feat: [cloudkms] add interoperable symmetric encryption system (#9598)

* feat: add interoperable symmetric encryption system

PiperOrigin-RevId: 544660001

Source-Link: googleapis/googleapis@511319c

Source-Link: googleapis/googleapis-gen@812def9
Copy-Tag: eyJwIjoiamF2YS1rbXMvLk93bEJvdC55YW1sIiwiaCI6IjgxMmRlZjk1OTRlOWZhMDg3NmUwZTAxMTk1MWRjMGJlYzdhMGE1ZmQifQ==

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

java-kms/README.md

@@ -20,7 +20,7 @@ If you are using Maven with [BOM][libraries-bom], add this to your pom.xml file:
     <dependency>
       <groupId>com.google.cloud</groupId>
       <artifactId>libraries-bom</artifactId>
-      <version>26.16.0</version>
+      <version>26.18.0</version>
       <type>pom</type>
       <scope>import</scope>
     </dependency>
@@ -195,7 +195,7 @@ Java is a registered trademark of Oracle and/or its affiliates.
 [kokoro-badge-link-5]: http://storage.googleapis.com/cloud-devrel-public/java/badges/google-cloud-java/java11.html
 [stability-image]: https://img.shields.io/badge/stability-stable-green
 [maven-version-image]: https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-kms.svg
-[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-kms/2.22.0
+[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-kms/2.23.0
 [authentication]: https://github.com/googleapis/google-cloud-java#authentication
 [auth-scopes]: https://developers.google.com/identity/protocols/oauth2/scopes
 [predefined-iam-roles]: https://cloud.google.com/iam/docs/understanding-roles#predefined_roles

java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceClient.java

@@ -3377,6 +3377,160 @@ public final UnaryCallable<DecryptRequest, DecryptResponse> decryptCallable() {
     return stub.decryptCallable();
   }
 
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Encrypts data using portable cryptographic primitives. Most users should choose
+   * [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
+   * [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than their raw counterparts.
+   * The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+   * [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * // This snippet has been automatically generated and should be regarded as a code template only.
+   * // It will require modifications to work:
+   * // - It may require correct/in-range values for request initialization.
+   * // - It may require specifying regional endpoints when creating the service client as shown in
+   * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+   * try (KeyManagementServiceClient keyManagementServiceClient =
+   *     KeyManagementServiceClient.create()) {
+   *   RawEncryptRequest request =
+   *       RawEncryptRequest.newBuilder()
+   *           .setName("name3373707")
+   *           .setPlaintext(ByteString.EMPTY)
+   *           .setAdditionalAuthenticatedData(ByteString.EMPTY)
+   *           .setPlaintextCrc32C(Int64Value.newBuilder().build())
+   *           .setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build())
+   *           .setInitializationVector(ByteString.EMPTY)
+   *           .setInitializationVectorCrc32C(Int64Value.newBuilder().build())
+   *           .build();
+   *   RawEncryptResponse response = keyManagementServiceClient.rawEncrypt(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final RawEncryptResponse rawEncrypt(RawEncryptRequest request) {
+    return rawEncryptCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Encrypts data using portable cryptographic primitives. Most users should choose
+   * [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt] and
+   * [Decrypt][google.cloud.kms.v1.KeyManagementService.Decrypt] rather than their raw counterparts.
+   * The [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+   * [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * // This snippet has been automatically generated and should be regarded as a code template only.
+   * // It will require modifications to work:
+   * // - It may require correct/in-range values for request initialization.
+   * // - It may require specifying regional endpoints when creating the service client as shown in
+   * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+   * try (KeyManagementServiceClient keyManagementServiceClient =
+   *     KeyManagementServiceClient.create()) {
+   *   RawEncryptRequest request =
+   *       RawEncryptRequest.newBuilder()
+   *           .setName("name3373707")
+   *           .setPlaintext(ByteString.EMPTY)
+   *           .setAdditionalAuthenticatedData(ByteString.EMPTY)
+   *           .setPlaintextCrc32C(Int64Value.newBuilder().build())
+   *           .setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build())
+   *           .setInitializationVector(ByteString.EMPTY)
+   *           .setInitializationVectorCrc32C(Int64Value.newBuilder().build())
+   *           .build();
+   *   ApiFuture<RawEncryptResponse> future =
+   *       keyManagementServiceClient.rawEncryptCallable().futureCall(request);
+   *   // Do something.
+   *   RawEncryptResponse response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<RawEncryptRequest, RawEncryptResponse> rawEncryptCallable() {
+    return stub.rawEncryptCallable();
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Decrypts data that was originally encrypted using a raw cryptographic mechanism. The
+   * [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+   * [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * // This snippet has been automatically generated and should be regarded as a code template only.
+   * // It will require modifications to work:
+   * // - It may require correct/in-range values for request initialization.
+   * // - It may require specifying regional endpoints when creating the service client as shown in
+   * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+   * try (KeyManagementServiceClient keyManagementServiceClient =
+   *     KeyManagementServiceClient.create()) {
+   *   RawDecryptRequest request =
+   *       RawDecryptRequest.newBuilder()
+   *           .setName("name3373707")
+   *           .setCiphertext(ByteString.EMPTY)
+   *           .setAdditionalAuthenticatedData(ByteString.EMPTY)
+   *           .setInitializationVector(ByteString.EMPTY)
+   *           .setTagLength(172791595)
+   *           .setCiphertextCrc32C(Int64Value.newBuilder().build())
+   *           .setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build())
+   *           .setInitializationVectorCrc32C(Int64Value.newBuilder().build())
+   *           .build();
+   *   RawDecryptResponse response = keyManagementServiceClient.rawDecrypt(request);
+   * }
+   * }</pre>
+   *
+   * @param request The request object containing all of the parameters for the API call.
+   * @throws com.google.api.gax.rpc.ApiException if the remote call fails
+   */
+  public final RawDecryptResponse rawDecrypt(RawDecryptRequest request) {
+    return rawDecryptCallable().call(request);
+  }
+
+  // AUTO-GENERATED DOCUMENTATION AND METHOD.
+  /**
+   * Decrypts data that was originally encrypted using a raw cryptographic mechanism. The
+   * [CryptoKey.purpose][google.cloud.kms.v1.CryptoKey.purpose] must be
+   * [RAW_ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.RAW_ENCRYPT_DECRYPT].
+   *
+   * <p>Sample code:
+   *
+   * <pre>{@code
+   * // This snippet has been automatically generated and should be regarded as a code template only.
+   * // It will require modifications to work:
+   * // - It may require correct/in-range values for request initialization.
+   * // - It may require specifying regional endpoints when creating the service client as shown in
+   * // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
+   * try (KeyManagementServiceClient keyManagementServiceClient =
+   *     KeyManagementServiceClient.create()) {
+   *   RawDecryptRequest request =
+   *       RawDecryptRequest.newBuilder()
+   *           .setName("name3373707")
+   *           .setCiphertext(ByteString.EMPTY)
+   *           .setAdditionalAuthenticatedData(ByteString.EMPTY)
+   *           .setInitializationVector(ByteString.EMPTY)
+   *           .setTagLength(172791595)
+   *           .setCiphertextCrc32C(Int64Value.newBuilder().build())
+   *           .setAdditionalAuthenticatedDataCrc32C(Int64Value.newBuilder().build())
+   *           .setInitializationVectorCrc32C(Int64Value.newBuilder().build())
+   *           .build();
+   *   ApiFuture<RawDecryptResponse> future =
+   *       keyManagementServiceClient.rawDecryptCallable().futureCall(request);
+   *   // Do something.
+   *   RawDecryptResponse response = future.get();
+   * }
+   * }</pre>
+   */
+  public final UnaryCallable<RawDecryptRequest, RawDecryptResponse> rawDecryptCallable() {
+    return stub.rawDecryptCallable();
+  }
+
   // AUTO-GENERATED DOCUMENTATION AND METHOD.
   /**
    * Signs data using a [CryptoKeyVersion][google.cloud.kms.v1.CryptoKeyVersion] with

java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/KeyManagementServiceSettings.java

@@ -211,6 +211,16 @@ public UnaryCallSettings<DecryptRequest, DecryptResponse> decryptSettings() {
     return ((KeyManagementServiceStubSettings) getStubSettings()).decryptSettings();
   }
 
+  /** Returns the object with the settings used for calls to rawEncrypt. */
+  public UnaryCallSettings<RawEncryptRequest, RawEncryptResponse> rawEncryptSettings() {
+    return ((KeyManagementServiceStubSettings) getStubSettings()).rawEncryptSettings();
+  }
+
+  /** Returns the object with the settings used for calls to rawDecrypt. */
+  public UnaryCallSettings<RawDecryptRequest, RawDecryptResponse> rawDecryptSettings() {
+    return ((KeyManagementServiceStubSettings) getStubSettings()).rawDecryptSettings();
+  }
+
   /** Returns the object with the settings used for calls to asymmetricSign. */
   public UnaryCallSettings<AsymmetricSignRequest, AsymmetricSignResponse> asymmetricSignSettings() {
     return ((KeyManagementServiceStubSettings) getStubSettings()).asymmetricSignSettings();
@@ -503,6 +513,16 @@ public UnaryCallSettings.Builder<DecryptRequest, DecryptResponse> decryptSetting
       return getStubSettingsBuilder().decryptSettings();
     }
 
+    /** Returns the builder for the settings used for calls to rawEncrypt. */
+    public UnaryCallSettings.Builder<RawEncryptRequest, RawEncryptResponse> rawEncryptSettings() {
+      return getStubSettingsBuilder().rawEncryptSettings();
+    }
+
+    /** Returns the builder for the settings used for calls to rawDecrypt. */
+    public UnaryCallSettings.Builder<RawDecryptRequest, RawDecryptResponse> rawDecryptSettings() {
+      return getStubSettingsBuilder().rawDecryptSettings();
+    }
+
     /** Returns the builder for the settings used for calls to asymmetricSign. */
     public UnaryCallSettings.Builder<AsymmetricSignRequest, AsymmetricSignResponse>
         asymmetricSignSettings() {

java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/gapic_metadata.json

@@ -130,6 +130,12 @@
             "MacVerify": {
               "methods": ["macVerify", "macVerify", "macVerify", "macVerifyCallable"]
             },
+            "RawDecrypt": {
+              "methods": ["rawDecrypt", "rawDecryptCallable"]
+            },
+            "RawEncrypt": {
+              "methods": ["rawEncrypt", "rawEncryptCallable"]
+            },
             "RestoreCryptoKeyVersion": {
               "methods": ["restoreCryptoKeyVersion", "restoreCryptoKeyVersion", "restoreCryptoKeyVersion", "restoreCryptoKeyVersionCallable"]
             },

java-kms/google-cloud-kms/src/main/java/com/google/cloud/kms/v1/stub/GrpcKeyManagementServiceStub.java

@@ -67,6 +67,10 @@
 import com.google.cloud.kms.v1.MacVerifyRequest;
 import com.google.cloud.kms.v1.MacVerifyResponse;
 import com.google.cloud.kms.v1.PublicKey;
+import com.google.cloud.kms.v1.RawDecryptRequest;
+import com.google.cloud.kms.v1.RawDecryptResponse;
+import com.google.cloud.kms.v1.RawEncryptRequest;
+import com.google.cloud.kms.v1.RawEncryptResponse;
 import com.google.cloud.kms.v1.RestoreCryptoKeyVersionRequest;
 import com.google.cloud.kms.v1.UpdateCryptoKeyPrimaryVersionRequest;
 import com.google.cloud.kms.v1.UpdateCryptoKeyRequest;
@@ -300,6 +304,24 @@ public class GrpcKeyManagementServiceStub extends KeyManagementServiceStub {
           .setResponseMarshaller(ProtoUtils.marshaller(DecryptResponse.getDefaultInstance()))
           .build();
 
+  private static final MethodDescriptor<RawEncryptRequest, RawEncryptResponse>
+      rawEncryptMethodDescriptor =
+          MethodDescriptor.<RawEncryptRequest, RawEncryptResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName("google.cloud.kms.v1.KeyManagementService/RawEncrypt")
+              .setRequestMarshaller(ProtoUtils.marshaller(RawEncryptRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(RawEncryptResponse.getDefaultInstance()))
+              .build();
+
+  private static final MethodDescriptor<RawDecryptRequest, RawDecryptResponse>
+      rawDecryptMethodDescriptor =
+          MethodDescriptor.<RawDecryptRequest, RawDecryptResponse>newBuilder()
+              .setType(MethodDescriptor.MethodType.UNARY)
+              .setFullMethodName("google.cloud.kms.v1.KeyManagementService/RawDecrypt")
+              .setRequestMarshaller(ProtoUtils.marshaller(RawDecryptRequest.getDefaultInstance()))
+              .setResponseMarshaller(ProtoUtils.marshaller(RawDecryptResponse.getDefaultInstance()))
+              .build();
+
   private static final MethodDescriptor<AsymmetricSignRequest, AsymmetricSignResponse>
       asymmetricSignMethodDescriptor =
           MethodDescriptor.<AsymmetricSignRequest, AsymmetricSignResponse>newBuilder()
@@ -433,6 +455,8 @@ public class GrpcKeyManagementServiceStub extends KeyManagementServiceStub {
       restoreCryptoKeyVersionCallable;
   private final UnaryCallable<EncryptRequest, EncryptResponse> encryptCallable;
   private final UnaryCallable<DecryptRequest, DecryptResponse> decryptCallable;
+  private final UnaryCallable<RawEncryptRequest, RawEncryptResponse> rawEncryptCallable;
+  private final UnaryCallable<RawDecryptRequest, RawDecryptResponse> rawDecryptCallable;
   private final UnaryCallable<AsymmetricSignRequest, AsymmetricSignResponse> asymmetricSignCallable;
   private final UnaryCallable<AsymmetricDecryptRequest, AsymmetricDecryptResponse>
       asymmetricDecryptCallable;
@@ -716,6 +740,26 @@ protected GrpcKeyManagementServiceStub(
                   return builder.build();
                 })
             .build();
+    GrpcCallSettings<RawEncryptRequest, RawEncryptResponse> rawEncryptTransportSettings =
+        GrpcCallSettings.<RawEncryptRequest, RawEncryptResponse>newBuilder()
+            .setMethodDescriptor(rawEncryptMethodDescriptor)
+            .setParamsExtractor(
+                request -> {
+                  RequestParamsBuilder builder = RequestParamsBuilder.create();
+                  builder.add("name", String.valueOf(request.getName()));
+                  return builder.build();
+                })
+            .build();
+    GrpcCallSettings<RawDecryptRequest, RawDecryptResponse> rawDecryptTransportSettings =
+        GrpcCallSettings.<RawDecryptRequest, RawDecryptResponse>newBuilder()
+            .setMethodDescriptor(rawDecryptMethodDescriptor)
+            .setParamsExtractor(
+                request -> {
+                  RequestParamsBuilder builder = RequestParamsBuilder.create();
+                  builder.add("name", String.valueOf(request.getName()));
+                  return builder.build();
+                })
+            .build();
     GrpcCallSettings<AsymmetricSignRequest, AsymmetricSignResponse>
         asymmetricSignTransportSettings =
             GrpcCallSettings.<AsymmetricSignRequest, AsymmetricSignResponse>newBuilder()
@@ -914,6 +958,12 @@ protected GrpcKeyManagementServiceStub(
     this.decryptCallable =
         callableFactory.createUnaryCallable(
             decryptTransportSettings, settings.decryptSettings(), clientContext);
+    this.rawEncryptCallable =
+        callableFactory.createUnaryCallable(
+            rawEncryptTransportSettings, settings.rawEncryptSettings(), clientContext);
+    this.rawDecryptCallable =
+        callableFactory.createUnaryCallable(
+            rawDecryptTransportSettings, settings.rawDecryptSettings(), clientContext);
     this.asymmetricSignCallable =
         callableFactory.createUnaryCallable(
             asymmetricSignTransportSettings, settings.asymmetricSignSettings(), clientContext);
@@ -1097,6 +1147,16 @@ public UnaryCallable<DecryptRequest, DecryptResponse> decryptCallable() {
     return decryptCallable;
   }
 
+  @Override
+  public UnaryCallable<RawEncryptRequest, RawEncryptResponse> rawEncryptCallable() {
+    return rawEncryptCallable;
+  }
+
+  @Override
+  public UnaryCallable<RawDecryptRequest, RawDecryptResponse> rawDecryptCallable() {
+    return rawDecryptCallable;
+  }
+
   @Override
   public UnaryCallable<AsymmetricSignRequest, AsymmetricSignResponse> asymmetricSignCallable() {
     return asymmetricSignCallable;