Skip to content

chore(java): demo hv-2 does not send prefixed EC in examples #1529

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 109 commits into from
Closed

chore(java): demo hv-2 does not send prefixed EC in examples #1529

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
109 commits
Select commit Hold shift + click to select a range
1eaef91
chore(Java): version by properties file only
texastony Nov 14, 2024
ace69c3
fix
josecorella Mar 31, 2025
22b9ddb
m
josecorella Mar 31, 2025
e04b615
comment out rust and go
josecorella Mar 31, 2025
292a8cc
feat: Adding a storage option to the KeyStore (#594)
seebees Sep 18, 2024
f8b8ca5
polymorph
josecorella Mar 31, 2025
7179454
python poly
josecorella Mar 31, 2025
4931023
repoly correctly
josecorella Mar 31, 2025
fd58386
these dang formatters
josecorella Mar 31, 2025
459916e
chore(KSA-Model): more Mutation Operation changes (#955)
texastony Sep 18, 2024
4305f2f
fix(Mutations): KMS Exception improvements
texastony Nov 12, 2024
0bc88a2
feat(KSA): Describe Mutation
texastony Nov 13, 2024
9860108
feat(KSA): KMS Decrypt/Encrypt Strategy (#1020)
texastony Nov 25, 2024
1ec7acc
feat(KSA): System Key (#1021) (#1055)
texastony Nov 25, 2024
2c092ef
chore: percolate changes from HEAD to mutations branch
texastony Nov 26, 2024
5999314
fix(KS-Smithy): explicit error for tampered Branch Key (#1058)
texastony Nov 26, 2024
2e54e7c
chore: fix decrypt encrypt strategy (#1059)
josecorella Nov 26, 2024
30120f7
fix(KSA): Describe Mutation bugs (#1062)
texastony Nov 27, 2024
cd55b04
chore: error refinement improvements decrypt/encrypt strategy (#1061)
josecorella Nov 27, 2024
4aa0eae
fix(KSA-Dafny): break up Mutations, other fixes, more tests (#1069)
texastony Dec 2, 2024
746f5a6
fix: use correct client depending on operation (#1084)
josecorella Dec 4, 2024
413058e
test(KSA-Java): assert deletion of Index/Commitment at end of Mutatio…
texastony Dec 4, 2024
45bffda
docs: update documentation for Key Store Admin Errors (#1086)
josecorella Dec 5, 2024
fff0a99
test(KSA): Utilize Limit KMS Clients in Mutation D/E test (#1089)
texastony Dec 5, 2024
793fef9
feat(KSA): DoNotVersion for Initialize Mutation (#1082)
texastony Dec 6, 2024
adc061f
feat(KSA): require System Key + doc polish + tests (#1092)
texastony Dec 9, 2024
3dcdfdb
fix(MPL): remove un-used imports (#1103)
texastony Dec 10, 2024
a5a368d
docs(KSA): clarify mutation behvior (#1112)
texastony Dec 12, 2024
e1d7248
chore(Smithy): remove Smithy trait un-supported by Smithy-Dafny (#1134)
texastony Dec 17, 2024
84c8e5f
test: add concurrency testing for storage operations (#1132)
josecorella Dec 23, 2024
6d7da51
fix(GHW): Library Example (#1269)
texastony Jan 31, 2025
2c43f9e
fix(KeyStoreAdmin): Exceptions for Mutations when KMS Key is Disabled…
texastony Feb 16, 2025
b3157eb
chore: bring in latest main changes
josecorella Mar 31, 2025
e17db6f
chore: fix CI for HV-2 (#1353)
imabhichow Mar 25, 2025
51c7198
chore: move ProvideCryptoClient to HierarchicalVersionUtils in KeySto…
rishav-karanjit Mar 25, 2025
5e55f9c
ci(Go, Rust): disable for current HV-2 work (#1360)
texastony Mar 25, 2025
faf9622
feat(BKS & BKSA)!: Smithy Model for HV-2 (#1350)
texastony Mar 25, 2025
db67136
chore(BKS): pack & unpack plainTextTuple (#1362)
texastony Mar 26, 2025
1328a4e
chore(BKS): Add Helper functions to select KMS Encryption Context for…
imabhichow Mar 26, 2025
c35f991
chore: refactor hv1 functions and methods (#1367)
rishav-karanjit Mar 26, 2025
de7ef56
chore(bks): Add createMdDigest in hvutils (#1361)
rishav-karanjit Mar 27, 2025
9274827
chore(BKS): add decrypt hook For Hv2 (#1368)
rishav-karanjit Mar 28, 2025
18e1075
chore(dafny): Add todo for test (#1377)
rishav-karanjit Mar 31, 2025
f378730
chore(dafny): BranchKeyContext for HV-2 (#1381)
imabhichow Mar 31, 2025
b8802b9
chore(dafny): KS Refactor KeyStoreException (#1383)
imabhichow Mar 31, 2025
95c62f8
chore(dafny): BKS Encrypt Key for HV-1 & HV-2 (#1372)
imabhichow Apr 1, 2025
ef37253
chore(dafny): wire get keys with the decrypt hook (#1376)
rishav-karanjit Apr 1, 2025
8bd469d
chore(dafny): BKS Refactor GetKeys (#1389)
imabhichow Apr 2, 2025
29f7b9f
chore(dafny): add test for get keys (#1388)
rishav-karanjit Apr 3, 2025
73bb512
chore(dafny): add VerifyGetKeysFromStorage to test (#1392)
rishav-karanjit Apr 3, 2025
c5f51ab
chore(dafny): Add helper function to VerifyGetKeys (#1396)
rishav-karanjit Apr 4, 2025
545885f
feat(dafny): KSA Create Key Operation for HV-2 (#1374)
imabhichow Apr 4, 2025
8ea5cbe
test(dafny): no touching the static branch-key-id in the dev branch (…
texastony Apr 4, 2025
83211d8
test(dafny): restore static test branch key id (#1403)
texastony Apr 4, 2025
63b6409
chore(dafny): refactor HV1 MRK test to use helper methods (#1399)
rishav-karanjit Apr 5, 2025
f5f1de3
chore(dafny): KSA Add test coverage for creating a hv-2 branch key. (…
imabhichow Apr 8, 2025
6d1db95
chore: disable duvet (#1414)
texastony Apr 9, 2025
8d61b10
chore(java): create key example for HV-2 branch key (#1425)
imabhichow Apr 11, 2025
be086cd
refactor(dafny): rename BKS Error Messages class for legibility (#1429)
texastony Apr 14, 2025
999ae15
chore(dafny): Add helper method to decrypt branch key item (#1439)
rishav-karanjit Apr 14, 2025
cad6d00
chore(dafny): add checks and tests to fail on EC collision on init mu…
rishav-karanjit Apr 14, 2025
43a87ba
fix(dafny): BKSA CreateKey formal verification (#1427)
texastony Apr 15, 2025
a10d064
refactor(java): Move examples to new project to depend on ESDK (#1441)
texastony Apr 15, 2025
5fee8f0
chore(dafny): BKS HierarchyVersionToString (#1430)
texastony Apr 15, 2025
df977d3
refactor(dafny): prepare MutateItem for wiring of hv1 and hv2 (#1446)
rishav-karanjit Apr 15, 2025
e7f880c
test(dafny): BKSA errors if terminal HV is 1 (#1431)
texastony Apr 16, 2025
4d85523
feat(dafny): BKSA Mutation Commitment includes HV (#1432)
texastony Apr 16, 2025
c5d6038
chore(dafny): verify branch key item when terminal hv is 2 (#1442)
rishav-karanjit Apr 16, 2025
1b5be56
chore(dafny): add method to Mutate to HV2 without wiring (#1445)
rishav-karanjit Apr 16, 2025
354bca2
chore(dafny): refactor VersionActiveBranchKey to support multiple hi…
josecorella Apr 17, 2025
8939be9
fix(dafny): BKS Mutation Items treat `hierarchy-version` as schema ve…
texastony Apr 17, 2025
500b96d
test(dafny): ensures lying branch keys throws exception (#1422)
imabhichow Apr 17, 2025
ae81599
chore(dafny): BKSA Mutate from HV-1 to HV-2 only Simple (#1458)
texastony Apr 21, 2025
20cfd18
chore(dafny): BKSA test pre-HV-2 static branch keys for in-flight mut…
imabhichow Apr 21, 2025
49bb228
chore(dafny): move static branch keys to static key store table (#1459)
imabhichow Apr 21, 2025
cd3cafd
chore: refactor helper methods for copy & delete branch keys (#1462)
imabhichow Apr 22, 2025
4867143
chore(dafny): Test hv1 to hv2 mutation (#1461)
rishav-karanjit Apr 22, 2025
0379078
refactor(dafny): move TestMutateToHV2FromHV1 to mutation directory (…
rishav-karanjit Apr 22, 2025
f7f093a
chore(dafny): Add TODO to support terminal hv-1 but not downgrading f…
rishav-karanjit Apr 24, 2025
fd4bbc2
feat(dafny): support decrypt/encrypt strategy for mutation to hv2 (#…
rishav-karanjit Apr 25, 2025
1ec8cda
feat(dafny): mutate HV-2 to HV-2 without new version (#1474)
imabhichow Apr 25, 2025
63b1008
chore(java): add examples for mutation to hv-2 (#1477)
rishav-karanjit Apr 28, 2025
d3b94a4
test(java): BKSA in-flight mutations access denied (#1480)
imabhichow Apr 29, 2025
e3eacb5
feat(dafny): support hv-2 versionKey in KeyStoreAdmin (#1455)
josecorella Apr 30, 2025
3b74ecf
chore(dafny): add version on mutate functionality (#1485)
josecorella Apr 30, 2025
92b6258
chore(dafny): fix verification in kms keyring ondecrypt (#1489)
josecorella May 2, 2025
bd5c1b8
chore(dafny): BKSA Mutations Tests for HV-1 to HV-1 (#1482)
imabhichow May 2, 2025
42612ab
chore(dafny): Complete Strategy Support for BKSA VersionKey & CreateK…
imabhichow May 5, 2025
e8e869f
chore(dafny): add hv-2 create key proofs (#1499)
josecorella May 6, 2025
0fe76f7
chore(dafny): support kms simple for v1 to v1 mutations (#1491)
imabhichow May 6, 2025
ac1d634
chore(dafny): add version key hv-2 proofs (#1504)
josecorella May 8, 2025
66ae3df
chore(dafny): BKS CreateKey remove redundant EC checks for HV-2 (#1508)
texastony May 9, 2025
4f6887f
chore(dafny): BKSA refine KMS Error mapping to MutationTo/From except…
imabhichow May 9, 2025
8f822b4
chore(dafny): BKSA Tests for Restarting Mutations (#1501)
imabhichow May 10, 2025
70bf132
chore(dafny): cleanup todos in hv-2 (#1511)
rishav-karanjit May 13, 2025
61406ea
chore(dafny): add failure for unexpected attribute in EC on HV-2 (#1516)
rishav-karanjit May 16, 2025
7e0ed9e
test(dafny): some testing on EC transforms (#1521)
texastony May 16, 2025
268ffd7
chore(dafny): remove duplicate proof in kms keyring (#1526)
josecorella May 19, 2025
3b33f4f
use new key
rishav-karanjit May 19, 2025
46ebc64
auto commit
rishav-karanjit May 19, 2025
e47eca0
HV-2 only EC
rishav-karanjit May 19, 2025
6b98e6f
Merge branch 'hv-2/hv-2' into rishav/hv-2/prefixExample
rishav-karanjit May 19, 2025
cbdeecb
auto commit
rishav-karanjit May 19, 2025
84c4c1c
auto commit
rishav-karanjit May 19, 2025
6f8e915
formatting
rishav-karanjit May 19, 2025
01bbbde
remove comments
rishav-karanjit May 20, 2025
66abd5b
Create key now accepts EC as func param
rishav-karanjit May 20, 2025
504961a
test unexpected ec and formatting:
rishav-karanjit May 20, 2025
c8a0b81
remove dead code
rishav-karanjit May 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
11 changes: 6 additions & 5 deletions .github/workflows/duvet.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,12 @@
# with respect to the specification
name: Duvet report

on:
pull_request:
push:
branches:
- main
# TODO-HV-2 : Re-Enable Duvet once mutations/mutations Duvet is healthy
# on:
# pull_request:
# push:
# branches:
# - main

jobs:
duvet:
Expand Down
116 changes: 116 additions & 0 deletions .github/workflows/library_concurrency_tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
# This workflow performs Concurrency tests of the MPL in Java.
name: Library Concurrency Tests

on:
workflow_call:
inputs:
dafny:
description: "The Dafny version to run"
required: true
type: string
regenerate-code:
description: "Regenerate code using smithy-dafny"
required: false
default: false
type: boolean

jobs:
generateEncryptVectors:
strategy:
matrix:
library: [AwsCryptographicMaterialProviders]
os: [
# https://taskei.amazon.dev/tasks/CrypTool-5283
# windows-latest,
ubuntu-latest,
macos-13,
]
language: [
java,
# net,
# python,
# rust
]
# https://taskei.amazon.dev/tasks/CrypTool-5284
java-versions: [8, 17]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
steps:
- name: Support longpaths on Git checkout
run: |
git config --global core.longpaths true

# Test Vectors need to call KMS
- name: Configure AWS Credentials for Tests
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2
role-session-name: ConcurrencyTests

- uses: actions/checkout@v3
# Not all submodules are needed.
# We manually pull the submodule we DO need.
- run: git submodule update --init libraries
- run: git submodule update --init --recursive smithy-dafny

# Setup Java in Rust is needed for running polymorph
- name: Setup Java 17
if: matrix.language == 'java' || matrix.language == 'rust'
uses: actions/setup-java@v3
with:
distribution: "corretto"
java-version: 17

- name: Setup .NET Core SDK '6.0.x'
uses: actions/setup-dotnet@v3
with:
dotnet-version: "6.0.x"

- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: ${{ inputs.dafny }}

- name: Regenerate code using smithy-dafny if necessary
if: ${{ inputs.regenerate-code }}
uses: ./.github/actions/polymorph_codegen
with:
dafny: ${{ inputs.dafny }}
library: ${{ matrix.library }}
diff-generated-code: false

# Build implementation for each runtime
- name: Build ${{ matrix.library }} implementation in Java
shell: bash
working-directory: ./${{ matrix.library }}
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make build_java CORES=$CORES

- name: Setup gradle
if: matrix.language == 'java'
uses: gradle/gradle-build-action@v2
with:
gradle-version: 7.2

- name: Setup Java ${{matrix.java-versions}}
uses: actions/setup-java@v3
with:
distribution: "corretto"
java-version: ${{matrix.java-versions}}

- name: Compile Java
uses: gradle/gradle-build-action@v3
with:
arguments: build
build-root-directory: ./${{ matrix.library }}/runtimes/java

- name: Test Java
uses: gradle/gradle-build-action@v3
with:
arguments: testConcurrentExamples
build-root-directory: ./${{ matrix.library }}/runtimes/java
66 changes: 66 additions & 0 deletions .github/workflows/library_examples.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
# "Copyright Amazon.com Inc. or its affiliates. All Rights Reserved."
# "SPDX-License-Identifier: CC-BY-SA-4.0"
# This workflow runs any examples.
name: Library Examples
on:
workflow_call:
inputs:
dafny:
description: "The Dafny version to run"
required: true
type: string

jobs:
java:
runs-on: ubuntu-22.04
permissions:
id-token: write
contents: read
defaults:
run:
shell: bash
steps:
- name: Support longpaths on Git checkout
run: |
git config --global core.longpaths true
- name: Configure AWS Credentials for Tests
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2
role-session-name: JavaExampleTests

- uses: actions/checkout@v4
- run: git submodule update --init libraries
- run: git submodule update --init smithy-dafny

- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: ${{ inputs.dafny }}

- name: Setup Java 8
uses: actions/setup-java@v3
with:
distribution: "corretto"
java-version: 8

- name: Build AwsCryptographicMaterialProviders Java implementation
working-directory: ./AwsCryptographicMaterialProviders
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make build_java CORES=$CORES
make mvn_local_deploy

- name: Test AwsCryptographicMaterialProviders Java Examples
working-directory: ./Examples
run: |
make test_java

# These tests are "flacky" and not really neccessary,
# we created them in re-action to a user error with local caches and DDB
# - name: Test AwsCryptographicMaterialProviders Java Concurrent
# working-directory: ./Examples
# run: |
# make test_java_concurrent
11 changes: 7 additions & 4 deletions .github/workflows/library_interop_tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,15 @@ jobs:
strategy:
matrix:
library: [TestVectorsAwsCryptographicMaterialProviders]
os: [
os:
[
# https://taskei.amazon.dev/tasks/CrypTool-5283
# windows-latest,
ubuntu-22.04,
macos-13,
]
language: [java, net, rust, python, go]
#TODO add back rust and go after figuring out build failures
language: [java, net, python]
# https://taskei.amazon.dev/tasks/CrypTool-5284
dotnet-version: ["6.0.x"]
runs-on: ${{ matrix.os }}
Expand Down Expand Up @@ -214,8 +216,9 @@ jobs:
ubuntu-22.04,
macos-13,
]
encrypting_language: [java, net, rust, python, go]
decrypting_language: [java, net, rust, python, go]
#TODO add back rust and go after figuring out build failures
encrypting_language: [java, net, python]
decrypting_language: [java, net, python]
dotnet-version: ["6.0.x"]
runs-on: ${{ matrix.os }}
permissions:
Expand Down
22 changes: 12 additions & 10 deletions .github/workflows/manual.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,21 +37,23 @@ jobs:
with:
dafny: ${{ inputs.dafny }}
regenerate-code: ${{ inputs.regenerate-code }}
manual-ci-rust:
uses: ./.github/workflows/library_rust_tests.yml
with:
dafny: ${{ inputs.dafny }}
regenerate-code: ${{ inputs.regenerate-code }}
# TODO-HV-2-Rust: Removing Rust Runtimes until the underlying issue resolved.
# manual-ci-rust:
# uses: ./.github/workflows/library_rust_tests.yml
# with:
# dafny: ${{ inputs.dafny }}
# regenerate-code: ${{ inputs.regenerate-code }}
manual-ci-python:
uses: ./.github/workflows/library_python_tests.yml
with:
dafny: ${{ inputs.dafny }}
regenerate-code: ${{ inputs.regenerate-code }}
manual-ci-go:
uses: ./.github/workflows/library_go_tests.yml
with:
dafny: ${{ inputs.dafny }}
regenerate-code: ${{ inputs.regenerate-code }}
# TODO-HV-2-Go: Removing Go CI until we rebase or need it
# manual-ci-go:
# uses: ./.github/workflows/library_go_tests.yml
# with:
# dafny: ${{ inputs.dafny }}
# regenerate-code: ${{ inputs.regenerate-code }}
manual-interop-test:
uses: ./.github/workflows/library_interop_tests.yml
with:
Expand Down
46 changes: 29 additions & 17 deletions .github/workflows/pull.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,26 +29,34 @@ jobs:
uses: ./.github/workflows/library_java_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
pr-ci-net:
needs: getVersion
uses: ./.github/workflows/library_net_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
pr-ci-rust:
pr-ci-examples:
needs: getVersion
uses: ./.github/workflows/library_rust_tests.yml
uses: ./.github/workflows/library_examples.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
pr-ci-python:
needs: getVersion
uses: ./.github/workflows/library_python_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
pr-ci-go:
pr-ci-net:
needs: getVersion
uses: ./.github/workflows/library_go_tests.yml
uses: ./.github/workflows/library_net_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
# TODO-HV-2-Rust: Removing Rust until we rebase or need it
# pr-ci-rust:
# needs: getVersion
# uses: ./.github/workflows/library_rust_tests.yml
# with:
# dafny: ${{needs.getVersion.outputs.version}}
# TODO-HV-2-Python: Removing Python until we fix bugs in Dafny/Python transpilation
# pr-ci-python:
# needs: getVersion
# uses: ./.github/workflows/library_python_tests.yml
# with:
# dafny: ${{needs.getVersion.outputs.version}}
# TODO-HV-2-Go: Removing Go CI until we rebase or need it
# pr-ci-go:
# needs: getVersion
# uses: ./.github/workflows/library_go_tests.yml
# with:
# dafny: ${{needs.getVersion.outputs.version}}
pr-interop-test:
needs: getVersion
uses: ./.github/workflows/library_interop_tests.yml
Expand All @@ -65,10 +73,14 @@ jobs:
- pr-ci-verification
- pr-ci-java
- pr-ci-net
- pr-ci-python
- pr-ci-go
- pr-ci-rust
# TODO-HV-2-Python: Removing Python until we fix bugs in Dafny/Python transpilation
# - pr-ci-python
# TODO-HV-2-Go: Removing Go CI until we rebase or need it
# - pr-ci-go
# TODO-HV-2-Rust: Removing Rust until we rebase or need it
# - pr-ci-rust
- pr-interop-test
- pr-ci-examples
runs-on: ubuntu-22.04
steps:
- name: Verify all required jobs passed
Expand Down
22 changes: 12 additions & 10 deletions .github/workflows/push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,21 +36,23 @@ jobs:
uses: ./.github/workflows/library_net_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
push-ci-rust:
needs: getVersion
uses: ./.github/workflows/library_rust_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
# TODO-HV-2-Rust: Removing Rust until we rebase or need it.
# push-ci-rust:
# needs: getVersion
# uses: ./.github/workflows/library_rust_tests.yml
# with:
# dafny: ${{needs.getVersion.outputs.version}}
push-ci-python:
needs: getVersion
uses: ./.github/workflows/library_python_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
push-ci-go:
needs: getVersion
uses: ./.github/workflows/library_go_tests.yml
with:
dafny: ${{needs.getVersion.outputs.version}}
# TODO-HV-2-Go: Removing Go CI until we rebase or need it
# push-ci-go:
# needs: getVersion
# uses: ./.github/workflows/library_go_tests.yml
# with:
# dafny: ${{needs.getVersion.outputs.version}}
pr-interop-test:
needs: getVersion
uses: ./.github/workflows/library_interop_tests.yml
Expand Down
Loading
Loading