AWS Payment Cryptography EMV Decrypt Feature Release

aws · Mar 7, 2024 · 19f1fac · 19f1fac
1 parent 6343154
commit 19f1fac
Show file tree

Hide file tree

Showing 34 changed files with 1,131 additions and 422 deletions.
diff --git a/...tor/ServiceModels/payment-cryptography-data/payment-cryptography-data-2022-02-03.api.json b/...tor/ServiceModels/payment-cryptography-data/payment-cryptography-data-2022-02-03.api.json
@@ -450,6 +450,37 @@
         "ServiceCode":{"shape":"NumberLengthEquals3"}
       }
     },
+    "EmvEncryptionAttributes":{
+      "type":"structure",
+      "required":[
+        "MajorKeyDerivationMode",
+        "PanSequenceNumber",
+        "PrimaryAccountNumber",
+        "SessionDerivationData"
+      ],
+      "members":{
+        "InitializationVector":{"shape":"HexLength16Or32"},
+        "MajorKeyDerivationMode":{"shape":"EmvMajorKeyDerivationMode"},
+        "Mode":{"shape":"EmvEncryptionMode"},
+        "PanSequenceNumber":{"shape":"HexLengthEquals2"},
+        "PrimaryAccountNumber":{"shape":"NumberLengthBetween12And19"},
+        "SessionDerivationData":{"shape":"HexLengthEquals16"}
+      }
+    },
+    "EmvEncryptionMode":{
+      "type":"string",
+      "enum":[
+        "ECB",
+        "CBC"
+      ]
+    },
+    "EmvMajorKeyDerivationMode":{
+      "type":"string",
+      "enum":[
+        "EMV_OPTION_A",
+        "EMV_OPTION_B"
+      ]
+    },
     "EncryptDataInput":{
       "type":"structure",
       "required":[
@@ -484,6 +515,7 @@
       "members":{
         "Asymmetric":{"shape":"AsymmetricEncryptionAttributes"},
         "Dukpt":{"shape":"DukptEncryptionAttributes"},
+        "Emv":{"shape":"EmvEncryptionAttributes"},
         "Symmetric":{"shape":"SymmetricEncryptionAttributes"}
       },
       "union":true
@@ -569,10 +601,7 @@
         "GenerationAttributes":{"shape":"PinGenerationAttributes"},
         "GenerationKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"},
         "PinBlockFormat":{"shape":"PinBlockFormatForPinData"},
-        "PinDataLength":{
-          "shape":"IntegerRangeBetween4And12",
-          "box":true
-        },
+        "PinDataLength":{"shape":"IntegerRangeBetween4And12"},
         "PrimaryAccountNumber":{"shape":"NumberLengthBetween12And19"}
       }
     },
@@ -800,6 +829,7 @@
     },
     "IntegerRangeBetween4And12":{
       "type":"integer",
+      "box":true,
       "max":12,
       "min":4
     },
@@ -1349,10 +1379,7 @@
         "EncryptedPinBlock":{"shape":"HexLengthBetween16And32"},
         "EncryptionKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"},
         "PinBlockFormat":{"shape":"PinBlockFormatForPinData"},
-        "PinDataLength":{
-          "shape":"IntegerRangeBetween4And12",
-          "box":true
-        },
+        "PinDataLength":{"shape":"IntegerRangeBetween4And12"},
         "PrimaryAccountNumber":{"shape":"NumberLengthBetween12And19"},
         "VerificationAttributes":{"shape":"PinVerificationAttributes"},
         "VerificationKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}

diff --git a/...or/ServiceModels/payment-cryptography-data/payment-cryptography-data-2022-02-03.docs.json b/...or/ServiceModels/payment-cryptography-data/payment-cryptography-data-2022-02-03.docs.json
diff --git a/.../ServiceModels/payment-cryptography-data/payment-cryptography-data-2022-02-03.normal.json b/.../ServiceModels/payment-cryptography-data/payment-cryptography-data-2022-02-03.normal.json
diff --git a/sdk/code-analysis/ServiceAnalysis/PaymentCryptographyData/Generated/PropertyValueRules.xml b/sdk/code-analysis/ServiceAnalysis/PaymentCryptographyData/Generated/PropertyValueRules.xml
@@ -571,6 +571,30 @@
     <max>3</max>
     <pattern>^[0-9]+$</pattern>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptographyData.Model.EmvEncryptionAttributes.InitializationVector</property>
+    <min>16</min>
+    <max>32</max>
+    <pattern>^(?:[0-9a-fA-F]{16}|[0-9a-fA-F]{32})$</pattern>
+  </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptographyData.Model.EmvEncryptionAttributes.PanSequenceNumber</property>
+    <min>2</min>
+    <max>2</max>
+    <pattern>^[0-9a-fA-F]+$</pattern>
+  </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptographyData.Model.EmvEncryptionAttributes.PrimaryAccountNumber</property>
+    <min>12</min>
+    <max>19</max>
+    <pattern>^[0-9]+$</pattern>
+  </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptographyData.Model.EmvEncryptionAttributes.SessionDerivationData</property>
+    <min>16</min>
+    <max>16</max>
+    <pattern>^[0-9a-fA-F]+$</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptographyData.Model.Ibm3624NaturalPin.DecimalizationTable</property>
     <min>16</min>

diff --git a/sdk/src/Services/PaymentCryptographyData/Generated/Model/DecryptDataRequest.cs b/sdk/src/Services/PaymentCryptographyData/Generated/Model/DecryptDataRequest.cs
@@ -30,8 +30,8 @@ namespace Amazon.PaymentCryptographyData.Model
 {
     /// <summary>
     /// Container for the parameters to the DecryptData operation.
-    /// Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT data encryption
-    /// key. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html">Decrypt
+    /// Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA),
+    /// or derived (DUKPT or EMV) encryption key scheme. For more information, see <a href="https://docs.aws.amazon.com/payment-cryptography/latest/userguide/decrypt-data.html">Decrypt
     /// data</a> in the <i>Amazon Web Services Payment Cryptography User Guide</i>.
     /// 
     ///  
@@ -47,10 +47,15 @@ namespace Amazon.PaymentCryptographyData.Model
     ///  
     /// <para>
     /// For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports
-    /// <c>TDES</c> and <c>AES</c> algorithms. For asymmetric decryption, Amazon Web Services
-    /// Payment Cryptography supports <c>RSA</c>. When you use DUKPT, for <c>TDES</c> algorithm,
-    /// the ciphertext data length must be a multiple of 16 bytes. For <c>AES</c> algorithm,
-    /// the ciphertext data length must be a multiple of 32 bytes.
+    /// <c>TDES</c> and <c>AES</c> algorithms. For EMV decryption, Amazon Web Services Payment
+    /// Cryptography supports <c>TDES</c> algorithms. For asymmetric decryption, Amazon Web
+    /// Services Payment Cryptography supports <c>RSA</c>. 
+    /// </para>
+    ///  
+    /// <para>
+    /// When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of
+    /// 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16
+    /// bytes. For RSA, it sould be equal to the key size unless padding is enabled.
     /// </para>
     ///  
     /// <para>

diff --git a/sdk/src/Services/PaymentCryptographyData/Generated/Model/DecryptDataResponse.cs b/sdk/src/Services/PaymentCryptographyData/Generated/Model/DecryptDataResponse.cs
@@ -61,10 +61,11 @@ internal bool IsSetKeyArn()
         /// Gets and sets the property KeyCheckValue. 
         /// <para>
         /// The key check value (KCV) of the encryption key. The KCV is used to check if all parties
-        /// holding a given key have the same key or to detect that a key has changed. Amazon
-        /// Web Services Payment Cryptography calculates the KCV by using standard algorithms,
-        /// typically by encrypting 8 or 16 bytes or "00" or "01" and then truncating the result
-        /// to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
+        /// holding a given key have the same key or to detect that a key has changed.
+        /// </para>
+        ///  
+        /// <para>
+        /// Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
         /// </para>
         /// </summary>
         [AWSProperty(Required=true, Min=4, Max=16)]
@@ -83,7 +84,7 @@ internal bool IsSetKeyCheckValue()
         /// <summary>
         /// Gets and sets the property PlainText. 
         /// <para>
-        /// The decrypted plaintext data.
+        /// The decrypted plaintext data in hexBinary format.
         /// </para>
         /// </summary>
         [AWSProperty(Required=true, Sensitive=true, Min=16, Max=4096)]

diff --git a/sdk/src/Services/PaymentCryptographyData/Generated/Model/DukptEncryptionAttributes.cs b/sdk/src/Services/PaymentCryptographyData/Generated/Model/DukptEncryptionAttributes.cs
@@ -82,10 +82,8 @@ internal bool IsSetDukptKeyVariant()
         /// <summary>
         /// Gets and sets the property InitializationVector. 
         /// <para>
-        /// An input to cryptographic primitive used to provide the intial state. Typically the
-        /// <c>InitializationVector</c> must have a random or psuedo-random value, but sometimes
-        /// it only needs to be unpredictable or unique. If you don't provide a value, Amazon
-        /// Web Services Payment Cryptography generates a random value.
+        /// An input used to provide the intial state. If no value is provided, Amazon Web Services
+        /// Payment Cryptography defaults it to zero.
         /// </para>
         /// </summary>
         [AWSProperty(Sensitive=true, Min=16, Max=32)]
@@ -125,11 +123,7 @@ internal bool IsSetKeySerialNumber()
         /// <summary>
         /// Gets and sets the property Mode. 
         /// <para>
-        /// The block cipher mode of operation. Block ciphers are designed to encrypt a block
-        /// of data of fixed size, for example, 128 bits. The size of the input block is usually
-        /// same as the size of the encrypted output block, while the key length can be different.
-        /// A mode of operation describes how to repeatedly apply a cipher's single-block operation
-        /// to securely transform amounts of data larger than a block.
+        /// The block cipher method to use for encryption.
         /// </para>
         ///  
         /// <para>

diff --git a/sdk/src/Services/PaymentCryptographyData/Generated/Model/EmvEncryptionAttributes.cs b/sdk/src/Services/PaymentCryptographyData/Generated/Model/EmvEncryptionAttributes.cs
@@ -0,0 +1,163 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the payment-cryptography-data-2022-02-03.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Xml.Serialization;
+using System.Text;
+using System.IO;
+using System.Net;
+
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+
+namespace Amazon.PaymentCryptographyData.Model
+{
+    /// <summary>
+    /// Parameters for plaintext encryption using EMV keys.
+    /// </summary>
+    public partial class EmvEncryptionAttributes
+    {
+        private string _initializationVector;
+        private EmvMajorKeyDerivationMode _majorKeyDerivationMode;
+        private EmvEncryptionMode _mode;
+        private string _panSequenceNumber;
+        private string _primaryAccountNumber;
+        private string _sessionDerivationData;
+
+        /// <summary>
+        /// Gets and sets the property InitializationVector. 
+        /// <para>
+        /// An input used to provide the intial state. If no value is provided, Amazon Web Services
+        /// Payment Cryptography defaults it to zero.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Sensitive=true, Min=16, Max=32)]
+        public string InitializationVector
+        {
+            get { return this._initializationVector; }
+            set { this._initializationVector = value; }
+        }
+
+        // Check to see if InitializationVector property is set
+        internal bool IsSetInitializationVector()
+        {
+            return this._initializationVector != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property MajorKeyDerivationMode. 
+        /// <para>
+        /// The EMV derivation mode to use for ICC master key derivation as per EMV version 4.3
+        /// book 2.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true)]
+        public EmvMajorKeyDerivationMode MajorKeyDerivationMode
+        {
+            get { return this._majorKeyDerivationMode; }
+            set { this._majorKeyDerivationMode = value; }
+        }
+
+        // Check to see if MajorKeyDerivationMode property is set
+        internal bool IsSetMajorKeyDerivationMode()
+        {
+            return this._majorKeyDerivationMode != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property Mode. 
+        /// <para>
+        /// The block cipher method to use for encryption.
+        /// </para>
+        /// </summary>
+        public EmvEncryptionMode Mode
+        {
+            get { return this._mode; }
+            set { this._mode = value; }
+        }
+
+        // Check to see if Mode property is set
+        internal bool IsSetMode()
+        {
+            return this._mode != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property PanSequenceNumber. 
+        /// <para>
+        /// A number that identifies and differentiates payment cards with the same Primary Account
+        /// Number (PAN).
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true, Min=2, Max=2)]
+        public string PanSequenceNumber
+        {
+            get { return this._panSequenceNumber; }
+            set { this._panSequenceNumber = value; }
+        }
+
+        // Check to see if PanSequenceNumber property is set
+        internal bool IsSetPanSequenceNumber()
+        {
+            return this._panSequenceNumber != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property PrimaryAccountNumber. 
+        /// <para>
+        /// The Primary Account Number (PAN), a unique identifier for a payment credit or debit
+        /// card and associates the card to a specific account holder.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true, Sensitive=true, Min=12, Max=19)]
+        public string PrimaryAccountNumber
+        {
+            get { return this._primaryAccountNumber; }
+            set { this._primaryAccountNumber = value; }
+        }
+
+        // Check to see if PrimaryAccountNumber property is set
+        internal bool IsSetPrimaryAccountNumber()
+        {
+            return this._primaryAccountNumber != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property SessionDerivationData. 
+        /// <para>
+        /// The derivation value used to derive the ICC session key. It is typically the application
+        /// transaction counter value padded with zeros or previous ARQC value padded with zeros
+        /// as per EMV version 4.3 book 2.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true, Min=16, Max=16)]
+        public string SessionDerivationData
+        {
+            get { return this._sessionDerivationData; }
+            set { this._sessionDerivationData = value; }
+        }
+
+        // Check to see if SessionDerivationData property is set
+        internal bool IsSetSessionDerivationData()
+        {
+            return this._sessionDerivationData != null;
+        }
+
+    }
+}