feat: add interoperable symmetric encryption system

PiperOrigin-RevId: 544660001
googleapis · Jun 30, 2023 · 511319c · 511319c
1 parent 18becb1
commit 511319c
Show file tree

Hide file tree

Showing 3 changed files with 394 additions and 1 deletion.
diff --git a/google/cloud/kms/v1/ekm_service.proto b/google/cloud/kms/v1/ekm_service.proto
@@ -448,4 +448,4 @@ message VerifyConnectivityRequest {
 
 // Response message for
 // [EkmService.VerifyConnectivity][google.cloud.kms.v1.EkmService.VerifyConnectivity].
-message VerifyConnectivityResponse {}
+message VerifyConnectivityResponse {}
diff --git a/google/cloud/kms/v1/resources.proto b/google/cloud/kms/v1/resources.proto
@@ -89,6 +89,13 @@ message CryptoKey {
     // [GetPublicKey][google.cloud.kms.v1.KeyManagementService.GetPublicKey].
     ASYMMETRIC_DECRYPT = 6;
 
+    // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
+    // with [RawEncrypt][google.cloud.kms.v1.KeyManagementService.RawEncrypt]
+    // and [RawDecrypt][google.cloud.kms.v1.KeyManagementService.RawDecrypt].
+    // This purpose is meant to be used for interoperable symmetric
+    // encryption and does not support automatic CryptoKey rotation.
+    RAW_ENCRYPT_DECRYPT = 7;
+
     // [CryptoKeys][google.cloud.kms.v1.CryptoKey] with this purpose may be used
     // with [MacSign][google.cloud.kms.v1.KeyManagementService.MacSign].
     MAC = 9;
@@ -339,6 +346,12 @@ message CryptoKeyVersion {
     // Creates symmetric encryption keys.
     GOOGLE_SYMMETRIC_ENCRYPTION = 1;
 
+    // AES-GCM (Galois Counter Mode) using 128-bit keys.
+    AES_128_GCM = 41;
+
+    // AES-GCM (Galois Counter Mode) using 256-bit keys.
+    AES_256_GCM = 19;
+
     // RSASSA-PSS 2048 bit key with a SHA256 digest.
     RSA_SIGN_PSS_2048_SHA256 = 2;