[keyvault] Add warnings for usage of RSA-OAEP and RSA1_5 (#32818)

### Packages impacted by this PR

@azure/keyvault-keys

### Issues associated with this PR

Resolves #32636
Resolves #32751

### Describe the problem that is addressed by this PR

This PR accomplishes two goals:

1. Use generated enum names instead of overwriting them with our
hand-authored ones in keyvault-keys
2. Adds a warning about using RSA1_5 and RSA-OAEP by proxy of (1) -
exposing the generated enum names directly


Note: APIView diff requires a fix to the parser (see Azure/azure-sdk-tools#9768)

sdk/keyvault/keyvault-keys/samples-dev/cryptography.ts

@@ -56,14 +56,17 @@ export async function main(): Promise<void> {
   });
   console.log("encrypt result: ", encrypt);
 
-  const decrypt = await cryptoClient.decrypt({ algorithm: "RSA1_5", ciphertext: encrypt.result });
+  const decrypt = await cryptoClient.decrypt({
+    algorithm: "RSA-OAEP-256",
+    ciphertext: encrypt.result,
+  });
   console.log("decrypt: ", decrypt.result.toString());
 
   // Wrap and unwrap
-  const wrapped = await cryptoClient.wrapKey("RSA-OAEP", Buffer.from("My Message"));
+  const wrapped = await cryptoClient.wrapKey("RSA-OAEP-256", Buffer.from("My Message"));
   console.log("wrap result: ", wrapped);
 
-  const unwrapped = await cryptoClient.unwrapKey("RSA-OAEP", wrapped.result);
+  const unwrapped = await cryptoClient.unwrapKey("RSA-OAEP-256", wrapped.result);
   console.log("unwrap result: ", unwrapped);
 }
 

sdk/keyvault/keyvault-keys/samples/v4/javascript/cryptography.js

@@ -5,7 +5,7 @@
  * @summary Uses an Azure Key Vault key to sign/verify, encrypt/decrypt, and wrap/unwrap data.
  */
 
-const { createHash } = require("crypto");
+const { createHash } = require("node:crypto");
 
 const { CryptographyClient, KeyClient } = require("@azure/keyvault-keys");
 const { DefaultAzureCredential } = require("@azure/identity");
@@ -55,14 +55,17 @@ async function main() {
   });
   console.log("encrypt result: ", encrypt);
 
-  const decrypt = await cryptoClient.decrypt({ algorithm: "RSA1_5", ciphertext: encrypt.result });
+  const decrypt = await cryptoClient.decrypt({
+    algorithm: "RSA-OAEP-256",
+    ciphertext: encrypt.result,
+  });
   console.log("decrypt: ", decrypt.result.toString());
 
   // Wrap and unwrap
-  const wrapped = await cryptoClient.wrapKey("RSA-OAEP", Buffer.from("My Message"));
+  const wrapped = await cryptoClient.wrapKey("RSA-OAEP-256", Buffer.from("My Message"));
   console.log("wrap result: ", wrapped);
 
-  const unwrapped = await cryptoClient.unwrapKey("RSA-OAEP", wrapped.result);
+  const unwrapped = await cryptoClient.unwrapKey("RSA-OAEP-256", wrapped.result);
   console.log("unwrap result: ", unwrapped);
 }
 

sdk/keyvault/keyvault-keys/samples/v4/typescript/src/cryptography.ts

@@ -5,7 +5,7 @@
  * @summary Uses an Azure Key Vault key to sign/verify, encrypt/decrypt, and wrap/unwrap data.
  */
 
-import { createHash } from "crypto";
+import { createHash } from "node:crypto";
 
 import { CryptographyClient, KeyClient } from "@azure/keyvault-keys";
 import { DefaultAzureCredential } from "@azure/identity";
@@ -32,7 +32,7 @@ export async function main(): Promise<void> {
 
   const cryptoClient = new CryptographyClient(
     myWorkKey.id!, // You can use either the key or the key Id i.e. its url to create a CryptographyClient.
-    credential
+    credential,
   );
 
   // Sign and Verify
@@ -56,14 +56,17 @@ export async function main(): Promise<void> {
   });
   console.log("encrypt result: ", encrypt);
 
-  const decrypt = await cryptoClient.decrypt({ algorithm: "RSA1_5", ciphertext: encrypt.result });
+  const decrypt = await cryptoClient.decrypt({
+    algorithm: "RSA-OAEP-256",
+    ciphertext: encrypt.result,
+  });
   console.log("decrypt: ", decrypt.result.toString());
 
   // Wrap and unwrap
-  const wrapped = await cryptoClient.wrapKey("RSA-OAEP", Buffer.from("My Message"));
+  const wrapped = await cryptoClient.wrapKey("RSA-OAEP-256", Buffer.from("My Message"));
   console.log("wrap result: ", wrapped);
 
-  const unwrapped = await cryptoClient.unwrapKey("RSA-OAEP", wrapped.result);
+  const unwrapped = await cryptoClient.unwrapKey("RSA-OAEP-256", wrapped.result);
   console.log("unwrap result: ", unwrapped);
 }
 

sdk/keyvault/keyvault-keys/src/cryptographyClientModels.ts

@@ -7,82 +7,20 @@ import type { JsonWebKey } from "./generated/models/index.js";
 import {
   JsonWebKeyEncryptionAlgorithm as EncryptionAlgorithm,
   JsonWebKeyCurveName as KeyCurveName,
+  KnownJsonWebKeyCurveName as KnownKeyCurveNames,
+  KnownJsonWebKeySignatureAlgorithm as KnownSignatureAlgorithms,
+  KnownJsonWebKeyEncryptionAlgorithm as KnownEncryptionAlgorithms,
   JsonWebKeySignatureAlgorithm as SignatureAlgorithm,
 } from "./generated/models/index.js";
 
-export { KeyCurveName, EncryptionAlgorithm, SignatureAlgorithm };
-
-/** Known values of {@link KeyCurveName} that the service accepts. */
-export enum KnownKeyCurveNames {
-  /** The NIST P-256 elliptic curve, AKA SECG curve SECP256R1. */
-  P256 = "P-256",
-  /** The NIST P-384 elliptic curve, AKA SECG curve SECP384R1. */
-  P384 = "P-384",
-  /** The NIST P-521 elliptic curve, AKA SECG curve SECP521R1. */
-  P521 = "P-521",
-  /** The SECG SECP256K1 elliptic curve. */
-  P256K = "P-256K",
-}
-
-/** Known values of {@link SignatureAlgorithm} that the service accepts. */
-export enum KnownSignatureAlgorithms {
-  /** RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518 */
-  PS256 = "PS256",
-  /** RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518 */
-  PS384 = "PS384",
-  /** RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518 */
-  PS512 = "PS512",
-  /** RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518 */
-  RS256 = "RS256",
-  /** RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518 */
-  RS384 = "RS384",
-  /** RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518 */
-  RS512 = "RS512",
-  /** Reserved */
-  Rsnull = "RSNULL",
-  /** ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518. */
-  ES256 = "ES256",
-  /** ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518 */
-  ES384 = "ES384",
-  /** ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518 */
-  ES512 = "ES512",
-  /** ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518 */
-  ES256K = "ES256K",
-}
-
-/** Known values of {@link EncryptionAlgorithm} that the service accepts. */
-export enum KnownEncryptionAlgorithms {
-  /** Encryption Algorithm - RSA-OAEP */
-  RSAOaep = "RSA-OAEP",
-  /** Encryption Algorithm - RSA-OAEP-256 */
-  RSAOaep256 = "RSA-OAEP-256",
-  /** Encryption Algorithm - RSA1_5 */
-  RSA15 = "RSA1_5",
-  /** Encryption Algorithm - A128GCM */
-  A128GCM = "A128GCM",
-  /** Encryption Algorithm - A192GCM */
-  A192GCM = "A192GCM",
-  /** Encryption Algorithm - A256GCM */
-  A256GCM = "A256GCM",
-  /** Encryption Algorithm - A128KW */
-  A128KW = "A128KW",
-  /** Encryption Algorithm - A192KW */
-  A192KW = "A192KW",
-  /** Encryption Algorithm - A256KW */
-  A256KW = "A256KW",
-  /** Encryption Algorithm - A128CBC */
-  A128CBC = "A128CBC",
-  /** Encryption Algorithm - A192CBC */
-  A192CBC = "A192CBC",
-  /** Encryption Algorithm - A256CBC */
-  A256CBC = "A256CBC",
-  /** Encryption Algorithm - A128CBCPAD */
-  A128Cbcpad = "A128CBCPAD",
-  /** Encryption Algorithm - A192CBCPAD */
-  A192Cbcpad = "A192CBCPAD",
-  /** Encryption Algorithm - A256CBCPAD */
-  A256Cbcpad = "A256CBCPAD",
-}
+export {
+  KeyCurveName,
+  EncryptionAlgorithm,
+  KnownEncryptionAlgorithms,
+  SignatureAlgorithm,
+  KnownKeyCurveNames,
+  KnownSignatureAlgorithms,
+};
 
 /**
  * Supported algorithms for key wrapping/unwrapping