chore(rust): prepare rust 1.1.0 release (#782)

Author: ajewellamz

AwsEncryptionSDK/runtimes/rust/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "aws-esdk"
-version = "1.0.0"
+version = "1.1.0"
 edition = "2021"
 rust-version = "1.81.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
@@ -17,8 +17,8 @@ readme = "README.md"
 
 [dependencies]
 aws-config = "1.6.2"
-aws-lc-rs = "=1.13.0"
-aws-lc-sys = "=0.28.2"
+aws-lc-rs = "=1.13.1"
+aws-lc-sys = "=0.29.0"
 aws-sdk-dynamodb = "1.73.0"
 aws-sdk-kms = "1.67.0"
 aws-smithy-runtime-api = {version = "1.8.0", features = ["client"] }

AwsEncryptionSDK/runtimes/rust/start_release.sh

@@ -65,7 +65,7 @@ cargo clippy --example main
 
 # replace local path with latest dafny-runtime from crates.io
 cargo rm dafny_runtime
-cargo add dafny-runtime -F sync
+cargo add dafny-runtime -F sync -F small-int
 
 # Run cargo test and example tests
 cargo test --release

TestVectors/runtimes/rust/Cargo.toml

@@ -15,8 +15,8 @@ wrapped-client = []
 
 [dependencies]
 aws-config = "1.6.2"
-aws-lc-rs = "=1.13.0"
-aws-lc-sys = "=0.28.2"
+aws-lc-rs = "=1.13.1"
+aws-lc-sys = "=0.29.0"
 aws-sdk-dynamodb = "1.73.0"
 aws-sdk-kms = "1.67.0"
 aws-smithy-runtime-api = {version = "1.8.0", features = ["client"] }

releases/rust/esdk/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "aws-esdk"
-version = "1.0.0"
+version = "1.1.0"
 edition = "2021"
 rust-version = "1.81.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
@@ -16,21 +16,21 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.5.15"
-aws-lc-rs = "=1.12.2"
-aws-lc-sys = "=0.25.1"
-aws-sdk-dynamodb = "1.62.0"
-aws-sdk-kms = "1.57.0"
-aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
-aws-smithy-types = "1.2.12"
-chrono = "0.4.39"
+aws-config = "1.6.2"
+aws-lc-rs = "=1.13.1"
+aws-lc-sys = "=0.29.0"
+aws-sdk-dynamodb = "1.73.0"
+aws-sdk-kms = "1.67.0"
+aws-smithy-runtime-api = {version = "1.8.0", features = ["client"] }
+aws-smithy-types = "1.3.1"
+chrono = "0.4.41"
 cpu-time = "1.0.0"
-dafny-runtime = { version = "0.2.0", features = ["sync"] }
+dafny-runtime = { version = "0.3.0", features = ["sync", "small-int"] }
 dashmap = "6.1.0"
-pem = "3.0.4"
-rand = "0.9.0"
-tokio = {version = "1.43.0", features = ["full"] }
-uuid = { version = "1.12.1", features = ["v4"] }
+pem = "3.0.5"
+rand = "0.9.1"
+tokio = {version = "1.45.0", features = ["full"] }
+uuid = { version = "1.16.0", features = ["v4"] }
 
 [[example]]
 name = "main"

releases/rust/esdk/examples/README.md

@@ -7,9 +7,9 @@ and how to set up some common configuration patterns.
 
 ## APIs
 
-The AWS Encryption SDK provides two high-level APIs:
-one-step APIs that process the entire operation in memory
-and streaming APIs.
+The AWS Encryption SDK provides a high-level,
+one-step API that processes encryption
+and decryption operations entirely in memory.
 
 You can find examples that demonstrate these APIs
 in the [`examples/`](./) directory.
@@ -48,6 +48,7 @@ We start with AWS KMS examples, then show how to use other wrapping keys.
 
 Keyrings are the most common way for you to configure the AWS Encryption SDK.
 They determine how the AWS Encryption SDK protects your data.
+For more information about keyrings, see the [AWS Developer Guide on using Keyrings](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/choose-keyring.html).
 You can find these examples in [`examples/keyring`](./keyring).
 
 ### Cryptographic Materials Managers
@@ -61,6 +62,7 @@ This can include things like
 enforcing the use of certain algorithm suites or encryption context settings,
 reusing data keys across messages,
 or changing how you interact with keyrings.
+For more information about cryptographic materials managers, see the [AWS Developer Guide on cryptographic materials managers](https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/concepts.html#crypt-materials-manager).
 You can find these examples in
 [`examples/cryptographic_materials_manager`](./cryptographic_materials_manager).
 

releases/rust/esdk/examples/client_supplier/regional_role_client_supplier.rs

@@ -45,7 +45,7 @@ impl ClientSupplier for RegionalRoleClientSupplier {
 
         let sdk_config = tokio::task::block_in_place(|| {
             tokio::runtime::Handle::current().block_on(async {
-                aws_config::load_defaults(aws_config::BehaviorVersion::v2024_03_28()).await
+                aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await
             })
         });
         let kms_config = aws_sdk_kms::config::Builder::from(&sdk_config)

releases/rust/esdk/examples/example_utils/utils.rs

@@ -128,19 +128,19 @@ pub(crate) fn x962_to_x509(public_key: &[u8], nid: i32) -> Result<Vec<u8>, Strin
 
 fn get_nid(x: EcdhCurveSpec) -> i32 {
     match x {
-        EcdhCurveSpec::EccNistP256 {} => aws_lc_sys::NID_X9_62_prime256v1,
-        EcdhCurveSpec::EccNistP384 {} => aws_lc_sys::NID_secp384r1,
-        EcdhCurveSpec::EccNistP521 {} => aws_lc_sys::NID_secp521r1,
-        EcdhCurveSpec::Sm2 {} => panic!("No SM2 in Rust"),
+        EcdhCurveSpec::EccNistP256 => aws_lc_sys::NID_X9_62_prime256v1,
+        EcdhCurveSpec::EccNistP384 => aws_lc_sys::NID_secp384r1,
+        EcdhCurveSpec::EccNistP521 => aws_lc_sys::NID_secp521r1,
+        EcdhCurveSpec::Sm2 => panic!("No SM2 in Rust"),
     }
 }
 
 fn get_alg(x: EcdhCurveSpec) -> &'static aws_lc_rs::agreement::Algorithm {
     match x {
-        EcdhCurveSpec::EccNistP256 {} => &aws_lc_rs::agreement::ECDH_P256,
-        EcdhCurveSpec::EccNistP384 {} => &aws_lc_rs::agreement::ECDH_P384,
-        EcdhCurveSpec::EccNistP521 {} => &aws_lc_rs::agreement::ECDH_P521,
-        EcdhCurveSpec::Sm2 {} => panic!("No SM2 in Rust"),
+        EcdhCurveSpec::EccNistP256 => &aws_lc_rs::agreement::ECDH_P256,
+        EcdhCurveSpec::EccNistP384 => &aws_lc_rs::agreement::ECDH_P384,
+        EcdhCurveSpec::EccNistP521 => &aws_lc_rs::agreement::ECDH_P521,
+        EcdhCurveSpec::Sm2 => panic!("No SM2 in Rust"),
     }
 }
 

releases/rust/esdk/src/aes_gcm.rs

@@ -113,10 +113,10 @@ impl AES_GCM {
         msg: &::dafny_runtime::Sequence<u8>,
         aad: &::dafny_runtime::Sequence<u8>,
     ) -> Rc<_Wrappers_Compile::Result<Rc<AESEncryptOutput>, Rc<DafnyError>>> {
-        let iv: Vec<u8> = iv.iter().collect();
-        let key: Vec<u8> = key.iter().collect();
-        let msg: Vec<u8> = msg.iter().collect();
-        let aad: Vec<u8> = aad.iter().collect();
+        let iv = &iv.to_array();
+        let key = &key.to_array();
+        let msg = &msg.to_array();
+        let aad = &aad.to_array();
 
         if *self.keyLength() as usize != key.len() {
             let msg = format!(
@@ -135,11 +135,11 @@ impl AES_GCM {
             return enc_result(&msg);
         }
 
-        match self.do_aes_encrypt(&iv, &key, &msg, &aad) {
+        match self.do_aes_encrypt(iv, key, msg, aad) {
             Ok(x) => Rc::new(_Wrappers_Compile::Result::Success {
                 value: Rc::new(AESEncryptOutput::AESEncryptOutput {
-                    cipherText: x.cipher_text.iter().cloned().collect(),
-                    authTag: x.auth_tag.iter().cloned().collect(),
+                    cipherText: dafny_runtime::Sequence::from_array_owned(x.cipher_text),
+                    authTag: dafny_runtime::Sequence::from_array_owned(x.auth_tag),
                 }),
             }),
             Err(e) => {
@@ -158,11 +158,11 @@ impl AES_GCM {
         iv: &::dafny_runtime::Sequence<u8>,
         aad: &::dafny_runtime::Sequence<u8>,
     ) -> Rc<_Wrappers_Compile::Result<::dafny_runtime::Sequence<u8>, Rc<DafnyError>>> {
-        let key: Vec<u8> = key.iter().collect();
-        let cipher_text: Vec<u8> = cipher_text.iter().collect();
-        let auth_tag: Vec<u8> = auth_tag.iter().collect();
-        let iv: Vec<u8> = iv.iter().collect();
-        let aad: Vec<u8> = aad.iter().collect();
+        let key = &key.to_array();
+        let cipher_text = &cipher_text.to_array();
+        let auth_tag = &auth_tag.to_array();
+        let iv = &iv.to_array();
+        let aad = &aad.to_array();
 
         if *self.keyLength() as usize != key.len() {
             let msg = format!(
@@ -191,9 +191,9 @@ impl AES_GCM {
             return dec_result(&msg);
         }
 
-        match self.do_aes_decrypt(&key, &cipher_text, &auth_tag, &iv, &aad) {
+        match self.do_aes_decrypt(key, cipher_text, auth_tag, iv, aad) {
             Ok(x) => Rc::new(_Wrappers_Compile::Result::Success {
-                value: x.iter().cloned().collect(),
+                value: dafny_runtime::Sequence::from_array_owned(x),
             }),
             Err(e) => {
                 let msg = format!("AES Decrypt : {}", e);
@@ -208,23 +208,18 @@ mod tests {
     use super::*;
     #[test]
     fn test_generate() {
-        let iv: ::dafny_runtime::Sequence<u8> = [1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12]
-            .iter()
-            .cloned()
-            .collect();
-        let key: ::dafny_runtime::Sequence<u8> = [
+        let iv: ::dafny_runtime::Sequence<u8> = dafny_runtime::Sequence::from_array_owned(vec![
+            1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,
+        ]);
+        let key: ::dafny_runtime::Sequence<u8> = dafny_runtime::Sequence::from_array_owned(vec![
             2u8, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
             25, 26, 27, 28, 29, 30, 31, 32, 33,
-        ]
-        .iter()
-        .cloned()
-        .collect();
-        let msg: ::dafny_runtime::Sequence<u8> = [2u8, 4, 6, 8, 10, 12].iter().cloned().collect();
-        let aad: ::dafny_runtime::Sequence<u8> =
-            [3u8, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17]
-                .iter()
-                .cloned()
-                .collect();
+        ]);
+        let msg: ::dafny_runtime::Sequence<u8> =
+            dafny_runtime::Sequence::from_array_owned(vec![2u8, 4, 6, 8, 10, 12]);
+        let aad: ::dafny_runtime::Sequence<u8> = dafny_runtime::Sequence::from_array_owned(vec![
+            3u8, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17,
+        ]);
 
         let alg = AES_GCM::AES_GCM {
             keyLength: 32,

releases/rust/esdk/src/aes_kdf_ctr.rs

@@ -58,11 +58,11 @@ pub mod AesKdfCtr {
                 Rc<crate::software::amazon::cryptography::primitives::internaldafny::types::Error>,
             >,
         > {
-            let nonce: Vec<u8> = nonce.iter().collect();
-            let key: Vec<u8> = key.iter().collect();
-            match ctr_stream(&nonce, &key, length) {
+            let nonce = &nonce.to_array();
+            let key = &key.to_array();
+            match ctr_stream(nonce, key, length) {
                 Ok(x) => Rc::new(_Wrappers_Compile::Result::Success {
-                    value: x.iter().cloned().collect(),
+                    value: dafny_runtime::Sequence::from_array_owned(x),
                 }),
                 Err(e) => {
                     let msg = format!("Aes Kdf Ctr : {}", e);

releases/rust/esdk/src/dafny_libraries.rs

@@ -180,6 +180,19 @@ pub mod DafnyLibraries {
             let file_name = dafny_runtime::dafny_runtime_conversions::unicode_chars_false::dafny_string_to_string(path);
             let path = Path::new(&file_name);
 
+            if let Some(parent) = path.parent() {
+                if let Err(why) = std::fs::create_dir_all(parent) {
+                    let err_msg = format!(
+                        "couldn't create directory {} from {}: {}",
+                        path.display(),
+                        curr_dir(),
+                        why
+                    );
+                    let err_msg = dafny_runtime::dafny_runtime_conversions::unicode_chars_false::string_to_dafny_string(&err_msg);
+                    return (true, err_msg);
+                }
+            }
+
             let maybe_file = std::fs::OpenOptions::new()
                 .append(append)
                 .write(true)