From 9e161ac70a54421ef0f676d3b6c5a98c26e452d3 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 06:38:28 -0500
Subject: [PATCH 1/8] fix: support new input validation

---
 DynamoDbEncryption/runtimes/rust/.gitignore   |  1 +
 .../rust/examples/basic_get_put_example.rs    |  2 +-
 .../clientsupplier/client_supplier_example.rs |  4 +-
 .../examples/keyring/hierarchical_keyring.rs  |  2 +-
 .../rust/examples/keyring/kms_rsa_keyring.rs  |  2 +-
 .../keyring/mrk_discovery_multi_keyring.rs    |  4 +-
 .../rust/examples/keyring/multi_keyring.rs    |  4 +-
 .../examples/keyring/multi_mrk_keyring.rs     |  6 +--
 .../rust/examples/keyring/raw_aes_keyring.rs  |  2 +-
 .../rust/examples/keyring/raw_rsa_keyring.rs  |  2 +-
 .../runtimes/rust/examples/main.rs            | 44 +++++++++----------
 .../rust/examples/multi_get_put_example.rs    |  2 +-
 .../basic_searchable_encryption.rs            |  4 +-
 .../beacon_styles_searchable_encryption.rs    |  2 +-
 .../complexexample/beacon_config.rs           |  2 +-
 .../compound_beacon_searchable_encryption.rs  |  2 +-
 .../virtual_beacon_searchable_encryption.rs   |  2 +-
 .../runtimes/rust/src/intercept.rs            | 12 +++--
 DynamoDbEncryption/runtimes/rust/src/lib.rs   |  1 +
 TestVectors/runtimes/rust/.gitignore          |  1 +
 TestVectors/runtimes/rust/src/lib.rs          |  1 +
 submodules/MaterialProviders                  |  2 +-
 submodules/smithy-dafny                       |  2 +-
 23 files changed, 58 insertions(+), 48 deletions(-)

diff --git a/DynamoDbEncryption/runtimes/rust/.gitignore b/DynamoDbEncryption/runtimes/rust/.gitignore
index f39a07024..143cdfc50 100644
--- a/DynamoDbEncryption/runtimes/rust/.gitignore
+++ b/DynamoDbEncryption/runtimes/rust/.gitignore
@@ -32,4 +32,5 @@ src/time.rs
 src/types
 src/types.rs
 src/uuid.rs
+src/validation.rs
 target
diff --git a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
index c3e68e6b5..ba656dab6 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
@@ -116,7 +116,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs b/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs
index 0dbae3b73..07e3b5d99 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs
@@ -123,7 +123,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the DynamoDb Config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -215,7 +215,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_replica_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)?)
         .build();
     let only_replica_ddb = aws_sdk_dynamodb::Client::from_conf(only_replica_dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs
index 90f350f69..741e2025a 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs
@@ -181,7 +181,7 @@ pub async fn put_item_get_item(
     // 7. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs
index 61468c27b..601eca2ca 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs
@@ -151,7 +151,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
 
     // 6. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs
index 3cbb12e9e..5d6d57a3a 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs
@@ -115,7 +115,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -182,7 +182,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let dynamo_config_for_decrypt = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs_for_decrypt))
+        .interceptor(DbEsdkInterceptor::new(table_configs_for_decrypt)?)
         .build();
     let ddb_for_decrypt = aws_sdk_dynamodb::Client::from_conf(dynamo_config_for_decrypt);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs
index 9ad1d8180..c4b128e8a 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs
@@ -148,7 +148,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 7. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -217,7 +217,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_aes_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_aes_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_aes_table_configs)?)
         .build();
     let only_aes_ddb = aws_sdk_dynamodb::Client::from_conf(only_aes_dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs
index 20bd6c5e6..f6c5fecd3 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs
@@ -136,7 +136,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create the DynamoDb Encryption Interceptor
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -218,7 +218,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_replica_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)?)
         .build();
     let only_replica_ddb = aws_sdk_dynamodb::Client::from_conf(only_replica_dynamo_config);
 
@@ -266,7 +266,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_srk_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_srk_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_srk_table_configs)?)
         .build();
     let only_srk_ddb = aws_sdk_dynamodb::Client::from_conf(only_srk_dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs
index ecf8d7d03..6cb91e0c2 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs
@@ -113,7 +113,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the Config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs
index 88f32ac60..7510bc1b8 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs
@@ -151,7 +151,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 6. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/main.rs b/DynamoDbEncryption/runtimes/rust/examples/main.rs
index f82979bcb..be35a5863 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/main.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/main.rs
@@ -47,36 +47,36 @@ impl<T: std::fmt::Debug> From<T> for BoxError {
 
 #[tokio::main]
 pub async fn main() -> Result<(), BoxError2> {
-    basic_get_put_example::put_item_get_item().await?;
-    itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?;
-    get_encrypted_data_key_description::get_encrypted_data_key_description().await?;
-    multi_get_put_example::multi_put_get().await?;
-    keyring::raw_rsa_keyring::put_item_get_item().await?;
-    keyring::kms_rsa_keyring::put_item_get_item().await?;
-    keyring::multi_mrk_keyring::put_item_get_item().await?;
-    keyring::raw_aes_keyring::put_item_get_item().await?;
-    keyring::multi_keyring::put_item_get_item().await?;
-    keyring::mrk_discovery_multi_keyring::put_item_get_item().await?;
-    clientsupplier::client_supplier_example::put_item_get_item().await?;
+    // basic_get_put_example::put_item_get_item().await?;
+    // itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?;
+    // get_encrypted_data_key_description::get_encrypted_data_key_description().await?;
+    // multi_get_put_example::multi_put_get().await?;
+    // keyring::raw_rsa_keyring::put_item_get_item().await?;
+    // keyring::kms_rsa_keyring::put_item_get_item().await?;
+    // keyring::multi_mrk_keyring::put_item_get_item().await?;
+    // keyring::raw_aes_keyring::put_item_get_item().await?;
+    // keyring::multi_keyring::put_item_get_item().await?;
+    // keyring::mrk_discovery_multi_keyring::put_item_get_item().await?;
+    // clientsupplier::client_supplier_example::put_item_get_item().await?;
 
     let key_id = create_keystore_key::keystore_create_key().await?;
-    let key_id2 = create_keystore_key::keystore_create_key().await?;
+    // let key_id2 = create_keystore_key::keystore_create_key().await?;
     // Key creation is eventually consistent, so wait 5 seconds to decrease the likelihood
     // our test fails due to eventual consistency issues.
     println!("Key Store Keys created. Waiting 5 seconds for consistency.");
-    std::thread::sleep(std::time::Duration::from_secs(5));
+    std::thread::sleep(std::time::Duration::from_secs(3));
 
-    keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?;
+    // keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?;
 
     searchableencryption::basic_searchable_encryption::put_and_query_with_beacon(&key_id).await?;
-    searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id)
-        .await?;
-    searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
-        .await?;
-    searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
-        .await?;
-    searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id)
-        .await?;
+    // searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id)
+    //     .await?;
+    // searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
+    //     .await?;
+    // searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
+    //     .await?;
+    // searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id)
+    //     .await?;
 
     // ScanError will have to wait until we have a reasonable error message strategy
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs
index b5b5e11ca..559be27fc 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs
@@ -116,7 +116,7 @@ pub async fn multi_put_get() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs
index 55d0fd05d..00f3a07db 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs
@@ -236,7 +236,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
         .keyring(kms_keyring)
         .search(
             SearchConfig::builder()
-                .write_version(1) // MUST be 1
+                // .write_version(1) // MUST be 1
                 .versions(beacon_versions)
                 .build()?,
         )
@@ -249,7 +249,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
     // 7. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs
index a7d359dfc..e62d0a175 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs
@@ -268,7 +268,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
 
     // 10. Create a new AWS SDK DynamoDb client using the DynamoDb Config above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(encryption_config))
+        .interceptor(DbEsdkInterceptor::new(encryption_config)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs
index 5d248c425..0e8e4acc7 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs
@@ -547,7 +547,7 @@ pub async fn setup_beacon_config(
     // 13. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
 
     Ok(aws_sdk_dynamodb::Client::from_conf(dynamo_config))
diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs
index c78f14576..736e1a486 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs
@@ -260,7 +260,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
 
     // 12. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(encryption_config))
+        .interceptor(DbEsdkInterceptor::new(encryption_config)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs
index 6de40463e..dd107c7f5 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs
@@ -350,7 +350,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
 
     // 13. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(encryption_config))
+        .interceptor(DbEsdkInterceptor::new(encryption_config)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/src/intercept.rs b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
index b7d08723a..1b465ef5f 100644
--- a/DynamoDbEncryption/runtimes/rust/src/intercept.rs
+++ b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
@@ -84,9 +84,15 @@ pub struct DbEsdkInterceptor {
 impl DbEsdkInterceptor {
     pub fn new(
         config: crate::types::dynamo_db_tables_encryption_config::DynamoDbTablesEncryptionConfig,
-    ) -> Self {
-        let client = crate::client::Client::from_conf(config).unwrap(); // FIXME
-        DbEsdkInterceptor { client }
+    // ) -> Result<Self, String> {
+    ) -> Result<Self, crate::types::error::Error> {
+        let client = crate::client::Client::from_conf(config)?;
+        Ok(DbEsdkInterceptor { client })
+        // let client = crate::client::Client::from_conf(config);
+        // match client {
+        //     Ok(x) => Ok(DbEsdkInterceptor { client : x }),
+        //     Err(e) => Err(format!("{:?}", e))
+        // }
     }
 }
 
diff --git a/DynamoDbEncryption/runtimes/rust/src/lib.rs b/DynamoDbEncryption/runtimes/rust/src/lib.rs
index 9832c4c17..62facc93b 100644
--- a/DynamoDbEncryption/runtimes/rust/src/lib.rs
+++ b/DynamoDbEncryption/runtimes/rust/src/lib.rs
@@ -67,3 +67,4 @@ pub(crate) mod software_externs;
 pub(crate) mod storm_tracker;
 pub(crate) mod time;
 pub(crate) mod uuid;
+pub(crate) mod validation;
diff --git a/TestVectors/runtimes/rust/.gitignore b/TestVectors/runtimes/rust/.gitignore
index b5d9045cf..96a010207 100644
--- a/TestVectors/runtimes/rust/.gitignore
+++ b/TestVectors/runtimes/rust/.gitignore
@@ -36,4 +36,5 @@ src/types.rs
 src/uuid.rs
 src/wrapped
 src/wrapped.rs
+src/validation.rs
 target
diff --git a/TestVectors/runtimes/rust/src/lib.rs b/TestVectors/runtimes/rust/src/lib.rs
index e43f4a1db..80f8f7321 100644
--- a/TestVectors/runtimes/rust/src/lib.rs
+++ b/TestVectors/runtimes/rust/src/lib.rs
@@ -12,6 +12,7 @@ pub mod error;
 /// All operations that this crate can perform.
 pub mod operation;
 pub mod types;
+pub mod verification;
 
 #[cfg(feature = "wrapped-client")]
 pub mod wrapped;
diff --git a/submodules/MaterialProviders b/submodules/MaterialProviders
index b5c3522da..96fa3af3e 160000
--- a/submodules/MaterialProviders
+++ b/submodules/MaterialProviders
@@ -1 +1 @@
-Subproject commit b5c3522da3cfafddd2b180e5fe110e1cf1fc1129
+Subproject commit 96fa3af3e93183f7ddd62e1e8e73e1100f22e5a8
diff --git a/submodules/smithy-dafny b/submodules/smithy-dafny
index caef7793d..fc8abc130 160000
--- a/submodules/smithy-dafny
+++ b/submodules/smithy-dafny
@@ -1 +1 @@
-Subproject commit caef7793d4bf85ae5eb488b2159b693f478c990d
+Subproject commit fc8abc130463201789568e6ee45546fb0635146e

From e4f749f1d0aabb87080dc167542aeb06607f7377 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 08:11:34 -0500
Subject: [PATCH 2/8] m

---
 DynamoDbEncryption/runtimes/rust/Cargo.toml | 1 +
 TestVectors/runtimes/rust/Cargo.toml        | 1 +
 2 files changed, 2 insertions(+)

diff --git a/DynamoDbEncryption/runtimes/rust/Cargo.toml b/DynamoDbEncryption/runtimes/rust/Cargo.toml
index beedebb42..2af556cd4 100644
--- a/DynamoDbEncryption/runtimes/rust/Cargo.toml
+++ b/DynamoDbEncryption/runtimes/rust/Cargo.toml
@@ -24,6 +24,7 @@ aws-sdk-kms = "1.50.0"
 aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
 aws-smithy-types = "1.2.9"
 chrono = "0.4.38"
+cpu-time = "1.0.0"
 dafny-runtime = "0.1.1"
 dashmap = "6.1.0"
 pem = "3.0.4"
diff --git a/TestVectors/runtimes/rust/Cargo.toml b/TestVectors/runtimes/rust/Cargo.toml
index ec9a73e9c..3a11a50da 100644
--- a/TestVectors/runtimes/rust/Cargo.toml
+++ b/TestVectors/runtimes/rust/Cargo.toml
@@ -15,6 +15,7 @@ aws-sdk-kms = "1.50.0"
 aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
 aws-smithy-types = "1.2.9"
 chrono = "0.4.38"
+cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/MaterialProviders/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust"}
 dashmap = "6.1.0"
 pem = "3.0.4"

From 918938a97bb9e6600ba07e4c8cad48bea7347519 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 08:21:48 -0500
Subject: [PATCH 3/8] m

---
 TestVectors/runtimes/rust/src/lib.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/TestVectors/runtimes/rust/src/lib.rs b/TestVectors/runtimes/rust/src/lib.rs
index 80f8f7321..43e76f8ae 100644
--- a/TestVectors/runtimes/rust/src/lib.rs
+++ b/TestVectors/runtimes/rust/src/lib.rs
@@ -12,7 +12,7 @@ pub mod error;
 /// All operations that this crate can perform.
 pub mod operation;
 pub mod types;
-pub mod verification;
+pub mod validation;
 
 #[cfg(feature = "wrapped-client")]
 pub mod wrapped;

From a237482f0624126962dee401412110896a3ec5f2 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 08:39:05 -0500
Subject: [PATCH 4/8] m

---
 .../rust/examples/basic_get_put_example.rs    |  2 +-
 .../runtimes/rust/examples/main.rs            | 44 +++++++++----------
 .../basic_searchable_encryption.rs            |  2 +-
 3 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
index ba656dab6..c3e68e6b5 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
@@ -116,7 +116,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs)?)
+        .interceptor(DbEsdkInterceptor::new(table_configs))
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/main.rs b/DynamoDbEncryption/runtimes/rust/examples/main.rs
index be35a5863..f82979bcb 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/main.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/main.rs
@@ -47,36 +47,36 @@ impl<T: std::fmt::Debug> From<T> for BoxError {
 
 #[tokio::main]
 pub async fn main() -> Result<(), BoxError2> {
-    // basic_get_put_example::put_item_get_item().await?;
-    // itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?;
-    // get_encrypted_data_key_description::get_encrypted_data_key_description().await?;
-    // multi_get_put_example::multi_put_get().await?;
-    // keyring::raw_rsa_keyring::put_item_get_item().await?;
-    // keyring::kms_rsa_keyring::put_item_get_item().await?;
-    // keyring::multi_mrk_keyring::put_item_get_item().await?;
-    // keyring::raw_aes_keyring::put_item_get_item().await?;
-    // keyring::multi_keyring::put_item_get_item().await?;
-    // keyring::mrk_discovery_multi_keyring::put_item_get_item().await?;
-    // clientsupplier::client_supplier_example::put_item_get_item().await?;
+    basic_get_put_example::put_item_get_item().await?;
+    itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?;
+    get_encrypted_data_key_description::get_encrypted_data_key_description().await?;
+    multi_get_put_example::multi_put_get().await?;
+    keyring::raw_rsa_keyring::put_item_get_item().await?;
+    keyring::kms_rsa_keyring::put_item_get_item().await?;
+    keyring::multi_mrk_keyring::put_item_get_item().await?;
+    keyring::raw_aes_keyring::put_item_get_item().await?;
+    keyring::multi_keyring::put_item_get_item().await?;
+    keyring::mrk_discovery_multi_keyring::put_item_get_item().await?;
+    clientsupplier::client_supplier_example::put_item_get_item().await?;
 
     let key_id = create_keystore_key::keystore_create_key().await?;
-    // let key_id2 = create_keystore_key::keystore_create_key().await?;
+    let key_id2 = create_keystore_key::keystore_create_key().await?;
     // Key creation is eventually consistent, so wait 5 seconds to decrease the likelihood
     // our test fails due to eventual consistency issues.
     println!("Key Store Keys created. Waiting 5 seconds for consistency.");
-    std::thread::sleep(std::time::Duration::from_secs(3));
+    std::thread::sleep(std::time::Duration::from_secs(5));
 
-    // keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?;
+    keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?;
 
     searchableencryption::basic_searchable_encryption::put_and_query_with_beacon(&key_id).await?;
-    // searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id)
-    //     .await?;
-    // searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
-    //     .await?;
-    // searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
-    //     .await?;
-    // searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id)
-    //     .await?;
+    searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id)
+        .await?;
+    searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
+        .await?;
+    searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id)
+        .await?;
+    searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id)
+        .await?;
 
     // ScanError will have to wait until we have a reasonable error message strategy
 
diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs
index 00f3a07db..94456cfa7 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs
@@ -236,7 +236,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
         .keyring(kms_keyring)
         .search(
             SearchConfig::builder()
-                // .write_version(1) // MUST be 1
+                .write_version(1) // MUST be 1
                 .versions(beacon_versions)
                 .build()?,
         )

From c5bc4fd4e6ab39dc2c6bf90676c1b8ce10e701fd Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 08:40:49 -0500
Subject: [PATCH 5/8] m

---
 DynamoDbEncryption/runtimes/rust/src/intercept.rs | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/DynamoDbEncryption/runtimes/rust/src/intercept.rs b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
index 1b465ef5f..533b8d5ca 100644
--- a/DynamoDbEncryption/runtimes/rust/src/intercept.rs
+++ b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
@@ -88,11 +88,6 @@ impl DbEsdkInterceptor {
     ) -> Result<Self, crate::types::error::Error> {
         let client = crate::client::Client::from_conf(config)?;
         Ok(DbEsdkInterceptor { client })
-        // let client = crate::client::Client::from_conf(config);
-        // match client {
-        //     Ok(x) => Ok(DbEsdkInterceptor { client : x }),
-        //     Err(e) => Err(format!("{:?}", e))
-        // }
     }
 }
 

From 09f7f783fa85733fc3ecd2d8f366f52d1a554fa9 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 08:41:33 -0500
Subject: [PATCH 6/8] m

---
 DynamoDbEncryption/runtimes/rust/src/intercept.rs | 1 -
 1 file changed, 1 deletion(-)

diff --git a/DynamoDbEncryption/runtimes/rust/src/intercept.rs b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
index 533b8d5ca..5300ef35b 100644
--- a/DynamoDbEncryption/runtimes/rust/src/intercept.rs
+++ b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
@@ -84,7 +84,6 @@ pub struct DbEsdkInterceptor {
 impl DbEsdkInterceptor {
     pub fn new(
         config: crate::types::dynamo_db_tables_encryption_config::DynamoDbTablesEncryptionConfig,
-    // ) -> Result<Self, String> {
     ) -> Result<Self, crate::types::error::Error> {
         let client = crate::client::Client::from_conf(config)?;
         Ok(DbEsdkInterceptor { client })

From 1c21a49f80c52540c4fb04092d067e3df09a21f4 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 09:07:15 -0500
Subject: [PATCH 7/8] m

---
 .../runtimes/rust/examples/basic_get_put_example.rs             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
index c3e68e6b5..ba656dab6 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs
@@ -116,7 +116,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

From 600c21ff4ce08c07bcd4b882eefacef92cee3d80 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Wed, 18 Dec 2024 15:13:34 -0500
Subject: [PATCH 8/8] m

---
 DynamoDbEncryption/runtimes/rust/Cargo.toml | 18 +++++++++---------
 TestVectors/runtimes/rust/Cargo.toml        | 18 +++++++++---------
 submodules/MaterialProviders                |  2 +-
 submodules/smithy-dafny                     |  2 +-
 4 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/DynamoDbEncryption/runtimes/rust/Cargo.toml b/DynamoDbEncryption/runtimes/rust/Cargo.toml
index 2af556cd4..ee3c14e48 100644
--- a/DynamoDbEncryption/runtimes/rust/Cargo.toml
+++ b/DynamoDbEncryption/runtimes/rust/Cargo.toml
@@ -2,7 +2,7 @@
 name = "aws-db-esdk"
 version = "0.1.1"
 edition = "2021"
-rust-version = "1.80.0"
+rust-version = "1.81.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,19 +16,19 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.5.10"
-aws-lc-rs = "1.11.1"
-aws-lc-sys = "0.23.1"
-aws-sdk-dynamodb = "1.54.0"
-aws-sdk-kms = "1.50.0"
+aws-config = "1.5.11"
+aws-lc-rs = "1.12.0"
+aws-lc-sys = "0.22.0"
+aws-sdk-dynamodb = "1.56.0"
+aws-sdk-kms = "1.52.0"
 aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
-aws-smithy-types = "1.2.9"
-chrono = "0.4.38"
+aws-smithy-types = "1.2.10"
+chrono = "0.4.39"
 cpu-time = "1.0.0"
 dafny-runtime = "0.1.1"
 dashmap = "6.1.0"
 pem = "3.0.4"
-tokio = {version = "1.41.1", features = ["full"] }
+tokio = {version = "1.42.0", features = ["full"] }
 uuid = { version = "1.11.0", features = ["v4"] }
 
 [[example]]
diff --git a/TestVectors/runtimes/rust/Cargo.toml b/TestVectors/runtimes/rust/Cargo.toml
index 3a11a50da..83da9ef73 100644
--- a/TestVectors/runtimes/rust/Cargo.toml
+++ b/TestVectors/runtimes/rust/Cargo.toml
@@ -2,22 +2,22 @@
 name = "aws-db-esdk-test-vectors"
 version = "0.1.0"
 edition = "2021"
-rust-version = "1.80.0"
+rust-version = "1.81.0"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.5.10"
-aws-lc-rs = "1.11.1"
-aws-lc-sys = "0.23.1"
-aws-sdk-dynamodb = "1.54.0"
-aws-sdk-kms = "1.50.0"
+aws-config = "1.5.11"
+aws-lc-rs = "1.12.0"
+aws-lc-sys = "0.22.0"
+aws-sdk-dynamodb = "1.56.0"
+aws-sdk-kms = "1.52.0"
 aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
-aws-smithy-types = "1.2.9"
-chrono = "0.4.38"
+aws-smithy-types = "1.2.10"
+chrono = "0.4.39"
 cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/MaterialProviders/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust"}
 dashmap = "6.1.0"
 pem = "3.0.4"
-tokio = {version = "1.41.1", features = ["full"] }
+tokio = {version = "1.42.0", features = ["full"] }
 uuid = { version = "1.11.0", features = ["v4"] }
diff --git a/submodules/MaterialProviders b/submodules/MaterialProviders
index 96fa3af3e..0e2859d43 160000
--- a/submodules/MaterialProviders
+++ b/submodules/MaterialProviders
@@ -1 +1 @@
-Subproject commit 96fa3af3e93183f7ddd62e1e8e73e1100f22e5a8
+Subproject commit 0e2859d43710373c0df06783db7d38afe3f0bea7
diff --git a/submodules/smithy-dafny b/submodules/smithy-dafny
index fc8abc130..f67c21075 160000
--- a/submodules/smithy-dafny
+++ b/submodules/smithy-dafny
@@ -1 +1 @@
-Subproject commit fc8abc130463201789568e6ee45546fb0635146e
+Subproject commit f67c21075ebac40e052204b6827a4db641e65862