Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(mpl;Rust): bump mpl to include rust input validation, aes-192 tests #722

Merged
merged 7 commits into from
Dec 19, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions AwsEncryptionSDK/runtimes/rust/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ src/storm_tracker.rs
src/time.rs
src/types/
src/uuid.rs
src/validation.rs
standard_library_conversions.rs
standard_library_externs.rs
target
Expand Down
13 changes: 13 additions & 0 deletions AwsEncryptionSDK/runtimes/rust/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,15 @@
# Changelog

All notable changes to this project will be documented in this file.

## 0.2.0 (2024-12-18)

### Fixes
- Support input validation

### Maintenance
- Add version branch key example

## 0.1.0 (2024-12-09)

Initial launch of the AWS Encryption SDK for Rust.
13 changes: 7 additions & 6 deletions AwsEncryptionSDK/runtimes/rust/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name = "aws-esdk"
version = "0.1.0"
edition = "2021"
rust-version = "1.80.0"
rust-version = "1.81.0"
keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
license = "ISC AND (Apache-2.0 OR ISC)"
description = "aws-esdk is a library for implementing client side encryption."
Expand All @@ -16,14 +16,15 @@ readme = "README.md"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
aws-config = "1.5.10"
aws-lc-rs = "1.11.1"
aws-lc-sys = "0.23.1"
aws-config = "1.5.11"
aws-lc-rs = "1.12.0"
aws-lc-sys = "0.24.0"
aws-sdk-dynamodb = "1.55.0"
aws-sdk-kms = "1.51.0"
aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
aws-smithy-types = "1.2.9"
chrono = "0.4.38"
aws-smithy-types = "1.2.10"
chrono = "0.4.39"
cpu-time = "1.0.0"
dafny-runtime = "0.1.1"
dashmap = "6.1.0"
pem = "3.0.4"
Expand Down
62 changes: 12 additions & 50 deletions AwsEncryptionSDK/runtimes/rust/README.md
Original file line number Diff line number Diff line change
@@ -1,63 +1,25 @@
# AWS Encryption SDK for Rust

AWS Encryption SDK for Rust
[![build status](https://github.com/aws/aws-encryption-sdk-dafny/actions/workflows/daily_ci.yml/badge.svg?branch=mainline)](https://github.com/aws/aws-encryption-sdk-dafny/actions/workflows/daily_ci.yml)
[![crates.io](https://img.shields.io/crates/v/aws-esdk.svg)](https://crates.io/crates/aws-esdk)
[![docs](https://docs.rs/aws-esdk/badge.svg)](https://docs.rs/aws-esdk)
[![rustc](https://img.shields.io/badge/rust-1.81%2B-orange.svg)](https://img.shields.io/badge/rust-1.81%2B-orange.svg)

## Using the AWS Encryption SDK for Rust
This is the official [AWS Encryption SDK for Rust](https://crates.io/crates/aws-esdk).

The AWS Encryption SDK is available on [Crates.io](https://www.crates.io/).
## [CHANGELOG](https://github.com/aws/aws-encryption-sdk-dafny/blob/mainline/AwsEncryptionSDK/runtimes/rust/CHANGELOG.md)

For more details about the design and architecture of the AWS Encryption SDK, see the [AWS Encryption SDK Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html).

## Building the AWS Encryption SDK for Rust

To build, the AWS Encryption SDK requires the most up to date version of [Dafny](https://github.com/dafny-lang/dafny) on your PATH.

You will also need to ensure that you fetch all submodules using either `git clone --recursive ...` when cloning the repository or `git submodule update --init` on an existing clone.

To setup your project to use the AWS Encryption SDK in Rust, run:

```
cd AwsEncryptionSDK
# Polymorph smithy to Rust
make polymorph_rust
# Transpile Dafny to Rust
make transpile_rust
```

### (Optional) Set up the AWS Encryption SDK to work with AWS KMS

If you set up the AWS Encryption SDK to use the AWS KMS Keyring,
the AWS Encryption SDK will make calls to AWS KMS on your behalf,
using the appropriate AWS SDK.
## Overview

However, you must first set up AWS credentials for use with the AWS SDK.
The AWS Encryption SDK enables secure client-side encryption. It uses cryptography best practices to protect your data and protect the encryption keys that protect your data. Each data object is protected with a unique data encryption key, and the data encryption key is protected with a key encryption key called a wrapping key. The encryption method returns a single, portable [encrypted message](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html) that contains the encrypted data and the encrypted data key, so you don't need to keep track of the data encryption keys for your data. You can use KMS keys in [AWS Key Management Service](https://aws.amazon.com/kms/) (AWS KMS) as wrapping keys. The AWS Encryption SDK also provides APIs to define and use encryption keys from other key providers.

## Testing the AWS Encryption SDK for Rust

### Configure AWS credentials

To run the test suite you must first set up AWS credentials for use with the AWS SDK.
This is required in order to run the integration tests, which use a KMS Keyring against a publicly accessible KMS CMK.

### Run the tests

Run the test suite with:

```
cd AwsEncryptionSDK
make test_rust
```

Run tests on examples, to ensure they are up to date:
For more details about the design and architecture of the AWS Encryption SDK, see the [AWS Encryption SDK Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html).

```
cd AwsEncryptionSDK/runtimes/rust/
cargo test --examples
```
## Examples for AWS Encryption SDK in Rust

Please look at the Examples on how to use the Encryption SDK in Rust [here](examples).
Please look at the Examples on how to use the Encryption SDK in Rust [here](https://github.com/aws/aws-encryption-sdk-dafny/tree/mainline/AwsEncryptionSDK/runtimes/rust/examples).

Please note that tests and test vectors require internet access and valid AWS credentials, since calls to KMS are made as part of the test workflow.
Please note that some examples MAY require internet access and valid AWS credentials, since calls to KMS are made.

## License

Expand Down
48 changes: 48 additions & 0 deletions AwsEncryptionSDK/runtimes/rust/src/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
## Building the AWS Encryption SDK for Rust from source

To build, the AWS Encryption SDK requires the most up to date version of [Dafny](https://github.com/dafny-lang/dafny) on your PATH.

You will also need to ensure that you fetch all submodules using either `git clone --recursive ...` when cloning the repository or `git submodule update --init` on an existing clone.

To setup your project to use the AWS Encryption SDK in Rust, run:

```
cd AwsEncryptionSDK
# Polymorph smithy to Rust
make polymorph_rust
# Transpile Dafny to Rust
make transpile_rust
```

### (Optional) Set up the AWS Encryption SDK to work with AWS KMS

If you set up the AWS Encryption SDK to use the AWS KMS Keyring,
the AWS Encryption SDK will make calls to AWS KMS on your behalf,
using the appropriate AWS SDK.

However, you must first set up AWS credentials for use with the AWS SDK.

## Testing the AWS Encryption SDK for Rust

### Configure AWS credentials

To run the test suite you must first set up AWS credentials for use with the AWS SDK.
This is required in order to run the integration tests, which use a KMS Keyring against a publicly accessible KMS CMK.

### Run the tests

Run the test suite with:

```
cd AwsEncryptionSDK
make test_rust
```

Run tests on examples, to ensure they are up to date:

```
cd AwsEncryptionSDK/runtimes/rust/
cargo test --examples
```

Please note that tests and test vectors require internet access and valid AWS credentials, since calls to KMS are made as part of the test workflow.
1 change: 1 addition & 0 deletions AwsEncryptionSDK/runtimes/rust/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ pub mod error;
/// All operations that this crate can perform.
pub mod operation;
pub mod types;
pub mod validation;

#[cfg(feature = "wrapped-client")]
pub mod wrapped;
Expand Down
2 changes: 1 addition & 1 deletion AwsEncryptionSDK/runtimes/rust/start_release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ cp -r . ../../../releases/rust/esdk
cd ../../../releases/rust/esdk

# Remove unnecessary files and directories
rm -rf *~ copy_externs.sh start_release.sh test_published.sh test_examples *.pem RELEASE.md CHANGELOG.md
rm -rf *~ copy_externs.sh start_release.sh test_published.sh test_examples *.pem RELEASE.md CHANGELOG.md src/README.md

# Create .gitignore file with specified entries
echo Cargo.lock > .gitignore
Expand Down
12 changes: 6 additions & 6 deletions AwsEncryptionSDK/runtimes/rust/test_examples/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
[package]
name = "aws-esdk-examples"
edition = "2021"
rust-version = "1.80.0"
rust-version = "1.81.0"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
aws-config = "1.5.10"
aws-lc-rs = "1.11.1"
aws-lc-sys = "0.23.1"
aws-config = "1.5.11"
aws-lc-rs = "1.12.0"
aws-lc-sys = "0.24.0"
aws-sdk-dynamodb = "1.55.0"
aws-sdk-kms = "1.51.0"
aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
aws-smithy-types = "1.2.9"
chrono = "0.4.38"
aws-smithy-types = "1.2.10"
chrono = "0.4.39"
dafny-runtime = "0.1.1"
dashmap = "6.1.0"
pem = "3.0.4"
Expand Down
1 change: 1 addition & 0 deletions TestVectors/runtimes/rust/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,5 @@ src/types/
src/uuid.rs
src/wrapped.rs
src/wrapped/
src/validation.rs
target
21 changes: 11 additions & 10 deletions TestVectors/runtimes/rust/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name = "aws-esdk-test-vectors"
version = "0.1.0"
edition = "2021"
rust-version = "1.80.0"
rust-version = "1.81.0"
description = "aws-esdk-test-vectors is a library for testing aws-esdk."
authors = ["AWS-CryptoTools"]
autoexamples = false
Expand All @@ -14,20 +14,21 @@ readme = "README.md"
wrapped-client = []

[dependencies]
aws-config = "1.5.6"
aws-lc-rs = "1.11.1"
aws-lc-sys = "0.23.1"
aws-sdk-dynamodb = "1.55.0"
aws-sdk-kms = "1.51.0"
aws-smithy-runtime-api = {version = "1.7.2", features = ["client"] }
aws-smithy-types = "1.2.6"
chrono = "0.4.38"
aws-config = "1.5.11"
aws-lc-rs = "1.12.0"
aws-lc-sys = "0.24.0"
aws-sdk-dynamodb = "1.56.0"
aws-sdk-kms = "1.52.0"
aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
aws-smithy-types = "1.2.10"
chrono = "0.4.39"
cpu-time = "1.0.0"
dafny-runtime = "0.1.1"
dashmap = "6.1.0"
pem = "3.0.4"
rand = "0.8.5"
tokio = {version = "1.42.0", features = ["full"] }
uuid = { version = "1.10.0", features = ["v4"] }
uuid = { version = "1.11.0", features = ["v4"] }

[dev-dependencies]
aws-esdk-test-vectors = { path = ".", features = ["wrapped-client"] }
Expand Down
1 change: 1 addition & 0 deletions TestVectors/runtimes/rust/src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ pub mod error;
/// All operations that this crate can perform.
pub mod operation;
pub mod types;
pub mod validation;

#[cfg(feature = "wrapped-client")]
pub mod wrapped;
Expand Down
2 changes: 1 addition & 1 deletion mpl
Submodule mpl updated from b5c352 to 23650a
Loading