chore(rust): release 1.2.1

Author: ajewellamz

DynamoDbEncryption/runtimes/rust/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "aws-db-esdk"
-version = "1.2.0"
+version = "1.2.1"
 edition = "2021"
-rust-version = "1.86.0"
+rust-version = "1.88.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,21 +16,21 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.8.5"
-aws-lc-rs = {version = "1.13.3"}
-aws-lc-sys = { version = "0.30", optional = true }
+aws-config = "1.8.10"
+aws-lc-rs = {version = "1.15.0"}
+aws-lc-sys = { version = "0.33", optional = true }
 aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.90.0"
-aws-sdk-kms = "1.84.0"
-aws-smithy-runtime-api = {version = "1.9.0", features = ["client"] }
-aws-smithy-types = "1.3.2"
-chrono = "0.4.41"
+aws-sdk-dynamodb = "1.99.0"
+aws-sdk-kms = "1.94.0"
+aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
+aws-smithy-types = "1.3.4"
+chrono = "0.4.42"
 cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"] }
 dashmap = "6.1.0"
-pem = "3.0.5"
-tokio = {version = "1.47.1", features = ["full"] }
-uuid = { version = "1.18.0", features = ["v4"] }
+pem = "3.0.6"
+tokio = {version = "1.48.0", features = ["full"] }
+uuid = { version = "1.18.1", features = ["v4"] }
 
 [[example]]
 name = "main"

DynamoDbEncryption/runtimes/rust/src/lib.rs

@@ -129,6 +129,7 @@ pub(crate) use crate::implementation_from_dafny::ECDH;
 pub(crate) use crate::implementation_from_dafny::HMAC;
 pub(crate) use crate::implementation_from_dafny::UTF8;
 pub(crate) use crate::implementation_from_dafny::UUID;
+pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
 
 pub(crate) mod conversions;
 pub(crate) mod deps;

TestVectors/runtimes/rust/Cargo.toml

@@ -2,26 +2,26 @@
 name = "aws-db-esdk-test-vectors"
 version = "0.1.0"
 edition = "2021"
-rust-version = "1.86.0"
+rust-version = "1.88.0"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.8.5"
-aws-lc-rs = {version = "1.13.3"}
-aws-lc-sys = { version = "0.30", optional = true }
+aws-config = "1.8.10"
+aws-lc-rs = {version = "1.15.0"}
+aws-lc-sys = { version = "0.33", optional = true }
 aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.90.0"
-aws-sdk-kms = "1.84.0"
-aws-smithy-runtime-api = {version = "1.9.0", features = ["client"] }
-aws-smithy-types = "1.3.2"
-chrono = "0.4.41"
+aws-sdk-dynamodb = "1.99.0"
+aws-sdk-kms = "1.94.0"
+aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
+aws-smithy-types = "1.3.4"
+chrono = "0.4.42"
 cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"] }
 dashmap = "6.1.0"
-pem = "3.0.5"
-tokio = {version = "1.47.1", features = ["full"] }
-uuid = { version = "1.18.0", features = ["v4"] }
+pem = "3.0.6"
+tokio = {version = "1.48.0", features = ["full"] }
+uuid = { version = "1.18.1", features = ["v4"] }
 
 [features]
 wrapped-client = []

TestVectors/runtimes/rust/src/lib.rs

@@ -50,6 +50,7 @@ pub(crate) use crate::implementation_from_dafny::ECDH;
 pub(crate) use crate::implementation_from_dafny::HMAC;
 pub(crate) use crate::implementation_from_dafny::UTF8;
 pub(crate) use crate::implementation_from_dafny::UUID;
+pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
 
 pub mod aes_gcm;
 pub mod aes_kdf_ctr;

releases/rust/db_esdk/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "aws-db-esdk"
-version = "1.2.0"
+version = "1.2.1"
 edition = "2021"
-rust-version = "1.86.0"
+rust-version = "1.88.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,20 +16,20 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.8.5"
-aws-lc-rs = {version = "1.13.3"}
-aws-lc-sys = { version = "0.30", optional = true }
+aws-config = "1.8.10"
+aws-lc-rs = {version = "1.15.0"}
+aws-lc-sys = { version = "0.33", optional = true }
 aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.90.0"
-aws-sdk-kms = "1.84.0"
-aws-smithy-runtime-api = {version = "1.9.0", features = ["client"] }
-aws-smithy-types = "1.3.2"
-chrono = "0.4.41"
+aws-sdk-dynamodb = "1.99.0"
+aws-sdk-kms = "1.94.0"
+aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
+aws-smithy-types = "1.3.4"
+chrono = "0.4.42"
 cpu-time = "1.0.0"
 dashmap = "6.1.0"
-pem = "3.0.5"
-tokio = {version = "1.47.1", features = ["full"] }
-uuid = { version = "1.18.0", features = ["v4"] }
+pem = "3.0.6"
+tokio = {version = "1.48.0", features = ["full"] }
+uuid = { version = "1.18.1", features = ["v4"] }
 dafny-runtime = { version = "0.3.1", features = ["sync", "small-int"] }
 
 [[example]]

releases/rust/db_esdk/examples/main.rs

@@ -11,6 +11,7 @@ pub mod create_keystore_key;
 pub mod get_encrypted_data_key_description;
 pub mod itemencryptor;
 pub mod keyring;
+pub mod migration;
 pub mod multi_get_put_example;
 pub mod searchableencryption;
 pub mod test_utils;

releases/rust/db_esdk/examples/test_utils.rs

@@ -44,3 +44,32 @@ pub const TEST_BRANCH_KEY_WRAPPING_KMS_KEY_ARN: &str =
 // Our tests require access to DDB Table with this name configured as a branch keystore
 pub const TEST_BRANCH_KEYSTORE_DDB_TABLE_NAME: &str = "KeyStoreDdbTable";
 pub const TEST_COMPLEX_DDB_TABLE_NAME: &str = "ComplexBeaconTestTable";
+
+// Helper method to clean up test items
+pub async fn cleanup_items(
+    table_name: &str,
+    partition_key_value: &str,
+    sort_key_value: &str,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
+    let ddb = aws_sdk_dynamodb::Client::new(&sdk_config);
+
+    let key = std::collections::HashMap::from([
+        (
+            "partition_key".to_string(),
+            aws_sdk_dynamodb::types::AttributeValue::S(partition_key_value.to_string()),
+        ),
+        (
+            "sort_key".to_string(),
+            aws_sdk_dynamodb::types::AttributeValue::N(sort_key_value.to_string()),
+        ),
+    ]);
+
+    ddb.delete_item()
+        .table_name(table_name)
+        .set_key(Some(key))
+        .send()
+        .await?;
+
+    Ok(())
+}

releases/rust/db_esdk/src/concurrent_call.rs

@@ -10,23 +10,23 @@
 pub mod ConcurrentCall {
 
     fn de_const(
-        p: *const dafny_runtime::Object<(dyn Callee + 'static)>,
-    ) -> *mut dafny_runtime::Object<(dyn Callee + 'static)> {
+        p: *const dafny_runtime::Object<dyn Callee + 'static>,
+    ) -> *mut dafny_runtime::Object<dyn Callee + 'static> {
         p as _
     }
 
     pub struct FakeCallee {
-        callee: *const dafny_runtime::Object<(dyn Callee + 'static)>,
+        callee: *const dafny_runtime::Object<dyn Callee + 'static>,
     }
     impl FakeCallee {
-        fn new(callee: &dafny_runtime::Object<(dyn Callee + 'static)>) -> Self {
+        fn new(callee: &dafny_runtime::Object<dyn Callee + 'static>) -> Self {
             Self {
                 callee: std::ptr::from_ref(callee),
             }
         }
         fn call(&self, x: u32, y: u32) {
             let mptr = de_const(self.callee);
-            let value: &mut dafny_runtime::Object<(dyn Callee + 'static)> = unsafe { &mut *mptr };
+            let value: &mut dafny_runtime::Object<dyn Callee + 'static> = unsafe { &mut *mptr };
             value.as_mut().call(x, y);
         }
     }
@@ -37,7 +37,7 @@ pub mod ConcurrentCall {
     use crate::ConcurrentCall::Callee;
     impl _default {
         pub fn ConcurrentCall(
-            callee: &dafny_runtime::Object<(dyn Callee + 'static)>,
+            callee: &dafny_runtime::Object<dyn Callee + 'static>,
             serial_iters: u32,
             concurrent_iters: u32,
         ) {

releases/rust/db_esdk/src/ecdh.rs

@@ -442,7 +442,7 @@ pub mod ECDH {
                 &public_key,
             );
             let shared: Vec<u8> =
-                aws_lc_rs::agreement::agree(&private_key, &public_key, "foo", |x| Ok(x.to_vec()))
+                aws_lc_rs::agreement::agree(&private_key, public_key, "foo", |x| Ok(x.to_vec()))
                     .map_err(|_e| "Failure in aws_lc_rs::agreement::agree.".to_string())?;
             Ok(shared)
         }

releases/rust/db_esdk/src/kms.rs

@@ -5,9 +5,8 @@
 #![deny(nonstandard_style)]
 #![deny(clippy::all)]
 
-use aws_config::Region;
+use aws_config::{AppName, Region, SdkConfig};
 use std::sync::LazyLock;
-
 static DAFNY_TOKIO_RUNTIME: LazyLock<tokio::runtime::Runtime> = LazyLock::new(|| {
     tokio::runtime::Builder::new_multi_thread()
         .enable_all()
@@ -17,12 +16,7 @@ static DAFNY_TOKIO_RUNTIME: LazyLock<tokio::runtime::Runtime> = LazyLock::new(||
 
 impl crate::r#software::amazon::cryptography::services::kms::internaldafny::_default {
     #[allow(non_snake_case)]
-    pub fn KMSClientForRegion(region: &::dafny_runtime::Sequence<::dafny_runtime::DafnyCharUTF16>) -> ::dafny_runtime::Rc<crate::r#_Wrappers_Compile::Result<::dafny_runtime::Object<dyn crate::software::amazon::cryptography::services::kms::internaldafny::types::IKMSClient>, ::dafny_runtime::Rc<crate::software::amazon::cryptography::services::kms::internaldafny::types::Error>>>{
-        let region =
-            dafny_runtime::dafny_runtime_conversions::unicode_chars_false::dafny_string_to_string(
-                region,
-            );
-
+    fn CreateSdkConfig() -> SdkConfig {
         let shared_config = match tokio::runtime::Handle::try_current() {
             Ok(curr) => tokio::task::block_in_place(|| {
                 curr.block_on(async {
@@ -34,12 +28,23 @@ impl crate::r#software::amazon::cryptography::services::kms::internaldafny::_def
             )),
         };
 
+        Self::AddUserAgentStringToConfig(&shared_config)
+    }
+
+    #[allow(non_snake_case)]
+    pub fn KMSClientForRegion(region: &::dafny_runtime::Sequence<::dafny_runtime::DafnyCharUTF16>) -> ::dafny_runtime::Rc<crate::r#_Wrappers_Compile::Result<::dafny_runtime::Object<dyn crate::software::amazon::cryptography::services::kms::internaldafny::types::IKMSClient>, ::dafny_runtime::Rc<crate::software::amazon::cryptography::services::kms::internaldafny::types::Error>>>{
+        let region =
+            dafny_runtime::dafny_runtime_conversions::unicode_chars_false::dafny_string_to_string(
+                region,
+            );
+
+        let shared_config = &Self::CreateSdkConfig();
         let shared_config = shared_config
             .to_builder()
             .region(Region::new(region))
             .build();
         let inner = aws_sdk_kms::Client::new(&shared_config);
-        let client = crate::deps::com_amazonaws_kms::client::Client { inner };
+        let client = crate::KmsClient { inner };
         let dafny_client = ::dafny_runtime::upcast_object()(::dafny_runtime::object::new(client));
         dafny_runtime::Rc::new(crate::r#_Wrappers_Compile::Result::Success {
             value: dafny_client,
@@ -48,25 +53,41 @@ impl crate::r#software::amazon::cryptography::services::kms::internaldafny::_def
 
     #[allow(non_snake_case)]
     pub fn KMSClient() -> ::dafny_runtime::Rc<crate::r#_Wrappers_Compile::Result<::dafny_runtime::Object<dyn crate::software::amazon::cryptography::services::kms::internaldafny::types::IKMSClient>, ::dafny_runtime::Rc<crate::software::amazon::cryptography::services::kms::internaldafny::types::Error>>>{
-        let shared_config = match tokio::runtime::Handle::try_current() {
-            Ok(curr) => tokio::task::block_in_place(|| {
-                curr.block_on(async {
-                    aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await
-                })
-            }),
-            Err(_) => DAFNY_TOKIO_RUNTIME.block_on(aws_config::load_defaults(
-                aws_config::BehaviorVersion::latest(),
-            )),
-        };
-
-        let inner = aws_sdk_kms::Client::new(&shared_config);
-        let client = crate::deps::com_amazonaws_kms::client::Client { inner };
+        let shared_config = &Self::CreateSdkConfig();
+        let inner = aws_sdk_kms::Client::new(shared_config);
+        let client = crate::KmsClient { inner };
         let dafny_client = ::dafny_runtime::upcast_object()(::dafny_runtime::object::new(client));
         dafny_runtime::Rc::new(crate::r#_Wrappers_Compile::Result::Success {
             value: dafny_client,
         })
     }
 
+    #[allow(non_snake_case)]
+    fn AddUserAgentStringToConfig(sdkConfig: &SdkConfig) -> SdkConfig {
+        let runtime = "Rust".to_string();
+        let runtime_msg =
+            dafny_runtime::dafny_runtime_conversions::unicode_chars_false::string_to_dafny_string(
+                &runtime,
+            );
+        // sadly rust doesn't allow for '/' in the app name which the dafny function adds
+        // so we will replace '/' with '-' which is allowed
+        let user_agent_string = dafny_runtime::dafny_runtime_conversions::unicode_chars_false::dafny_string_to_string(
+            &crate::software::amazon::cryptography::services::kms::internaldafny::_default::DafnyUserAgentSuffix(&runtime_msg)
+        );
+        let replaced_user_agent_string = user_agent_string.replace("/", "-");
+        // To update the user agent string we take the application name and update it.
+        let current_app_name = sdkConfig
+            .app_name()
+            .map(|app_name| app_name.to_string())
+            .unwrap_or_default();
+        let new_app_name = if current_app_name.is_empty() {
+            replaced_user_agent_string.to_string()
+        } else {
+            format!("{} {} ", current_app_name, replaced_user_agent_string)
+        };
+        let app_name = AppName::new(new_app_name).expect("Valid app name");
+        sdkConfig.to_builder().app_name(app_name).build()
+    }
     #[allow(non_snake_case)]
     pub fn RegionMatch(
         kmsClient: &::dafny_runtime::Object<dyn crate::software::amazon::cryptography::services::kms::internaldafny::types::IKMSClient>,
@@ -77,8 +98,7 @@ impl crate::r#software::amazon::cryptography::services::kms::internaldafny::_def
                 region,
             );
         let any = dafny_runtime::cast_any_object!(kmsClient);
-        let client =
-            dafny_runtime::cast_object!(any, crate::deps::com_amazonaws_kms::client::Client);
+        let client = dafny_runtime::cast_object!(any, crate::KmsClient);
         let flag = match client.as_ref().inner.config().region() {
             Some(r) => r.as_ref() == region,
             None => false,