
-    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
+    # [1]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.pek
+    # [2]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.ecdh
+    # [3]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/terminology.html#terms.kek
+    # [4]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/keys-validattributes.html
+    # [5]: https://docs.aws.amazon.com/payment-cryptography/latest/userguide/crypto-ops-validkeys-ops.html
+    # [6]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_CreateKey.html
+    # [7]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetPublicKeyCertificate.html
+    # [8]: https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_ImportKey.html
     #
     # @option params [required, Types::IncomingKeyMaterial] :incoming_key_material
     #   Parameter information of the TR31WrappedKeyBlock containing the
@@ -1574,7 +1659,8 @@ module Aws::PaymentCryptographyData
     #   key in the outgoing TR31WrappedKeyBlock.
     #
     # @option params [String] :key_check_value_algorithm
-    #   The key check value (KCV) algorithm used for calculating the KCV.
+    #   The key check value (KCV) algorithm used for calculating the KCV of
+    #   the derived key.
     #
     # @return [Types::TranslateKeyMaterialOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1731,6 +1817,10 @@ module Aws::PaymentCryptographyData
     #   The WrappedKeyBlock containing the encryption key for encrypting
     #   outgoing PIN block data.
     #
+    # @option params [Types::As2805PekDerivationAttributes] :incoming_as_2805_attributes
+    #   The attributes and values to use for incoming AS2805 encryption key
+    #   for PIN block translation.
+    #
     # @return [Types::TranslatePinDataOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::TranslatePinDataOutput#pin_block #pin_block} => String
@@ -1754,6 +1844,9 @@ module Aws::PaymentCryptographyData
     #       iso_format_4: {
     #         primary_account_number: "PrimaryAccountNumberType", # required
     #       },
+    #       as_2805_format_0: {
+    #         primary_account_number: "PrimaryAccountNumberType", # required
+    #       },
     #     },
     #     outgoing_translation_attributes: { # required
     #       iso_format_0: {
@@ -1767,6 +1860,9 @@ module Aws::PaymentCryptographyData
     #       iso_format_4: {
     #         primary_account_number: "PrimaryAccountNumberType", # required
     #       },
+    #       as_2805_format_0: {
+    #         primary_account_number: "PrimaryAccountNumberType", # required
+    #       },
     #     },
     #     encrypted_pin_block: "HexEvenLengthBetween16And32", # required
     #     incoming_dukpt_attributes: {
@@ -1807,6 +1903,10 @@ module Aws::PaymentCryptographyData
     #       },
     #       key_check_value_algorithm: "CMAC", # accepts CMAC, ANSI_X9_24, HMAC, SHA_1
     #     },
+    #     incoming_as_2805_attributes: {
+    #       system_trace_audit_number: "SystemTraceAuditNumberType", # required
+    #       transaction_amount: "TransactionAmountType", # required
+    #     },
     #   })
     #
     # @example Response structure
@@ -2137,7 +2237,7 @@ module Aws::PaymentCryptographyData
     #     message_data: "MessageDataType", # required
     #     mac: "MacType", # required
     #     verification_attributes: { # required
-    #       algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512
+    #       algorithm: "ISO9797_ALGORITHM1", # accepts ISO9797_ALGORITHM1, ISO9797_ALGORITHM3, CMAC, HMAC, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, AS2805_4_1
     #       emv_mac: {
     #         major_key_derivation_mode: "EMV_OPTION_A", # required, accepts EMV_OPTION_A, EMV_OPTION_B
     #         primary_account_number: "PrimaryAccountNumberType", # required
@@ -2335,7 +2435,7 @@ module Aws::PaymentCryptographyData
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-paymentcryptographydata'
-      context[:gem_version] = '1.44.0'
+      context[:gem_version] = '1.45.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-paymentcryptographydata/client_api.rb

@@ -19,6 +19,9 @@ module Aws::PaymentCryptographyData
     AmexCardSecurityCodeVersion1 = Shapes::StructureShape.new(name: 'AmexCardSecurityCodeVersion1')
     AmexCardSecurityCodeVersion2 = Shapes::StructureShape.new(name: 'AmexCardSecurityCodeVersion2')
     ApplicationCryptogramType = Shapes::StringShape.new(name: 'ApplicationCryptogramType')
+    As2805KekValidationType = Shapes::UnionShape.new(name: 'As2805KekValidationType')
+    As2805PekDerivationAttributes = Shapes::StructureShape.new(name: 'As2805PekDerivationAttributes')
+    As2805RandomKeyMaterial = Shapes::StringShape.new(name: 'As2805RandomKeyMaterial')
     AsymmetricEncryptionAttributes = Shapes::StructureShape.new(name: 'AsymmetricEncryptionAttributes')
     AuthRequestCryptogramType = Shapes::StringShape.new(name: 'AuthRequestCryptogramType')
     AuthResponseValueType = Shapes::StringShape.new(name: 'AuthResponseValueType')
@@ -60,6 +63,8 @@ module Aws::PaymentCryptographyData
     EncryptedPinBlockType = Shapes::StringShape.new(name: 'EncryptedPinBlockType')
     EncryptionDecryptionAttributes = Shapes::UnionShape.new(name: 'EncryptionDecryptionAttributes')
     EncryptionMode = Shapes::StringShape.new(name: 'EncryptionMode')
+    GenerateAs2805KekValidationInput = Shapes::StructureShape.new(name: 'GenerateAs2805KekValidationInput')
+    GenerateAs2805KekValidationOutput = Shapes::StructureShape.new(name: 'GenerateAs2805KekValidationOutput')
     GenerateCardValidationDataInput = Shapes::StructureShape.new(name: 'GenerateCardValidationDataInput')
     GenerateCardValidationDataOutput = Shapes::StructureShape.new(name: 'GenerateCardValidationDataOutput')
     GenerateMacEmvPinChangeInput = Shapes::StructureShape.new(name: 'GenerateMacEmvPinChangeInput')
@@ -88,6 +93,8 @@ module Aws::PaymentCryptographyData
     IntegerRangeBetween4And12 = Shapes::IntegerShape.new(name: 'IntegerRangeBetween4And12')
     IntegerRangeBetween4And16 = Shapes::IntegerShape.new(name: 'IntegerRangeBetween4And16')
     InternalServerException = Shapes::StructureShape.new(name: 'InternalServerException')
+    KekValidationRequest = Shapes::StructureShape.new(name: 'KekValidationRequest')
+    KekValidationResponse = Shapes::StructureShape.new(name: 'KekValidationResponse')
     KeyArn = Shapes::StringShape.new(name: 'KeyArn')
     KeyArnOrKeyAliasType = Shapes::StringShape.new(name: 'KeyArnOrKeyAliasType')
     KeyCheckValue = Shapes::StringShape.new(name: 'KeyCheckValue')
@@ -123,6 +130,7 @@ module Aws::PaymentCryptographyData
     PlainTextType = Shapes::StringShape.new(name: 'PlainTextType')
     PrimaryAccountNumberType = Shapes::StringShape.new(name: 'PrimaryAccountNumberType')
     ProprietaryAuthenticationDataType = Shapes::StringShape.new(name: 'ProprietaryAuthenticationDataType')
+    RandomKeySendVariantMask = Shapes::StringShape.new(name: 'RandomKeySendVariantMask')
     ReEncryptDataInput = Shapes::StructureShape.new(name: 'ReEncryptDataInput')
     ReEncryptDataOutput = Shapes::StructureShape.new(name: 'ReEncryptDataOutput')
     ReEncryptionAttributes = Shapes::UnionShape.new(name: 'ReEncryptionAttributes')
@@ -141,15 +149,18 @@ module Aws::PaymentCryptographyData
     String = Shapes::StringShape.new(name: 'String')
     SymmetricEncryptionAttributes = Shapes::StructureShape.new(name: 'SymmetricEncryptionAttributes')
     SymmetricKeyAlgorithm = Shapes::StringShape.new(name: 'SymmetricKeyAlgorithm')
+    SystemTraceAuditNumberType = Shapes::StringShape.new(name: 'SystemTraceAuditNumberType')
     ThrottlingException = Shapes::StructureShape.new(name: 'ThrottlingException')
     Tr31WrappedKeyBlock = Shapes::StringShape.new(name: 'Tr31WrappedKeyBlock')
     TrackDataType = Shapes::StringShape.new(name: 'TrackDataType')
+    TransactionAmountType = Shapes::StringShape.new(name: 'TransactionAmountType')
     TransactionDataType = Shapes::StringShape.new(name: 'TransactionDataType')
     TranslateKeyMaterialInput = Shapes::StructureShape.new(name: 'TranslateKeyMaterialInput')
     TranslateKeyMaterialOutput = Shapes::StructureShape.new(name: 'TranslateKeyMaterialOutput')
     TranslatePinDataInput = Shapes::StructureShape.new(name: 'TranslatePinDataInput')
     TranslatePinDataOutput = Shapes::StructureShape.new(name: 'TranslatePinDataOutput')
     TranslationIsoFormats = Shapes::UnionShape.new(name: 'TranslationIsoFormats')
+    TranslationPinDataAs2805Format0 = Shapes::StructureShape.new(name: 'TranslationPinDataAs2805Format0')
     TranslationPinDataIsoFormat034 = Shapes::StructureShape.new(name: 'TranslationPinDataIsoFormat034')
     TranslationPinDataIsoFormat1 = Shapes::StructureShape.new(name: 'TranslationPinDataIsoFormat1')
     ValidationDataType = Shapes::StringShape.new(name: 'ValidationDataType')
@@ -195,6 +206,18 @@ module Aws::PaymentCryptographyData
     AmexCardSecurityCodeVersion2.add_member(:service_code, Shapes::ShapeRef.new(shape: ServiceCodeType, required: true, location_name: "ServiceCode"))
     AmexCardSecurityCodeVersion2.struct_class = Types::AmexCardSecurityCodeVersion2
 
+    As2805KekValidationType.add_member(:kek_validation_request, Shapes::ShapeRef.new(shape: KekValidationRequest, location_name: "KekValidationRequest"))
+    As2805KekValidationType.add_member(:kek_validation_response, Shapes::ShapeRef.new(shape: KekValidationResponse, location_name: "KekValidationResponse"))
+    As2805KekValidationType.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
+    As2805KekValidationType.add_member_subclass(:kek_validation_request, Types::As2805KekValidationType::KekValidationRequest)
+    As2805KekValidationType.add_member_subclass(:kek_validation_response, Types::As2805KekValidationType::KekValidationResponse)
+    As2805KekValidationType.add_member_subclass(:unknown, Types::As2805KekValidationType::Unknown)
+    As2805KekValidationType.struct_class = Types::As2805KekValidationType
+
+    As2805PekDerivationAttributes.add_member(:system_trace_audit_number, Shapes::ShapeRef.new(shape: SystemTraceAuditNumberType, required: true, location_name: "SystemTraceAuditNumber"))
+    As2805PekDerivationAttributes.add_member(:transaction_amount, Shapes::ShapeRef.new(shape: TransactionAmountType, required: true, location_name: "TransactionAmount"))
+    As2805PekDerivationAttributes.struct_class = Types::As2805PekDerivationAttributes
+
     AsymmetricEncryptionAttributes.add_member(:padding_type, Shapes::ShapeRef.new(shape: PaddingType, location_name: "PaddingType"))
     AsymmetricEncryptionAttributes.struct_class = Types::AsymmetricEncryptionAttributes
 
@@ -385,6 +408,17 @@ module Aws::PaymentCryptographyData
     EncryptionDecryptionAttributes.add_member_subclass(:unknown, Types::EncryptionDecryptionAttributes::Unknown)
     EncryptionDecryptionAttributes.struct_class = Types::EncryptionDecryptionAttributes
 
+    GenerateAs2805KekValidationInput.add_member(:key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "KeyIdentifier"))
+    GenerateAs2805KekValidationInput.add_member(:kek_validation_type, Shapes::ShapeRef.new(shape: As2805KekValidationType, required: true, location_name: "KekValidationType"))
+    GenerateAs2805KekValidationInput.add_member(:random_key_send_variant_mask, Shapes::ShapeRef.new(shape: RandomKeySendVariantMask, required: true, location_name: "RandomKeySendVariantMask"))
+    GenerateAs2805KekValidationInput.struct_class = Types::GenerateAs2805KekValidationInput
+
+    GenerateAs2805KekValidationOutput.add_member(:key_arn, Shapes::ShapeRef.new(shape: KeyArn, required: true, location_name: "KeyArn"))
+    GenerateAs2805KekValidationOutput.add_member(:key_check_value, Shapes::ShapeRef.new(shape: KeyCheckValue, required: true, location_name: "KeyCheckValue"))
+    GenerateAs2805KekValidationOutput.add_member(:random_key_send, Shapes::ShapeRef.new(shape: As2805RandomKeyMaterial, required: true, location_name: "RandomKeySend"))
+    GenerateAs2805KekValidationOutput.add_member(:random_key_receive, Shapes::ShapeRef.new(shape: As2805RandomKeyMaterial, required: true, location_name: "RandomKeyReceive"))
+    GenerateAs2805KekValidationOutput.struct_class = Types::GenerateAs2805KekValidationOutput
+
     GenerateCardValidationDataInput.add_member(:key_identifier, Shapes::ShapeRef.new(shape: KeyArnOrKeyAliasType, required: true, location_name: "KeyIdentifier"))
     GenerateCardValidationDataInput.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
     GenerateCardValidationDataInput.add_member(:generation_attributes, Shapes::ShapeRef.new(shape: CardGenerationAttributes, required: true, location_name: "GenerationAttributes"))
@@ -491,6 +525,12 @@ module Aws::PaymentCryptographyData
     InternalServerException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
     InternalServerException.struct_class = Types::InternalServerException
 
+    KekValidationRequest.add_member(:derive_key_algorithm, Shapes::ShapeRef.new(shape: SymmetricKeyAlgorithm, required: true, location_name: "DeriveKeyAlgorithm"))
+    KekValidationRequest.struct_class = Types::KekValidationRequest
+
+    KekValidationResponse.add_member(:random_key_send, Shapes::ShapeRef.new(shape: As2805RandomKeyMaterial, required: true, location_name: "RandomKeySend"))
+    KekValidationResponse.struct_class = Types::KekValidationResponse
+
     MacAlgorithmDukpt.add_member(:key_serial_number, Shapes::ShapeRef.new(shape: HexLength16Or20Or24, required: true, location_name: "KeySerialNumber"))
     MacAlgorithmDukpt.add_member(:dukpt_key_variant, Shapes::ShapeRef.new(shape: DukptKeyVariant, required: true, location_name: "DukptKeyVariant"))
     MacAlgorithmDukpt.add_member(:dukpt_derivation_type, Shapes::ShapeRef.new(shape: DukptDerivationType, location_name: "DukptDerivationType"))
@@ -660,6 +700,7 @@ module Aws::PaymentCryptographyData
     TranslatePinDataInput.add_member(:outgoing_dukpt_attributes, Shapes::ShapeRef.new(shape: DukptDerivationAttributes, location_name: "OutgoingDukptAttributes"))
     TranslatePinDataInput.add_member(:incoming_wrapped_key, Shapes::ShapeRef.new(shape: WrappedKey, location_name: "IncomingWrappedKey"))
     TranslatePinDataInput.add_member(:outgoing_wrapped_key, Shapes::ShapeRef.new(shape: WrappedKey, location_name: "OutgoingWrappedKey"))
+    TranslatePinDataInput.add_member(:incoming_as_2805_attributes, Shapes::ShapeRef.new(shape: As2805PekDerivationAttributes, location_name: "IncomingAs2805Attributes"))
     TranslatePinDataInput.struct_class = Types::TranslatePinDataInput
 
     TranslatePinDataOutput.add_member(:pin_block, Shapes::ShapeRef.new(shape: EncryptedPinBlockType, required: true, location_name: "PinBlock"))
@@ -671,14 +712,19 @@ module Aws::PaymentCryptographyData
     TranslationIsoFormats.add_member(:iso_format_1, Shapes::ShapeRef.new(shape: TranslationPinDataIsoFormat1, location_name: "IsoFormat1"))
     TranslationIsoFormats.add_member(:iso_format_3, Shapes::ShapeRef.new(shape: TranslationPinDataIsoFormat034, location_name: "IsoFormat3"))
     TranslationIsoFormats.add_member(:iso_format_4, Shapes::ShapeRef.new(shape: TranslationPinDataIsoFormat034, location_name: "IsoFormat4"))
+    TranslationIsoFormats.add_member(:as_2805_format_0, Shapes::ShapeRef.new(shape: TranslationPinDataAs2805Format0, location_name: "As2805Format0"))
     TranslationIsoFormats.add_member(:unknown, Shapes::ShapeRef.new(shape: nil, location_name: 'unknown'))
     TranslationIsoFormats.add_member_subclass(:iso_format_0, Types::TranslationIsoFormats::IsoFormat0)
     TranslationIsoFormats.add_member_subclass(:iso_format_1, Types::TranslationIsoFormats::IsoFormat1)
     TranslationIsoFormats.add_member_subclass(:iso_format_3, Types::TranslationIsoFormats::IsoFormat3)
     TranslationIsoFormats.add_member_subclass(:iso_format_4, Types::TranslationIsoFormats::IsoFormat4)
+    TranslationIsoFormats.add_member_subclass(:as_2805_format_0, Types::TranslationIsoFormats::As2805Format0)
     TranslationIsoFormats.add_member_subclass(:unknown, Types::TranslationIsoFormats::Unknown)
     TranslationIsoFormats.struct_class = Types::TranslationIsoFormats
 
+    TranslationPinDataAs2805Format0.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
+    TranslationPinDataAs2805Format0.struct_class = Types::TranslationPinDataAs2805Format0
+
     TranslationPinDataIsoFormat034.add_member(:primary_account_number, Shapes::ShapeRef.new(shape: PrimaryAccountNumberType, required: true, location_name: "PrimaryAccountNumber"))
     TranslationPinDataIsoFormat034.struct_class = Types::TranslationPinDataIsoFormat034
 
@@ -836,6 +882,19 @@ module Aws::PaymentCryptographyData
         o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
       end)
 
+      api.add_operation(:generate_as_2805_kek_validation, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GenerateAs2805KekValidation"
+        o.http_method = "POST"
+        o.http_request_uri = "/as2805kekvalidation/generate"
+        o.input = Shapes::ShapeRef.new(shape: GenerateAs2805KekValidationInput)
+        o.output = Shapes::ShapeRef.new(shape: GenerateAs2805KekValidationOutput)
+        o.errors << Shapes::ShapeRef.new(shape: ValidationException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerException)
+      end)
+
       api.add_operation(:generate_card_validation_data, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GenerateCardValidationData"
         o.http_method = "POST"

data/lib/aws-sdk-paymentcryptographydata/types.rb

@@ -104,6 +104,55 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # Parameter information for generating a random key for KEK validation
+    # to perform node-to-node initialization.
+    #
+    # @note As2805KekValidationType is a union - when making an API calls you must set exactly one of the members.
+    #
+    # @!attribute [rw] kek_validation_request
+    #   Parameter information for generating a KEK validation request during
+    #   node-to-node initialization.
+    #   @return [Types::KekValidationRequest]
+    #
+    # @!attribute [rw] kek_validation_response
+    #   Parameter information for generating a KEK validation response
+    #   during node-to-node initialization.
+    #   @return [Types::KekValidationResponse]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/As2805KekValidationType AWS API Documentation
+    #
+    class As2805KekValidationType < Struct.new(
+      :kek_validation_request,
+      :kek_validation_response,
+      :unknown)
+      SENSITIVE = []
+      include Aws::Structure
+      include Aws::Structure::Union
+
+      class KekValidationRequest < As2805KekValidationType; end
+      class KekValidationResponse < As2805KekValidationType; end
+      class Unknown < As2805KekValidationType; end
+    end
+
+    # Parameter information to use a PEK derived using AS2805.
+    #
+    # @!attribute [rw] system_trace_audit_number
+    #   The system trace audit number for the transaction.
+    #   @return [String]
+    #
+    # @!attribute [rw] transaction_amount
+    #   The transaction amount for the transaction.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/As2805PekDerivationAttributes AWS API Documentation
+    #
+    class As2805PekDerivationAttributes < Struct.new(
+      :system_trace_audit_number,
+      :transaction_amount)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Parameters for plaintext encryption using asymmetric keys.
     #
     # @!attribute [rw] padding_type
@@ -1042,6 +1091,62 @@ module Aws::PaymentCryptographyData
       class Unknown < EncryptionDecryptionAttributes; end
     end
 
+    # @!attribute [rw] key_identifier
+    #   The `keyARN` of sending KEK that Amazon Web Services Payment
+    #   Cryptography uses for node-to-node initialization
+    #   @return [String]
+    #
+    # @!attribute [rw] kek_validation_type
+    #   Parameter information for generating a random key for KEK validation
+    #   to perform node-to-node initialization.
+    #   @return [Types::As2805KekValidationType]
+    #
+    # @!attribute [rw] random_key_send_variant_mask
+    #   The key variant to use for generating a random key for KEK
+    #   validation during node-to-node initialization.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateAs2805KekValidationInput AWS API Documentation
+    #
+    class GenerateAs2805KekValidationInput < Struct.new(
+      :key_identifier,
+      :kek_validation_type,
+      :random_key_send_variant_mask)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] key_arn
+    #   The `keyARN` of sending KEK that Amazon Web Services Payment
+    #   Cryptography validates for node-to-node initialization
+    #   @return [String]
+    #
+    # @!attribute [rw] key_check_value
+    #   The key check value (KCV) of the sending KEK that Amazon Web
+    #   Services Payment Cryptography validates for node-to-node
+    #   initialization.
+    #   @return [String]
+    #
+    # @!attribute [rw] random_key_send
+    #   The random key generated for sending KEK validation.
+    #   @return [String]
+    #
+    # @!attribute [rw] random_key_receive
+    #   The random key generated for receiving KEK validation. The
+    #   initiating node sends this key to its partner node for validation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/GenerateAs2805KekValidationOutput AWS API Documentation
+    #
+    class GenerateAs2805KekValidationOutput < Struct.new(
+      :key_arn,
+      :key_check_value,
+      :random_key_send,
+      :random_key_receive)
+      SENSITIVE = [:random_key_send, :random_key_receive]
+      include Aws::Structure
+    end
+
     # @!attribute [rw] key_identifier
     #   The `keyARN` of the CVK encryption key that Amazon Web Services
     #   Payment Cryptography uses to generate card data.
@@ -1308,9 +1413,7 @@ module Aws::PaymentCryptographyData
     #   except that the fill digits are random values from 10 to 15.
     #
     #   The `ISO_Format_4` PIN block format is the only one supporting AES
-    #   encryption. It is similar to `ISO_Format_3` but doubles the pin
-    #   block length by padding with fill digit A and random values from 10
-    #   to 15.
+    #   encryption.
     #   @return [String]
     #
     # @!attribute [rw] encryption_wrapped_key
@@ -1628,6 +1731,37 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
+    # Parameter information for generating a KEK validation request during
+    # node-to-node initialization.
+    #
+    # @!attribute [rw] derive_key_algorithm
+    #   The key derivation algorithm to use for generating a KEK validation
+    #   request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/KekValidationRequest AWS API Documentation
+    #
+    class KekValidationRequest < Struct.new(
+      :derive_key_algorithm)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Parameter information for generating a KEK validation response during
+    # node-to-node initialization.
+    #
+    # @!attribute [rw] random_key_send
+    #   The random key for generating a KEK validation response.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/KekValidationResponse AWS API Documentation
+    #
+    class KekValidationResponse < Struct.new(
+      :random_key_send)
+      SENSITIVE = [:random_key_send]
+      include Aws::Structure
+    end
+
     # Parameters required for DUKPT MAC generation and verification.
     #
     # @!attribute [rw] key_serial_number
@@ -2320,7 +2454,8 @@ module Aws::PaymentCryptographyData
     #   @return [Types::OutgoingKeyMaterial]
     #
     # @!attribute [rw] key_check_value_algorithm
-    #   The key check value (KCV) algorithm used for calculating the KCV.
+    #   The key check value (KCV) algorithm used for calculating the KCV of
+    #   the derived key.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslateKeyMaterialInput AWS API Documentation
@@ -2395,6 +2530,11 @@ module Aws::PaymentCryptographyData
     #   outgoing PIN block data.
     #   @return [Types::WrappedKey]
     #
+    # @!attribute [rw] incoming_as_2805_attributes
+    #   The attributes and values to use for incoming AS2805 encryption key
+    #   for PIN block translation.
+    #   @return [Types::As2805PekDerivationAttributes]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslatePinDataInput AWS API Documentation
     #
     class TranslatePinDataInput < Struct.new(
@@ -2406,7 +2546,8 @@ module Aws::PaymentCryptographyData
       :incoming_dukpt_attributes,
       :outgoing_dukpt_attributes,
       :incoming_wrapped_key,
-      :outgoing_wrapped_key)
+      :outgoing_wrapped_key,
+      :incoming_as_2805_attributes)
       SENSITIVE = [:encrypted_pin_block]
       include Aws::Structure
     end
@@ -2446,21 +2587,25 @@ module Aws::PaymentCryptographyData
     # @note TranslationIsoFormats is a union - when making an API calls you must set exactly one of the members.
     #
     # @!attribute [rw] iso_format_0
-    #   Parameters that are required for ISO9564 PIN format 0 tranlation.
+    #   Parameters that are required for ISO9564 PIN format 0 translation.
     #   @return [Types::TranslationPinDataIsoFormat034]
     #
     # @!attribute [rw] iso_format_1
-    #   Parameters that are required for ISO9564 PIN format 1 tranlation.
+    #   Parameters that are required for ISO9564 PIN format 1 translation.
     #   @return [Types::TranslationPinDataIsoFormat1]
     #
     # @!attribute [rw] iso_format_3
-    #   Parameters that are required for ISO9564 PIN format 3 tranlation.
+    #   Parameters that are required for ISO9564 PIN format 3 translation.
     #   @return [Types::TranslationPinDataIsoFormat034]
     #
     # @!attribute [rw] iso_format_4
-    #   Parameters that are required for ISO9564 PIN format 4 tranlation.
+    #   Parameters that are required for ISO9564 PIN format 4 translation.
     #   @return [Types::TranslationPinDataIsoFormat034]
     #
+    # @!attribute [rw] as_2805_format_0
+    #   Parameters that are required for AS2805 PIN format 0 translation.
+    #   @return [Types::TranslationPinDataAs2805Format0]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslationIsoFormats AWS API Documentation
     #
     class TranslationIsoFormats < Struct.new(
@@ -2468,6 +2613,7 @@ module Aws::PaymentCryptographyData
       :iso_format_1,
       :iso_format_3,
       :iso_format_4,
+      :as_2805_format_0,
       :unknown)
       SENSITIVE = []
       include Aws::Structure
@@ -2477,11 +2623,29 @@ module Aws::PaymentCryptographyData
       class IsoFormat1 < TranslationIsoFormats; end
       class IsoFormat3 < TranslationIsoFormats; end
       class IsoFormat4 < TranslationIsoFormats; end
+      class As2805Format0 < TranslationIsoFormats; end
       class Unknown < TranslationIsoFormats; end
     end
 
-    # Parameters that are required for tranlation between ISO9564 PIN format
-    # 0,3,4 tranlation.
+    # Parameters that are required for translation between AS2805 PIN format
+    # 0 translation.
+    #
+    # @!attribute [rw] primary_account_number
+    #   The Primary Account Number (PAN) of the cardholder. A PAN is a
+    #   unique identifier for a payment credit or debit card and associates
+    #   the card to a specific account holder.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/payment-cryptography-data-2022-02-03/TranslationPinDataAs2805Format0 AWS API Documentation
+    #
+    class TranslationPinDataAs2805Format0 < Struct.new(
+      :primary_account_number)
+      SENSITIVE = [:primary_account_number]
+      include Aws::Structure
+    end
+
+    # Parameters that are required for translation between ISO9564 PIN
+    # format 0,3,4 translation.
     #
     # @!attribute [rw] primary_account_number
     #   The Primary Account Number (PAN) of the cardholder. A PAN is a
@@ -2497,7 +2661,7 @@ module Aws::PaymentCryptographyData
       include Aws::Structure
     end
 
-    # Parameters that are required for ISO9564 PIN format 1 tranlation.
+    # Parameters that are required for ISO9564 PIN format 1 translation.
     #
     # @api private
     #

data/lib/aws-sdk-paymentcryptographydata.rb

@@ -55,7 +55,7 @@ module Aws::PaymentCryptographyData
   autoload :EndpointProvider, 'aws-sdk-paymentcryptographydata/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-paymentcryptographydata/endpoints'
 
-  GEM_VERSION = '1.44.0'
+  GEM_VERSION = '1.45.0'
 
 end
 

data/sig/client.rbs

@@ -182,6 +182,28 @@ module Aws
                         ) -> _EncryptDataResponseSuccess
                       | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _EncryptDataResponseSuccess
 
+      interface _GenerateAs2805KekValidationResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::GenerateAs2805KekValidationOutput]
+        def key_arn: () -> ::String
+        def key_check_value: () -> ::String
+        def random_key_send: () -> ::String
+        def random_key_receive: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/PaymentCryptographyData/Client.html#generate_as_2805_kek_validation-instance_method
+      def generate_as_2805_kek_validation: (
+                                             key_identifier: ::String,
+                                             kek_validation_type: {
+                                               kek_validation_request: {
+                                                 derive_key_algorithm: ("TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224")
+                                               }?,
+                                               kek_validation_response: {
+                                                 random_key_send: ::String
+                                               }?
+                                             },
+                                             random_key_send_variant_mask: ("VARIANT_MASK_82C0" | "VARIANT_MASK_82")
+                                           ) -> _GenerateAs2805KekValidationResponseSuccess
+                                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _GenerateAs2805KekValidationResponseSuccess
+
       interface _GenerateCardValidationDataResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GenerateCardValidationDataOutput]
         def key_arn: () -> ::String
@@ -240,7 +262,7 @@ module Aws
                           key_identifier: ::String,
                           message_data: ::String,
                           generation_attributes: {
-                            algorithm: ("ISO9797_ALGORITHM1" | "ISO9797_ALGORITHM3" | "CMAC" | "HMAC" | "HMAC_SHA224" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512")?,
+                            algorithm: ("ISO9797_ALGORITHM1" | "ISO9797_ALGORITHM3" | "CMAC" | "HMAC" | "HMAC_SHA224" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "AS2805_4_1")?,
                             emv_mac: {
                               major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B"),
                               primary_account_number: ::String,
@@ -523,6 +545,9 @@ module Aws
                                   }?,
                                   iso_format_4: {
                                     primary_account_number: ::String
+                                  }?,
+                                  as_2805_format_0: {
+                                    primary_account_number: ::String
                                   }?
                                 },
                                 outgoing_translation_attributes: {
@@ -536,6 +561,9 @@ module Aws
                                   }?,
                                   iso_format_4: {
                                     primary_account_number: ::String
+                                  }?,
+                                  as_2805_format_0: {
+                                    primary_account_number: ::String
                                   }?
                                 },
                                 encrypted_pin_block: ::String,
@@ -576,6 +604,10 @@ module Aws
                                     }?
                                   },
                                   key_check_value_algorithm: ("CMAC" | "ANSI_X9_24" | "HMAC" | "SHA_1")?
+                                },
+                                ?incoming_as_2805_attributes: {
+                                  system_trace_audit_number: ::String,
+                                  transaction_amount: ::String
                                 }
                               ) -> _TranslatePinDataResponseSuccess
                             | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _TranslatePinDataResponseSuccess
@@ -692,7 +724,7 @@ module Aws
                         message_data: ::String,
                         mac: ::String,
                         verification_attributes: {
-                          algorithm: ("ISO9797_ALGORITHM1" | "ISO9797_ALGORITHM3" | "CMAC" | "HMAC" | "HMAC_SHA224" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512")?,
+                          algorithm: ("ISO9797_ALGORITHM1" | "ISO9797_ALGORITHM3" | "CMAC" | "HMAC" | "HMAC_SHA224" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "AS2805_4_1")?,
                           emv_mac: {
                             major_key_derivation_mode: ("EMV_OPTION_A" | "EMV_OPTION_B"),
                             primary_account_number: ::String,

data/sig/types.rbs

@@ -34,6 +34,26 @@ module Aws::PaymentCryptographyData
       SENSITIVE: [:card_expiry_date, :service_code]
     end
 
+    class As2805KekValidationType
+      attr_accessor kek_validation_request: Types::KekValidationRequest
+      attr_accessor kek_validation_response: Types::KekValidationResponse
+      attr_accessor unknown: untyped
+      SENSITIVE: []
+
+      class KekValidationRequest < As2805KekValidationType
+      end
+      class KekValidationResponse < As2805KekValidationType
+      end
+      class Unknown < As2805KekValidationType
+      end
+    end
+
+    class As2805PekDerivationAttributes
+      attr_accessor system_trace_audit_number: ::String
+      attr_accessor transaction_amount: ::String
+      SENSITIVE: []
+    end
+
     class AsymmetricEncryptionAttributes
       attr_accessor padding_type: ("PKCS1" | "OAEP_SHA1" | "OAEP_SHA256" | "OAEP_SHA512")
       SENSITIVE: []
@@ -317,6 +337,21 @@ module Aws::PaymentCryptographyData
       end
     end
 
+    class GenerateAs2805KekValidationInput
+      attr_accessor key_identifier: ::String
+      attr_accessor kek_validation_type: Types::As2805KekValidationType
+      attr_accessor random_key_send_variant_mask: ("VARIANT_MASK_82C0" | "VARIANT_MASK_82")
+      SENSITIVE: []
+    end
+
+    class GenerateAs2805KekValidationOutput
+      attr_accessor key_arn: ::String
+      attr_accessor key_check_value: ::String
+      attr_accessor random_key_send: ::String
+      attr_accessor random_key_receive: ::String
+      SENSITIVE: [:random_key_send, :random_key_receive]
+    end
+
     class GenerateCardValidationDataInput
       attr_accessor key_identifier: ::String
       attr_accessor primary_account_number: ::String
@@ -458,6 +493,16 @@ module Aws::PaymentCryptographyData
       SENSITIVE: []
     end
 
+    class KekValidationRequest
+      attr_accessor derive_key_algorithm: ("TDES_2KEY" | "TDES_3KEY" | "AES_128" | "AES_192" | "AES_256" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "HMAC_SHA224")
+      SENSITIVE: []
+    end
+
+    class KekValidationResponse
+      attr_accessor random_key_send: ::String
+      SENSITIVE: [:random_key_send]
+    end
+
     class MacAlgorithmDukpt
       attr_accessor key_serial_number: ::String
       attr_accessor dukpt_key_variant: ("BIDIRECTIONAL" | "REQUEST" | "RESPONSE")
@@ -475,7 +520,7 @@ module Aws::PaymentCryptographyData
     end
 
     class MacAttributes
-      attr_accessor algorithm: ("ISO9797_ALGORITHM1" | "ISO9797_ALGORITHM3" | "CMAC" | "HMAC" | "HMAC_SHA224" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512")
+      attr_accessor algorithm: ("ISO9797_ALGORITHM1" | "ISO9797_ALGORITHM3" | "CMAC" | "HMAC" | "HMAC_SHA224" | "HMAC_SHA256" | "HMAC_SHA384" | "HMAC_SHA512" | "AS2805_4_1")
       attr_accessor emv_mac: Types::MacAlgorithmEmv
       attr_accessor dukpt_iso_9797_algorithm_1: Types::MacAlgorithmDukpt
       attr_accessor dukpt_iso_9797_algorithm_3: Types::MacAlgorithmDukpt
@@ -717,6 +762,7 @@ module Aws::PaymentCryptographyData
       attr_accessor outgoing_dukpt_attributes: Types::DukptDerivationAttributes
       attr_accessor incoming_wrapped_key: Types::WrappedKey
       attr_accessor outgoing_wrapped_key: Types::WrappedKey
+      attr_accessor incoming_as_2805_attributes: Types::As2805PekDerivationAttributes
       SENSITIVE: [:encrypted_pin_block]
     end
 
@@ -732,6 +778,7 @@ module Aws::PaymentCryptographyData
       attr_accessor iso_format_1: Types::TranslationPinDataIsoFormat1
       attr_accessor iso_format_3: Types::TranslationPinDataIsoFormat034
       attr_accessor iso_format_4: Types::TranslationPinDataIsoFormat034
+      attr_accessor as_2805_format_0: Types::TranslationPinDataAs2805Format0
       attr_accessor unknown: untyped
       SENSITIVE: []
 
@@ -743,10 +790,17 @@ module Aws::PaymentCryptographyData
       end
       class IsoFormat4 < TranslationIsoFormats
       end
+      class As2805Format0 < TranslationIsoFormats
+      end
       class Unknown < TranslationIsoFormats
       end
     end
 
+    class TranslationPinDataAs2805Format0
+      attr_accessor primary_account_number: ::String
+      SENSITIVE: [:primary_account_number]
+    end
+
     class TranslationPinDataIsoFormat034
       attr_accessor primary_account_number: ::String
       SENSITIVE: [:primary_account_number]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-paymentcryptographydata
 version: !ruby/object:Gem::Version
-  version: 1.44.0
+  version: 1.45.0
 platform: ruby
 authors:
 - Amazon Web Services