Open
Conversation
HatemMn
force-pushed
the
feat/implement_fpe
branch
2 times, most recently
from
aaadd67 to
b855312
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds FF1 format-preserving encryption (FPE) as a KMIP Encrypt/Decrypt algorithm, introduces a non-FIPS /tokenize/{method} anonymization REST API (8 methods), and wires both into ckms and the Web UI with accompanying docs/tests.
Changes:
- Add
CryptographicAlgorithm::FPE_FF1, implement FPE-FF1 crypto module + KMIP routing, and addckms fpecommands with integration tests. - Implement
/tokenize/*anonymization endpoints (non-FIPS) +ckms tokenizecommands, plus Web UI pages and Playwright E2E smoke tests. - Update documentation (MkDocs nav + new anonymization use-case page) and compliance algorithm docs; update changelog entry for the branch.
Reviewed changes
Copilot reviewed 77 out of 79 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| ui/vite.config.ts | Proxy new REST/UI endpoints during local UI dev. |
| ui/tests/e2e/tokenize.spec.ts | Adds Playwright E2E coverage for the 8 anonymization methods. |
| ui/tests/e2e/routes.ts | Registers UI routes for anonymization pages in E2E route list. |
| ui/tests/e2e/README.md | Documents new E2E coverage for anonymization. |
| ui/src/pages/LoginPage.tsx | Switches useAuth import to the new hook module. |
| ui/src/menuItems.tsx | Adds “Anonymize” menu group and hides it in FIPS mode. |
| ui/src/hooks/useAuth.ts | Introduces a standalone useAuth hook. |
| ui/src/contexts/AuthContextDef.tsx | Extracts auth context type + context definition. |
| ui/src/contexts/AuthContext.tsx | Refactors provider to use shared context definition. |
| ui/src/components/layout/MainLayout.tsx | Minor layout tweak for alert spacing. |
| ui/src/actions/Tokenize/TokenizeHash.tsx | UI form calling /tokenize/hash. |
| ui/src/actions/Tokenize/TokenizeNoise.tsx | UI form calling /tokenize/noise. |
| ui/src/actions/Tokenize/TokenizeWordMask.tsx | UI form calling /tokenize/word-mask. |
| ui/src/actions/Tokenize/TokenizeWordTokenize.tsx | UI form calling /tokenize/word-tokenize. |
| ui/src/actions/Tokenize/TokenizeWordPatternMask.tsx | UI form calling /tokenize/word-pattern-mask. |
| ui/src/actions/Tokenize/TokenizeAggregateNumber.tsx | UI form calling /tokenize/aggregate-number. |
| ui/src/actions/Tokenize/TokenizeAggregateDate.tsx | UI form calling /tokenize/aggregate-date. |
| ui/src/actions/Tokenize/TokenizeScaleNumber.tsx | UI form calling /tokenize/scale-number. |
| ui/src/App.tsx | Adds routes for anonymization pages; updates auth hook import usage. |
| documentation/mkdocs.yml | Adds anonymization page to MkDocs navigation under Use cases. |
| documentation/docs/use_cases/anonymization.md | New user documentation for /tokenize/{method}. |
| documentation/docs/certifications_and_compliance/cryptographic_algorithms/algorithms.md | Adds FPE-FF1 to supported algorithms table + detail section. |
| deny.toml | Adds advisory ignore entry and minor formatting adjustment. |
| crate/server/src/start_kms_server.rs | Registers /tokenize scope (non-FIPS) and UI auth routing allowances. |
| crate/server/src/routes/tokenize/mod.rs | Implements the 8 /tokenize/* Actix handlers. |
| crate/server/src/routes/mod.rs | Exposes routes::tokenize behind non-fips. |
| crate/server/src/core/operations/encrypt.rs | Routes KMIP Encrypt to FPE-FF1 in non-FIPS builds. |
| crate/server/src/core/operations/decrypt.rs | Routes KMIP Decrypt to FPE-FF1 in non-FIPS builds. |
| crate/server/src/core/kms/other_kms_methods.rs | Allows creating FPE-FF1-tagged symmetric keys. |
| crate/server/Cargo.toml | Adds cosmian_kms_crypto dependency and exposes it under non-fips. |
| crate/kmip/src/kmip_2_1/kmip_types.rs | Adds FPE_FF1 to KMIP CryptographicAlgorithm. |
| crate/crypto/src/crypto/mod.rs | Adds anonymization and fpe modules under non-fips. |
| crate/crypto/src/crypto/fpe/mod.rs | Declares the FPE module surface (alphabet/int/float/KMIP glue). |
| crate/crypto/src/crypto/fpe/kmip_fpe.rs | Implements KMIP-facing FPE encrypt/decrypt wrapper handling metadata. |
| crate/crypto/src/crypto/fpe/integer.rs | Implements FF1 integer mode helper type. |
| crate/crypto/src/crypto/fpe/float.rs | Implements FF1 float mode helper type. |
| crate/crypto/src/crypto/fpe/error.rs | Defines FPE-specific error type. |
| crate/crypto/src/crypto/fpe/tests.rs | Adds FPE module unit tests (non-FIPS). |
| crate/crypto/src/crypto/anonymization/mod.rs | Exposes anonymization primitives (hash/noise/word/number/date). |
| crate/crypto/src/crypto/anonymization/hash.rs | Implements SHA2/SHA3/Argon2 hashing helper. |
| crate/crypto/src/crypto/anonymization/noise.rs | Implements Gaussian/Laplace/Uniform noise generation utilities. |
| crate/crypto/src/crypto/anonymization/word.rs | Implements word masking/tokenization/pattern masking. |
| crate/crypto/src/crypto/anonymization/number.rs | Implements number/date aggregation and number scaling. |
| crate/crypto/src/crypto/anonymization/date_helper.rs | Implements time unit parsing + RFC3339 conversion helper. |
| crate/crypto/src/crypto/anonymization/error.rs | Defines anonymization error type. |
| crate/crypto/src/crypto/anonymization/tests.rs | Adds anonymization unit tests (non-FIPS). |
| crate/crypto/Cargo.toml | Adds non-FIPS-only dependencies required for FPE/anonymization. |
| crate/clients/client/src/kms_rest_client.rs | Adds tokenize() helper to call /tokenize/{method} (non-FIPS). |
| crate/clients/clap/src/tests/tokenize.rs | Adds integration tests for ckms tokenize against a test server. |
| crate/clients/clap/src/tests/fpe.rs | Adds integration tests for ckms fpe roundtrips. |
| crate/clients/clap/src/tests/mod.rs | Registers new non-FIPS test modules. |
| crate/clients/clap/src/actions/tokenize/mod.rs | Adds ckms tokenize subcommands and shared request/response types. |
| crate/clients/clap/src/actions/tokenize/hash.rs | Implements ckms tokenize hash. |
| crate/clients/clap/src/actions/tokenize/noise.rs | Implements ckms tokenize noise. |
| crate/clients/clap/src/actions/tokenize/word_mask.rs | Implements ckms tokenize word-mask. |
| crate/clients/clap/src/actions/tokenize/word_tokenize.rs | Implements ckms tokenize word-tokenize. |
| crate/clients/clap/src/actions/tokenize/word_pattern_mask.rs | Implements ckms tokenize word-pattern-mask. |
| crate/clients/clap/src/actions/tokenize/aggregate_number.rs | Implements ckms tokenize aggregate-number. |
| crate/clients/clap/src/actions/tokenize/aggregate_date.rs | Implements ckms tokenize aggregate-date. |
| crate/clients/clap/src/actions/tokenize/scale_number.rs | Implements ckms tokenize scale-number. |
| crate/clients/clap/src/actions/fpe/mod.rs | Adds ckms fpe command group + shared argument handling. |
| crate/clients/clap/src/actions/fpe/encrypt.rs | Implements ckms fpe encrypt (KMIP Encrypt with FPE_FF1). |
| crate/clients/clap/src/actions/fpe/decrypt.rs | Implements ckms fpe decrypt (KMIP Decrypt with FPE_FF1). |
| crate/clients/clap/src/actions/fpe/keys/mod.rs | Adds ckms fpe keys group. |
| crate/clients/clap/src/actions/fpe/keys/create_key.rs | Implements ckms fpe keys create. |
| crate/clients/clap/src/actions/mod.rs | Registers new fpe and tokenize action modules (non-FIPS). |
| crate/clients/clap/src/actions/kms_actions.rs | Wires new top-level ckms fpe and ckms tokenize commands. |
| cli_documentation/docs/usage.md | Mentions new ckms fpe commands in usage docs. |
| cli_documentation/docs/cli/main_commands.md | Adds a dedicated “FPE Commands” section. |
| README.md | Mentions FF1 FPE support and updates link to supported algorithms doc. |
| Cargo.toml | Adds workspace-level deps used by the imported crypto modules. |
| CHANGELOG/feature_fpe-kmip.md | Adds branch changelog entry for FPE + anonymization + UI tests. |
| AGENTS.md | Updates agent instruction doc formatting/content (includes new text). |
| .vscode/settings.json | Removes committed VS Code workspace settings. |
| .gitignore | Adds ignore entry (and duplicates an existing one). |
Comment on lines
+1
to
+2
| import { ReactNode, useState } from "react"; | ||
| import { AuthContext } from "./AuthContextDef"; |
There was a problem hiding this comment.
AuthContext.tsx no longer exports useAuth, but many UI components import useAuth from ../../contexts/AuthContext. As-is, this will break the UI build. Either re-export useAuth from this module (e.g., re-export the hook from ui/src/hooks/useAuth.ts) for backward compatibility, or update all call sites to import from the new hook location.
feat: imported review and decluttered FPE code fix: fixed all clippy issues + small refactor fix: scray scrypto error feat: add the rest feat: interg tests feat: update according to requirements feat: import reviewed code feat: delete usless error macro fix: ignore feat: monolithic tokenize file feat: divide monolith file to multiple files feat: rest of the module fix:gfodhfkfhjkdfhd fix: fix clippy feat:missiing test chore:debloat stupid comments feat: agent fix and ano docs feat: format huoyhuiop feat: restayure
HatemMn
force-pushed
the
feat/implement_fpe
branch
from
ff3278b to
ee222b2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related work :
Before they were added to the KMS, a "preparatory" review and code reduction was made to not import non needed chunks and especially to curate some possible bugs/attack surfaces on the legacy code (you can read them for more info)
Edit : Latest commit (anonym review) : Cosmian/cloudproof_rust@dd58e74
Overview
This PR follows and Closes #869 . The issue is quite clear, no more description is needed here
For info, any "uneeded" code from cloudproof was (obviously) not imported to the KMS. Also, some huge monolithic files were stripped to multiple files to adhere to the KMS coding habits.
The UI was only made for anonymization (tokenize)
Updates out of scope of the main issue
Note the claude.md (if you use that) can be created as symlink to the agents.md
Acceptance criteria
CryptographicAlgorithm::FPE_FF1added to KMIP typescrate/crypto/src/crypto/fpe/module implemented and testedEncrypt/DecryptKMIP operations route FPE-FF1 correctlyckms fpe keys create,ckms fpe encrypt,ckms fpe decryptcommands work end-to-end/tokenizeendpoint implemented for all 8 anonymization methodsckms tokenizeCLI updated / verifiedalgorithms.mdupdated with FPE-FF1 row + detail sectiondocumentation/docs/use_cases/anonymization.mdcreatedckms fpe encrypt+ckms fpe decryptroundtrip