From 74be934e36d05f04cd3628f9fb5ff9a0ad36e61d Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Wed, 6 Jul 2022 13:36:36 -0700 Subject: [PATCH] docs(CommitmentPolicy): Detail Commitment Policy on Enum --- .../encryptionsdk/CommitmentPolicy.java | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/main/java/com/amazonaws/encryptionsdk/CommitmentPolicy.java b/src/main/java/com/amazonaws/encryptionsdk/CommitmentPolicy.java index d17c078b4..94477cb35 100644 --- a/src/main/java/com/amazonaws/encryptionsdk/CommitmentPolicy.java +++ b/src/main/java/com/amazonaws/encryptionsdk/CommitmentPolicy.java @@ -3,11 +3,30 @@ package com.amazonaws.encryptionsdk; +/** + * Governs how a AwsCrypto behaves during configuration, encryption, and decryption, with respect to + * key commitment. + */ public enum CommitmentPolicy { + /** + * On encrypty, algorithm suite must NOT support key commitment; On decrypt, if a key commitment + * is present on the ciphertext, then the key commitment must be valid. Key commitment will NOT be + * included in ciphertext on encrypt. + */ ForbidEncryptAllowDecrypt, + /** + * On encrypt, algorithm suite must support key commitment; On decrypt, if a key commitment is + * present on the ciphertext, then the key commitment must be valid. Key commitment will be + * included in ciphertext on encrypt. + */ RequireEncryptAllowDecrypt, + /** + * Algorithm suite must support key commitment. Key commitment will be included in ciphertext on + * encrypt. Valid key commitment must be present in ciphertext on decrypt. + */ RequireEncryptRequireDecrypt; + /** Validates that an algorithm meets the Policy's On encrypt key commitment. */ public boolean algorithmAllowedForEncrypt(CryptoAlgorithm algorithm) { switch (this) { case ForbidEncryptAllowDecrypt: @@ -21,6 +40,7 @@ public boolean algorithmAllowedForEncrypt(CryptoAlgorithm algorithm) { } } + /** Validates that an algorithm meets the Policy's On decrypt key commitment. */ public boolean algorithmAllowedForDecrypt(CryptoAlgorithm algorithm) { switch (this) { case ForbidEncryptAllowDecrypt: