CHANGELOG.md

Changelog

1.8.0 (2024-11-19)

This release is available in the following languages:

• Java

Bug Fixes

• Drop SelectOpt from MutableMap (bdb6509)
• Externs (0bc1f96)
• formatting (b608ab8)
• Python-Release: Run validate tests from release commit (41c0c94)
• Python: CMCs release lock for unhandled runtime exceptions (#979) (1510b77)
• Python: return error on interrupted sleep (#1003) (405cf37)
• remove input and output traits on DynamoDB operations (#1012) (8377acf)
• return error on interrupted sleep (#993) (f49460a)
• rust CI (42e39cc)

Features

• Rust: Interop test vectors; bump Dafny to 4.9.0 (#1004) (a505a30)
• Storm cache supports millisecond resolution (#1011) (6f09d5d)

1.7.4 (2024-11-06)

This release is available in the following languages:

• Python

Bug Fixes

• Python: Support Python 3.13 (#953) (000baed)

1.7.3 (2024-10-31)

This release is available in the following languages:

• Python

Bug Fixes

• python time externs should return integers (#898) (56b9b67)

1.7.2 (2024-10-22)

This release is available in the following languages:

• Python

Bug Fixes

• Move Java helper methods out of extern class (#855) (61fddf8)
• Smithy-Dafny update for separated classes and unions (#806) (4b7cc5f)
• variable name collision fix for Go (ceaec06)

1.7.1 (2024-10-11)

This release is available in the following languages:

• Python

This is the first release for the Python implementation of the AWS Cryptographic Material Providers Library. (#805) (cfb2f7e)

Bug Fixes

• H-Keyring: if getCache returns Error not EntryDoesNotExist, raise error (#846) (3413fcb)
• H-Keyring: if putCache throws EntryAlreadyExists, swallow (#856) (d01a182 )

1.7.0 (2024-09-23)

Features

• HierarchyKeyring; CMC: Shared cache across Hierarchy Keyrings (#747) (d4709e9)

1.6.0 (2024-09-10)

Bug Fixes

• add ECDH error message for Rust (#574) (473a34a)
• DDB-Model: DDB Supports 100 actions per Transaction (#692) (8a67843)
• GetCurrentTimeStamp returns ISO8601 format (#575) (c07a51f)
• maintain order in test vectors for languages with parallel tests (#641) (8c8a38f)
• Remove 4.4 DDB and KMS patches, abstract test to work on later Dafny versions (#611) (d51d648)
• Remove uses of :| (#618) (f12fe5b)
• test vector help text (#657) (0fedaf1)
• post-release: Change back to 1.5.1-SNAPSHOT (09cd9a4)

Features

• bump dafny verification and code gen to dafny 4.8.0 (#520) (e16539e)

1.5.1 (2024-07-08)

Fixes

• SDK-Java: Generic SDK Error to Opaque & Back (#466) (f832ad1)

1.5.0 (2024-06-17)

Features

• MPL: Add Raw ECDH and AWS KMS ECDH Keyrings (#419) (0946a7e)

1.4.0 (2024-05-20)

Features

• Keystore: Introduce additional KMSConfiguration options (#316) (f3a0a52)

The Hierarchical Keyring's Keystore now supports four (4) KMSConfigurations:

• kmsKeyArn
• kmsMRKeyArn
• discovery
• mrDiscovery

See our JavaDocs for details on how these options effect the relationship between a Keystore and KMS.

Maintenance

• .NET : Bump dependency BouncyCastle.Cryptography from 2.2.1 to 2.3.1. (#329)
• .NET : Bump dependency AWSSDK.Core from 3.7.300.2 to 3.7.304.2. (#329)
• Java : Move InternalResult into StandardLibrary(Internal) (#325)

1.3.0 (2024-04-24)

Bug Fixes

• dafny: Local Service Constructors MUST return concrete (64f72c1)
• Improvements to the Java Release process (#162) (d92c06a)
• Increase try-block scope when calling MPL components (#267) (7661bf4)

Features

• Multi-Region Key Logic in the Keystore (#285) (d924395)
• .NET : Enforce User input Constraints at Type Conversion (#281) (04102d7)
• Update error message to include expected values when no Encrypted Data Keys found to match (#275) (da95f9a)

1.2.0 (2024-01-08)

Features

* add command line parser (#131)

Bug Fixes

* resolve awssdk:core dependency in TestVectors build.gradle.kts (#177)
* add more tests to ComputeSetToOrderedSequence (#111)
* Empty string defers to SDK default region (#127)
* update mpl .csproj to use project references (#134)
* newest polymorph for newest shims. Catch all exceptions. DDB only (#135)
* update README for repo rename update (#147)
* rerun latest polymorph. (#128)
* typo lead to two verification, no format (#130)
* Improve compatibility with Dafny 4.4 (#129)

Maintenance

* A variety of fixes to the libraries CI and testing

1.0.2 (2023-10-18)

Bug Fixes

* CmpError must return custom error message (#118) (86abacc)
* Deafult entryPruningTailSize (#93) (0344e9f)
* Fix brittle concurrent test (#105) (#60) (c043162)
* fix typo in encryption materials validation (cd6b0aa), closes #84
* fix typo in encryption materials validation (89a234c)
* Forward the underlying error (#90) (bc21551)

1.0.1 2023-07-26

Fix

• Fixes a runtime check in VersionKey Key Store API that no longer checks for the CipherText length on the output of a KMS ReEncrypt API call.

1.0.0 2023-07-21

Features

• Introduces Thread Safe Cryptographic Materials Caches (CMCs):
  • Storm Tracking Cache
    Safe for use in a multi threaded environment,
    tries to prevent redundant or overly parallel backend calls.
    See Spec changes for details.
  • Multi Threaded Cache
    Safe for use in a multi threaded environment,
    but no extra functionality

BREAKING CHANGES

• CMCs:
  • Original Cryptographic Materials Cache has been renamed to Single Threaded Cache
  • CreateCryptographicMaterialsCacheInput now ONLY accepts CacheType,
    which determines which, if any, of the three implemented CMCs will be returned.
  • The DefaultCache is StormTrackingCache
• CreateAwsKmsHierarchicalKeyringInput:
  • no longer has a maxCacheSize field
  • now has an optional cache field for a CacheType
• Hierarchical Keyring's Key Store:
  • The Hierarchical Keyring's Key Store's Data Structure has changed.
    As such, entries persisted in the Key Store with prior versions of this library are NOT compatibale.
    Instead, we recommend Creating a new DynamoDB Table for this version of the Key Store.
  • The Key Store's CreateKeyInput now takes:
    • An Optional String branchKeyIdentifier
    • An Optional EncryptionContext encryptionContext
      • This encryptionContext will be added to the Encryption Context sent to KMS prefixed with aws-crypto-ec:
  • Creating a Key now also calls KMS:ReEncrypt
  • CreateKeyStore no longer creates a GSI
  • The Encryption Context used with KMS' GenerateDataKeyWithoutPlaintext no longer include's the discarded GSI's status.
  • More details about the Key Store's changes are avaible in our Specification:
    • 2023-07-12 Update Key Store
    • KeyStore Specification

Maintenance

• A variety of fixes to the libraries CI and testing

Fix

• Fixes Required Encryption Context CMM and UpdateUsageMetadata names in smithy model

1.0.0-preview-3 2023-06-22

Fix

• Fixes PutCacheEntry
  • PutCacheEntry will now update an entry. This simplifies using the cache in concurrent situations. Rather than having the caller implement some retry logic the cache will now update the entry.
• Fixes pom.xml to include runtime version of BouncyCastle and removes bundling of BC in the jar.

1.0.0-preview-2 2023-06-19

Fix

• Fixes build file to correctly generate pom file with correct dependencies during release.

1.0.0-preview-1 2023-06-07

Features

• Initial release of the AWS Cryptographic Material Providers Library. This release is considered a developer preview and is not intended for production use cases.