1.9.0 (2025-02-03)
This release is available in the following languages:
- Java
- CI (d9e2a1e)
- DafnyLibraries.FileIO extern (b150c48)
- ECDH ValidatePublicKey err msg (34a48fc)
- for test vectors, use SetToSequenceSorted (#1034) (21ad206)
- GHW: check-files apply to PR, not to diff b/w HEAD and branch (#1075) (1f53a92)
- improve golang externs (#1133) (b6ee16e)
- Java: Improve Collection of Errors string (#1056) (9e195a1)
- line breaks (21536c7)
- PR comments (798214b)
- PR comments (a21c0b3)
- PR comments (7dd95bc)
- PR comments (eed0d87)
- PR comments (435515e)
- re-enable aes_gcm_192 (#1143) (23650a9)
- region (5930ae4)
- region (e3454b5)
- remove @sensitive from smithy models (#1123) (c939f3a)
- repo rename (#1218) (c2f003c)
- revert pyproject.toml drop (b5dbb5c)
- rust code used for testing must be allowed dead code (#1148) (5997919)
- SetToSequence should be a method, not a function (#1035) (1169bc8)
- smithy-dafny (#1136) (6005777)
- Adds CI (511ed35)
- check in polymorph go generated code (#1137) (d0fefbf)
- Check-in polymorph generated code (bfc7cb9)
- ddb Go externs (1e3737b)
- ddb: Go release v0.0.1 (#1201) (5293bfd)
- ddb: Go release v0.0.3 (#1210) (983f553)
- Go: Go module rename (#1196) (b0876ac)
- kms externs for Go (2d1f6d1)
- kms: Go release v0.0.1 (#1199) (9c80544)
- mpl externs (#1105) (29bc52e)
- mpl: Go release v0.0.1 (#1211) (4508ab8)
- Primitives CI (ce6e942)
- Primitives for Go (8066826)
- primitives: Go release v0.0.1 (#1203) (6bf0bbe)
- StandardLibrary for Go (587b57e)
- StandardLibrary for Go (94b4fd0)
- StandardLibrary for Go (6ce1ce3)
- StdLib: Go v0.0.1 release (#1195) (95e54bf)
1.8.0 (2024-11-19)
This release is available in the following languages:
- Java
- Drop SelectOpt from MutableMap (bdb6509)
- Externs (0bc1f96)
- formatting (b608ab8)
- Python-Release: Run validate tests from release commit (41c0c94)
- Python: CMCs release lock for unhandled runtime exceptions (#979) (1510b77)
- Python: return error on interrupted sleep (#1003) (405cf37)
- remove input and output traits on DynamoDB operations (#1012) (8377acf)
- return error on interrupted sleep (#993) (f49460a)
- rust CI (42e39cc)
- Rust: Interop test vectors; bump Dafny to 4.9.0 (#1004) (a505a30)
- Storm cache supports millisecond resolution (#1011) (6f09d5d)
1.7.4 (2024-11-06)
This release is available in the following languages:
- Python
1.7.3 (2024-10-31)
This release is available in the following languages:
- Python
1.7.2 (2024-10-22)
This release is available in the following languages:
- Python
- Move Java helper methods out of extern class (#855) (61fddf8)
- Smithy-Dafny update for separated classes and unions (#806) (4b7cc5f)
- variable name collision fix for Go (ceaec06)
1.7.1 (2024-10-11)
This release is available in the following languages:
- Python
This is the first release for the Python implementation of the AWS Cryptographic Material Providers Library. (#805) (cfb2f7e)
- H-Keyring: if getCache returns Error not EntryDoesNotExist, raise error (#846) (3413fcb)
- H-Keyring: if putCache throws EntryAlreadyExists, swallow (#856) (d01a182 )
1.7.0 (2024-09-23)
1.6.0 (2024-09-10)
- add ECDH error message for Rust (#574) (473a34a)
- DDB-Model: DDB Supports 100 actions per Transaction (#692) (8a67843)
- GetCurrentTimeStamp returns ISO8601 format (#575) (c07a51f)
- maintain order in test vectors for languages with parallel tests (#641) (8c8a38f)
- Remove 4.4 DDB and KMS patches, abstract test to work on later Dafny versions (#611) (d51d648)
- Remove uses of
:|(#618) (f12fe5b) - test vector help text (#657) (0fedaf1)
- post-release: Change back to 1.5.1-SNAPSHOT (09cd9a4)
1.5.1 (2024-07-08)
1.5.0 (2024-06-17)
1.4.0 (2024-05-20)
The Hierarchical Keyring's Keystore now supports four (4) KMSConfigurations:
- kmsKeyArn
- kmsMRKeyArn
- discovery
- mrDiscovery
See our JavaDocs for details on how these options effect the relationship between a Keystore and KMS.
- .NET : Bump dependency BouncyCastle.Cryptography from 2.2.1 to 2.3.1. (#329)
- .NET : Bump dependency AWSSDK.Core from 3.7.300.2 to 3.7.304.2. (#329)
- Java : Move InternalResult into StandardLibrary(Internal) (#325)
1.3.0 (2024-04-24)
- dafny: Local Service Constructors MUST return concrete (64f72c1)
- Improvements to the Java Release process (#162) (d92c06a)
- Increase try-block scope when calling MPL components (#267) (7661bf4)
- Multi-Region Key Logic in the Keystore (#285) (d924395)
- .NET : Enforce User input Constraints at Type Conversion (#281) (04102d7)
- Update error message to include expected values when no Encrypted Data Keys found to match (#275) (da95f9a)
* add command line parser (#131)
* resolve awssdk:core dependency in TestVectors build.gradle.kts (#177)
* add more tests to ComputeSetToOrderedSequence (#111)
* Empty string defers to SDK default region (#127)
* update mpl .csproj to use project references (#134)
* newest polymorph for newest shims. Catch all exceptions. DDB only (#135)
* update README for repo rename update (#147)
* rerun latest polymorph. (#128)
* typo lead to two verification, no format (#130)
* Improve compatibility with Dafny 4.4 (#129)
* A variety of fixes to the libraries CI and testing
* CmpError must return custom error message (#118) (86abacc)
* Deafult entryPruningTailSize (#93) (0344e9f)
* Fix brittle concurrent test (#105) (#60) (c043162)
* fix typo in encryption materials validation (cd6b0aa), closes #84
* fix typo in encryption materials validation (89a234c)
* Forward the underlying error (#90) (bc21551)
- Fixes a runtime check in
VersionKeyKey Store API that no longer checks for the CipherText length on the output of a KMS ReEncrypt API call.
- Introduces Thread Safe Cryptographic Materials Caches (CMCs):
- Storm Tracking Cache
Safe for use in a multi threaded environment,
tries to prevent redundant or overly parallel backend calls.
See Spec changes for details. - Multi Threaded Cache
Safe for use in a multi threaded environment,
but no extra functionality
- Storm Tracking Cache
- CMCs:
- Original Cryptographic Materials Cache has been renamed to Single Threaded Cache
CreateCryptographicMaterialsCacheInputnow ONLY acceptsCacheType,
which determines which, if any, of the three implemented CMCs will be returned.- The
DefaultCacheisStormTrackingCache
CreateAwsKmsHierarchicalKeyringInput:- no longer has a
maxCacheSizefield - now has an optional
cachefield for aCacheType
- no longer has a
- Hierarchical Keyring's Key Store:
- The Hierarchical Keyring's Key Store's Data Structure has changed.
As such, entries persisted in the Key Store with prior versions of this library are NOT compatibale.
Instead, we recommend Creating a new DynamoDB Table for this version of the Key Store. - The Key Store's
CreateKeyInputnow takes:- An Optional
String branchKeyIdentifier - An Optional
EncryptionContext encryptionContext- This
encryptionContextwill be added to the Encryption Context sent to KMS prefixed withaws-crypto-ec:
- This
- An Optional
- Creating a Key now also calls KMS:ReEncrypt
CreateKeyStoreno longer creates a GSI- The Encryption Context used with KMS'
GenerateDataKeyWithoutPlaintextno longer include's the discarded GSI'sstatus. - More details about the Key Store's changes are avaible in our Specification:
- The Hierarchical Keyring's Key Store's Data Structure has changed.
- A variety of fixes to the libraries CI and testing
- Fixes Required Encryption Context CMM and UpdateUsageMetadata names in smithy model
- Fixes PutCacheEntry
- PutCacheEntry will now update an entry. This simplifies using the cache in concurrent situations. Rather than having the caller implement some retry logic the cache will now update the entry.
- Fixes pom.xml to include runtime version of BouncyCastle and removes bundling of BC in the jar.
- Fixes build file to correctly generate pom file with correct dependencies during release.
- Initial release of the AWS Cryptographic Material Providers Library. This release is considered a developer preview and is not intended for production use cases.