feat: add ECDSA secp256k1 to the list of supported algorithms.

PiperOrigin-RevId: 379309757
googleapis · Jun 14, 2021 · 8d1d669 · 8d1d669
1 parent ecc3ac6
commit 8d1d669
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 4 deletions.
diff --git a/google/cloud/kms/v1/cloudkms_v1.yaml b/google/cloud/kms/v1/cloudkms_v1.yaml
@@ -5,7 +5,6 @@ title: Cloud Key Management Service (KMS) API
 
 apis:
 - name: google.cloud.kms.v1.KeyManagementService
-- name: google.iam.v1.IAMPolicy
 
 types:
 - name: google.cloud.kms.v1.LocationMetadata
@@ -15,6 +14,12 @@ documentation:
     Manages keys and performs cryptographic operations in a central cloud
     service, for direct use by other cloud resources and applications.
   rules:
+  - selector: google.cloud.location.Locations.GetLocation
+    description: Gets information about a location.
+
+  - selector: google.cloud.location.Locations.ListLocations
+    description: Lists information about the supported locations for this service.
+
   - selector: google.iam.v1.IAMPolicy.GetIamPolicy
     description: |-
       Gets the access control policy for a resource. Returns an empty policy
@@ -40,6 +45,10 @@ documentation:
 
 http:
   rules:
+  - selector: google.cloud.location.Locations.GetLocation
+    get: '/v1/{name=projects/*/locations/*}'
+  - selector: google.cloud.location.Locations.ListLocations
+    get: '/v1/{name=projects/*}/locations'
   - selector: google.iam.v1.IAMPolicy.GetIamPolicy
     get: '/v1/{resource=projects/*/locations/*/keyRings/*}:getIamPolicy'
     additional_bindings:
@@ -69,6 +78,16 @@ authentication:
       canonical_scopes: |-
         https://www.googleapis.com/auth/cloud-platform,
         https://www.googleapis.com/auth/cloudkms
+  - selector: google.cloud.location.Locations.GetLocation
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform,
+        https://www.googleapis.com/auth/cloudkms
+  - selector: google.cloud.location.Locations.ListLocations
+    oauth:
+      canonical_scopes: |-
+        https://www.googleapis.com/auth/cloud-platform,
+        https://www.googleapis.com/auth/cloudkms
   - selector: 'google.iam.v1.IAMPolicy.*'
     oauth:
       canonical_scopes: |-

diff --git a/google/cloud/kms/v1/resources.proto b/google/cloud/kms/v1/resources.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -286,6 +286,10 @@ message CryptoKeyVersion {
     // ECDSA on the NIST P-384 curve with a SHA384 digest.
     EC_SIGN_P384_SHA384 = 13;
 
+    // ECDSA on the non-NIST secp256k1 curve. This curve is only supported for
+    // HSM protection level.
+    EC_SIGN_SECP256K1_SHA256 = 31;
+
     // Algorithm representing symmetric encryption by an external key manager.
     EXTERNAL_SYMMETRIC_ENCRYPTION = 18;
   }

diff --git a/google/cloud/kms/v1/service.proto b/google/cloud/kms/v1/service.proto
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -253,7 +253,8 @@ service KeyManagementService {
 
   // Update the version of a [CryptoKey][google.cloud.kms.v1.CryptoKey] that will be used in [Encrypt][google.cloud.kms.v1.KeyManagementService.Encrypt].
   //
-  // Returns an error if called on an asymmetric key.
+  // Returns an error if called on a key whose purpose is not
+  // [ENCRYPT_DECRYPT][google.cloud.kms.v1.CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT].
   rpc UpdateCryptoKeyPrimaryVersion(UpdateCryptoKeyPrimaryVersionRequest) returns (CryptoKey) {
     option (google.api.http) = {
       post: "/v1/{name=projects/*/locations/*/keyRings/*/cryptoKeys/*}:updatePrimaryVersion"