Merge branch 'master' into locale-fix

aws · Dec 7, 2023 · 67f141b · 67f141b
2 parents 4f4000d + aff5b56
commit 67f141b
Show file tree

Hide file tree

Showing 100 changed files with 7,815 additions and 882 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -58,6 +58,37 @@ jobs:
           env-vars-for-codebuild: JAVA_ENV_VERSION
         env:
           JAVA_ENV_VERSION: ${{ matrix.platform.distribution }}${{ matrix.version }}
+  generateTestVectors:
+    name: Generate Vectors
+    runs-on: ubuntu-latest
+    strategy:
+      max-parallel: 1
+      fail-fast: true
+      matrix:
+        platform:
+          - distribution: openjdk
+            image: "aws/codebuild/standard:3.0"
+          - distribution: corretto
+            image: "aws/codebuild/amazonlinux2-x86_64-standard:3.0" # Corretto only runs on AL2
+        version: [ 8, 11 ]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+          role-duration-seconds: 3600
+      - name: Generate Test Vectors
+        uses: aws-actions/aws-codebuild-run-build@v1
+        timeout-minutes: 60
+        with:
+          project-name: AWS-ESDK-Java-CI
+          buildspec-override: codebuild/ci/vectors-generator.yml
+          compute-type-override: BUILD_GENERAL1_LARGE
+          image-override: ${{ matrix.platform.image }}
+          env-vars-for-codebuild: JAVA_ENV_VERSION
+        env:
+          JAVA_ENV_VERSION: ${{ matrix.platform.distribution }}${{ matrix.version }}
   releaseCI:
     name: Release CI
     runs-on: ubuntu-latest

diff --git a/.gitmodules b/.gitmodules
@@ -4,3 +4,6 @@
 [submodule "aws-encryption-sdk-specification"]
 	path = aws-encryption-sdk-specification
 	url = https://github.com/awslabs/aws-encryption-sdk-specification.git
+[submodule "submodules/MaterialProviders"]
+	path = submodules/MaterialProviders
+	url = https://github.com/aws/aws-cryptographic-material-providers-library-java.git
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,28 @@
 # Changelog
 
+## [3.0.0](https://github.com/aws/aws-encryption-sdk-java/compare/v2.4.1...v3.0.0) (2023-12-06)
+
+
+### ⚠ BREAKING CHANGES
+
+* This feature update includes a breaking change that requires AWS SDK v2 Java as a hard dependency.
+
+### Features
+
+* Integrate ESDK-Java with AWS Cryptographic Material Providers Library (MPL) for Keyring and CMM Support. ([#1864](https://github.com/aws/aws-encryption-sdk-java/issues/1864)) ([9297e1b](https://github.com/aws/aws-encryption-sdk-java/commit/9297e1bad3860301bcf52b73466ec4b762e4f817))
+
+
+### Maintenance
+
+* **CFN:** remove unused policy ([#1862](https://github.com/aws/aws-encryption-sdk-java/issues/1862)) ([43e078a](https://github.com/aws/aws-encryption-sdk-java/commit/43e078ae1a99c751dc59a354fbc2c7b70b4afd82))
+* **CFN:** update CFN stack to add managed policies to ci and release role ([#1856](https://github.com/aws/aws-encryption-sdk-java/issues/1856)) ([64c970f](https://github.com/aws/aws-encryption-sdk-java/commit/64c970f11ac7e14998c8939f937feeb48eee6c66))
+* **deps:** bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 ([#1717](https://github.com/aws/aws-encryption-sdk-java/issues/1717)) ([ec41ae2](https://github.com/aws/aws-encryption-sdk-java/commit/ec41ae2d492699bfbbc7d9ac477105cd2dccbabd))
+* fix release script ([#1796](https://github.com/aws/aws-encryption-sdk-java/issues/1796)) ([3617210](https://github.com/aws/aws-encryption-sdk-java/commit/3617210c1e60949aacd75f3c436b3b3010d0db71))
+* fix release-ci ([#1883](https://github.com/aws/aws-encryption-sdk-java/issues/1883)) ([92f29d0](https://github.com/aws/aws-encryption-sdk-java/commit/92f29d0c47e09807c46201bb2c100f2172c51294))
+* **tests:** update ESDK tests to replace sun.security.* API ([#1852](https://github.com/aws/aws-encryption-sdk-java/issues/1852)) ([ca4c763](https://github.com/aws/aws-encryption-sdk-java/commit/ca4c763fc8b6bf11df2914d37188aa5db5248042))
+* update release process ([#1888](https://github.com/aws/aws-encryption-sdk-java/issues/1888)) ([f222462](https://github.com/aws/aws-encryption-sdk-java/commit/f2224626ed5bb6cdc90ee6d8f8eb61f07d3422ee))
+* update the javadoc release script ([#1857](https://github.com/aws/aws-encryption-sdk-java/issues/1857)) ([1870a08](https://github.com/aws/aws-encryption-sdk-java/commit/1870a082358d59e32c60d74116d6f43c0efa466b))
+
 ## [2.4.1](https://github.com/aws/aws-encryption-sdk-java/compare/v2.4.0...v2.4.1) (2023-08-09)
 
 

diff --git a/README.md b/README.md
@@ -58,7 +58,7 @@ You can get the latest release from Maven:
 <dependency>
   <groupId>com.amazonaws</groupId>
   <artifactId>aws-encryption-sdk-java</artifactId>
-  <version>2.4.1</version>
+  <version>3.0.0</version>
 </dependency>
 ```
 

diff --git a/aws-encryption-sdk-specification b/aws-encryption-sdk-specification
diff --git a/cfn/ci_cd.yml b/cfn/ci_cd.yml
@@ -91,7 +91,7 @@ Resources:
         ## If this value is 0, greater than 25, or not provided then the full history is downloaded with each build project.
         GitCloneDepth: 0
         GitSubmodulesConfig:
-          FetchSubmodules: false
+          FetchSubmodules: true
         InsecureSsl: false
         ReportBuildStatus: false
         Type: GITHUB

diff --git a/codebuild/ci/release-ci.yml b/codebuild/ci/release-ci.yml
@@ -17,13 +17,34 @@ phases:
   install:
     runtime-versions:
       java: openjdk11
+    commands:
+      - git submodule update --init submodules/MaterialProviders
+      # Get Dafny
+      - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
+      - unzip -qq dafny.zip && rm dafny.zip
+      - export PATH="$PWD/dafny:$PATH"
+      # Get Gradle 7.6
+      - curl https://services.gradle.org/distributions/gradle-7.6-all.zip -L -o gradle.zip
+      - unzip -qq gradle.zip && rm gradle.zip
+      - export PATH="$PWD/gradle-7.6/bin:$PATH"
   pre_build:
     commands:
       - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
       - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
       - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
       - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-CI --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
       - tar -xvf ~/mvn_gpg.tgz -C ~
+
+      # Build and deploy to maven local
+      - cd submodules/MaterialProviders
+      - git checkout $BRANCH
+      - cd TestVectorsAwsCryptographicMaterialProviders/
+      # This works because `node` is installed by default on GHA runners
+      - CORES=$(node -e 'console.log(os.cpus().length)')
+      - make build_java CORES=$CORES
+      - ./runtimes/java/gradlew -p runtimes/java publishMavenLocalPublicationToMavenLocal
+      - cd $CODEBUILD_SRC_DIR
+
   build:
     commands:
       - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION-$GITHUB_EVENT_NAME"
@@ -37,15 +58,21 @@ phases:
           --package $PACKAGE \
           --versions $VERSION_HASH \
           --region $REGION;
-
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
       # See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
       - echo "Setting version in POM to $VERSION_HASH"
       - mvn versions:set -DnewVersion="$VERSION_HASH" --no-transfer-progress
       - echo "Version is now $(grep version pom.xml | head -n 1 | sed -n 's/[ \t]*<version>\(.*\)<\/version>/\1/p')"
       - |
         mvn deploy \
           -PpublishingCodeArtifact \
-          -Dmaven.test.skip=true \
+          -Pfast-tests-only \
           -DperformRelease \
           -Dgpg.homedir="$HOME/mvn_gpg" \
           -DautoReleaseAfterClose=true \

diff --git a/codebuild/ci/vectors-ci.yml b/codebuild/ci/vectors-ci.yml
@@ -4,6 +4,35 @@ phases:
   install:
     runtime-versions:
       java: $JAVA_ENV_VERSION
+    commands:
+      - git submodule update --init submodules/MaterialProviders
+      # Get Dafny
+      - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
+      - unzip -qq dafny.zip && rm dafny.zip
+      - export PATH="$PWD/dafny:$PATH"
+      # Get Gradle 7.6
+      - curl https://services.gradle.org/distributions/gradle-7.6-all.zip -L -o gradle.zip
+      - unzip -qq gradle.zip && rm gradle.zip
+      - export PATH="$PWD/gradle-7.6/bin:$PATH"
+  pre_build:
+    commands:
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
+
+      # Build and deploy TestVectors to maven local
+      - cd submodules/MaterialProviders
+      - git checkout $BRANCH
+      - cd TestVectorsAwsCryptographicMaterialProviders/
+      # This works because `node` is installed by default on GHA runners
+      - CORES=$(node -e 'console.log(os.cpus().length)')
+      - make build_java CORES=$CORES
+      - ./runtimes/java/gradlew -p runtimes/java publishMavenLocalPublicationToMavenLocal
+      - cd $CODEBUILD_SRC_DIR
   build:
     commands:
       - mvn install -T 8 -Dgpg.skip=true -ntp "-DtestVectorZip=file://$CODEBUILD_SRC_DIR/src/test/resources/aws-encryption-sdk-test-vectors/vectors/awses-decrypt/python-2.3.0.zip"
diff --git a/codebuild/ci/vectors-generator.yml b/codebuild/ci/vectors-generator.yml
@@ -0,0 +1,53 @@
+version: 0.2
+
+phases:
+  install:
+    runtime-versions:
+      java: $JAVA_ENV_VERSION
+    commands:
+      - n 16
+      # Install the Javascript ESDK run test vectors
+      - npm install -g @aws-crypto/integration-node
+
+      - git submodule update --init submodules/MaterialProviders
+      # Get Dafny
+      - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
+      - unzip -qq dafny.zip && rm dafny.zip
+      - export PATH="$PWD/dafny:$PATH"
+      # Get Gradle 7.6
+      - curl https://services.gradle.org/distributions/gradle-7.6-all.zip -L -o gradle.zip
+      - unzip -qq gradle.zip && rm gradle.zip
+      - export PATH="$PWD/gradle-7.6/bin:$PATH"
+  pre_build:
+    commands:
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
+
+      # Build and deploy to maven local
+      - cd submodules/MaterialProviders
+      - git checkout $BRANCH
+      - cd TestVectorsAwsCryptographicMaterialProviders/
+      # This works because `node` is installed by default on GHA runners
+      - CORES=$(node -e 'console.log(os.cpus().length)')
+      - make build_java CORES=$CORES
+      - ./runtimes/java/gradlew -p runtimes/java publishMavenLocalPublicationToMavenLocal
+      - cd $CODEBUILD_SRC_DIR
+  build:
+    commands:
+      - export VECTORS_ZIP="$CODEBUILD_SRC_DIR/generated_vectors.zip"
+      # Generate test vectors by encrypting with Keyrings
+      # Ignore Testing coverage requirement by skipping jacoco
+      - mvn -B -ntp install -Dgpg.skip=true -Djacoco.skip=true "-Dtest=TestVectorGenerator" "-DzipFilePath=$VECTORS_ZIP" "-DkeysManifest=$CODEBUILD_SRC_DIR/src/test/resources/keys.json"
+      # Decrypt generated vectors with Javascript ESDK
+      - integration-node decrypt -v $VECTORS_ZIP
+
+      - rm $VECTORS_ZIP
+      # Generate test vectors by encrypting with MasterKeys
+      - mvn -B -ntp install -Dgpg.skip=true -Djacoco.skip=true -Dmasterkey=true "-Dtest=TestVectorGenerator" "-DzipFilePath=$VECTORS_ZIP" "-DkeysManifest=$CODEBUILD_SRC_DIR/src/test/resources/keys.json"
+      # Decrypt generated vectors with Javascript ESDK
+      - integration-node decrypt -v $VECTORS_ZIP
diff --git a/codebuild/release/release-prod.yml b/codebuild/release/release-prod.yml
@@ -16,14 +16,40 @@ phases:
   install:
     runtime-versions:
       java: corretto11
+    commands:
+      - git submodule update --init submodules/MaterialProviders
+      # Get Dafny
+      - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
+      - unzip -qq dafny.zip && rm dafny.zip
+      - export PATH="$PWD/dafny:$PATH"
+      # Get Gradle 7.6
+      - curl https://services.gradle.org/distributions/gradle-7.6-all.zip -L -o gradle.zip
+      - unzip -qq gradle.zip && rm gradle.zip
+      - export PATH="$PWD/gradle-7.6/bin:$PATH"
   pre_build:
     commands:
       - git checkout $BRANCH
       - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
       - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-Release --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
       - tar -xvf ~/mvn_gpg.tgz -C ~
+      # Build and deploy TestVectorsAwsCryptographicMaterialProviders to maven local
+      - cd submodules/MaterialProviders
+      - git checkout $BRANCH
+      - cd TestVectorsAwsCryptographicMaterialProviders/
+      # This works because `node` is installed by default on GHA runners
+      - CORES=$(node -e 'console.log(os.cpus().length)')
+      - make build_java CORES=$CORES
+      - ./runtimes/java/gradlew -p runtimes/java publishMavenLocalPublicationToMavenLocal
+      - cd $CODEBUILD_SRC_DIR
   build:
     commands:
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
       - |
         mvn deploy \
           -Ppublishing \

diff --git a/codebuild/release/release-staging.yml b/codebuild/release/release-staging.yml
@@ -18,15 +18,42 @@ phases:
   install:
     runtime-versions:
       java: corretto11
+    commands:
+      - git submodule update --init submodules/MaterialProviders
+      # Get Dafny
+      - curl https://github.com/dafny-lang/dafny/releases/download/v4.2.0/dafny-4.2.0-x64-ubuntu-20.04.zip  -L -o dafny.zip
+      - unzip -qq dafny.zip && rm dafny.zip
+      - export PATH="$PWD/dafny:$PATH"
+      # Get Gradle 7.6
+      - curl https://services.gradle.org/distributions/gradle-7.6-all.zip -L -o gradle.zip
+      - unzip -qq gradle.zip && rm gradle.zip
+      - export PATH="$PWD/gradle-7.6/bin:$PATH"
   pre_build:
     commands:
       - export SETTINGS_FILE=$(pwd)/codebuild/release/settings.xml
       - export CODEARTIFACT_TOKEN=$(aws codeartifact get-authorization-token --domain $DOMAIN --domain-owner $ACCOUNT --query authorizationToken --output text --region ${REGION})
       - export CODEARTIFACT_REPO_URL=https://${DOMAIN}-${ACCOUNT}.d.codeartifact.${REGION}.amazonaws.com/maven/${REPOSITORY}
       - aws secretsmanager get-secret-value --region us-west-2 --secret-id Maven-GPG-Keys-Release --query SecretBinary --output text | base64 -d > ~/mvn_gpg.tgz
       - tar -xvf ~/mvn_gpg.tgz -C ~
+      # Build and deploy TestVectorsAwsCryptographicMaterialProviders to maven local
+      - cd submodules/MaterialProviders
+      - git checkout $BRANCH
+      - cd TestVectorsAwsCryptographicMaterialProviders/
+      # This works because `node` is installed by default on GHA runners
+      - CORES=$(node -e 'console.log(os.cpus().length)')
+      - make build_java CORES=$CORES
+      - ./runtimes/java/gradlew -p runtimes/java publishMavenLocalPublicationToMavenLocal
+      - cd $CODEBUILD_SRC_DIR
   build:
     commands:
+      # Assume Role to access non-prod resources
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Java-Role-us-west-2" --role-session-name "CB-TestVectorResources")
+      - export TMP_ROLE
+      - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
+      - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
+      - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
+      - aws sts get-caller-identity
+
       - VERSION_HASH="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$CODEBUILD_RESOLVED_SOURCE_VERSION"
 #      See https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-env-vars.html
       - echo "Setting version in POM to $VERSION_HASH"
+5 −0		.github/CODEOWNERS
+4 −0		.github/PULL_REQUEST_TEMPLATE.md
+1 −1		.github/workflows/ci_static-analysis.yaml
+7 −1		.gitignore
+2 −0		.prettierignore
+91 −0		README.md
+1 −1		changes/2020-05-13_remove-keyring-trace/change.md
+8 −8		changes/2020-06-09_wrapping-key-identifiers/change.md
+0 −0		changes/2020-07-01_aws-kms-keyring-redesign/background.md
+3 −3		changes/2020-07-01_aws-kms-keyring-redesign/change.md
+301 −0		changes/2022-06-19_seperate_material_providers/background.md
+130 −0		changes/2022-06-19_seperate_material_providers/change.md
+441 −0		changes/2022-11-14_encryption_context_on_decrypt/background.md
+259 −0		changes/2022-11-14_encryption_context_on_decrypt/encryption_context_use_cases.md
+360 −0		changes/2022-11-14_encryption_context_on_decrypt/proposal.md
+217 −0		changes/2023-06-19_thread_safe_cache/background.md
+196 −0		changes/2023-06-19_thread_safe_cache/change.md
+286 −0		changes/2023_7_12_update-keystore-structure/background.md
+150 −0		changes/2023_7_12_update-keystore-structure/proposal.md
+1 −1		ci/prettify.sh
+100 −0		client-apis/client.md
+58 −9		client-apis/decrypt.md
+94 −31		client-apis/encrypt.md
+0 −178		compliance/framework/aws-kms/aws-kms-key-arn.txt
+0 −79		compliance/framework/aws-kms/aws-kms-key-arn/2.5.toml
+0 −47		compliance/framework/aws-kms/aws-kms-key-arn/2.8.toml
+0 −52		compliance/framework/aws-kms/aws-kms-key-arn/2.9.toml
+0 −123		compliance/framework/aws-kms/aws-kms-mrk-are-unique.txt
+0 −48		compliance/framework/aws-kms/aws-kms-mrk-are-unique/2.5.toml
+0 −233		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider.txt
+0 −14		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider/2.5.toml
+0 −102		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider/2.6.toml
+0 −182		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider/2.7.toml
+0 −50		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider/2.8.toml
+0 −106		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key-provider/2.9.toml
+0 −225		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key.txt
+0 −81		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key/2.10.toml
+0 −63		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key/2.11.toml
+0 −14		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key/2.5.toml
+0 −64		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key/2.6.toml
+0 −12		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key/2.7.toml
+0 −12		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key/2.8.toml
+0 −179		compliance/framework/aws-kms/aws-kms-mrk-aware-master-key/2.9.toml
+0 −194		compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt
+0 −98		compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings/2.5.toml
+0 −163		compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings/2.6.toml
+0 −311		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-keyring.txt
+0 −14		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-keyring/2.5.toml
+0 −42		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-keyring/2.6.toml
+0 −258		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-keyring/2.7.toml
+0 −217		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-keyring/2.8.toml
+0 −212		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-region-discovery-keyring.txt
+0 −14		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-region-discovery-keyring/2.5.toml
+0 −61		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-region-discovery-keyring/2.6.toml
+0 −12		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-region-discovery-keyring/2.7.toml
+0 −258		compliance/framework/aws-kms/aws-kms-mrk-aware-symmetric-region-discovery-keyring/2.8.toml
+0 −110		compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt.txt
+0 −48		compliance/framework/aws-kms/aws-kms-mrk-match-for-decrypt/2.5.toml
+1 −3		data-format/message-body.md
+68 −46		data-format/message-header.md
+4 −1		data-format/message.md
+44 −0		framework/README.md
+449 −89		framework/algorithm-suites.md
+112 −0		framework/aws-kms/aws-kms-discovery-keyring.md
+403 −0		framework/aws-kms/aws-kms-hierarchical-keyring.md
+166 −0		framework/aws-kms/aws-kms-keyring.md
+20 −20		framework/aws-kms/aws-kms-mrk-discovery-keyring.md
+36 −36		framework/aws-kms/aws-kms-mrk-keyring.md
+1 −1		framework/aws-kms/aws-kms-mrk-match-for-decrypt.md
+29 −30		framework/aws-kms/aws-kms-mrk-multi-keyrings.md
+109 −0		framework/aws-kms/aws-kms-multi-keyrings.md
+267 −0		framework/aws-kms/aws-kms-rsa-keyring.md
+621 −0		framework/branch-key-store.md
+3 −4		framework/caching-cmm.md
+57 −8		framework/cmm-interface.md
+110 −0		framework/commitment-policy.md
+91 −13		framework/cryptographic-materials-cache.md
+48 −25		framework/default-cmm.md
+41 −24		framework/keyring-interface.md
+0 −395		framework/kms-keyring.md
+10 −16		framework/local-cryptographic-materials-cache.md
+9 −12		framework/multi-keyring.md
+35 −24		framework/raw-aes-keyring.md
+6 −6		framework/raw-rsa-keyring.md
+104 −0		framework/required-encryption-context-cmm.md
+162 −0		framework/storm-tracking-cryptographic-materials-cache.md
+239 −8		framework/structures.md
+38 −0		framework/synchronized-local-cryptographic-materials-cache.md
+113 −0		framework/transitive-requirements.md
+68 −0		proposals/2022-10-27_rsa-keyring-v2/proposal.md
+20 −12		util/extract.js
+1 −1		util/report.js
+17 −0		util/specification_extract.sh