Skip to content

v0.4.0

  • v0.4.0
  • 61a2c54

  • Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode

  • Choose a tag to compare

    View all tags
Releases v0.4.0 (#45)
  • v0.4.0
  • 61a2c54

  • Choose a tag to compare

    View all tags

  • Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature.
    GPG key ID: B5690EEEBB952194
    Verified
    Learn about vigilant mode
@johnnyt johnnyt tagged this 27 Jan 14:51 
### Added
- CMM (Cryptographic Materials Manager) behaviour interface (#36)
- get_encryption_materials/2 and get_decryption_materials/2 callbacks
- Commitment policy type definitions (forbid/require encrypt/decrypt)
- Helper functions for commitment policy validation
- Helper functions for materials validation (encryption and decryption)
- Helper functions for encryption context validation
- Reserved key constant for signature verification (aws-crypto-public-key)
- Default algorithm suite selection based on commitment policy
- Reproduced encryption context validation and merging
- Comprehensive test suite (54 tests, 100% coverage)
- Default CMM implementation with keyring orchestration (#37)
- ECDSA crypto module for P-384 key pair generation
- Support for all 17 algorithm suites (signing and non-signing)
- Algorithm suite selection based on commitment policy
- Signing key generation for ECDSA algorithm suites
- Public key encoding/storage in encryption context
- Verification key extraction from encryption context
- Reproduced encryption context validation and merging
- Comprehensive test suite (25 unit tests, 4 error handling tests)
- Round-trip encryption/decryption tests with signing suites
- Multi-keyring integration tests
- Test vector support framework (harness setup)
- Client module with commitment policy enforcement (#38)
- encrypt/3 and encrypt_with_keyring/3 APIs with policy validation
- Support for three commitment policies per spec (forbid/require/allow)
- Default policy of :require_encrypt_require_decrypt (strictest)
- max_encrypted_data_keys configuration option
- ECDSA sign/verify functions for signature operations
- Round-trip encryption/decryption tests for signed suites
- Client commitment policy test suite (47 tests, 100% coverage)
- Client test vector validation (3 encrypt test cases)
- Client.decrypt/3 with commitment policy enforcement for decryption (#39)
- Client.decrypt_with_keyring/3 convenience function for keyring-based decryption
- AwsEncryptionSdk.decrypt/2-3 public API accepting Client or DecryptionMaterials
- AwsEncryptionSdk.decrypt_with_keyring/3 public API delegation
- Commitment policy validation during decryption (strictest policy rejects non-committed suites)
- EDK count limit enforcement during decryption (max_encrypted_data_keys)
- Comprehensive integration test suite with 9 tests covering all three commitment policies
- 16 new tests for Client-based and public API decryption (469 total tests, 93.8% coverage)

### Changed
- Increased minimum code coverage requirement from 92% to 93%
- Added edge case tests for encryption context and encrypted data keys
- Main API now recommends Client-based encryption workflow
- Renamed encrypt/decrypt to encrypt_with_materials/decrypt_with_materials
- Removed encryption context validation from Encrypt module
- Updated documentation with Client usage examples
Assets 2
Loading