Cosmian
diff --git a/‎README.md‎
Lines changed: 40 additions & 14 deletions b/‎README.md‎
Lines changed: 40 additions & 14 deletions
diff --git a/‎pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎pom.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/com/cosmian/jna/Ffi.java‎
Lines changed: 46 additions & 4 deletions b/‎src/main/java/com/cosmian/jna/Ffi.java‎
Lines changed: 46 additions & 4 deletions
diff --git a/‎src/main/java/com/cosmian/rest/abe/Abe.java‎
Lines changed: 62 additions & 3 deletions b/‎src/main/java/com/cosmian/rest/abe/Abe.java‎
Lines changed: 62 additions & 3 deletions
@@ -4,30 +4,37 @@
 The library provides a Java friendly API to the Cosmian Ubiquitous Encryption platform:
 
  - perform [Confidential Data Access](#confidential-data-access) advanced encryption routines 
- - build and run [Confidential Micro Services](#confidential-micro-services) on the Cosmian Confidential Cloud 
+ - build and run [Secure Computations](#secure-computations) on the Cosmian Confidential Cloud 
  - managed keys with the [Cosmian Confidential Key Management Service (KMS)](#confidential-kms) 
 
 
 :warning: This is the public release of the java library for Cosmian Ubiquitous Encryption. Only a limited set of the operations is currently publicly supported. Ask us for details.
 
 
-  - [Confidential Data Access](#confidential-data-access)
-    - [Quick Start](#quick-start)
-    - [Local encryption and decryption](#local-encryption-and-decryption)
-  - [Confidential Micro Services](#confidential-micro-services)
-  - [Confidential KMS](#confidential-kms)
-
 
 This library is available on Maven Central
 
 ```xml
 <dependency>
     <groupId>com.cosmian</groupId>
     <artifactId>cosmian_java_lib</artifactId>
-    <version>0.5.0</version>
+    <version>0.5.1</version>
 </dependency>
 ```
 
+
+
+  - [Confidential Data Access](#confidential-data-access)
+    - [Versions Correspondence](#versions-correspondence)
+    - [Quick Start ABE+AES](#quick-start-abeaes)
+    - [Local ABE+AES encryption and decryption](#local-abeaes-encryption-and-decryption)
+      - [Building the the ABE GPSW native lib](#building-the-the-abe-gpsw-native-lib)
+      - [Using the native library](#using-the-native-library)
+  - [Secure Computations](#secure-computations)
+  - [Confidential KMS](#confidential-kms)
+
+
+
 ## Confidential Data Access
 
 Cosmian Ubiquitous Encryption provides the ability to encrypt data - locally or inside the KMS -  using policy attributes. The only users able to decrypt the data are those possessing a key holding the correct access policy.
@@ -36,6 +43,15 @@ Attributes Based Encryption (ABE) allows building secure data lakes, repositorie
 
 In addition, Cosmian Confidential Data Access allows building secure indexes on the data, to efficiently search the encrypted data, without the cloud learning anything about the search query, the response or the underlying data itself.
 
+
+### Versions Correspondence
+
+KMS Server | Java Lib | abe_gpsw lib
+-----------|----------|--------------
+1.2.0      | 0.5.0    | 0.3.0
+1.2.1      | 0.5.1    | 0.4.0
+
+
 ### Quick Start ABE+AES
 
 Head for [demo.java](./src/test/java/com/cosmian/Demo.java) which demonstrates the use of the Abe class to exercise the Cosmian KMS server to create keys, encrypt and decrypt messages.
@@ -65,7 +81,9 @@ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
 2. Check out the [ABE GPSW library](https://github.com/Cosmian/abe_gpsw)
 
 ```sh
-git clone https://github.com/Cosmian/abe_gpsw.git
+git clone https://github.com/Cosmian/abe_gpsw.git && \
+cd abe_gpsw && \
+git checkout v0.4.0
 ```
 
 3. Build the native library, which will be available as `libabe_gpsw.so` (linux) or `libabe_gpsw.dylib` (macos) in the `target` directory
@@ -74,12 +92,19 @@ git clone https://github.com/Cosmian/abe_gpsw.git
 cargo build --release --all-features
 ```
 
+  *Note for MacOS M1 machines*
+  If java is running in intel x86_64 emulation mode, the library must be built for an x86_64 target, i.e.
+
+  ```sh
+  cargo build --release --all-features --target x86_64-apple-darwin
+  ```
+
 4. Place the library on the dynamic libraries path of your system, or a path indicated by `LD_LIBRARY_PATH` on Linux. Alternatively, If you are using tis library in a java project, you can place the library in 
 
 
 - `src/main/resources/linux-x86-64` folder for a Linux Intel machine
 - `src/main/resources/linux-amd64` folder for a Linux AMD machine
-- `src/main/resources/darwin` folder for a Mac running MacOS
+- `src/main/resources/darwin` folder for a Mac running MacOS (M1 and Intel)
 - `src/main/resources/win32-x86` folder for a Windows machine (untested)
 
 #### Using the native library
@@ -160,11 +185,12 @@ byte[] data_ = FFI.decryptBlock(decryptedHeader.getSymmetricKey(), uid, 0, encry
 assertTrue(Arrays.equals(data, data_));        
 ```
 
-## Confidential Micro Services
+
+## Secure Computations
 
 *Not publicly available yet. Call Cosmian for early access*
 
-Cosmian Confidential Micro Services allows building micro services in Python (soon Java) that can be deployed on the Cosmian Confidential Cloud. 
+Cosmian Secure Computations allows building micro services in Python (soon Java) that can be deployed on the Cosmian Confidential Cloud. 
 
 The code, the data and the results are encrypted at all times, so the Cosmian Cloud does not learn anything about the data or the algorithm. 
 
@@ -181,10 +207,10 @@ Also, data sources, code and results can be encrypted under different keys enabl
 
 ## Confidential KMS
 
-Cosmian offers a confidential KMS in the Cosmian Confidential Cloud. The KMS operations are protected with the same technology used for the Confidential Micro Services, so Cosmian never learns anything about the keys stored in the KMS or the operations performed with those keys inside the KMS (encryption, decryption, signature,...).
+Cosmian offers a confidential KMS in the Cosmian Confidential Cloud. The KMS operations are protected with the same technology used for the Secure Computations, so Cosmian never learns anything about the keys stored in the KMS or the operations performed with those keys inside the KMS (encryption, decryption, signature,...).
 
 Use of Cosmian KMS is included with the services above.
 
 The KMS offers a KMIP 2.1 interface.
 
-*Only the KMS operations required to enable the Confidential Data Access and Confidential Micro Services are publicly available for now. Contact Cosmian for full KMS access*
+*Only the KMS operations required to enable the Confidential Data Access and Secure Computations are publicly available for now. Contact Cosmian for full KMS access*
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.cosmian</groupId>
     <artifactId>cosmian_java_lib</artifactId>
-    <version>0.5.1-SNAPSHOT</version>
+    <version>0.5.1</version>
 
     <name>cosmian_java_lib</name>
     <description>The Cosmian Java Lib that provides local encryption/decyption and access to the Cosmian public platform APIs</description>
 
@@ -298,6 +298,21 @@ public int symmetricEncryptionOverhead() {
         return FfiWrapper.INSTANCE.h_aes_symmetric_encryption_overhead();
     }
 
+    /**
+     * Symmetrically encrypt a block of clear text data.
+     * 
+     * No resource UID is used for authentication and the block number is assumed to
+     * be zero
+     * 
+     * @param symmetricKey The key to use to symmetrically encrypt the block
+     * @param clearText    the clear text to encrypt
+     * @return the encrypted block
+     * @throws FfiException in case of native library error
+     */
+    public byte[] encryptBlock(byte[] symmetricKey, byte[] clearText) throws FfiException {
+        return encryptBlock(symmetricKey, new byte[] {}, 0, clearText);
+    }
+
     /**
      * Symmetrically encrypt a block of clear text data.
      * 
@@ -324,8 +339,13 @@ public byte[] encryptBlock(byte[] symmetricKey, byte[] uid, int blockNumber,
         symmetricKeyPointer.write(0, symmetricKey, 0, symmetricKey.length);
 
         // Uid
-        final Pointer uidPointer = new Memory(uid.length);
-        uidPointer.write(0, uid, 0, uid.length);
+        final Pointer uidPointer;
+        if (uid.length > 0) {
+            uidPointer = new Memory(uid.length);
+            uidPointer.write(0, uid, 0, uid.length);
+        } else {
+            uidPointer = Pointer.NULL;
+        }
 
         // Additional Data
         final Pointer dataPointer = new Memory(clearText.length);
@@ -339,6 +359,23 @@ public byte[] encryptBlock(byte[] symmetricKey, byte[] uid, int blockNumber,
         return Arrays.copyOfRange(cipherTextBuffer, 0, cipherTextBufferSize.getValue());
     }
 
+    /**
+     * Symmetrically decrypt a block of encrypted data.
+     * 
+     * No resource UID is used for authentication and the block number is assumed to
+     * be zero
+     * 
+     * @param symmetricKey   the symmetric key to use
+     * @param encryptedBytes the encrypted block bytes
+     * @return the clear text bytes
+     * @throws FfiException in case of native library error
+     */
+    public byte[] decryptBlock(byte[] symmetricKey, byte[] encryptedBytes)
+            throws FfiException {
+
+        return decryptBlock(symmetricKey, new byte[] {}, 0, encryptedBytes);
+    }
+
     /**
      * Symmetrically decrypt a block of encrypted data.
      * 
@@ -365,8 +402,13 @@ public byte[] decryptBlock(byte[] symmetricKey, byte[] uid, int blockNumber, byt
         symmetricKeyPointer.write(0, symmetricKey, 0, symmetricKey.length);
 
         // Uid
-        final Pointer uidPointer = new Memory(uid.length);
-        uidPointer.write(0, uid, 0, uid.length);
+        final Pointer uidPointer;
+        if (uid.length > 0) {
+            uidPointer = new Memory(uid.length);
+            uidPointer.write(0, uid, 0, uid.length);
+        } else {
+            uidPointer = Pointer.NULL;
+        }
 
         // Encrypted Data
         final Pointer encryptedBytesPointer = new Memory(encryptedBytes.length);
 
@@ -297,7 +297,14 @@ public String importUserDecryptionKey(String uniqueIdentifier, PrivateKey userDe
     /**
      * Encrypt data in the KMS using the given Policy Attributes (@see {@link Attr})
      * and Public Master Key.
-     * The data is encrypted using an hybrid encryption scheme ABE + AÉS 256 GCM
+     * The data is encrypted using an hybrid encryption scheme ABE + AÉS 256 GCM.
+     * No Metadata is added to the header and no resource uid is used in the AES
+     * AEAD scheme.
+     * 
+     * The generated cipher text is made of 3 parts
+     * - the length of the encrypted header as a u32 in big endian format (4 bytes)
+     * - the header
+     * - the AES GCM encrypted content
      * 
      * @param publicMasterKeyUniqueIdentifier the UID of the Public Key
      * @param data                            the data to encrypt
@@ -307,11 +314,37 @@ public String importUserDecryptionKey(String uniqueIdentifier, PrivateKey userDe
      */
     public byte[] kmsEncrypt(String publicMasterKeyUniqueIdentifier, byte[] data, Attr[] attributes)
             throws CosmianException {
+        return kmsEncrypt(publicMasterKeyUniqueIdentifier, data, attributes, Optional.empty());
+    }
+
+    /**
+     * Encrypt data in the KMS using the given Policy Attributes (@see {@link Attr})
+     * and Public Master Key.
+     * The data is encrypted using an hybrid encryption scheme ABE + AÉS 256 GCM.
+     * 
+     * The uid, is used in the authentication of the AES GCM scheme.
+     * It is not saved ith the header and must be resupplied on decryption
+     * 
+     * The generated cipher text is made of 3 parts
+     * - the length of the encrypted header as a u32 in big endian format (4 bytes)
+     * - the header
+     * - the AES GCM encrypted content
+     * 
+     * @param publicMasterKeyUniqueIdentifier the UID of the Public Key
+     * @param data                            the data to encrypt
+     * @param attributes                      the Policy Attributes
+     * @return the encrypted data
+     * @throws CosmianException if the encryption fails
+     */
+    public byte[] kmsEncrypt(String publicMasterKeyUniqueIdentifier, byte[] data, Attr[] attributes,
+            Optional<byte[]> uid)
+            throws CosmianException {
         try {
             DataToEncrypt dataToEncrypt = new DataToEncrypt(attributes, data);
             ObjectMapper mapper = new ObjectMapper();
             byte[] bytes = mapper.writeValueAsBytes(dataToEncrypt);
-            Encrypt request = new Encrypt(publicMasterKeyUniqueIdentifier, bytes, Optional.empty(), Optional.empty());
+            Encrypt request = new Encrypt(publicMasterKeyUniqueIdentifier, bytes, Optional.empty(),
+                    uid.isPresent() ? Optional.of(uid.get()) : Optional.empty());
             EncryptResponse response = this.kmip.encrypt(request);
             if (response.getData().isPresent()) {
                 return response.getData().get();
@@ -329,14 +362,40 @@ public byte[] kmsEncrypt(String publicMasterKeyUniqueIdentifier, byte[] data, At
     /**
      * Decrypt the data in the KMS using the given User Decryption Key
      * 
+     * The encryptedData should be made of 3 parts:
+     * - the length of the encrypted header as a u32 in big endian format (4 bytes)
+     * - the header
+     * - the AES GCM encrypted content
+     * 
      * @param userDecryptionKeyUniqueIdentifier the key UID
      * @param encryptedData                     the cipher text
      * @return the clear text data
      * @throws CosmianException if the decryption fails
      */
     public byte[] kmsDecrypt(String userDecryptionKeyUniqueIdentifier, byte[] encryptedData) throws CosmianException {
+        return this.kmsDecrypt(userDecryptionKeyUniqueIdentifier, encryptedData, Optional.empty());
+    }
+
+    /**
+     * Decrypt the data in the KMS using the given User Decryption Key
+     * 
+     * The encryptedData should be made of 3 parts:
+     * - the length of the encrypted header as a u32 in big endian format (4 bytes)
+     * - the header
+     * - the AES GCM encrypted content
+     * 
+     * @param userDecryptionKeyUniqueIdentifier the key UID
+     * @param encryptedData                     the cipher text
+     * @param uid                               the resource uid to use in the
+     *                                          authentication of the symmetric
+     *                                          scheme
+     * @return the clear text data
+     * @throws CosmianException if the decryption fails
+     */
+    public byte[] kmsDecrypt(String userDecryptionKeyUniqueIdentifier, byte[] encryptedData, Optional<byte[]> uid)
+            throws CosmianException {
         try {
-            Decrypt request = new Decrypt(userDecryptionKeyUniqueIdentifier, encryptedData, Optional.empty());
+            Decrypt request = new Decrypt(userDecryptionKeyUniqueIdentifier, encryptedData, uid);
             DecryptResponse response = this.kmip.decrypt(request);
             if (response.getData().isPresent()) {
                 return response.getData().get();