chore(rust): release 0.2.0 (#726)

AwsEncryptionSDK/runtimes/rust/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "aws-esdk"
-version = "0.1.0"
+version = "0.2.0"
 edition = "2021"
 rust-version = "1.81.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]

AwsEncryptionSDK/runtimes/rust/start_release.sh

@@ -22,7 +22,7 @@ perl -pe "s/^version = .*$/version = \"$1\"/" < Cargo.toml > new_Cargo.toml
 mv new_Cargo.toml Cargo.toml
 
 # Remove all files and directories in src except for specified files
-find src -depth 1 | egrep -v '(lib.rs)' | xargs rm -rf
+find src -depth 1 | egrep -v '(lib.rs|README.md)' | xargs rm -rf
 
 # Change to the parent directory and run make polymorph and transpile commands
 cd ../..

releases/rust/esdk/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "aws-esdk"
-version = "0.1.0"
+version = "0.2.0"
 edition = "2021"
-rust-version = "1.80.0"
+rust-version = "1.81.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-esdk is a library for implementing client side encryption."
@@ -16,14 +16,15 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.5.10"
-aws-lc-rs = "1.11.1"
-aws-lc-sys = "0.23.1"
+aws-config = "1.5.11"
+aws-lc-rs = "1.12.0"
+aws-lc-sys = "0.24.0"
 aws-sdk-dynamodb = "1.55.0"
 aws-sdk-kms = "1.51.0"
 aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
-aws-smithy-types = "1.2.9"
-chrono = "0.4.38"
+aws-smithy-types = "1.2.10"
+chrono = "0.4.39"
+cpu-time = "1.0.0"
 dafny-runtime = "0.1.1"
 dashmap = "6.1.0"
 pem = "3.0.4"

releases/rust/esdk/README.md

@@ -1,63 +1,25 @@
 # AWS Encryption SDK for Rust
 
-AWS Encryption SDK for Rust
+[![build status](https://github.com/aws/aws-encryption-sdk-dafny/actions/workflows/daily_ci.yml/badge.svg?branch=mainline)](https://github.com/aws/aws-encryption-sdk-dafny/actions/workflows/daily_ci.yml)
+[![crates.io](https://img.shields.io/crates/v/aws-esdk.svg)](https://crates.io/crates/aws-esdk)
+[![docs](https://docs.rs/aws-esdk/badge.svg)](https://docs.rs/aws-esdk)
+[![rustc](https://img.shields.io/badge/rust-1.81%2B-orange.svg)](https://img.shields.io/badge/rust-1.81%2B-orange.svg)
 
-## Using the AWS Encryption SDK for Rust
+This is the official [AWS Encryption SDK for Rust](https://crates.io/crates/aws-esdk).
 
-The AWS Encryption SDK is available on [Crates.io](https://www.crates.io/).
+## [CHANGELOG](https://github.com/aws/aws-encryption-sdk-dafny/blob/mainline/AwsEncryptionSDK/runtimes/rust/CHANGELOG.md)
 
-For more details about the design and architecture of the AWS Encryption SDK, see the [AWS Encryption SDK Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html).
-
-## Building the AWS Encryption SDK for Rust
-
-To build, the AWS Encryption SDK requires the most up to date version of [Dafny](https://github.com/dafny-lang/dafny) on your PATH.
-
-You will also need to ensure that you fetch all submodules using either `git clone --recursive ...` when cloning the repository or `git submodule update --init` on an existing clone.
-
-To setup your project to use the AWS Encryption SDK in Rust, run:
-
-```
-cd AwsEncryptionSDK
-# Polymorph smithy to Rust
-make polymorph_rust
-# Transpile Dafny to Rust
-make transpile_rust
-```
-
-### (Optional) Set up the AWS Encryption SDK to work with AWS KMS
-
-If you set up the AWS Encryption SDK to use the AWS KMS Keyring,
-the AWS Encryption SDK will make calls to AWS KMS on your behalf,
-using the appropriate AWS SDK.
+## Overview
 
-However, you must first set up AWS credentials for use with the AWS SDK.
+The AWS Encryption SDK enables secure client-side encryption. It uses cryptography best practices to protect your data and protect the encryption keys that protect your data. Each data object is protected with a unique data encryption key, and the data encryption key is protected with a key encryption key called a wrapping key. The encryption method returns a single, portable [encrypted message](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/message-format.html) that contains the encrypted data and the encrypted data key, so you don't need to keep track of the data encryption keys for your data. You can use KMS keys in [AWS Key Management Service](https://aws.amazon.com/kms/) (AWS KMS) as wrapping keys. The AWS Encryption SDK also provides APIs to define and use encryption keys from other key providers.
 
-## Testing the AWS Encryption SDK for Rust
-
-### Configure AWS credentials
-
-To run the test suite you must first set up AWS credentials for use with the AWS SDK.
-This is required in order to run the integration tests, which use a KMS Keyring against a publicly accessible KMS CMK.
-
-### Run the tests
-
-Run the test suite with:
-
-```
-cd AwsEncryptionSDK
-make test_rust
-```
-
-Run tests on examples, to ensure they are up to date:
+For more details about the design and architecture of the AWS Encryption SDK, see the [AWS Encryption SDK Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html).
 
-```
-cd AwsEncryptionSDK/runtimes/rust/
-cargo test --examples
-```
+## Examples for AWS Encryption SDK in Rust
 
-Please look at the Examples on how to use the Encryption SDK in Rust [here](examples).
+Please look at the Examples on how to use the Encryption SDK in Rust [here](https://github.com/aws/aws-encryption-sdk-dafny/tree/mainline/releases/rust/esdk/examples).
 
-Please note that tests and test vectors require internet access and valid AWS credentials, since calls to KMS are made as part of the test workflow.
+Please note that some examples MAY require internet access and valid AWS credentials, since calls to KMS are made.
 
 ## License
 

releases/rust/esdk/examples/client_supplier/client_supplier_example.rs

@@ -18,10 +18,10 @@
 use super::regional_role_client_supplier::RegionalRoleClientSupplier;
 use aws_esdk::client as esdk_client;
 use aws_esdk::types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
-use aws_esdk::aws_cryptography_materialProviders::types::error::Error::AwsCryptographicMaterialProvidersException;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
-use aws_esdk::aws_cryptography_materialProviders::types::DiscoveryFilter;
+use aws_esdk::material_providers::types::error::Error::AwsCryptographicMaterialProvidersException;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::material_providers::types::DiscoveryFilter;
 use std::collections::HashMap;
 
 pub async fn encrypt_and_decrypt_with_keyring(

releases/rust/esdk/examples/client_supplier/regional_role_client_supplier.rs

@@ -2,9 +2,9 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use aws_config::Region;
-use aws_esdk::aws_cryptography_materialProviders::types::ClientSupplier;
-use aws_esdk::aws_cryptography_materialProviders::operation::get_client::GetClientInput;
-use aws_esdk::aws_cryptography_materialProviders::types::error::Error;
+use aws_esdk::material_providers::types::ClientSupplier;
+use aws_esdk::material_providers::operation::get_client::GetClientInput;
+use aws_esdk::material_providers::types::error::Error;
 use aws_esdk::com_amazonaws_kms::client::Client as kms_client;
 use super::regional_role_client_supplier_config;
 

releases/rust/esdk/examples/cryptographic_materials_manager/required_encryption_context/required_encryption_context_example.rs

@@ -10,8 +10,8 @@ On decrypt, the client MUST supply the key/value pair(s) that were not stored to
 
 use aws_esdk::client as esdk_client;
 use aws_esdk::types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
 use aws_esdk::types::error::Error::AwsCryptographicMaterialProvidersError;
 use std::collections::HashMap;
 use std::vec::Vec;

releases/rust/esdk/examples/cryptographic_materials_manager/restrict_algorithm_suite/signing_only_example.rs

@@ -10,10 +10,10 @@ use super::signing_suite_only_cmm::SigningSuiteOnlyCMM;
 use aws_esdk::client as esdk_client;
 use aws_esdk::types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
 use aws_esdk::types::error::Error::AwsCryptographicMaterialProvidersError;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
-use aws_esdk::aws_cryptography_materialProviders::types::cryptographic_materials_manager::CryptographicMaterialsManagerRef;
-use aws_esdk::aws_cryptography_materialProviders::types::EsdkAlgorithmSuiteId;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::material_providers::types::cryptographic_materials_manager::CryptographicMaterialsManagerRef;
+use aws_esdk::material_providers::types::EsdkAlgorithmSuiteId;
 use std::collections::HashMap;
 
 pub async fn encrypt_and_decrypt_with_cmm(

releases/rust/esdk/examples/cryptographic_materials_manager/restrict_algorithm_suite/signing_suite_only_cmm.rs

@@ -1,18 +1,18 @@
 // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use aws_esdk::aws_cryptography_materialProviders::operation::get_encryption_materials::GetEncryptionMaterialsInput;
-use aws_esdk::aws_cryptography_materialProviders::operation::get_encryption_materials::GetEncryptionMaterialsOutput;
-use aws_esdk::aws_cryptography_materialProviders::operation::decrypt_materials::DecryptMaterialsInput;
-use aws_esdk::aws_cryptography_materialProviders::operation::decrypt_materials::DecryptMaterialsOutput;
-use aws_esdk::aws_cryptography_materialProviders::types::error::Error;
-use aws_esdk::aws_cryptography_materialProviders::types::cryptographic_materials_manager::CryptographicMaterialsManager;
-use aws_esdk::aws_cryptography_materialProviders::types::cryptographic_materials_manager::CryptographicMaterialsManagerRef;
-use aws_esdk::aws_cryptography_materialProviders::types::keyring::KeyringRef;
-use aws_esdk::aws_cryptography_materialProviders::types::EsdkAlgorithmSuiteId;
-use aws_esdk::aws_cryptography_materialProviders::types::AlgorithmSuiteId;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::material_providers::operation::get_encryption_materials::GetEncryptionMaterialsInput;
+use aws_esdk::material_providers::operation::get_encryption_materials::GetEncryptionMaterialsOutput;
+use aws_esdk::material_providers::operation::decrypt_materials::DecryptMaterialsInput;
+use aws_esdk::material_providers::operation::decrypt_materials::DecryptMaterialsOutput;
+use aws_esdk::material_providers::types::error::Error;
+use aws_esdk::material_providers::types::cryptographic_materials_manager::CryptographicMaterialsManager;
+use aws_esdk::material_providers::types::cryptographic_materials_manager::CryptographicMaterialsManagerRef;
+use aws_esdk::material_providers::types::keyring::KeyringRef;
+use aws_esdk::material_providers::types::EsdkAlgorithmSuiteId;
+use aws_esdk::material_providers::types::AlgorithmSuiteId;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
 use std::vec::Vec;
 
 /*

releases/rust/esdk/examples/keyring/aws_kms_discovery_keyring_example.rs

@@ -38,9 +38,9 @@ https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
 
 use aws_esdk::client as esdk_client;
 use aws_esdk::types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
-use aws_esdk::aws_cryptography_materialProviders::types::DiscoveryFilter;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::material_providers::types::DiscoveryFilter;
 use aws_esdk::types::error::Error::AwsCryptographicMaterialProvidersError;
 use std::collections::HashMap;
 

releases/rust/esdk/examples/keyring/aws_kms_discovery_multi_keyring_example.rs

@@ -35,9 +35,9 @@ https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
 
 use aws_esdk::client as esdk_client;
 use aws_esdk::types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
-use aws_esdk::aws_cryptography_materialProviders::types::DiscoveryFilter;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::material_providers::types::DiscoveryFilter;
 use std::collections::HashMap;
 use std::vec::Vec;
 

releases/rust/esdk/examples/keyring/aws_kms_hierarchical/aws_kms_hierarchical_keyring_example.rs

@@ -42,11 +42,11 @@ use super::example_branch_key_id_supplier::ExampleBranchKeyIdSupplier;
 use aws_esdk::client as esdk_client;
 use aws_esdk::types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
 use aws_esdk::types::error::Error::AwsCryptographicMaterialProvidersError;
-use aws_esdk::aws_cryptography_keyStore::types::KmsConfiguration;
-use aws_esdk::aws_cryptography_keyStore::types::key_store_config::KeyStoreConfig;
-use aws_esdk::aws_cryptography_keyStore::client as keystore_client;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::key_store::types::KmsConfiguration;
+use aws_esdk::key_store::types::key_store_config::KeyStoreConfig;
+use aws_esdk::key_store::client as keystore_client;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
 use std::collections::HashMap;
 
 pub async fn encrypt_and_decrypt_with_keyring(

releases/rust/esdk/examples/keyring/aws_kms_hierarchical/create_branch_key_id.rs

@@ -1,17 +1,17 @@
 // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use aws_esdk::aws_cryptography_keyStore::client as keystore_client;
-use aws_esdk::aws_cryptography_keyStore::types::key_store_config::KeyStoreConfig;
-use aws_esdk::aws_cryptography_keyStore::types::KmsConfiguration;
+use aws_esdk::key_store::client as keystore_client;
+use aws_esdk::key_store::types::key_store_config::KeyStoreConfig;
+use aws_esdk::key_store::types::KmsConfiguration;
 
 /*
  The Hierarchical Keyring Example relies on the existence
  of a DDB-backed key store with pre-existing
  branch key material.
 
  This example demonstrates configuring a KeyStore and then
- using a helper method to create a branch key.
+ uses a helper method to create a branch key.
 */
 pub async fn create_branch_key_id(
     key_store_table_name: &str,

releases/rust/esdk/examples/keyring/aws_kms_hierarchical/example_branch_key_id_supplier.rs

@@ -1,10 +1,10 @@
 // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use aws_esdk::aws_cryptography_materialProviders::operation::get_branch_key_id::GetBranchKeyIdInput;
-use aws_esdk::aws_cryptography_materialProviders::operation::get_branch_key_id::GetBranchKeyIdOutput;
-use aws_esdk::aws_cryptography_materialProviders::types::error::Error;
-use aws_esdk::aws_cryptography_materialProviders::types::branch_key_id_supplier::BranchKeyIdSupplier;
+use aws_esdk::material_providers::operation::get_branch_key_id::GetBranchKeyIdInput;
+use aws_esdk::material_providers::operation::get_branch_key_id::GetBranchKeyIdOutput;
+use aws_esdk::material_providers::types::error::Error;
+use aws_esdk::material_providers::types::branch_key_id_supplier::BranchKeyIdSupplier;
 use std::collections::HashMap;
 
 /*

releases/rust/esdk/examples/keyring/aws_kms_hierarchical/mod.rs

@@ -3,5 +3,6 @@
 
 pub mod aws_kms_hierarchical_keyring_example;
 pub mod create_branch_key_id;
+pub mod version_branch_key_id_example;
 pub mod example_branch_key_id_supplier;
 pub mod shared_cache_across_hierarchical_keyrings_example;

releases/rust/esdk/examples/keyring/aws_kms_hierarchical/shared_cache_across_hierarchical_keyrings_example.rs

@@ -65,14 +65,14 @@
 use super::create_branch_key_id::create_branch_key_id;
 use aws_esdk::client as esdk_client;
 use aws_esdk::types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
-use aws_esdk::aws_cryptography_materialProviders::types::CacheType;
-use aws_esdk::aws_cryptography_materialProviders::types::DefaultCache;
-use aws_esdk::aws_cryptography_materialProviders::types::cryptographic_materials_cache::CryptographicMaterialsCacheRef;
-use aws_esdk::aws_cryptography_keyStore::types::KmsConfiguration;
-use aws_esdk::aws_cryptography_keyStore::types::key_store_config::KeyStoreConfig;
-use aws_esdk::aws_cryptography_keyStore::client as keystore_client;
-use aws_esdk::aws_cryptography_materialProviders::client as mpl_client;
-use aws_esdk::aws_cryptography_materialProviders::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::material_providers::types::CacheType;
+use aws_esdk::material_providers::types::DefaultCache;
+use aws_esdk::material_providers::types::cryptographic_materials_cache::CryptographicMaterialsCacheRef;
+use aws_esdk::material_providers::client as mpl_client;
+use aws_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
+use aws_esdk::key_store::types::KmsConfiguration;
+use aws_esdk::key_store::types::key_store_config::KeyStoreConfig;
+use aws_esdk::key_store::client as keystore_client;
 use std::collections::HashMap;
 
 pub async fn encrypt_and_decrypt_with_keyring(

releases/rust/esdk/examples/keyring/aws_kms_hierarchical/version_branch_key_id_example.rs

@@ -0,0 +1,68 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+use aws_esdk::key_store::client as keystore_client;
+use aws_esdk::key_store::types::key_store_config::KeyStoreConfig;
+use aws_esdk::key_store::types::KmsConfiguration;
+
+/*
+ This example demonstrates configuring a KeyStore and then
+ uses a helper method to version a branch key.
+*/
+pub async fn version_branch_key_id(
+    key_store_table_name: &str,
+    logical_key_store_name: &str,
+    kms_key_arn: &str,
+    branch_key_id: &str
+) -> Result<(), crate::BoxError> {
+    // Create a Key Store
+    // The KMS Configuration you use in the KeyStore MUST have the right access to the resources in the KeyStore.
+    let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
+    let key_store_config = KeyStoreConfig::builder()
+        .kms_client(aws_sdk_kms::Client::new(&sdk_config))
+        .ddb_client(aws_sdk_dynamodb::Client::new(&sdk_config))
+        .ddb_table_name(key_store_table_name)
+        .logical_key_store_name(logical_key_store_name)
+        .kms_configuration(KmsConfiguration::KmsKeyArn(kms_key_arn.to_string()))
+        .build()?;
+
+    let keystore = keystore_client::Client::from_conf(key_store_config)?;
+
+    // To version a branch key you MUST have access to kms:ReEncrypt* and kms:GenerateDataKeyWithoutPlaintext
+    keystore.version_key()
+        .branch_key_identifier(branch_key_id)
+        .send()
+        .await?;
+
+    println!("Version Branch Key Example Completed Successfully");
+
+    Ok(())
+}
+
+// Function to test version_branch_key_id in main.rs in examples directory
+pub async fn create_and_version_branch_key_id() -> Result<(), crate::BoxError2> {
+    use crate::example_utils::utils;
+    use super::create_branch_key_id::create_branch_key_id;
+
+    let branch_key_id: String = create_branch_key_id(
+        utils::TEST_KEY_STORE_NAME,
+        utils::TEST_LOGICAL_KEY_STORE_NAME,
+        utils::TEST_KEY_STORE_KMS_KEY_ID
+    ).await?;
+
+    version_branch_key_id(
+        utils::TEST_KEY_STORE_NAME,
+        utils::TEST_LOGICAL_KEY_STORE_NAME,
+        utils::TEST_KEY_STORE_KMS_KEY_ID,
+        &branch_key_id
+    ).await?;
+
+    Ok(())
+}
+
+#[tokio::test(flavor = "multi_thread")]
+pub async fn test_version_branch_key_id() -> Result<(), crate::BoxError2> {
+    // Test function for Version Branch Key example
+    create_and_version_branch_key_id().await?;
+    Ok(())
+}