From bf68e7b8bf3cb8834ef589093b7985930691f5d7 Mon Sep 17 00:00:00 2001 From: JohnnyT Date: Sat, 31 Jan 2026 16:07:36 -0700 Subject: [PATCH] Releases v0.6.0 ### Changed - Integration tests now run by default in CI (#68) - Coverage threshold adjusted from 94% to 92% ### Added - Comprehensive streaming error tests covering all error paths (#68) - CMM dispatch tests for RequiredEncryptionContext and Caching CMMs (#68) - Caching CMM for reducing expensive key provider calls (#61) - CacheEntry struct with TTL and usage limit tracking - CryptographicMaterialsCache behaviour defining cache interface - LocalCache ETS-based implementation with atomic operations - Encryption materials caching with cache ID computation (SHA-384) - Decryption materials caching based on EDKs and context - Identity KDF bypass for deprecated NO_KDF algorithm suites - Partition ID isolation enabling multiple CMMs to share cache - Usage limits enforcement (max_messages and max_bytes) - TTL-based expiration with automatic cleanup on retrieval - Support for wrapping Default and RequiredEncryptionContext CMMs - Comprehensive test suite with 42 tests (94.2% coverage) - Required Encryption Context CMM for enforcing critical AAD keys (#62) - Wrapping CMM validating required keys in encryption and decryption - new/2 constructor accepting required keys and underlying CMM - new_with_keyring/2 constructor auto-wrapping keyring in Default CMM - Validation ensuring required keys present in caller's context - Validation ensuring required keys present in reproduced context - Support for nested CMM composition with layered validation - Client dispatcher integration for RequiredEncryptionContext CMM - Comprehensive test suite with 21 tests covering all scenarios - Streaming encryption and decryption APIs for processing large data incrementally (#60) - Stream.Encryptor state machine with incremental frame generation - Stream.Decryptor state machine with incremental frame parsing - Stream.SignatureAccumulator for ECDSA signing without buffering entire message - encrypt_stream/3 and decrypt_stream/3 high-level APIs using Elixir Streams - Support for both signed and unsigned algorithm suites in streaming mode - fail_on_signed option to reject signed suites during streaming decryption - Incremental plaintext release for unsigned suites (frame-by-frame) - Deferred final frame release for signed suites (after signature verification) - Header authentication module for v1/v2 header tag computation - Commitment key derivation module for key commitment verification - Comprehensive test suite with 41 streaming tests (edge cases, integration, signed suites) - Edge case tests for empty plaintext, single byte, exact frame multiples, byte-by-byte input ### Fixed - KMS integration tests skip gracefully when AWS credentials unavailable (#68) - Unused default parameter warning in caching_test.exs (#68) ### Removed - All temporary coveralls-ignore markers (42 markers across 4 files) (#68) - Default exclusion of :integration tag from test suite (#68) --- CHANGELOG.md | 5 ++++- CLAUDE.md | 6 +++--- README.md | 23 ++++++++++------------- mix.exs | 2 +- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a576461..f88d668 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.6.0] - 2026-01-31 + ### Changed - Integration tests now run by default in CI (#68) - Coverage threshold adjusted from 94% to 92% @@ -281,7 +283,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Integration tests for encrypt/decrypt round-trips - AES KeyWrap test support module -[Unreleased]: https://github.com/riddler/aws-encryption-sdk-elixir/compare/v0.5.0...HEAD +[Unreleased]: https://github.com/riddler/aws-encryption-sdk-elixir/compare/v0.6.0...HEAD +[0.6.0]: https://github.com/riddler/aws-encryption-sdk-elixir/compare/v0.5.0...v0.6.0 [0.5.0]: https://github.com/riddler/aws-encryption-sdk-elixir/compare/v0.4.0...v0.5.0 [0.4.0]: https://github.com/riddler/aws-encryption-sdk-elixir/compare/v0.3.0...v0.4.0 [0.3.0]: https://github.com/riddler/aws-encryption-sdk-elixir/compare/v0.2.0...v0.3.0 diff --git a/CLAUDE.md b/CLAUDE.md index da38205..25f2f5b 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -268,9 +268,9 @@ mix hex.publish - [x] AWS KMS MRK-aware keyrings ### Milestone 5: Advanced Features -- [ ] Streaming encryption/decryption -- [ ] Caching CMM -- [ ] Required encryption context CMM +- [x] Streaming encryption/decryption +- [x] Caching CMM +- [x] Required encryption context CMM ### Milestone 6: Validation - [ ] Full test vector suite diff --git a/README.md b/README.md index 22644c6..b1a37ff 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ An Elixir implementation of the [AWS Encryption SDK](https://docs.aws.amazon.com ## Current Status -**Version**: 0.5.0 (pre-release) +**Version**: 0.6.0 (pre-release) ### Implemented Features @@ -36,17 +36,14 @@ An Elixir implementation of the [AWS Encryption SDK](https://docs.aws.amazon.com - ✅ AWS KMS Discovery Keyring - ✅ AWS KMS MRK Keyring - ✅ AWS KMS MRK Discovery Keyring - -### Not Yet Implemented - -- ❌ Streaming encryption/decryption -- ❌ Caching CMM -- ❌ Required Encryption Context CMM +- ✅ Streaming encryption/decryption +- ✅ Caching CMM +- ✅ Required Encryption Context CMM ### Test Coverage -- 469 tests passing -- 93.8% code coverage +- 805 tests passing +- 92.6% code coverage ## Installation @@ -55,7 +52,7 @@ Add `aws_encryption_sdk` to your list of dependencies in `mix.exs`: ```elixir def deps do [ - {:aws_encryption_sdk, "~> 0.5.0"} + {:aws_encryption_sdk, "~> 0.6.0"} ] end ``` @@ -161,9 +158,9 @@ See [CHANGELOG.md](CHANGELOG.md) for detailed change history. **Planned for future releases:** -1. **Streaming** - Large file encryption/decryption -2. **Caching CMM** - Performance optimization for repeated operations -3. **Required Encryption Context CMM** - Enforce required context keys +1. **Full test vector suite** - Complete validation against AWS test vectors +2. **Cross-SDK interoperability** - Comprehensive testing with other SDKs +3. **Performance benchmarks** - Optimization and performance analysis ## Related Projects diff --git a/mix.exs b/mix.exs index 0d81f42..21ec332 100644 --- a/mix.exs +++ b/mix.exs @@ -1,7 +1,7 @@ defmodule AwsEncryptionSdk.MixProject do use Mix.Project - @version "0.5.0" + @version "0.6.0" @source_url "https://github.com/riddler/aws-encryption-sdk-elixir" def project do