google-cloud-kms-v1 0.9.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 47f6dbe5701a0f2ef54edc2e142cce149f5d815403fbfe0f2c42e10963af11a2
-  data.tar.gz: 9bd08e4efa6249f48159966adae013ac20942aca4bc7736126886aab57774d4f
+  metadata.gz: 4d140ad290eb5976d855cad0e564e5d4405570766cd766780a5b900df9075dc1
+  data.tar.gz: bc76394810a5c73b64c1bfe97d6902a020d0adee3b6e2570b9c543403c007899
 SHA512:
-  metadata.gz: f146abfb6396ef11701139273e190f30f83e4ee84723701c1c702ad0088a8c8b772c174b6bfd1e1d39d7db678f88d941a9ac4a9b638d1bcffaa3cad4416c291d
-  data.tar.gz: abe844a7f1fcae5d5cc4e6844c128a16b20df67a66c2048bf645be0033fc74f8ea546a769a81bd1e51d315709ea037939e6a6722373465808015451319166a6e
+  metadata.gz: af65e32df12c6000955a2c9d0d4165740bf38d2330b5132250a6ee4e32aa7332541a10840f7676a03fcb8785f775a78e7ce8080993f5bf60a83bba3db8c9e8fa
+  data.tar.gz: dd306b0931ef6ab09180108da3719cfca722204ae427ba8151b81453261e67dfd9e0a9a948d38f8a930530b335ebba8e02b445e8af5e37e4ba9f69aaeeed5bdc

data/lib/google/cloud/kms/v1/key_management_service/client.rb

@@ -2029,7 +2029,7 @@ module Google
             #   @param options [::Gapic::CallOptions, ::Hash]
             #     Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
             #
-            # @overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil)
+            # @overload asymmetric_sign(name: nil, digest: nil, digest_crc32c: nil, data: nil, data_crc32c: nil)
             #   Pass arguments to `asymmetric_sign` via keyword arguments. Note that at
             #   least one keyword argument is required. To specify no parameters, or to keep all
             #   the default parameter values, pass an empty Hash as a request object (see above).
@@ -2037,7 +2037,7 @@ module Google
             #   @param name [::String]
             #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
             #   @param digest [::Google::Cloud::Kms::V1::Digest, ::Hash]
-            #     Required. The digest of the data to sign. The digest must be produced with
+            #     Optional. The digest of the data to sign. The digest must be produced with
             #     the same digest algorithm as specified by the key version's
             #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
             #   @param digest_crc32c [::Google::Protobuf::Int64Value, ::Hash]
@@ -2054,6 +2054,24 @@ module Google
             #     different languages. However, it is a non-negative integer, which will
             #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
             #     that support this type.
+            #   @param data [::String]
+            #     Optional. This field will only be honored for RAW_PKCS1 keys.
+            #     The data to sign. A digest is computed over the data that will be signed,
+            #     PKCS #1 padding is applied to the digest directly and then encrypted.
+            #   @param data_crc32c [::Google::Protobuf::Int64Value, ::Hash]
+            #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
+            #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+            #     received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
+            #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+            #     fails. If you receive a checksum error, your client should verify that
+            #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
+            #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
+            #     number of retries. A persistent mismatch may indicate an issue in your
+            #     computation of the CRC32C checksum.
+            #     Note: This field is defined as int64 for reasons of compatibility across
+            #     different languages. However, it is a non-negative integer, which will
+            #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+            #     that support this type.
             #
             # @yield [response, operation] Access the result along with the RPC operation
             # @yieldparam response [::Google::Cloud::Kms::V1::AsymmetricSignResponse]

data/lib/google/cloud/kms/v1/resources_pb.rb

@@ -76,6 +76,9 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       value :RSA_SIGN_PKCS1_3072_SHA256, 6
       value :RSA_SIGN_PKCS1_4096_SHA256, 7
       value :RSA_SIGN_PKCS1_4096_SHA512, 16
+      value :RSA_SIGN_RAW_PKCS1_2048, 28
+      value :RSA_SIGN_RAW_PKCS1_3072, 29
+      value :RSA_SIGN_RAW_PKCS1_4096, 30
       value :RSA_DECRYPT_OAEP_2048_SHA256, 8
       value :RSA_DECRYPT_OAEP_3072_SHA256, 9
       value :RSA_DECRYPT_OAEP_4096_SHA256, 10

data/lib/google/cloud/kms/v1/service_pb.rb

@@ -142,6 +142,8 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :name, :string, 1
       optional :digest, :message, 3, "google.cloud.kms.v1.Digest"
       optional :digest_crc32c, :message, 4, "google.protobuf.Int64Value"
+      optional :data, :bytes, 6
+      optional :data_crc32c, :message, 7, "google.protobuf.Int64Value"
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptRequest" do
       optional :name, :string, 1
@@ -184,6 +186,7 @@ Google::Protobuf::DescriptorPool.generated_pool.build do
       optional :signature_crc32c, :message, 2, "google.protobuf.Int64Value"
       optional :verified_digest_crc32c, :bool, 3
       optional :name, :string, 4
+      optional :verified_data_crc32c, :bool, 5
       optional :protection_level, :enum, 6, "google.cloud.kms.v1.ProtectionLevel"
     end
     add_message "google.cloud.kms.v1.AsymmetricDecryptResponse" do

data/lib/google/cloud/kms/v1/version.rb

@@ -21,7 +21,7 @@ module Google
   module Cloud
     module Kms
       module V1
-        VERSION = "0.9.0"
+        VERSION = "0.10.0"
       end
     end
   end

data/proto_docs/google/cloud/kms/v1/resources.rb

@@ -346,6 +346,15 @@ module Google
             # RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
             RSA_SIGN_PKCS1_4096_SHA512 = 16
 
+            # RSASSA-PKCS1-v1_5 signing without encoding, with a 2048 bit key.
+            RSA_SIGN_RAW_PKCS1_2048 = 28
+
+            # RSASSA-PKCS1-v1_5 signing without encoding, with a 3072 bit key.
+            RSA_SIGN_RAW_PKCS1_3072 = 29
+
+            # RSASSA-PKCS1-v1_5 signing without encoding, with a 4096 bit key.
+            RSA_SIGN_RAW_PKCS1_4096 = 30
+
             # RSAES-OAEP 2048 bit key with a SHA256 digest.
             RSA_DECRYPT_OAEP_2048_SHA256 = 8
 

data/proto_docs/google/cloud/kms/v1/service.rb

@@ -577,7 +577,7 @@ module Google
         #     Required. The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} to use for signing.
         # @!attribute [rw] digest
         #   @return [::Google::Cloud::Kms::V1::Digest]
-        #     Required. The digest of the data to sign. The digest must be produced with
+        #     Optional. The digest of the data to sign. The digest must be produced with
         #     the same digest algorithm as specified by the key version's
         #     {::Google::Cloud::Kms::V1::CryptoKeyVersion#algorithm algorithm}.
         # @!attribute [rw] digest_crc32c
@@ -595,6 +595,26 @@ module Google
         #     different languages. However, it is a non-negative integer, which will
         #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
         #     that support this type.
+        # @!attribute [rw] data
+        #   @return [::String]
+        #     Optional. This field will only be honored for RAW_PKCS1 keys.
+        #     The data to sign. A digest is computed over the data that will be signed,
+        #     PKCS #1 padding is applied to the digest directly and then encrypted.
+        # @!attribute [rw] data_crc32c
+        #   @return [::Google::Protobuf::Int64Value]
+        #     Optional. An optional CRC32C checksum of the {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}. If
+        #     specified, {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will verify the integrity of the
+        #     received {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data} using this checksum.
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} will report an error if the checksum verification
+        #     fails. If you receive a checksum error, your client should verify that
+        #     CRC32C({::Google::Cloud::Kms::V1::AsymmetricSignRequest#data AsymmetricSignRequest.data}) is equal to
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c}, and if so, perform a limited
+        #     number of retries. A persistent mismatch may indicate an issue in your
+        #     computation of the CRC32C checksum.
+        #     Note: This field is defined as int64 for reasons of compatibility across
+        #     different languages. However, it is a non-negative integer, which will
+        #     never exceed 2^32-1, and can be safely downconverted to uint32 in languages
+        #     that support this type.
         class AsymmetricSignRequest
           include ::Google::Protobuf::MessageExts
           extend ::Google::Protobuf::MessageExts::ClassMethods
@@ -832,6 +852,16 @@ module Google
         #   @return [::String]
         #     The resource name of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing. Check
         #     this field to verify that the intended resource was used for signing.
+        # @!attribute [rw] verified_data_crc32c
+        #   @return [::Boolean]
+        #     Integrity verification field. A flag indicating whether
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was received by
+        #     {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService} and used for the integrity verification of the
+        #     {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data data}. A false value of this field
+        #     indicates either that {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} was left
+        #     unset or that it was not delivered to {::Google::Cloud::Kms::V1::KeyManagementService::Client KeyManagementService}. If you've
+        #     set {::Google::Cloud::Kms::V1::AsymmetricSignRequest#data_crc32c AsymmetricSignRequest.data_crc32c} but this field is still false,
+        #     discard the response and perform a limited number of retries.
         # @!attribute [rw] protection_level
         #   @return [::Google::Cloud::Kms::V1::ProtectionLevel]
         #     The {::Google::Cloud::Kms::V1::ProtectionLevel ProtectionLevel} of the {::Google::Cloud::Kms::V1::CryptoKeyVersion CryptoKeyVersion} used for signing.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-kms-v1
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-18 00:00:00.000000000 Z
+date: 2021-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: gapic-common