aws_esdk/lib.rs
1// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
2// SPDX-License-Identifier: Apache-2.0
3
4//! The AWS Encryption SDK enables secure client-side encryption.
5//!
6//! Running `cargo test --examples` for this library runs these example keyrings.
7//!
8//! For details see the [Examples](https://github.com/aws/aws-encryption-sdk-dafny/tree/mainline/releases/rust/esdk/examples)
9//! or the [Developer Guide](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/introduction.html)
10//!
11//! One of the most common keyrings that you can use is the AWS KMS Keyring.
12//! The AWS KMS keyring uses symmetric encryption KMS keys to generate, encrypt and
13//! decrypt data keys. You provide the KMS Key and KMS client configuration while
14//! providing the keyring.
15//!
16//! [See full example](https://github.com/aws/aws-encryption-sdk-dafny/blob/mainline/releases/rust/esdk/examples/keyring/aws_kms_keyring_example.rs)
17//!
18//! ```text
19//! // Initialize ESDK client and MPL client
20//! let esdk_config = AwsEncryptionSdkConfig::builder().build()?;
21//! let esdk_client = esdk_client::Client::from_conf(esdk_config)?;
22//!
23//! let mpl_config = MaterialProvidersConfig::builder().build()?;
24//! let mpl = mpl_client::Client::from_conf(mpl_config)?;
25//!
26//! // Create KMS Keyring
27//! let kms_keyring = mpl
28//! .create_aws_kms_keyring()
29//! // your configuration here
30//! .send()
31//! .await?;
32//!
33//! // Encrypt
34//! let encryption_response = esdk_client.encrypt()
35//! .plaintext(plaintext)
36//! .keyring(kms_keyring)
37//! .encryption_context(encryption_context)
38//! .send()
39//! .await?;
40//!
41//! let ciphertext = encryption_response
42//! .ciphertext
43//! .expect("Unable to unwrap ciphertext from encryption response");
44//!
45//! // Decrypt
46//! let decryption_response = esdk_client.decrypt()
47//! .ciphertext(ciphertext)
48//! .keyring(kms_keyring)
49//! .encryption_context(encryption_context)
50//! .send()
51//! .await?;
52//!
53//! let decrypted_plaintext = decryption_response
54//! .plaintext
55//! .expect("Unable to unwrap plaintext from decryption response");
56//!
57//! // Demonstrate that the decrypted plaintext is identical to the original plaintext.
58//! // (This is an example for demonstration; you do not need to do this in your own code.)
59//! assert_eq!(decrypted_plaintext, aws_smithy_types::Blob::new(plaintext),
60//! "Decrypted plaintext should be identical to the original plaintext. Invalid decryption");
61//!
62//! ```
63
64#![allow(warnings, unconditional_panic)]
65#![allow(nonstandard_style)]
66#![allow(clippy::never_loop)]
67#![allow(clippy::absurd_extreme_comparisons)]
68
69/// Client for using encrypt and decrypt operations
70pub mod client;
71/// Errors and error handling utilities.
72pub mod error;
73/// All operations that this crate can perform.
74pub mod operation;
75/// Types for the transform client.
76pub mod types;
77
78#[cfg(feature = "fips")]
79use aws_lc_fips_sys as aws_lc_sys_impl;
80
81#[cfg(not(feature = "fips"))]
82use aws_lc_sys as aws_lc_sys_impl;
83
84pub use client::Client;
85pub use types::aws_encryption_sdk_config::AwsEncryptionSdkConfig;
86
87/// Branch key support. See [Key Stores](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/keystores.html)
88pub use crate::deps::aws_cryptography_keyStore as key_store;
89/// [Key Rings](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html) and other fundamentals.
90pub use crate::deps::aws_cryptography_materialProviders as material_providers;
91pub use crate::deps::aws_cryptography_primitives;
92/// Rarely needed internal KMS Client, needed for [ClientSupplier](https://github.com/aws/aws-encryption-sdk-dafny/blob/mainline/releases/rust/esdk/examples/client_supplier/regional_role_client_supplier.rs)
93pub use crate::deps::com_amazonaws_kms;
94
95mod standard_library_conversions;
96mod standard_library_externs;
97
98pub(crate) mod implementation_from_dafny;
99pub(crate) use crate::deps::com_amazonaws_dynamodb::client::Client as DdbClient;
100pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
101pub(crate) use crate::implementation_from_dafny::r#_Wrappers_Compile;
102pub(crate) use crate::implementation_from_dafny::software;
103pub(crate) use crate::implementation_from_dafny::AesKdfCtr;
104pub(crate) use crate::implementation_from_dafny::ConcurrentCall;
105pub(crate) use crate::implementation_from_dafny::DafnyLibraries;
106pub(crate) use crate::implementation_from_dafny::ExternDigest;
107pub(crate) use crate::implementation_from_dafny::ExternRandom;
108pub(crate) use crate::implementation_from_dafny::Signature;
109pub(crate) use crate::implementation_from_dafny::Time;
110pub(crate) use crate::implementation_from_dafny::_LocalCMC_Compile;
111pub(crate) use crate::implementation_from_dafny::_StormTracker_Compile;
112pub(crate) use crate::implementation_from_dafny::ECDH;
113pub(crate) use crate::implementation_from_dafny::HMAC;
114pub(crate) use crate::implementation_from_dafny::UTF8;
115pub(crate) use crate::implementation_from_dafny::UUID;
116
117// Import smithy-generated modules
118pub(crate) mod conversions;
119pub(crate) mod deps;
120pub(crate) mod validation;
121
122// Import externs
123pub(crate) mod aes_gcm;
124pub(crate) mod aes_kdf_ctr;
125pub(crate) mod concurrent_call;
126pub(crate) mod dafny_libraries;
127pub(crate) mod ddb;
128pub(crate) mod digest;
129pub(crate) mod ecdh;
130pub(crate) mod ecdsa;
131pub(crate) mod escape;
132pub(crate) mod hmac;
133pub(crate) mod kms;
134pub(crate) mod local_cmc;
135pub(crate) mod oslang;
136pub(crate) mod random;
137pub(crate) mod rsa;
138pub(crate) mod sets;
139pub(crate) mod software_externs;
140pub(crate) mod storm_tracker;
141pub(crate) mod time;
142pub(crate) mod uuid;