Skip to content

Commit 12aaafc

Browse files
lavalerijosecorella
lavaleri
authored and
josecorella
committed
fix: Specify that ESDK MUST use ESDK supported algorithm suites (#63)
1 parent cd7e186 commit 12aaafc

File tree

3 files changed

+16
-0
lines changed

3 files changed

+16
-0
lines changed

client-apis/decrypt.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
- 0.5.0
1313

1414
- [Encryption context values that are authenticated but not stored with the encrypted message](../changes/2022-11-14_encryption_context_on_decrypt/proposal.md)
15+
- Add requirements to specify that Algorithm Suite be ESDK supported
1516

1617
- 0.4.0
1718

@@ -169,6 +170,8 @@ This output MAY be satisfied by outputting a [parsed header](#parsed-header) con
169170
The [algorithm suite](../framework/algorithm-suites.md) that is used to decrypt
170171
the input [encrypted message](#encrypted-message).
171172

173+
This algorithm suite MUST be [supported for the ESDK](../framework/algorithm-suites.md#supported-algorithm-suites-enum).
174+
172175
This output MAY be satisfied by outputting a [parsed header](#parsed-header) containing this value.
173176

174177
### Parsed Header
@@ -262,6 +265,8 @@ The data key used as input for all decryption described below is a data key deri
262265
included in the [decryption materials](../framework/structures.md#decryption-materials).
263266
The algorithm suite used as input for all decryption described below is a algorithm suite
264267
included in the [decryption materials](../framework/structures.md#decryption-materials).
268+
If this algorithm suite is not [supported for the ESDK](../framework/algorithm-suites.md#supported-algorithm-suites-enum)
269+
encrypt MUST yield an error.
265270
If the algorithm suite is not supported by the [commitment policy](client.md#commitment-policy)
266271
configured in the [client](client.md) decrypt MUST yield an error.
267272
If the [algorithm suite](../framework/algorithm-suites.md#algorithm-suites-encryption-key-derivation-settings) supports [key commitment](../framework/algorithm-suites.md#key-commitment)

client-apis/encrypt.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
- 0.5.0
1313

1414
- [Encryption context values that are authenticated but not stored with the encrypted message](../changes/2022-11-14_encryption_context_on_decrypt/proposal.md)
15+
- Add requirements to specify that Algorithm Suite be ESDK supported
1516

1617
- 0.3.0
1718

@@ -95,6 +96,7 @@ A Keyring that implements the [keyring interface](../framework/keyring-interface
9596
### Algorithm Suite
9697

9798
The [algorithm suite](../framework/algorithm-suites.md) that SHOULD be used for encryption.
99+
This algorithm suite MUST be [supported for the ESDK](../framework/algorithm-suites.md#supported-algorithm-suites-enum).
98100

99101
### Frame Length
100102

@@ -145,6 +147,8 @@ This output MAY be satisfied by outputting a [parsed header](#parsed-header) con
145147
The [algorithm suite](../framework/algorithm-suites.md) that is used to encrypt
146148
the input [plaintext ](#plaintext).
147149

150+
This algorithm suite MUST be [supported for the ESDK](../framework/algorithm-suites.md#supported-algorithm-suites-enum).
151+
148152
This output MAY be satisfied by outputting a [parsed header](#parsed-header) containing this value.
149153

150154
### Parsed Header
@@ -207,6 +211,8 @@ MUST be the algorithm suite in the [encryption materials](../framework/structure
207211
returned from the [Get Encryption Materials](../framework/cmm-interface.md#get-encryption-materials) call.
208212
Note that the algorithm suite in the retrieved encryption materials MAY be different
209213
from the [input algorithm suite](#algorithm-suite).
214+
If this algorithm suite is not [supported for the ESDK](../framework/algorithm-suites.md#supported-algorithm-suites-enum)
215+
encrypt MUST yield an error.
210216
If this [algorithm suite](../framework/algorithm-suites.md) is not supported by the [commitment policy](client.md#commitment-policy)
211217
configured in the [client](client.md) encrypt MUST yield an error.
212218
If the number of [encrypted data keys](../framework/structures.md#encrypted-data-keys) on the [encryption materials](../framework/structures.md#encryption-materials)

data-format/message-header.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,10 @@
99

1010
### Changelog
1111

12+
- 0.1.2
13+
14+
- Add requirements to specify that Algorithm Suite be ESDK supported
15+
1216
- 0.1.1
1317

1418
- Include `aws-crypto-public-key` encryption context key.
@@ -118,6 +122,7 @@ The type (hex) of this field MUST be a value that exists in the following table:
118122
The identifier for the algorithm suite used when generating the message.
119123
The value (hex) of this field MUST be a value that exists in the
120124
[Supported Algorithm Suites](../framework/algorithm-suites.md#supported-algorithm-suites) table.
125+
This algorithm suite MUST be [supported for the ESDK](../framework/algorithm-suites.md#supported-algorithm-suites-enum).
121126

122127
#### Message ID
123128

0 commit comments

Comments
 (0)