From 96bc9bc133a27087a9fb512ef4a2a4fdf15bed32 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Thu, 9 Jan 2025 12:07:02 -0800 Subject: [PATCH 01/29] m --- test_vector_handlers/scripts/install_mpl_test_vector_runner.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index b99226e66..f842d64be 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -11,7 +11,8 @@ cd "$(dirname "$0")" export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==(.+)/\1/') # Clone MPL repo to get test vectors runner source code and the Dafny version to use -git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file export dafnyVersion=$(grep '^dafnyVersion=' aws-cryptographic-material-providers-library/project.properties | cut -d '=' -f 2) From b9351dff14de7fd102bf786aa7d229220ed55b10 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Thu, 9 Jan 2025 12:18:19 -0800 Subject: [PATCH 02/29] m --- test_vector_handlers/scripts/install_mpl_test_vector_runner.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index f842d64be..7bda96c65 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -22,4 +22,5 @@ export PATH="$PWD/dafny:$PATH" # Build MPL test vector runner from source cd aws-cryptographic-material-providers-library/TestVectorsAwsCryptographicMaterialProviders/ +sed -i 's/^\(requires = \["poetry-core"\]\)$/requires = \["poetry-core<2.0.0"\]/' runtimes/python/pyproject.toml make transpile_python From 211c4fb7e0ab379a06ff1e6a53e555fd1d96a928 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Thu, 9 Jan 2025 12:42:24 -0800 Subject: [PATCH 03/29] m --- .../scripts/install_mpl_test_vector_runner.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index 7bda96c65..994d0bc60 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -11,8 +11,8 @@ cd "$(dirname "$0")" export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==(.+)/\1/') # Clone MPL repo to get test vectors runner source code and the Dafny version to use -# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git -git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +# git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file export dafnyVersion=$(grep '^dafnyVersion=' aws-cryptographic-material-providers-library/project.properties | cut -d '=' -f 2) From 74dd412a1a11b1b339b74037b8673257d0349123 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Thu, 9 Jan 2025 13:20:48 -0800 Subject: [PATCH 04/29] m --- test_vector_handlers/scripts/install_mpl_test_vector_runner.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index 994d0bc60..cc3301cac 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -22,5 +22,6 @@ export PATH="$PWD/dafny:$PATH" # Build MPL test vector runner from source cd aws-cryptographic-material-providers-library/TestVectorsAwsCryptographicMaterialProviders/ +sed -i 's/{ path .*}.*/"1.7.4"/' runtimes/python/pyproject.toml sed -i 's/^\(requires = \["poetry-core"\]\)$/requires = \["poetry-core<2.0.0"\]/' runtimes/python/pyproject.toml make transpile_python From 6ed1d6ac2974f1b644dcd664698a56bc0cf2084d Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 17 Mar 2025 10:22:42 -0700 Subject: [PATCH 05/29] m --- .../scripts/install_mpl_test_vector_runner.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index cc3301cac..f842d64be 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -11,8 +11,8 @@ cd "$(dirname "$0")" export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==(.+)/\1/') # Clone MPL repo to get test vectors runner source code and the Dafny version to use -git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git -# git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file export dafnyVersion=$(grep '^dafnyVersion=' aws-cryptographic-material-providers-library/project.properties | cut -d '=' -f 2) @@ -22,6 +22,4 @@ export PATH="$PWD/dafny:$PATH" # Build MPL test vector runner from source cd aws-cryptographic-material-providers-library/TestVectorsAwsCryptographicMaterialProviders/ -sed -i 's/{ path .*}.*/"1.7.4"/' runtimes/python/pyproject.toml -sed -i 's/^\(requires = \["poetry-core"\]\)$/requires = \["poetry-core<2.0.0"\]/' runtimes/python/pyproject.toml make transpile_python From efa708b93e50e9124d76ebf77cc125514f292996 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 17 Mar 2025 10:45:40 -0700 Subject: [PATCH 06/29] m --- performance_tests/requirements_mpl.txt | 1 - requirements_mpl.txt | 1 - test_vector_handlers/requirements_mpl.txt | 1 - 3 files changed, 3 deletions(-) diff --git a/performance_tests/requirements_mpl.txt b/performance_tests/requirements_mpl.txt index 1615fff0d..e69de29bb 100644 --- a/performance_tests/requirements_mpl.txt +++ b/performance_tests/requirements_mpl.txt @@ -1 +0,0 @@ -aws-cryptographic-material-providers==1.7.4 \ No newline at end of file diff --git a/requirements_mpl.txt b/requirements_mpl.txt index f1a309033..e69de29bb 100644 --- a/requirements_mpl.txt +++ b/requirements_mpl.txt @@ -1 +0,0 @@ -aws-cryptographic-material-providers==1.7.4 diff --git a/test_vector_handlers/requirements_mpl.txt b/test_vector_handlers/requirements_mpl.txt index f1a309033..e69de29bb 100644 --- a/test_vector_handlers/requirements_mpl.txt +++ b/test_vector_handlers/requirements_mpl.txt @@ -1 +0,0 @@ -aws-cryptographic-material-providers==1.7.4 From f4e4d48b151d2415f0c6f0371018f8298ffe49ac Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 17 Mar 2025 10:46:17 -0700 Subject: [PATCH 07/29] m --- performance_tests/requirements_mpl.txt | 1 + requirements_mpl.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/performance_tests/requirements_mpl.txt b/performance_tests/requirements_mpl.txt index e69de29bb..1615fff0d 100644 --- a/performance_tests/requirements_mpl.txt +++ b/performance_tests/requirements_mpl.txt @@ -0,0 +1 @@ +aws-cryptographic-material-providers==1.7.4 \ No newline at end of file diff --git a/requirements_mpl.txt b/requirements_mpl.txt index e69de29bb..f1a309033 100644 --- a/requirements_mpl.txt +++ b/requirements_mpl.txt @@ -0,0 +1 @@ +aws-cryptographic-material-providers==1.7.4 From 9444c10766cc2f8c77a7d06f645fe4c749709327 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 17 Mar 2025 10:48:07 -0700 Subject: [PATCH 08/29] m --- codebuild/py310/decrypt_dafny_esdk_vectors.yml | 4 ++-- codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml | 4 ++-- codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml | 4 ++-- codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml | 4 ++-- codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml | 4 ++-- codebuild/py38/decrypt_dafny_esdk_vectors.yml | 4 ++-- codebuild/py39/decrypt_dafny_esdk_vectors.yml | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/codebuild/py310/decrypt_dafny_esdk_vectors.yml b/codebuild/py310/decrypt_dafny_esdk_vectors.yml index 505f3157c..036570e45 100644 --- a/codebuild/py310/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py310/decrypt_dafny_esdk_vectors.yml @@ -28,7 +28,7 @@ phases: MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)') - | echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID" @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml index 1eadf2958..e7f830be6 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml @@ -30,7 +30,7 @@ phases: MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)') - | echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID" @@ -38,7 +38,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml index 6106906b5..1d955c4dc 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml @@ -28,7 +28,7 @@ phases: MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)') - | echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID" @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml index 2a8439253..3b3867137 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml @@ -30,7 +30,7 @@ phases: MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)') - | echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID" @@ -38,7 +38,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml index b375651c5..454535c6d 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml @@ -28,7 +28,7 @@ phases: MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)') - | echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID" @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py38/decrypt_dafny_esdk_vectors.yml b/codebuild/py38/decrypt_dafny_esdk_vectors.yml index 968a74690..eb1ae327d 100644 --- a/codebuild/py38/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py38/decrypt_dafny_esdk_vectors.yml @@ -28,7 +28,7 @@ phases: MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)') - | echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID" @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py39/decrypt_dafny_esdk_vectors.yml b/codebuild/py39/decrypt_dafny_esdk_vectors.yml index ddb50db1c..e2a587c90 100644 --- a/codebuild/py39/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py39/decrypt_dafny_esdk_vectors.yml @@ -28,7 +28,7 @@ phases: MOST_RECENT_RUN_ID=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs?branch=mainline&status=completed&page=1&exclude_pull_requests=true" \ | jq 'first(.workflow_runs[] | select(.name=="Daily CI") | .id)') - | echo "DEBUG: Fetching artifact from run $MOST_RECENT_RUN_ID" @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk-dafny/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" From 1ad14de24af27cd34b1c02ef32ff26746c442df1 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 24 Mar 2025 11:18:15 -0700 Subject: [PATCH 09/29] m --- CHANGELOG.rst | 17 ++ README.rst | 2 +- performance_tests/README.rst | 2 +- performance_tests/requirements_mpl.txt | 2 +- requirements_mpl.txt | 2 +- setup.py | 5 +- .../internal/formatting/deserialize.py | 11 ++ .../internal/formatting/serialize.py | 26 +++- test/unit/test_deserialize.py | 10 ++ test/unit/test_serialize.py | 146 ++++++++++++++++++ test/unit/test_values.py | 62 ++++++++ test_vector_handlers/requirements_mpl.txt | 2 +- 12 files changed, 272 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 56cba75a2..c69068a34 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,22 @@ Changelog ********* +4.0.1 -- 2025-03-XX + +Fixes +----------- +* fix: Improve header serialization + `#TODO `_ + ESDK-Python <4.0.1 would truncate non-ASCII key provider IDs it wrote to message headers. + If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key provider ID / key namespace, + ESDK-Python would truncate the the key provider ID it wrote to the message's header. + The message can be decrypted by replacing the truncated provider ID with the expected provider ID in decryption code. + Contact AWS for any questions about this approach. + +Maintenance +----------- +* deps: Extend supported `MPL`_ version to include 1.9.1 + 4.0.0 -- 2024-10-29 =================== @@ -425,6 +441,7 @@ Minor =================== * Initial public release +.. _MPL: https://github.com/aws/aws-cryptographic-material-providers-library .. _breaking changes in attrs 17.1.0: https://attrs.readthedocs.io/en/stable/changelog.html .. _tox: https://tox.readthedocs.io/en/latest/ .. _pylint: https://www.pylint.org/ diff --git a/README.rst b/README.rst index b968ae13e..8fb3f1112 100644 --- a/README.rst +++ b/README.rst @@ -42,7 +42,7 @@ Required Prerequisites Recommended Prerequisites ========================= -* aws-cryptographic-material-providers: == 1.7.4 +* aws-cryptographic-material-providers: >=1.7.4 * Requires Python 3.11+. Installation diff --git a/performance_tests/README.rst b/performance_tests/README.rst index ee3dd797b..ad76bd949 100644 --- a/performance_tests/README.rst +++ b/performance_tests/README.rst @@ -49,7 +49,7 @@ Required Prerequisites Recommended Prerequisites ========================= -* aws-cryptographic-material-providers: == 1.7.4 +* aws-cryptographic-material-providers: >= 1.7.4 * Requires Python 3.11+. ***** diff --git a/performance_tests/requirements_mpl.txt b/performance_tests/requirements_mpl.txt index 1615fff0d..de91c0409 100644 --- a/performance_tests/requirements_mpl.txt +++ b/performance_tests/requirements_mpl.txt @@ -1 +1 @@ -aws-cryptographic-material-providers==1.7.4 \ No newline at end of file +aws-cryptographic-material-providers>=1.7.4,<=1.9.1 \ No newline at end of file diff --git a/requirements_mpl.txt b/requirements_mpl.txt index f1a309033..33869cafe 100644 --- a/requirements_mpl.txt +++ b/requirements_mpl.txt @@ -1 +1 @@ -aws-cryptographic-material-providers==1.7.4 +aws-cryptographic-material-providers>=1.7.4,<=1.9.1 diff --git a/setup.py b/setup.py index ab5ac71a3..482f3093d 100644 --- a/setup.py +++ b/setup.py @@ -39,11 +39,8 @@ def get_requirements(): keywords="aws-encryption-sdk aws kms encryption", license="Apache License 2.0", install_requires=get_requirements(), - # pylint: disable=fixme - # TODO-MPL: Point at PyPI once MPL is released. - # This blocks releasing ESDK-Python MPL integration. extras_require={ - "MPL": ["aws-cryptographic-material-providers==1.7.4"], + "MPL": ["aws-cryptographic-material-providers<=1.9.1"], }, classifiers=[ "Development Status :: 5 - Production/Stable", diff --git a/src/aws_encryption_sdk/internal/formatting/deserialize.py b/src/aws_encryption_sdk/internal/formatting/deserialize.py index 4511ebb69..c90dc9124 100644 --- a/src/aws_encryption_sdk/internal/formatting/deserialize.py +++ b/src/aws_encryption_sdk/internal/formatting/deserialize.py @@ -145,6 +145,17 @@ def deserialize_encrypted_data_keys(stream, max_encrypted_data_keys=None): (key_provider_information,) = unpack_values(">{}s".format(key_provider_information_length), stream) (encrypted_data_key_length,) = unpack_values(">H", stream) encrypted_data_key = stream.read(encrypted_data_key_length) + # ESDK-Python <4.0.1 incorrectly computed the key provider length for non-ASCII key provider IDs. + # The length in the header was computed as the length of the key provider ID as a string instead of + # the length of the key provider ID as UTF-8 bytes. + # If a non-ASCII key provider ID were supplied, the key provider ID's UTF-8 bytes written to the header + # would be truncated, and attempting to decrypt the message would result in a deserialization error. + # That error would be raised when calling `to_str(key_provider_identifier)` below. + # An impacted message can be decrypted by replacing the truncated provider ID with the expected provider ID + # in decryption code. + # Contact AWS for any questions about this approach. + # ESDK-Python >=4.0.1 corrects the serialization logic and writes the correct length and expected bytes + # to the message header. encrypted_data_keys.add( EncryptedDataKey( key_provider=MasterKeyInfo( diff --git a/src/aws_encryption_sdk/internal/formatting/serialize.py b/src/aws_encryption_sdk/internal/formatting/serialize.py index c9679a08d..27e98c399 100644 --- a/src/aws_encryption_sdk/internal/formatting/serialize.py +++ b/src/aws_encryption_sdk/internal/formatting/serialize.py @@ -35,16 +35,30 @@ def serialize_encrypted_data_key(encrypted_data_key): "H" # encrypted data key length "{enc_data_key_len}s" # encrypted data key ) + # ESDK-Python <4.0.1 incorrectly computed len_key_provider_id_bytes for non-ASCII key provider IDs. + # len_key_provider_id_bytes was computed as the length of the key provider ID as a string instead of + # the length of the key provider ID as UTF-8 bytes. + # If a non-ASCII key provider ID were supplied, the key provider ID as UTF-8 bytes written to the header + # would be truncated, and attempting to decrypt the message would result in a deserialization error. + # The message can be decrypted by replacing the truncated provider ID with the expected provider ID + # in decryption code. + # Contact AWS for any questions about this approach. + # ESDK-Python >=4.0.1 corrects the serialization logic and writes the correct length and expected bytes + # to the message header. + key_provider_id_bytes = to_bytes(encrypted_data_key.key_provider.provider_id) + len_key_provider_id_bytes = len(key_provider_id_bytes) + key_info_bytes = to_bytes(encrypted_data_key.key_provider.key_info) + len_key_info_bytes = len(key_info_bytes) return struct.pack( encrypted_data_key_format.format( - provider_id_len=len(encrypted_data_key.key_provider.provider_id), - provider_info_len=len(encrypted_data_key.key_provider.key_info), + provider_id_len=len_key_provider_id_bytes, + provider_info_len=len_key_info_bytes, enc_data_key_len=len(encrypted_data_key.encrypted_data_key), ), - len(encrypted_data_key.key_provider.provider_id), - to_bytes(encrypted_data_key.key_provider.provider_id), - len(encrypted_data_key.key_provider.key_info), - to_bytes(encrypted_data_key.key_provider.key_info), + len_key_provider_id_bytes, + key_provider_id_bytes, + len_key_info_bytes, + key_info_bytes, len(encrypted_data_key.encrypted_data_key), encrypted_data_key.encrypted_data_key, ) diff --git a/test/unit/test_deserialize.py b/test/unit/test_deserialize.py index fc77634c2..f0273c428 100644 --- a/test/unit/test_deserialize.py +++ b/test/unit/test_deserialize.py @@ -265,6 +265,16 @@ def test_deserialize_body_frame_final(self): assert test_body == VALUES["deserialized_body_final_frame_single"] assert test_final + def test_GIVEN_final_frame_content_length_equals_header_frame_length_WHEN_deserialize_header_THEN_no_error(self): + """Validate that the deserialize_body_frame function + behaves as expected for a valid final body frame + where the final frame length equals the header frame length. + """ + stream = io.BytesIO(VALUES["serialized_final_frame_512_length"]) + aws_encryption_sdk.internal.formatting.deserialize.deserialize_frame( + stream=stream, header=VALUES["deserialized_header_frame_512_frame"] + ) + def test_deserialize_body_frame_final_invalid_final_frame_length(self): """Validate that the deserialize_body_frame function behaves as expected for a valid final body frame. diff --git a/test/unit/test_serialize.py b/test/unit/test_serialize.py index 4bcd703d8..1df4d1bd7 100644 --- a/test/unit/test_serialize.py +++ b/test/unit/test_serialize.py @@ -1,9 +1,13 @@ # Copyright Amazon.com Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 """Unit test suite for aws_encryption_sdk.internal.formatting.serialize""" +import io +import struct + import pytest from mock import MagicMock, patch, sentinel +import aws_encryption_sdk.internal.formatting.deserialize import aws_encryption_sdk.internal.formatting.serialize from aws_encryption_sdk.exceptions import SerializationError from aws_encryption_sdk.identifiers import ContentAADString, SerializationVersion @@ -15,6 +19,8 @@ pytestmark = [pytest.mark.unit, pytest.mark.local] +provider_input_strings = ["", "abc", "𐀂", "abc𐀂", "𐀂abc", "秘密代码", "abc秘密代码", "秘密代码abc", "秘密代码abc𐀂", "𐀂abc秘密代码123𐀂"] + @pytest.mark.parametrize( "sequence_number, error_message", @@ -80,6 +86,146 @@ def apply_fixtures(self): self.mock_encrypt_patcher.stop() self.mock_valid_frame_length_patcher.stop() + @pytest.mark.parametrize("provider_id", provider_input_strings) + @pytest.mark.parametrize("provider_info", provider_input_strings) + def test_GIVEN_valid_encrypted_data_key_WHEN_serialize_encrypted_data_key_THEN_deserialize_equals_input( + self, + provider_id, + provider_info, + ): + # Given: Some valid encrypted data key + key_provider = MasterKeyInfo(provider_id=provider_id, key_info=provider_info) + encrypted_data_key = EncryptedDataKey( + key_provider=key_provider, encrypted_data_key=VALUES["encrypted_data_key"] + ) + + # When: serialize_encrypted_data_key + serialized_edk = aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key( + encrypted_data_key=encrypted_data_key + ) + + # Then: Can deserialize the value + serialized_edks = bytes() + # Hardcode to have only 1 EDK + serialized_edks += struct.pack(">H", 1) + serialized_edks += serialized_edk + # Deserialization must not raise exception + deserialized = aws_encryption_sdk.internal.formatting.deserialize.deserialize_encrypted_data_keys( + stream=io.BytesIO(serialized_edks) + ) + assert deserialized == {encrypted_data_key} + assert len(deserialized) == 1 + deserialized_edk = list(deserialized)[0] + assert deserialized_edk.key_provider == encrypted_data_key.key_provider + assert deserialized_edk.key_provider.provider_id == encrypted_data_key.key_provider.provider_id + assert deserialized_edk.key_provider.key_info == encrypted_data_key.key_provider.key_info + assert deserialized_edk.encrypted_data_key == encrypted_data_key.encrypted_data_key + + @pytest.mark.parametrize("edk_1_provider_id", provider_input_strings) + @pytest.mark.parametrize("edk_1_provider_info", provider_input_strings) + @pytest.mark.parametrize("edk_2_provider_id", provider_input_strings) + @pytest.mark.parametrize("edk_2_provider_info", provider_input_strings) + def test_GIVEN_two_distinct_valid_encrypted_data_keys_WHEN_serialize_encrypted_data_keys_THEN_deserialize_equals_inputs( # noqa pylint: disable=line-too-long + self, + edk_1_provider_id, + edk_1_provider_info, + edk_2_provider_id, + edk_2_provider_info, + ): + # pylint: disable=too-many-locals + # Given: Two distinct valid encrypted data keys + edk_1_key_provider = MasterKeyInfo(provider_id=edk_1_provider_id, key_info=edk_1_provider_info) + encrypted_data_key_1 = EncryptedDataKey( + key_provider=edk_1_key_provider, encrypted_data_key=VALUES["encrypted_data_key"] + ) + + edk_2_key_provider = MasterKeyInfo(provider_id=edk_2_provider_id, key_info=edk_2_provider_info) + encrypted_data_key_2 = EncryptedDataKey( + key_provider=edk_2_key_provider, encrypted_data_key=VALUES["encrypted_data_key"] + ) + + # Must be distinct + if encrypted_data_key_1 == encrypted_data_key_2: + return + + # When: serialize_encrypted_data_key + serialized_edk_1 = aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key( + encrypted_data_key=encrypted_data_key_1 + ) + serialized_edk_2 = aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key( + encrypted_data_key=encrypted_data_key_2 + ) + + # Then: Can deserialize the value + serialized_edks = bytes() + # Hardcode to have only 2 EDKs + serialized_edks += struct.pack(">H", 2) + serialized_edks += serialized_edk_1 + serialized_edks += serialized_edk_2 + # Deserialization must not raise exception + deserialized = aws_encryption_sdk.internal.formatting.deserialize.deserialize_encrypted_data_keys( + stream=io.BytesIO(serialized_edks) + ) + assert deserialized == {encrypted_data_key_1, encrypted_data_key_2} + assert len(deserialized) == 2 + deserialized_edk_list = list(deserialized) + + deserialized_edk_some = deserialized_edk_list[0] + deserialized_edk_other = deserialized_edk_list[1] + + assert ( + (deserialized_edk_some == encrypted_data_key_1 and deserialized_edk_other == encrypted_data_key_2) + or (deserialized_edk_some == encrypted_data_key_2 and deserialized_edk_other == encrypted_data_key_1) + ) + + def test_GIVEN_invalid_encrypted_data_key_WHEN_serialize_THEN_raises_UnicodeEncodeError( + self, + ): + # Given: Some invalid encrypted data key + + # This is invalid because "\ud800\udc02" cannot be encoded to UTF-8. + # This value MUST be able to be encoded to UTF-8, or serialization will fail. + invalid_provider_string = "\ud800\udc02" + + # Then: raises UnicodeEncodeError + with pytest.raises(UnicodeEncodeError): + key_provider = MasterKeyInfo(provider_id=invalid_provider_string, key_info=invalid_provider_string) + + encrypted_data_key = EncryptedDataKey( + key_provider=key_provider, encrypted_data_key=VALUES["encrypted_data_key"] + ) + + # When: serialize_encrypted_data_key + aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key( + encrypted_data_key=encrypted_data_key + ) + + # Then: raises UnicodeEncodeError + with pytest.raises(UnicodeEncodeError): + key_provider = MasterKeyInfo(provider_id=invalid_provider_string, key_info="abc") + + encrypted_data_key = EncryptedDataKey( + key_provider=key_provider, encrypted_data_key=VALUES["encrypted_data_key"] + ) + + # When: serialize_encrypted_data_key + aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key( + encrypted_data_key=encrypted_data_key + ) + + # Then: raises UnicodeEncodeError + with pytest.raises(UnicodeEncodeError): + key_provider = MasterKeyInfo(provider_id="abc", key_info=invalid_provider_string) + + encrypted_data_key = EncryptedDataKey( + key_provider=key_provider, encrypted_data_key=VALUES["encrypted_data_key"] + ) + + # When: serialize_encrypted_data_key + aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key( + encrypted_data_key=encrypted_data_key + ) + def test_serialize_header_v1(self): """Validate that the _serialize_header function behaves as expected. diff --git a/test/unit/test_values.py b/test/unit/test_values.py index 9ae2df354..6e5883127 100644 --- a/test/unit/test_values.py +++ b/test/unit/test_values.py @@ -230,6 +230,49 @@ def array_byte(source): VALUES["final_frame_base"].tag, ] ) +# This is a valid frame from a ESDK-.NET-encrypted message. +# ESDK Python versions before v4.0.0 would raise a SerializationError when deserializing this frame +# because its frame length (512; the b"\x00\x00\x02\x00" string) +# equals the configured frame length. +# In other ESDK implementations, the final frame length would never equal the frame length +# because they would append an empty final frame. +# Both are valid implementations of the ESDK specification, +# and the ESDK-Python must support this case. +VALUES["serialized_final_frame_512_length"] = b"".join( + [ + b"\xff\xff\xff\xff", + b"\x00\x00\x00\x14", + b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14', + b"\x00\x00\x02\x00", + b'''\x87r+k7 \xc7\xc3\xbf)T.8,}\xc5a.H]\x16/08k2 + )\xb5QB\xccP\xc2\xc6\xeanf\x06Z7\xbb\xcd\x87L\xa6 + ~~\xdc\xab~\x0e\xf6\x05\n\xa9\x94X[\xb8En?x$\x11 + \x10\x84g0i\xeai\xf9\x8c\xe6}\xc3\xa1Gig\xbdA\x1an + \x1b\x9d\xf1\rW\xc8\xad|\x04hSt\x10\xc7\x0e\'\x8f + \xe8\x94\x9d\xdb\x82\xdb"\x95\xbc\xf5\xc5\xd0\xddQ + \xba\xaa\xbf6\x1e\xd8\xffB\xed\xee\xda1\x15\xf6=x + \xe14\xe7\xf5\xb7t\x10\x11\xa4!,!\xfa\xc7\xf1\t\xf7 + \xc3X?eI\xcdk\xf3\xb5\x80b\xdd;*\xe9\x9c\xd5\x83[\xc4c + \xe4[mA\x87\xd9\x94g\xd6\\<\xd1\xff\xcc<\xef\xe2\xbc\xda> + \xda|\xa1L\xd1\xf4u\x07Y\x13\xa3\xd4\x15\x1fS\x98\x00^ + \x1d^\xcdu\x17\xc8.\xfb\x9d\xaaU\xbf\x8f\xa96%YPX\xe6 + \xf5\\\x141\xe5\xdd\x9a,\xc7d\xca\xffQ\x02:\xd87s:\x9a + \xdf\xd5\'\xf0!\x13\xafuU\xf7w\x15\xbd\xecS \xf2h\xa4 + \xdd\xfb9\xbb\xb3\xd7?3\xc0\xeed\x0e\x17\x1b\xccN\xf9)s + \xd1\x97\x84\xb6\xce5\xca\x9b\xde\xa9\x0e$>x\xd9\x9cD= + \xd5\xa3\xa1qb#\x8c\xc1\x81Nv\x8dA0\'{~\x1c\xf1?\n\x7fAX\x9f, + \xe1\xe6d\xc5\xed\x9e\xa9o\x1bpp\xac\x1b\x03P\xd8\xae\xd6\xf6 + \xaca;N\xd6C\x08\x99!\x0bU8\x85(g\xe6\x8fD\xf7\x19\xb0]4 + \x19hB\x15\xa7\xee\xd8\xc0\xe9D\x850\xb6\x05\xd1\xa3`%\xcb + \xfb\x88&"\xdfnm\xa6\xf1X\xc4\x84\x1c\xc3\xe8]\x05mh$\xff]= + \xab\xa2p\x8e\x82:U\xef\xf3\x86X\xe16\x1f\xc7\x7f\x8dv\x1a + \xe4\r5\x8a\xea\x90\xb2\x1cA(\x9b\xedyT0\xd4h\tJ\xa4<\x07C9 + \xa3a]\x7f\x17Ak\x1d\xb9gA\x04\xbaq\xe5(y-\xc4!\x87\xa83 + \xdd\xf3\xea\xa7\x12X\xb6l\x98\xdf,\xc8\xe6\x9f7\xb0\xcd + \xb3\x9a\xf4\xe7a"H\xd9L\xd7.\x0f\x7f1W''', + b'XK#8\xb3\xab\x07\x11\x94\xf7\xac\xea\xd0g\x9b#', + ] +) VALUES["serialized_final_frame_bad_length"] = b"".join( [ b"\xff\xff\xff\xff", @@ -361,6 +404,25 @@ def array_byte(source): header_iv_length=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384.iv_len, frame_length=2 ** 16, ) +VALUES["deserialized_header_frame_512_frame"] = MessageHeader( + version=SerializationVersion.V1, + type=ObjectType.CUSTOMER_AE_DATA, + algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384, + message_id=VALUES["message_id"], + encryption_context=VALUES["updated_encryption_context"], + encrypted_data_keys=set( + [ + EncryptedDataKey( + key_provider=VALUES["data_keys"][0].key_provider, + encrypted_data_key=VALUES["data_keys"][0].encrypted_data_key, + ) + ] + ), + content_type=ContentType.FRAMED_DATA, + content_aad_length=0, + header_iv_length=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384.iv_len, + frame_length=512, +) VALUES["deserialized_header_small_frame"] = MessageHeader( version=SerializationVersion.V1, type=ObjectType.CUSTOMER_AE_DATA, diff --git a/test_vector_handlers/requirements_mpl.txt b/test_vector_handlers/requirements_mpl.txt index f1a309033..cb31c5e02 100644 --- a/test_vector_handlers/requirements_mpl.txt +++ b/test_vector_handlers/requirements_mpl.txt @@ -1 +1 @@ -aws-cryptographic-material-providers==1.7.4 +aws-cryptographic-material-providers==1.7.4,<=1.9.1 From b0d1ff4b3530cd7d739b239fc7ae40a6d8a4942c Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 24 Mar 2025 11:20:07 -0700 Subject: [PATCH 10/29] new artifact name --- codebuild/py310/decrypt_dafny_esdk_vectors.yml | 2 +- codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml | 2 +- codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml | 2 +- codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml | 2 +- codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml | 2 +- codebuild/py38/decrypt_dafny_esdk_vectors.yml | 2 +- codebuild/py39/decrypt_dafny_esdk_vectors.yml | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/codebuild/py310/decrypt_dafny_esdk_vectors.yml b/codebuild/py310/decrypt_dafny_esdk_vectors.yml index 036570e45..b348653bb 100644 --- a/codebuild/py310/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py310/decrypt_dafny_esdk_vectors.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml index e7f830be6..0ce3b704a 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml @@ -38,7 +38,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml index 1d955c4dc..b2715bff3 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml index 3b3867137..9f2723413 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml @@ -38,7 +38,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml index 454535c6d..250d7624b 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py38/decrypt_dafny_esdk_vectors.yml b/codebuild/py38/decrypt_dafny_esdk_vectors.yml index eb1ae327d..e1cf92d1f 100644 --- a/codebuild/py38/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py38/decrypt_dafny_esdk_vectors.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" diff --git a/codebuild/py39/decrypt_dafny_esdk_vectors.yml b/codebuild/py39/decrypt_dafny_esdk_vectors.yml index e2a587c90..b3c866021 100644 --- a/codebuild/py39/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py39/decrypt_dafny_esdk_vectors.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" From 81d8163df93c98a2464f6c6bd88f77872eb4959a Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 24 Mar 2025 12:01:20 -0700 Subject: [PATCH 11/29] m --- test_vector_handlers/scripts/install_mpl_test_vector_runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index f842d64be..c1bae7521 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -11,7 +11,7 @@ cd "$(dirname "$0")" export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==(.+)/\1/') # Clone MPL repo to get test vectors runner source code and the Dafny version to use -# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file From 94e261e09e48d5eebb2829c297e5e8c88e363caa Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 24 Mar 2025 12:02:25 -0700 Subject: [PATCH 12/29] m --- codebuild/py310/decrypt_net_401_vectors.yml | 2 +- codebuild/py311/decrypt_net_401_vectors_keyrings.yml | 2 +- codebuild/py311/decrypt_net_401_vectors_masterkey.yml | 2 +- codebuild/py312/decrypt_hkeyring_with_net.yml | 6 +++--- codebuild/py312/decrypt_net_401_vectors_keyrings.yml | 2 +- codebuild/py312/decrypt_net_401_vectors_masterkey.yml | 2 +- codebuild/py38/decrypt_net_401_vectors.yml | 2 +- codebuild/py39/decrypt_net_401_vectors.yml | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/codebuild/py310/decrypt_net_401_vectors.yml b/codebuild/py310/decrypt_net_401_vectors.yml index 82ac642d9..0d81b349e 100644 --- a/codebuild/py310/decrypt_net_401_vectors.yml +++ b/codebuild/py310/decrypt_net_401_vectors.yml @@ -21,7 +21,7 @@ phases: commands: # Fetch ESDK .NET v4.0.1 Test Vectors - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip - - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip + - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip - curl -s --output $VECTOR_ZIP --location $VECTORS_URL - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR diff --git a/codebuild/py311/decrypt_net_401_vectors_keyrings.yml b/codebuild/py311/decrypt_net_401_vectors_keyrings.yml index b5e7d7233..0cae98c4d 100644 --- a/codebuild/py311/decrypt_net_401_vectors_keyrings.yml +++ b/codebuild/py311/decrypt_net_401_vectors_keyrings.yml @@ -23,7 +23,7 @@ phases: - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh # Fetch ESDK .NET v4.0.1 Test Vectors - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip - - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip + - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip - curl -s --output $VECTOR_ZIP --location $VECTORS_URL - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR diff --git a/codebuild/py311/decrypt_net_401_vectors_masterkey.yml b/codebuild/py311/decrypt_net_401_vectors_masterkey.yml index f6f0482e7..157e732f8 100644 --- a/codebuild/py311/decrypt_net_401_vectors_masterkey.yml +++ b/codebuild/py311/decrypt_net_401_vectors_masterkey.yml @@ -31,7 +31,7 @@ phases: # Fetch ESDK .NET v4.0.1 Test Vectors - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip - - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip + - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip - curl -s --output $VECTOR_ZIP --location $VECTORS_URL - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR diff --git a/codebuild/py312/decrypt_hkeyring_with_net.yml b/codebuild/py312/decrypt_hkeyring_with_net.yml index 1a1ab1827..c66ccca1d 100644 --- a/codebuild/py312/decrypt_hkeyring_with_net.yml +++ b/codebuild/py312/decrypt_hkeyring_with_net.yml @@ -25,15 +25,15 @@ phases: - export DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="${PWD}/312_hkeyring_reccmm_manifest/manifest.json" # Clone SDK-Dafny repo to get test vectors runner source code and the Dafny version to use - - git clone --recurse-submodules https://github.com/aws/aws-encryption-sdk-dafny.git + - git clone --recurse-submodules https://github.com/aws/aws-encryption-sdk.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file - - export dafnyVersion=$(grep '^dafnyVersion=' aws-encryption-sdk-dafny/AwsEncryptionSDK/project.properties | cut -d '=' -f 2) + - export dafnyVersion=$(grep '^dafnyVersion=' aws-encryption-sdk/AwsEncryptionSDK/project.properties | cut -d '=' -f 2) - curl https://github.com/dafny-lang/dafny/releases/download/v$dafnyVersion/dafny-$dafnyVersion-x64-ubuntu-20.04.zip -L -o dafny.zip - unzip -qq dafny.zip && rm dafny.zip - export PATH="$PWD/dafny:$PATH" # Build MPL test vector runner from source - - cd aws-encryption-sdk-dafny/mpl/TestVectorsAwsCryptographicMaterialProviders/ + - cd aws-encryption-sdk/mpl/TestVectorsAwsCryptographicMaterialProviders/ - make transpile_net # Change ESDK TestVectors project to reference the published .NET ESDK diff --git a/codebuild/py312/decrypt_net_401_vectors_keyrings.yml b/codebuild/py312/decrypt_net_401_vectors_keyrings.yml index 3156e06ab..281023f53 100644 --- a/codebuild/py312/decrypt_net_401_vectors_keyrings.yml +++ b/codebuild/py312/decrypt_net_401_vectors_keyrings.yml @@ -23,7 +23,7 @@ phases: - sh test_vector_handlers/scripts/install_mpl_test_vector_runner.sh # Fetch ESDK .NET v4.0.1 Test Vectors - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip - - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip + - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip - curl -s --output $VECTOR_ZIP --location $VECTORS_URL - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR diff --git a/codebuild/py312/decrypt_net_401_vectors_masterkey.yml b/codebuild/py312/decrypt_net_401_vectors_masterkey.yml index 5d1ef9d94..81daba522 100644 --- a/codebuild/py312/decrypt_net_401_vectors_masterkey.yml +++ b/codebuild/py312/decrypt_net_401_vectors_masterkey.yml @@ -31,7 +31,7 @@ phases: # Fetch ESDK .NET v4.0.1 Test Vectors - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip - - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip + - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip - curl -s --output $VECTOR_ZIP --location $VECTORS_URL - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR diff --git a/codebuild/py38/decrypt_net_401_vectors.yml b/codebuild/py38/decrypt_net_401_vectors.yml index 298711975..91163f14d 100644 --- a/codebuild/py38/decrypt_net_401_vectors.yml +++ b/codebuild/py38/decrypt_net_401_vectors.yml @@ -21,7 +21,7 @@ phases: commands: # Fetch ESDK .NET v4.0.1 Test Vectors - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip - - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip + - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip - curl -s --output $VECTOR_ZIP --location $VECTORS_URL - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR diff --git a/codebuild/py39/decrypt_net_401_vectors.yml b/codebuild/py39/decrypt_net_401_vectors.yml index 635abc95b..d8a9ff453 100644 --- a/codebuild/py39/decrypt_net_401_vectors.yml +++ b/codebuild/py39/decrypt_net_401_vectors.yml @@ -21,7 +21,7 @@ phases: commands: # Fetch ESDK .NET v4.0.1 Test Vectors - VECTOR_ZIP=$CODEBUILD_SRC_DIR/v4-Net-4.0.1.zip - - VECTORS_URL=https://github.com/aws/aws-encryption-sdk-dafny/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip + - VECTORS_URL=https://github.com/aws/aws-encryption-sdk/raw/mainline/AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources/v4-Net-4.0.1.zip - curl -s --output $VECTOR_ZIP --location $VECTORS_URL - UNZIPPED_VECTORS_DIR=$CODEBUILD_SRC_DIR/test_vector_handlers/net_401_vectors - unzip $VECTOR_ZIP -d $UNZIPPED_VECTORS_DIR From dfc29ada8b3893e165c1eecbf84cd53752274ca7 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 24 Mar 2025 12:36:09 -0700 Subject: [PATCH 13/29] m --- codebuild/py312/decrypt_hkeyring_with_net.yml | 2 +- test_vector_handlers/scripts/install_mpl_test_vector_runner.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/codebuild/py312/decrypt_hkeyring_with_net.yml b/codebuild/py312/decrypt_hkeyring_with_net.yml index c66ccca1d..e1816282b 100644 --- a/codebuild/py312/decrypt_hkeyring_with_net.yml +++ b/codebuild/py312/decrypt_hkeyring_with_net.yml @@ -27,7 +27,7 @@ phases: # Clone SDK-Dafny repo to get test vectors runner source code and the Dafny version to use - git clone --recurse-submodules https://github.com/aws/aws-encryption-sdk.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file - - export dafnyVersion=$(grep '^dafnyVersion=' aws-encryption-sdk/AwsEncryptionSDK/project.properties | cut -d '=' -f 2) + - export dafnyVersion=$(grep '^dafnyVersion=' aws-encryption-sdk/project.properties | cut -d '=' -f 2) - curl https://github.com/dafny-lang/dafny/releases/download/v$dafnyVersion/dafny-$dafnyVersion-x64-ubuntu-20.04.zip -L -o dafny.zip - unzip -qq dafny.zip && rm dafny.zip - export PATH="$PWD/dafny:$PATH" diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index c1bae7521..f842d64be 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -11,7 +11,7 @@ cd "$(dirname "$0")" export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==(.+)/\1/') # Clone MPL repo to get test vectors runner source code and the Dafny version to use -# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file From 3eafdf36eba4c396275d85e2d1c75671507b5fe6 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 24 Mar 2025 12:40:48 -0700 Subject: [PATCH 14/29] m --- codebuild/py310/decrypt_dafny_esdk_vectors.yml | 4 ++-- codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml | 4 ++-- codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml | 4 ++-- codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml | 4 ++-- codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml | 4 ++-- codebuild/py38/decrypt_dafny_esdk_vectors.yml | 4 ++-- codebuild/py39/decrypt_dafny_esdk_vectors.yml | 4 ++-- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/codebuild/py310/decrypt_dafny_esdk_vectors.yml b/codebuild/py310/decrypt_dafny_esdk_vectors.yml index b348653bb..018d324c1 100644 --- a/codebuild/py310/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py310/decrypt_dafny_esdk_vectors.yml @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-latest_test_vector_artifact + - unzip ubuntu-22.04_latest_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml index 0ce3b704a..628ff0bea 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml @@ -46,9 +46,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-latest_test_vector_artifact + - unzip ubuntu-22.04_latest_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml index b2715bff3..803f4b180 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-latest_test_vector_artifact + - unzip ubuntu-22.04_latest_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml index 9f2723413..f80d5ed87 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml @@ -46,9 +46,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-latest_test_vector_artifact + - unzip ubuntu-22.04_latest_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml index 250d7624b..38cd3de99 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-latest_test_vector_artifact + - unzip ubuntu-22.04_latest_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py38/decrypt_dafny_esdk_vectors.yml b/codebuild/py38/decrypt_dafny_esdk_vectors.yml index e1cf92d1f..5129374ef 100644 --- a/codebuild/py38/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py38/decrypt_dafny_esdk_vectors.yml @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-latest_test_vector_artifact + - unzip ubuntu-22.04_latest_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py39/decrypt_dafny_esdk_vectors.yml b/codebuild/py39/decrypt_dafny_esdk_vectors.yml index b3c866021..8ed5286f6 100644 --- a/codebuild/py39/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py39/decrypt_dafny_esdk_vectors.yml @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-latest_test_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-latest_test_vector_artifact + - unzip ubuntu-22.04_latest_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: From 7cfcf8cb7b5799f6f3b52618612a15036531da33 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 24 Mar 2025 12:57:08 -0700 Subject: [PATCH 15/29] m --- codebuild/py310/decrypt_dafny_esdk_vectors.yml | 6 +++--- codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml | 6 +++--- codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml | 6 +++--- codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml | 6 +++--- codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml | 6 +++--- codebuild/py38/decrypt_dafny_esdk_vectors.yml | 6 +++--- codebuild/py39/decrypt_dafny_esdk_vectors.yml | 6 +++--- 7 files changed, 21 insertions(+), 21 deletions(-) diff --git a/codebuild/py310/decrypt_dafny_esdk_vectors.yml b/codebuild/py310/decrypt_dafny_esdk_vectors.yml index 018d324c1..019a9adf6 100644 --- a/codebuild/py310/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py310/decrypt_dafny_esdk_vectors.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-22.04_latest_vector_artifact + - unzip ubuntu-22.04_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml index 628ff0bea..384f24fed 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_keyrings.yml @@ -38,7 +38,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" @@ -46,9 +46,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-22.04_latest_vector_artifact + - unzip ubuntu-22.04_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml index 803f4b180..1d42953d9 100644 --- a/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py311/decrypt_dafny_esdk_vectors_masterkey.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-22.04_latest_vector_artifact + - unzip ubuntu-22.04_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml index f80d5ed87..e20277d94 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_keyrings.yml @@ -38,7 +38,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" @@ -46,9 +46,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-22.04_latest_vector_artifact + - unzip ubuntu-22.04_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml index 38cd3de99..50948e31c 100644 --- a/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml +++ b/codebuild/py312/decrypt_dafny_esdk_vectors_masterkey.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-22.04_latest_vector_artifact + - unzip ubuntu-22.04_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py38/decrypt_dafny_esdk_vectors.yml b/codebuild/py38/decrypt_dafny_esdk_vectors.yml index 5129374ef..3bc966126 100644 --- a/codebuild/py38/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py38/decrypt_dafny_esdk_vectors.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-22.04_latest_vector_artifact + - unzip ubuntu-22.04_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: diff --git a/codebuild/py39/decrypt_dafny_esdk_vectors.yml b/codebuild/py39/decrypt_dafny_esdk_vectors.yml index 8ed5286f6..a22c4d079 100644 --- a/codebuild/py39/decrypt_dafny_esdk_vectors.yml +++ b/codebuild/py39/decrypt_dafny_esdk_vectors.yml @@ -36,7 +36,7 @@ phases: MOST_RECENT_RUN_DOWNLOAD_URL=$(curl -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_latest_vector_artifact" \ + "https://api.github.com/repos/aws/aws-encryption-sdk/actions/runs/$MOST_RECENT_RUN_ID/artifacts?name=ubuntu-22.04_vector_artifact" \ | jq '.artifacts[0].archive_download_url') - | echo "DEBUG: Fetching artifact at $MOST_RECENT_RUN_DOWNLOAD_URL" @@ -44,9 +44,9 @@ phases: curl -L -H "Accept: application/vnd.github+json" \ -H "Authorization: token $GITHUB_TOKEN" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_latest_vector_artifact.zip + $(echo $MOST_RECENT_RUN_DOWNLOAD_URL | tr -d '"') -o ubuntu-22.04_vector_artifact.zip # This unzips to `net41.zip`. - - unzip ubuntu-22.04_latest_vector_artifact + - unzip ubuntu-22.04_vector_artifact # This unzips to `net41/`. - unzip net41.zip -d net41 build: From c83d8a5e5ad788fa2720306a3973e893bf55330e Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 12:34:22 -0700 Subject: [PATCH 16/29] cleanup --- CHANGELOG.rst | 4 ++-- README.rst | 2 +- examples/src/required_encryption_context_cmm.py | 2 +- performance_tests/requirements_mpl.txt | 2 +- setup.py | 2 +- .../scripts/install_mpl_test_vector_runner.sh | 3 +-- 6 files changed, 7 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 4d8f2a8f9..d4bcdcefc 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,12 +2,12 @@ Changelog ********* -4.0.1 -- 2025-03-XX +4.0.1 -- 2025-03-26 Fixes ----------- * fix: Improve header serialization - `#TODO `_ + `#747 `_ ESDK-Python <4.0.1 would truncate non-ASCII key provider IDs it wrote to message headers. If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key provider ID / key namespace, ESDK-Python would truncate the the key provider ID it wrote to the message's header. diff --git a/README.rst b/README.rst index 8fb3f1112..38bc3c0d3 100644 --- a/README.rst +++ b/README.rst @@ -42,7 +42,7 @@ Required Prerequisites Recommended Prerequisites ========================= -* aws-cryptographic-material-providers: >=1.7.4 +* aws-cryptographic-material-providers: >= 1.7.4 * Requires Python 3.11+. Installation diff --git a/examples/src/required_encryption_context_cmm.py b/examples/src/required_encryption_context_cmm.py index e3395aac4..8edf7545e 100644 --- a/examples/src/required_encryption_context_cmm.py +++ b/examples/src/required_encryption_context_cmm.py @@ -99,7 +99,7 @@ def encrypt_and_decrypt_with_keyring( # Required Encryption Context CMM. reproduced_encryption_context: Dict[str, str] = { "requiredKey1": "requiredValue1", - "requiredKey2": "requiredValue1", + "requiredKey2": "requiredValue2", } # 8. Decrypt the data diff --git a/performance_tests/requirements_mpl.txt b/performance_tests/requirements_mpl.txt index 896858f1d..be77ea2da 100644 --- a/performance_tests/requirements_mpl.txt +++ b/performance_tests/requirements_mpl.txt @@ -1 +1 @@ -aws-cryptographic-material-providers>=1.7.4,<=10.1 \ No newline at end of file +aws-cryptographic-material-providers>=1.7.4,<=1.10.0 \ No newline at end of file diff --git a/setup.py b/setup.py index 496ebf9c4..587495fd4 100644 --- a/setup.py +++ b/setup.py @@ -40,7 +40,7 @@ def get_requirements(): license="Apache License 2.0", install_requires=get_requirements(), extras_require={ - "MPL": ["aws-cryptographic-material-providers<=1.10.0"], + "MPL": ["aws-cryptographic-material-providers>=1.7.4,<=1.10.0"], }, classifiers=[ "Development Status :: 5 - Production/Stable", diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index f842d64be..b99226e66 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -11,8 +11,7 @@ cd "$(dirname "$0")" export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==(.+)/\1/') # Clone MPL repo to get test vectors runner source code and the Dafny version to use -# git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git -git clone --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git +git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git # Download Dafny to build the test vector runner; get Dafny version from ESDK's project.properties file export dafnyVersion=$(grep '^dafnyVersion=' aws-cryptographic-material-providers-library/project.properties | cut -d '=' -f 2) From 93b023a3e37e032b1c8d1cbb4a61e4176b454c84 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:36:57 -0700 Subject: [PATCH 17/29] update expr --- .../scripts/install_mpl_test_vector_runner.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index b99226e66..a7608c951 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -7,8 +7,10 @@ # Change to the directory of the script cd "$(dirname "$0")" -# Get MPL version specified in requirements.txt -export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==(.+)/\1/') +# Get highest MPL version specified in requirements.txt +# export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==//' | tr ',' '\n' | sed -E 's/^[^0-9]*//' | sort -V | tail -n1) +# Get lowest MPL version specified in requirements.txt +export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==//' | tr ',' '\n' | sed -E 's/^[^0-9]*//' | sort -V | head -n1) # Clone MPL repo to get test vectors runner source code and the Dafny version to use git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git From acd69b03708c925a3b967c78fbd22894e6536d73 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:37:19 -0700 Subject: [PATCH 18/29] update expr --- .../scripts/install_mpl_test_vector_runner.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index a7608c951..f2c178c3c 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -8,9 +8,7 @@ cd "$(dirname "$0")" # Get highest MPL version specified in requirements.txt -# export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==//' | tr ',' '\n' | sed -E 's/^[^0-9]*//' | sort -V | tail -n1) -# Get lowest MPL version specified in requirements.txt -export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==//' | tr ',' '\n' | sed -E 's/^[^0-9]*//' | sort -V | head -n1) +export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==//' | tr ',' '\n' | sed -E 's/^[^0-9]*//' | sort -V | tail -n1) # Clone MPL repo to get test vectors runner source code and the Dafny version to use git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git From 82702aca2da90a6f3b4f657fe937945479e3ff14 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:42:12 -0700 Subject: [PATCH 19/29] m --- CHANGELOG.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d4bcdcefc..7807eebd6 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -3,6 +3,7 @@ Changelog ********* 4.0.1 -- 2025-03-26 +=================== Fixes ----------- From 6af6bf83c238d107040a3e7f5cf01d89e50d9fe5 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:42:31 -0700 Subject: [PATCH 20/29] m --- CHANGELOG.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7807eebd6..7538e2094 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -9,6 +9,7 @@ Fixes ----------- * fix: Improve header serialization `#747 `_ + ESDK-Python <4.0.1 would truncate non-ASCII key provider IDs it wrote to message headers. If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key provider ID / key namespace, ESDK-Python would truncate the the key provider ID it wrote to the message's header. From 2c882242fa3b8f7815efe19161289a63164987e0 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:44:57 -0700 Subject: [PATCH 21/29] m --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 38bc3c0d3..f2c5773ba 100644 --- a/README.rst +++ b/README.rst @@ -246,7 +246,7 @@ sharing entries in that cache across threads needs to be done carefully **Important:** Components from the `AWS Cryptographic Material Providers Library (MPL)`_ have separate thread safety considerations. -For more information, see the note on thread safety in that project's README (TODO-MPL: link) +For more information, see the note on thread safety in that project's `README `_. .. _AWS Encryption SDK: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html From 0603799930ec35ac1b24135a3ac933be747853f5 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:46:58 -0700 Subject: [PATCH 22/29] m --- CHANGELOG.rst | 2 +- README.rst | 2 +- performance_tests/README.rst | 2 +- test_vector_handlers/requirements_mpl.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 7538e2094..d184fd446 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,7 +18,7 @@ Fixes Maintenance ----------- -* deps: Extend supported `MPL`_ version to include 1.10.0 +* deps: Extend supported `MPL`_ versions to include 1.10.0 4.0.0 -- 2024-10-29 =================== diff --git a/README.rst b/README.rst index f2c5773ba..ebc71fa85 100644 --- a/README.rst +++ b/README.rst @@ -42,7 +42,7 @@ Required Prerequisites Recommended Prerequisites ========================= -* aws-cryptographic-material-providers: >= 1.7.4 +* aws-cryptographic-material-providers: == 1.10.0 * Requires Python 3.11+. Installation diff --git a/performance_tests/README.rst b/performance_tests/README.rst index ad76bd949..1e23548dd 100644 --- a/performance_tests/README.rst +++ b/performance_tests/README.rst @@ -49,7 +49,7 @@ Required Prerequisites Recommended Prerequisites ========================= -* aws-cryptographic-material-providers: >= 1.7.4 +* aws-cryptographic-material-providers: == 1.10.0 * Requires Python 3.11+. ***** diff --git a/test_vector_handlers/requirements_mpl.txt b/test_vector_handlers/requirements_mpl.txt index 47ea279d5..8912641d0 100644 --- a/test_vector_handlers/requirements_mpl.txt +++ b/test_vector_handlers/requirements_mpl.txt @@ -1 +1 @@ -aws-cryptographic-material-providers==1.7.4,<=1.10.0 +aws-cryptographic-material-providers>=1.7.4,<=1.10.0 From 2e76f3502d22c637c2715582c23ce87e74935246 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:48:21 -0700 Subject: [PATCH 23/29] m --- CHANGELOG.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d184fd446..868174f63 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -41,7 +41,7 @@ Breaking Changes However, messages that are constructed with the required EC CMM are not backward compatible with ESDK <4.0.0, as no version of ESDK <4.0.0 supports reading messages encrypted with the required EC CMM. A message that is encrypted with the required EC CMM from the MPL must be decrypted with a CMM from the MPL. - For more information on using the required EC CMM, see `AWS Documentation https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/configure.html#config-required-encryption-context-cmm`_. + For more information on using the required EC CMM, see `AWS Documentation `_. Fixes ----------- From d7ac6e84396db7af8f5bdb6d757edb25c329d806 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:50:44 -0700 Subject: [PATCH 24/29] m --- CHANGELOG.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 868174f63..3cf13d29f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,7 +11,7 @@ Fixes `#747 `_ ESDK-Python <4.0.1 would truncate non-ASCII key provider IDs it wrote to message headers. - If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key provider ID / key namespace, + If a Raw or Custom MasterKeyProvider or Keyring supplied a non-ASCII key provider ID / key namespace, ESDK-Python would truncate the the key provider ID it wrote to the message's header. The message can be decrypted by replacing the truncated provider ID with the expected provider ID in decryption code. Contact AWS for any questions about this approach. From 455d82e867503c858ef9f76c421cc62ff8a38062 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 13:57:19 -0700 Subject: [PATCH 25/29] m --- test_vector_handlers/scripts/install_mpl_test_vector_runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index f2c178c3c..81fa48cf8 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -8,7 +8,7 @@ cd "$(dirname "$0")" # Get highest MPL version specified in requirements.txt -export mplVersion=$(grep 'aws-cryptographic-material-providers==' ../requirements_mpl.txt | sed -E 's/.*==//' | tr ',' '\n' | sed -E 's/^[^0-9]*//' | sort -V | tail -n1) +export mplVersionMax=$(grep 'aws-cryptographic-material-providers' ../requirements_mpl.txt | tr ',' '\n' | grep '<=' | sed -E 's/[^0-9]*//') # Clone MPL repo to get test vectors runner source code and the Dafny version to use git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git From bd606f008972d6fddd95182f22a5d6de6edc1310 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Tue, 25 Mar 2025 14:00:29 -0700 Subject: [PATCH 26/29] m --- test_vector_handlers/scripts/install_mpl_test_vector_runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh index 81fa48cf8..aecff1a26 100644 --- a/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh +++ b/test_vector_handlers/scripts/install_mpl_test_vector_runner.sh @@ -8,7 +8,7 @@ cd "$(dirname "$0")" # Get highest MPL version specified in requirements.txt -export mplVersionMax=$(grep 'aws-cryptographic-material-providers' ../requirements_mpl.txt | tr ',' '\n' | grep '<=' | sed -E 's/[^0-9]*//') +export mplVersion=$(grep 'aws-cryptographic-material-providers' ../requirements_mpl.txt | tr ',' '\n' | grep '<=' | sed -E 's/[^0-9]*//') # Clone MPL repo to get test vectors runner source code and the Dafny version to use git clone --branch v$mplVersion --recurse-submodules https://github.com/aws/aws-cryptographic-material-providers-library.git From 6d434730998d7b34f2d5b381718a0515efaa5f56 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Wed, 26 Mar 2025 12:09:04 -0700 Subject: [PATCH 27/29] m --- CHANGELOG.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3cf13d29f..c9ba4ef56 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,7 +18,7 @@ Fixes Maintenance ----------- -* deps: Extend supported `MPL`_ versions to include 1.10.0 +* deps: Extend supported `MPL`_ versions to include v1.10.0 4.0.0 -- 2024-10-29 =================== From 4c6ce0807c28b36ef4b3fab9a8bffec2b0c8998e Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Wed, 26 Mar 2025 12:58:32 -0700 Subject: [PATCH 28/29] bump version --- CHANGELOG.rst | 2 +- src/aws_encryption_sdk/identifiers.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c9ba4ef56..3cf13d29f 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,7 +18,7 @@ Fixes Maintenance ----------- -* deps: Extend supported `MPL`_ versions to include v1.10.0 +* deps: Extend supported `MPL`_ versions to include 1.10.0 4.0.0 -- 2024-10-29 =================== diff --git a/src/aws_encryption_sdk/identifiers.py b/src/aws_encryption_sdk/identifiers.py index 3e5a9940b..8a5a2c8a1 100644 --- a/src/aws_encryption_sdk/identifiers.py +++ b/src/aws_encryption_sdk/identifiers.py @@ -17,7 +17,7 @@ # We only actually need these imports when running the mypy checks pass -__version__ = "4.0.0" +__version__ = "4.0.1" USER_AGENT_SUFFIX = "AwsEncryptionSdkPython/{}".format(__version__) From 1749ab6724ff893c015010b47502b7d29b6f0de1 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Wed, 26 Mar 2025 13:51:21 -0700 Subject: [PATCH 29/29] m --- CHANGELOG.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3cf13d29f..c9ba4ef56 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,7 +18,7 @@ Fixes Maintenance ----------- -* deps: Extend supported `MPL`_ versions to include 1.10.0 +* deps: Extend supported `MPL`_ versions to include v1.10.0 4.0.0 -- 2024-10-29 ===================