Enabled EC384 and EC521 support in KAS and added relevant unit tests. The config file now supports the new EC384 and EC521 key types. Also, test keys for both types have been generated and added.

Improved the clarity of an error message in the "NewOpenTDFServer" method. Refactored key configurations in the dev and example YAML files to differentiate between multiple elliptic curve securities. Also made updates to various scripts to generate and handle these keys suitably.

This commit includes the refactoring of the publicKey.go file for better error handling and support for different algorithms. The log messages have been updated to provide clearer context upon failure of key generation methods for both EC and RSA algorithms. Also, changes were made to the init-temp-keys.cmd script to correct the path of the generated keys.

The code was updated to address an issue where an unknown key algorithm could be passed to the publicKey functions. It now properly catches this event and logs an error message. The additional condition checks if the algorithm is not RSA in addition to being non-empty, helping prevent potential configuration errors.

This commit modifies the execution of the `init-temp-keys.sh` script in `.github/workflows/checks.yaml` file. The change includes passing '--output ./keys/' argument to the script to dictate where the keys will be stored. This specifies the directory for the keys and enhances organization.

Updated the paths for secp256r1, secp384r1, and secp521r1 key files in the opentdf-dev.yaml file, removing the '/keys/' prefix. Also modified the path in the init-temp-keys.sh command within checks.yaml. This adjustment accommodates a change in file structure and ensures consistent script execution.

This commit includes modifications to symmetric key generation in the crypto provider. Now, GenerateNanoTDFSymmetricKey requires a keyID in addition to ephemeralPublicKeyBytes. This change allows for better security features as the encryption processes are enhanced. Minor changes such as comments added to the decrypt file and an adjustment to test output validation were also implemented.

The attributes.swagger.json file in the policy documentation was deleted. It was located in the docs/openapi/policy/attributes directory. This file contains the OpenAPI specification for attribute related services. The commit message should reflect the elimination of this detailed specification file.

The if-else constructs in the GetCurveName() method of the NanoTDFHeader struct in nanotdf.go have been refactored to a switch-case statement for better readability. Also, the invocation to retrieve the public key algorithm has been updated to use req.GetAlgorithm rather than directly accessing the property.

Added secp256k1 to the ECCMode in nanotdf.go. Also, the logging level for the 'kas public key algorithm' has been downgraded from Info to Debug to reflect its utilization better and reduce log volume in non-debug scenarios.

The kNanoTDFGMACLength constant and ErrInternal error constant were removed as they were not being used. The unnecessary ECCurve fetching code was also removed, now ECCurve is fetched directly from the header. The CryptoProvider now generates keys based on this directly fetched ECCurve.

The public key handling process has been updated to accommodate three different elliptic curve algorithms: EC256R1, EC384R1 and EC512R1. The tests have also been adjusted to ensure these changes function as expected. Algorithm constants in the crypto provider code file have also been updated to reflect these changes in public key handling.

The cryptoProvider configuration in both opentdf-dev.yaml and opentdf-example.yaml files has been refactored. The rsa and ec field structure has now been replaced with a simpler, streamlined `keys` field, which should enhance readability and maintainability of these configurations.

Updated both the .cmd and .sh versions of the init-temp-keys scripts to include the generation of elliptic curve (EC) keys with prime256v1 curve. Now, alongside RSA and secp256r1 key pairs, the scripts also generate prime256v1 EC key pairs.

The encryption functionality has been updated to allow for more options, such as the nano format and ability to disable storing key identifiers in TDF KAOs. The encrypt command has also been refactored for conciseness and clarity. Code for token endpoint during client creation is removed, and new options have been added to address the nanoTDF format and managing key identifiers.

New encryption keys have been added to both `opentdf-dev.yaml` and `opentdf-example.yaml` files. The keys are of elliptic curve cryptographic type with identifiers e2 and e3, corresponding to different security levels.

The algorithm name was incorrectly spelled as 'AlgorithmECP512R1' instead of 'AlgorithmECP521R1'. This incorrect spelling was fixed across multiple files. Also, the redundant code in publicKey.go and standard_crypto.go where ecPublicKeyPem was retrieved separately for each algorithm was consolidated into one single case handling multiple algorithms, making the code more concise and readable.

Simplified the "publicKey.go" code by handling all elliptic curve digital signature algorithm cases together. Also, amended the ECCertificate and ECPublicKey methods in the crypto provider to take an additional 'curveName' parameter. These changes are reflected in the accompanying tests as well.

Three new keys, e2 with ec:secp384r1, e3 with ec:secp521r1, and a legacy e2 key, and a legacy e3 key have been added to the configuration file. These keys enhance the algorithm compatibility and secure communications with the legacy system.

Two new key ids have been added to the tdf-roundtrips.bats file. Also, in the encrypt.go file, the ECCMode was changed from ECCModeSecp521r1 to ECCModeSecp256r1. This commit introduces these modifications to improve security and performance.

A new endpoint for the ec384 public key has been added in the service-start bats test. This endpoint checks if the output is a public key, verifies it's an EC

The code has been updated in the 'tdf-roundtrips.bats' test file to include support for secp384r1 and secp521r1 algorithms. New kids have been added along with their respective private key and cert file details. This should allow more flexibility for testing purposes.

Temporarily disable the decrypt command in tdf-roundtrips test due to a bug reported in issue #900. This change also modifies the paths of the r2 key pair to match the kas-private.pem and kas-cert.pem paths, eliminating the previously separate r2 keys.

The selected encryption algorithm assignment has been changed from a bunch of if-else conditions to a switch case statement within the getECPublicKey function. This change contributes to more readable and maintainable code. Also, comments are included to indicate the corresponding algorithm.

This commit updates the case switch in the nanotdf.go file to include support for ocrypto.ECCModeSecp256k1. Although this encryption algorithm is currently not supported, it now has a corresponding switch case.

In the SDK, error logging and returning has been implemented for the cases when an unsupported algorithm (ec:secp256k1) or any unknown algorithm is used. This will aid in better fault detection and diagnosis.

The decryption steps in the tdf-roundtrips bats test were commented out, and have been enabled again. In addition, the decrypt function was updated to accommodate both TDF and Nano files. It now attempts to decrypt both file types instead of returning an error when the file is not a TDF file.

The change removes the specific comparison of the output buffer content with "Hello Virtru" in the decrypt command. Instead, it just prints the content of the output buffer directly, making it more universally applicable.

The decryption command previously printed output directly from the buffer. This commit changes that and converts the output buffer to a string before printing. This may improve readability and consistency across the application.

Removed the warning message in the 'tdf-roundtrips.bats' test file which is no longer relevant. Also, in 'decrypt.go', replaced the 'cmd.Println' method with the 'fmt.Println' method to print the output string. This change is meant to simplify and standardize the print methods across the codebase.

The function signatures for GenerateEphemeralKasKeys, ECPublicKey, and ECCertificate in hsm.go have been updated. The functions now accept an additional parameter, though it's currently unused. This change provides better flexibility for future adjustments or enhancements of these functions.

Co-authored-by: Dave Mihalcik <dmihalcik@virtru.com>

…ort-additional-elliptic-curves

# Conflicts:
#	docs/openapi/policy/attributes/attributes.swagger.json
#	docs/openapi/policy/namespaces/namespaces.swagger.json