PAYMENT-CRYPTOGRAPHY
CreateAlias
valid {
input.Body.AliasName == STRING
input.Body.KeyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateKey
enum_KeyAlgorithm := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096" ]
enum_KeyCheckValueAlgorithm := [ "CMAC", "ANSI_X9_24" ]
enum_KeyClass := [ "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY" ]
enum_KeyUsage := [ "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY" ]
valid {
input.Body.KeyAttributes.KeyUsage == enum_KeyUsage[_]
input.Body.KeyAttributes.KeyClass == enum_KeyClass[_]
input.Body.KeyAttributes.KeyAlgorithm == enum_KeyAlgorithm[_]
input.Body.KeyAttributes.KeyModesOfUse.Encrypt == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.Decrypt == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.Wrap == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.Unwrap == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.Generate == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.Sign == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.Verify == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.DeriveKey == BOOLEAN
input.Body.KeyAttributes.KeyModesOfUse.NoRestrictions == BOOLEAN
input.Body.KeyCheckValueAlgorithm == enum_KeyCheckValueAlgorithm[_]
input.Body.Exportable == BOOLEAN
input.Body.Enabled == BOOLEAN
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAlias
valid {
input.Body.AliasName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteKey
valid {
input.Body.KeyIdentifier == STRING
input.Body.DeleteKeyInDays == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ExportKey
enum_KeyCheckValueAlgorithm := [ "CMAC", "ANSI_X9_24" ]
enum_KeyExportability := [ "EXPORTABLE", "NON_EXPORTABLE", "SENSITIVE" ]
enum_Tr34KeyBlockFormat := [ "X9_TR34_2012" ]
enum_WrappingKeySpec := [ "RSA_OAEP_SHA_256", "RSA_OAEP_SHA_512" ]
valid {
input.Body.KeyMaterial.Tr31KeyBlock.WrappingKeyIdentifier == STRING
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.Encrypt == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.Decrypt == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.Wrap == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.Unwrap == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.Generate == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.Sign == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.Verify == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.DeriveKey == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyModesOfUse.NoRestrictions == BOOLEAN
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyExportability == enum_KeyExportability[_]
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.KeyVersion == STRING
input.Body.KeyMaterial.Tr31KeyBlock.KeyBlockHeaders.OptionalBlocks.STRING == STRING
input.Body.KeyMaterial.Tr34KeyBlock.CertificateAuthorityPublicKeyIdentifier == STRING
input.Body.KeyMaterial.Tr34KeyBlock.WrappingKeyCertificate == STRING
input.Body.KeyMaterial.Tr34KeyBlock.ExportToken == STRING
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockFormat == enum_Tr34KeyBlockFormat[_]
input.Body.KeyMaterial.Tr34KeyBlock.RandomNonce == STRING
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.Encrypt == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.Decrypt == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.Wrap == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.Unwrap == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.Generate == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.Sign == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.Verify == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.DeriveKey == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyModesOfUse.NoRestrictions == BOOLEAN
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyExportability == enum_KeyExportability[_]
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.KeyVersion == STRING
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockHeaders.OptionalBlocks.STRING == STRING
input.Body.KeyMaterial.KeyCryptogram.CertificateAuthorityPublicKeyIdentifier == STRING
input.Body.KeyMaterial.KeyCryptogram.WrappingKeyCertificate == STRING
input.Body.KeyMaterial.KeyCryptogram.WrappingSpec == enum_WrappingKeySpec[_]
input.Body.ExportKeyIdentifier == STRING
input.Body.ExportAttributes.ExportDukptInitialKey.KeySerialNumber == STRING
input.Body.ExportAttributes.KeyCheckValueAlgorithm == enum_KeyCheckValueAlgorithm[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAlias
valid {
input.Body.AliasName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetKey
valid {
input.Body.KeyIdentifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetParametersForExport
enum_KeyAlgorithm := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096" ]
enum_KeyMaterialType := [ "TR34_KEY_BLOCK", "TR31_KEY_BLOCK", "ROOT_PUBLIC_KEY_CERTIFICATE", "TRUSTED_PUBLIC_KEY_CERTIFICATE", "KEY_CRYPTOGRAM" ]
valid {
input.Body.KeyMaterialType == enum_KeyMaterialType[_]
input.Body.SigningKeyAlgorithm == enum_KeyAlgorithm[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetParametersForImport
enum_KeyAlgorithm := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096" ]
enum_KeyMaterialType := [ "TR34_KEY_BLOCK", "TR31_KEY_BLOCK", "ROOT_PUBLIC_KEY_CERTIFICATE", "TRUSTED_PUBLIC_KEY_CERTIFICATE", "KEY_CRYPTOGRAM" ]
valid {
input.Body.KeyMaterialType == enum_KeyMaterialType[_]
input.Body.WrappingKeyAlgorithm == enum_KeyAlgorithm[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPublicKeyCertificate
valid {
input.Body.KeyIdentifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ImportKey
enum_KeyAlgorithm := [ "TDES_2KEY", "TDES_3KEY", "AES_128", "AES_192", "AES_256", "RSA_2048", "RSA_3072", "RSA_4096" ]
enum_KeyCheckValueAlgorithm := [ "CMAC", "ANSI_X9_24" ]
enum_KeyClass := [ "SYMMETRIC_KEY", "ASYMMETRIC_KEY_PAIR", "PRIVATE_KEY", "PUBLIC_KEY" ]
enum_KeyUsage := [ "TR31_B0_BASE_DERIVATION_KEY", "TR31_C0_CARD_VERIFICATION_KEY", "TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY", "TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION", "TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS", "TR31_E1_EMV_MKEY_CONFIDENTIALITY", "TR31_E2_EMV_MKEY_INTEGRITY", "TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS", "TR31_E5_EMV_MKEY_CARD_PERSONALIZATION", "TR31_E6_EMV_MKEY_OTHER", "TR31_K0_KEY_ENCRYPTION_KEY", "TR31_K1_KEY_BLOCK_PROTECTION_KEY", "TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT", "TR31_M3_ISO_9797_3_MAC_KEY", "TR31_M1_ISO_9797_1_MAC_KEY", "TR31_M6_ISO_9797_5_CMAC_KEY", "TR31_M7_HMAC_KEY", "TR31_P0_PIN_ENCRYPTION_KEY", "TR31_P1_PIN_GENERATION_KEY", "TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE", "TR31_V1_IBM3624_PIN_VERIFICATION_KEY", "TR31_V2_VISA_PIN_VERIFICATION_KEY", "TR31_K2_TR34_ASYMMETRIC_KEY" ]
enum_Tr34KeyBlockFormat := [ "X9_TR34_2012" ]
enum_WrappingKeySpec := [ "RSA_OAEP_SHA_256", "RSA_OAEP_SHA_512" ]
valid {
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyUsage == enum_KeyUsage[_]
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyClass == enum_KeyClass[_]
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyAlgorithm == enum_KeyAlgorithm[_]
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.Encrypt == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.Decrypt == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.Wrap == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.Unwrap == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.Generate == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.Sign == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.Verify == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.DeriveKey == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.KeyAttributes.KeyModesOfUse.NoRestrictions == BOOLEAN
input.Body.KeyMaterial.RootCertificatePublicKey.PublicKeyCertificate == STRING
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyUsage == enum_KeyUsage[_]
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyClass == enum_KeyClass[_]
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyAlgorithm == enum_KeyAlgorithm[_]
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.Encrypt == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.Decrypt == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.Wrap == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.Unwrap == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.Generate == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.Sign == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.Verify == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.DeriveKey == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.KeyAttributes.KeyModesOfUse.NoRestrictions == BOOLEAN
input.Body.KeyMaterial.TrustedCertificatePublicKey.PublicKeyCertificate == STRING
input.Body.KeyMaterial.TrustedCertificatePublicKey.CertificateAuthorityPublicKeyIdentifier == STRING
input.Body.KeyMaterial.Tr31KeyBlock.WrappingKeyIdentifier == STRING
input.Body.KeyMaterial.Tr31KeyBlock.WrappedKeyBlock == STRING
input.Body.KeyMaterial.Tr34KeyBlock.CertificateAuthorityPublicKeyIdentifier == STRING
input.Body.KeyMaterial.Tr34KeyBlock.SigningKeyCertificate == STRING
input.Body.KeyMaterial.Tr34KeyBlock.ImportToken == STRING
input.Body.KeyMaterial.Tr34KeyBlock.WrappedKeyBlock == STRING
input.Body.KeyMaterial.Tr34KeyBlock.KeyBlockFormat == enum_Tr34KeyBlockFormat[_]
input.Body.KeyMaterial.Tr34KeyBlock.RandomNonce == STRING
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyUsage == enum_KeyUsage[_]
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyClass == enum_KeyClass[_]
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyAlgorithm == enum_KeyAlgorithm[_]
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.Encrypt == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.Decrypt == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.Wrap == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.Unwrap == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.Generate == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.Sign == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.Verify == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.DeriveKey == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.KeyAttributes.KeyModesOfUse.NoRestrictions == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.Exportable == BOOLEAN
input.Body.KeyMaterial.KeyCryptogram.WrappedKeyCryptogram == STRING
input.Body.KeyMaterial.KeyCryptogram.ImportToken == STRING
input.Body.KeyMaterial.KeyCryptogram.WrappingSpec == enum_WrappingKeySpec[_]
input.Body.KeyCheckValueAlgorithm == enum_KeyCheckValueAlgorithm[_]
input.Body.Enabled == BOOLEAN
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAliases
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListKeys
enum_KeyState := [ "CREATE_IN_PROGRESS", "CREATE_COMPLETE", "DELETE_PENDING", "DELETE_COMPLETE" ]
valid {
input.Body.KeyState == enum_KeyState[_]
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.Body.ResourceArn == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RestoreKey
valid {
input.Body.KeyIdentifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StartKeyUsage
valid {
input.Body.KeyIdentifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
StopKeyUsage
valid {
input.Body.KeyIdentifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.ResourceArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.ResourceArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateAlias
valid {
input.Body.AliasName == STRING
input.Body.KeyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago