added support for encrypt + tests

the encryption request doesn't have the recipient field
as this is currently not supported in the AWS KMS API
#25 (comment)

include/aws/nitro_enclaves/kms.h

@@ -172,6 +172,102 @@ struct aws_kms_decrypt_response {
     struct aws_allocator *const allocator;
 };
 
+struct aws_kms_encrypt_request {
+    /**
+     * Plaintext to be encrypted.
+     *
+     * Required: Yes.
+     */
+    struct aws_byte_buf plaintext;
+
+    /**
+     * Specifies the encryption algorithm that AWS KMS will use to encrypt the plaintext message.
+     * The algorithm must be compatible with the CMK that you specify.
+     *
+     * Required: No.
+     */
+    enum aws_encryption_algorithm encryption_algorithm;
+
+    /**
+     * Specifies the encryption context that will be used to encrypt the data.
+     * An encryption context is valid only for cryptographic operations with a symmetric CMK.
+     * The standard asymmetric encryption algorithms that AWS KMS uses do not support
+     * an encryption context.
+     *
+     * An encryption context is a collection of non-secret key-value pairs that
+     * represents additional authenticated data. When you use an encryption context
+     * to encrypt data, you must specify the same (an exact case-sensitive match)
+     * encryption context to decrypt the data. An encryption context is optional
+     * when encrypting with a symmetric CMK, but it is highly recommended.
+     *
+     * Required: No.
+     */
+    struct aws_hash_table encryption_context;
+
+    /**
+     * A list of grant tokens.
+     *
+     * For more information, see
+     * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token">Grant Tokens</a>
+     * in the AWS Key Management Service Developer Guide.
+     *
+     * Required: No.
+     */
+    struct aws_array_list grant_tokens;
+
+    /**
+     * A unique identifier for the customer master key (CMK).
+     *
+     * To specify a CMK, use its key ID, Amazon Resource Name (ARN),
+     * alias name, or alias ARN. When using an alias name,
+     * prefix it with "alias/". To specify a CMK in a different AWS account,
+     * you must use the key ARN or alias ARN.
+     *
+     * Required: Yes.
+     */
+    struct aws_string *key_id;
+
+    /**
+     * Allocator used for memory management of associated resources.
+     *
+     * Note that this is not part of the request.
+     */
+    struct aws_allocator *const allocator;
+};
+
+struct aws_kms_encrypt_response {
+    /**
+     * The Amazon Resource Name (key ARN) of the CMK
+     * that was used to encrypt the plaintext.
+     *
+     * Required: Yes.
+     */
+    struct aws_string *key_id;
+
+    /**
+     * The encrypted plaintext.
+     * 
+     * Length Constraints: Minimum length of 1. Maximum length of 6144.
+     *
+     * Required: No.
+     */
+    struct aws_byte_buf ciphertext_blob;
+
+    /**
+     * The encryption algorithm that was used to encrypt the plaintext.
+     *
+     * Required: Yes.
+     */
+    enum aws_encryption_algorithm encryption_algorithm;
+
+    /**
+     * Allocator used for memory management of associated resources.
+     *
+     * Note that this is not part of the response.
+     */
+    struct aws_allocator *const allocator;
+};
+
 struct aws_kms_generate_data_key_request {
     /**
      * Identifies the symmetric CMK that encrypts the data key.
@@ -490,6 +586,90 @@ struct aws_kms_decrypt_response *aws_kms_decrypt_response_from_json(
 AWS_NITRO_ENCLAVES_API
 void aws_kms_decrypt_response_destroy(struct aws_kms_decrypt_response *res);
 
+/**
+ * Creates an aws_kms_encrypt_request structure.
+ *
+ * @param[in]  allocator  The allocator used for initialization. NULL for default.
+ *
+ * @return                A new aws_kms_encrypt_request structure.
+ */
+AWS_NITRO_ENCLAVES_API
+struct aws_kms_encrypt_request *aws_kms_encrypt_request_new(struct aws_allocator *allocator);
+
+/**
+ * Serializes a KMS Encrypt Request @ref aws_kms_encrypt_request to json.
+ *
+ * @note The request must contain the required @ref aws_kms_encrypt_request::plaintext parameter.
+ *
+ * @param[in]   req        The KMS Encrypt Request that is to be serialized.
+ *
+ * @return                 The serialized KMS Encrypt Request.
+ */
+AWS_NITRO_ENCLAVES_API
+struct aws_string *aws_kms_encrypt_request_to_json(const struct aws_kms_encrypt_request *req);
+
+/**
+ * Deserialized a KMS Encrypt Request @ref aws_kms_encrypt_request from json.
+ *
+ * @param[in]   allocator  The allocator used for managing resource creation. NULL for default.
+ * @param[in]   json       The serialized json KMS Encrypt Request.
+ *
+ * @return                 A new aws_kms_encrypt_request structure.
+ */
+AWS_NITRO_ENCLAVES_API
+struct aws_kms_encrypt_request *aws_kms_encrypt_request_from_json(
+    struct aws_allocator *allocator,
+    const struct aws_string *json);
+
+/**
+ * Deallocate all internal data for a KMS Encrypt Request.
+ *
+ * @param[in]  req  The KMS Encrypt Request.
+ */
+AWS_NITRO_ENCLAVES_API
+void aws_kms_encrypt_request_destroy(struct aws_kms_encrypt_request *req);
+
+/**
+ * Creates an aws_kms_encrypt_response structure.
+ *
+ * @param[in]  allocator  The allocator used for initialization.
+ *
+ * @return                A new aws_kms_encrypt_response structure.
+ */
+AWS_NITRO_ENCLAVES_API
+struct aws_kms_encrypt_response *aws_kms_encrypt_response_new(struct aws_allocator *allocator);
+
+/**
+ * Serializes a KMS Encrypt Response @ref aws_kms_encrypt_response to json.
+ *
+ * @param[in]   res        The KMS Encrypt Response that is to be serialized.
+ *
+ * @return                 The serialized KMS Encrypt Response.
+ */
+AWS_NITRO_ENCLAVES_API
+struct aws_string *aws_kms_encrypt_response_to_json(const struct aws_kms_encrypt_response *res);
+
+/**
+ * Deserialized a KMS Encrypt Response @ref aws_kms_encrypt_response from json.
+ *
+ * @param[in]   allocator  The allocator used for managing resource creation. NULL for default.
+ * @param[in]   json       The serialized json KMS Encrypt Response.
+ *
+ * @return                 A new aws_kms_encrypt_response structure.
+ */
+AWS_NITRO_ENCLAVES_API
+struct aws_kms_encrypt_response *aws_kms_encrypt_response_from_json(
+    struct aws_allocator *allocator,
+    const struct aws_string *json);
+
+/**
+ * Deallocate all internal data for a KMS Encrypt Response.
+ *
+ * @param[in]  res  The KMS Encrypt Response.
+ */
+AWS_NITRO_ENCLAVES_API
+void aws_kms_encrypt_response_destroy(struct aws_kms_encrypt_response *res);
+
 /**
  * Creates an aws_kms_generate_data_key_request structure.
  *
@@ -713,6 +893,12 @@ int aws_kms_decrypt_blocking(
     const struct aws_byte_buf *ciphertext,
     struct aws_byte_buf *plaintext /* TODO: err_reason */);
 
+AWS_NITRO_ENCLAVES_API
+int aws_kms_encrypt_blocking(
+    struct aws_nitro_enclaves_kms_client *client,
+    const struct aws_byte_buf *plaintext,
+    struct aws_byte_buf *ciphertext /* TODO: err_reason */);
+
 AWS_NITRO_ENCLAVES_API
 int aws_kms_generate_data_key_blocking(
     struct aws_nitro_enclaves_kms_client *client,