From 9e161ac70a54421ef0f676d3b6c5a98c26e452d3 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 06:38:28 -0500 Subject: [PATCH 1/8] fix: support new input validation --- DynamoDbEncryption/runtimes/rust/.gitignore | 1 + .../rust/examples/basic_get_put_example.rs | 2 +- .../clientsupplier/client_supplier_example.rs | 4 +- .../examples/keyring/hierarchical_keyring.rs | 2 +- .../rust/examples/keyring/kms_rsa_keyring.rs | 2 +- .../keyring/mrk_discovery_multi_keyring.rs | 4 +- .../rust/examples/keyring/multi_keyring.rs | 4 +- .../examples/keyring/multi_mrk_keyring.rs | 6 +-- .../rust/examples/keyring/raw_aes_keyring.rs | 2 +- .../rust/examples/keyring/raw_rsa_keyring.rs | 2 +- .../runtimes/rust/examples/main.rs | 44 +++++++++---------- .../rust/examples/multi_get_put_example.rs | 2 +- .../basic_searchable_encryption.rs | 4 +- .../beacon_styles_searchable_encryption.rs | 2 +- .../complexexample/beacon_config.rs | 2 +- .../compound_beacon_searchable_encryption.rs | 2 +- .../virtual_beacon_searchable_encryption.rs | 2 +- .../runtimes/rust/src/intercept.rs | 12 +++-- DynamoDbEncryption/runtimes/rust/src/lib.rs | 1 + TestVectors/runtimes/rust/.gitignore | 1 + TestVectors/runtimes/rust/src/lib.rs | 1 + submodules/MaterialProviders | 2 +- submodules/smithy-dafny | 2 +- 23 files changed, 58 insertions(+), 48 deletions(-) diff --git a/DynamoDbEncryption/runtimes/rust/.gitignore b/DynamoDbEncryption/runtimes/rust/.gitignore index f39a07024..143cdfc50 100644 --- a/DynamoDbEncryption/runtimes/rust/.gitignore +++ b/DynamoDbEncryption/runtimes/rust/.gitignore @@ -32,4 +32,5 @@ src/time.rs src/types src/types.rs src/uuid.rs +src/validation.rs target diff --git a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs index c3e68e6b5..ba656dab6 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs @@ -116,7 +116,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs b/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs index 0dbae3b73..07e3b5d99 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs @@ -123,7 +123,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 5. Create a new AWS SDK DynamoDb client using the DynamoDb Config above let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); @@ -215,7 +215,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { .build()?; let only_replica_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)) + .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)?) .build(); let only_replica_ddb = aws_sdk_dynamodb::Client::from_conf(only_replica_dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs index 90f350f69..741e2025a 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs @@ -181,7 +181,7 @@ pub async fn put_item_get_item( // 7. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs index 61468c27b..601eca2ca 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs @@ -151,7 +151,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 6. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs index 3cbb12e9e..5d6d57a3a 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs @@ -115,7 +115,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 5. Create a new AWS SDK DynamoDb client using the config above let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); @@ -182,7 +182,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { .build()?; let dynamo_config_for_decrypt = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs_for_decrypt)) + .interceptor(DbEsdkInterceptor::new(table_configs_for_decrypt)?) .build(); let ddb_for_decrypt = aws_sdk_dynamodb::Client::from_conf(dynamo_config_for_decrypt); diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs index 9ad1d8180..c4b128e8a 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs @@ -148,7 +148,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 7. Create a new AWS SDK DynamoDb client using the config above let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); @@ -217,7 +217,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { .build()?; let only_aes_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(only_aes_table_configs)) + .interceptor(DbEsdkInterceptor::new(only_aes_table_configs)?) .build(); let only_aes_ddb = aws_sdk_dynamodb::Client::from_conf(only_aes_dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs index 20bd6c5e6..f6c5fecd3 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs @@ -136,7 +136,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 5. Create the DynamoDb Encryption Interceptor let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); @@ -218,7 +218,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { .build()?; let only_replica_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)) + .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)?) .build(); let only_replica_ddb = aws_sdk_dynamodb::Client::from_conf(only_replica_dynamo_config); @@ -266,7 +266,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { .build()?; let only_srk_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(only_srk_table_configs)) + .interceptor(DbEsdkInterceptor::new(only_srk_table_configs)?) .build(); let only_srk_ddb = aws_sdk_dynamodb::Client::from_conf(only_srk_dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs index ecf8d7d03..6cb91e0c2 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs @@ -113,7 +113,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 5. Create a new AWS SDK DynamoDb client using the Config above let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs index 88f32ac60..7510bc1b8 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs @@ -151,7 +151,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 6. Create a new AWS SDK DynamoDb client using the config above let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/main.rs b/DynamoDbEncryption/runtimes/rust/examples/main.rs index f82979bcb..be35a5863 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/main.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/main.rs @@ -47,36 +47,36 @@ impl From for BoxError { #[tokio::main] pub async fn main() -> Result<(), BoxError2> { - basic_get_put_example::put_item_get_item().await?; - itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?; - get_encrypted_data_key_description::get_encrypted_data_key_description().await?; - multi_get_put_example::multi_put_get().await?; - keyring::raw_rsa_keyring::put_item_get_item().await?; - keyring::kms_rsa_keyring::put_item_get_item().await?; - keyring::multi_mrk_keyring::put_item_get_item().await?; - keyring::raw_aes_keyring::put_item_get_item().await?; - keyring::multi_keyring::put_item_get_item().await?; - keyring::mrk_discovery_multi_keyring::put_item_get_item().await?; - clientsupplier::client_supplier_example::put_item_get_item().await?; + // basic_get_put_example::put_item_get_item().await?; + // itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?; + // get_encrypted_data_key_description::get_encrypted_data_key_description().await?; + // multi_get_put_example::multi_put_get().await?; + // keyring::raw_rsa_keyring::put_item_get_item().await?; + // keyring::kms_rsa_keyring::put_item_get_item().await?; + // keyring::multi_mrk_keyring::put_item_get_item().await?; + // keyring::raw_aes_keyring::put_item_get_item().await?; + // keyring::multi_keyring::put_item_get_item().await?; + // keyring::mrk_discovery_multi_keyring::put_item_get_item().await?; + // clientsupplier::client_supplier_example::put_item_get_item().await?; let key_id = create_keystore_key::keystore_create_key().await?; - let key_id2 = create_keystore_key::keystore_create_key().await?; + // let key_id2 = create_keystore_key::keystore_create_key().await?; // Key creation is eventually consistent, so wait 5 seconds to decrease the likelihood // our test fails due to eventual consistency issues. println!("Key Store Keys created. Waiting 5 seconds for consistency."); - std::thread::sleep(std::time::Duration::from_secs(5)); + std::thread::sleep(std::time::Duration::from_secs(3)); - keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?; + // keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?; searchableencryption::basic_searchable_encryption::put_and_query_with_beacon(&key_id).await?; - searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id) - .await?; - searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) - .await?; - searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) - .await?; - searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id) - .await?; + // searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id) + // .await?; + // searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) + // .await?; + // searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) + // .await?; + // searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id) + // .await?; // ScanError will have to wait until we have a reasonable error message strategy diff --git a/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs index b5b5e11ca..559be27fc 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs @@ -116,7 +116,7 @@ pub async fn multi_put_get() -> Result<(), crate::BoxError> { // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs index 55d0fd05d..00f3a07db 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs @@ -236,7 +236,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate: .keyring(kms_keyring) .search( SearchConfig::builder() - .write_version(1) // MUST be 1 + // .write_version(1) // MUST be 1 .versions(beacon_versions) .build()?, ) @@ -249,7 +249,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate: // 7. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs index a7d359dfc..e62d0a175 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs @@ -268,7 +268,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate: // 10. Create a new AWS SDK DynamoDb client using the DynamoDb Config above let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(encryption_config)) + .interceptor(DbEsdkInterceptor::new(encryption_config)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs index 5d248c425..0e8e4acc7 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs @@ -547,7 +547,7 @@ pub async fn setup_beacon_config( // 13. Create a new AWS SDK DynamoDb client using the config above let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); Ok(aws_sdk_dynamodb::Client::from_conf(dynamo_config)) diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs index c78f14576..736e1a486 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs @@ -260,7 +260,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate: // 12. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(encryption_config)) + .interceptor(DbEsdkInterceptor::new(encryption_config)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs index 6de40463e..dd107c7f5 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs @@ -350,7 +350,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate: // 13. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(encryption_config)) + .interceptor(DbEsdkInterceptor::new(encryption_config)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/src/intercept.rs b/DynamoDbEncryption/runtimes/rust/src/intercept.rs index b7d08723a..1b465ef5f 100644 --- a/DynamoDbEncryption/runtimes/rust/src/intercept.rs +++ b/DynamoDbEncryption/runtimes/rust/src/intercept.rs @@ -84,9 +84,15 @@ pub struct DbEsdkInterceptor { impl DbEsdkInterceptor { pub fn new( config: crate::types::dynamo_db_tables_encryption_config::DynamoDbTablesEncryptionConfig, - ) -> Self { - let client = crate::client::Client::from_conf(config).unwrap(); // FIXME - DbEsdkInterceptor { client } + // ) -> Result { + ) -> Result { + let client = crate::client::Client::from_conf(config)?; + Ok(DbEsdkInterceptor { client }) + // let client = crate::client::Client::from_conf(config); + // match client { + // Ok(x) => Ok(DbEsdkInterceptor { client : x }), + // Err(e) => Err(format!("{:?}", e)) + // } } } diff --git a/DynamoDbEncryption/runtimes/rust/src/lib.rs b/DynamoDbEncryption/runtimes/rust/src/lib.rs index 9832c4c17..62facc93b 100644 --- a/DynamoDbEncryption/runtimes/rust/src/lib.rs +++ b/DynamoDbEncryption/runtimes/rust/src/lib.rs @@ -67,3 +67,4 @@ pub(crate) mod software_externs; pub(crate) mod storm_tracker; pub(crate) mod time; pub(crate) mod uuid; +pub(crate) mod validation; diff --git a/TestVectors/runtimes/rust/.gitignore b/TestVectors/runtimes/rust/.gitignore index b5d9045cf..96a010207 100644 --- a/TestVectors/runtimes/rust/.gitignore +++ b/TestVectors/runtimes/rust/.gitignore @@ -36,4 +36,5 @@ src/types.rs src/uuid.rs src/wrapped src/wrapped.rs +src/validation.rs target diff --git a/TestVectors/runtimes/rust/src/lib.rs b/TestVectors/runtimes/rust/src/lib.rs index e43f4a1db..80f8f7321 100644 --- a/TestVectors/runtimes/rust/src/lib.rs +++ b/TestVectors/runtimes/rust/src/lib.rs @@ -12,6 +12,7 @@ pub mod error; /// All operations that this crate can perform. pub mod operation; pub mod types; +pub mod verification; #[cfg(feature = "wrapped-client")] pub mod wrapped; diff --git a/submodules/MaterialProviders b/submodules/MaterialProviders index b5c3522da..96fa3af3e 160000 --- a/submodules/MaterialProviders +++ b/submodules/MaterialProviders @@ -1 +1 @@ -Subproject commit b5c3522da3cfafddd2b180e5fe110e1cf1fc1129 +Subproject commit 96fa3af3e93183f7ddd62e1e8e73e1100f22e5a8 diff --git a/submodules/smithy-dafny b/submodules/smithy-dafny index caef7793d..fc8abc130 160000 --- a/submodules/smithy-dafny +++ b/submodules/smithy-dafny @@ -1 +1 @@ -Subproject commit caef7793d4bf85ae5eb488b2159b693f478c990d +Subproject commit fc8abc130463201789568e6ee45546fb0635146e From e4f749f1d0aabb87080dc167542aeb06607f7377 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 08:11:34 -0500 Subject: [PATCH 2/8] m --- DynamoDbEncryption/runtimes/rust/Cargo.toml | 1 + TestVectors/runtimes/rust/Cargo.toml | 1 + 2 files changed, 2 insertions(+) diff --git a/DynamoDbEncryption/runtimes/rust/Cargo.toml b/DynamoDbEncryption/runtimes/rust/Cargo.toml index beedebb42..2af556cd4 100644 --- a/DynamoDbEncryption/runtimes/rust/Cargo.toml +++ b/DynamoDbEncryption/runtimes/rust/Cargo.toml @@ -24,6 +24,7 @@ aws-sdk-kms = "1.50.0" aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] } aws-smithy-types = "1.2.9" chrono = "0.4.38" +cpu-time = "1.0.0" dafny-runtime = "0.1.1" dashmap = "6.1.0" pem = "3.0.4" diff --git a/TestVectors/runtimes/rust/Cargo.toml b/TestVectors/runtimes/rust/Cargo.toml index ec9a73e9c..3a11a50da 100644 --- a/TestVectors/runtimes/rust/Cargo.toml +++ b/TestVectors/runtimes/rust/Cargo.toml @@ -15,6 +15,7 @@ aws-sdk-kms = "1.50.0" aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] } aws-smithy-types = "1.2.9" chrono = "0.4.38" +cpu-time = "1.0.0" dafny_runtime = { path = "../../../submodules/MaterialProviders/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust"} dashmap = "6.1.0" pem = "3.0.4" From 918938a97bb9e6600ba07e4c8cad48bea7347519 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 08:21:48 -0500 Subject: [PATCH 3/8] m --- TestVectors/runtimes/rust/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TestVectors/runtimes/rust/src/lib.rs b/TestVectors/runtimes/rust/src/lib.rs index 80f8f7321..43e76f8ae 100644 --- a/TestVectors/runtimes/rust/src/lib.rs +++ b/TestVectors/runtimes/rust/src/lib.rs @@ -12,7 +12,7 @@ pub mod error; /// All operations that this crate can perform. pub mod operation; pub mod types; -pub mod verification; +pub mod validation; #[cfg(feature = "wrapped-client")] pub mod wrapped; From a237482f0624126962dee401412110896a3ec5f2 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 08:39:05 -0500 Subject: [PATCH 4/8] m --- .../rust/examples/basic_get_put_example.rs | 2 +- .../runtimes/rust/examples/main.rs | 44 +++++++++---------- .../basic_searchable_encryption.rs | 2 +- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs index ba656dab6..c3e68e6b5 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs @@ -116,7 +116,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)?) + .interceptor(DbEsdkInterceptor::new(table_configs)) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); diff --git a/DynamoDbEncryption/runtimes/rust/examples/main.rs b/DynamoDbEncryption/runtimes/rust/examples/main.rs index be35a5863..f82979bcb 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/main.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/main.rs @@ -47,36 +47,36 @@ impl From for BoxError { #[tokio::main] pub async fn main() -> Result<(), BoxError2> { - // basic_get_put_example::put_item_get_item().await?; - // itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?; - // get_encrypted_data_key_description::get_encrypted_data_key_description().await?; - // multi_get_put_example::multi_put_get().await?; - // keyring::raw_rsa_keyring::put_item_get_item().await?; - // keyring::kms_rsa_keyring::put_item_get_item().await?; - // keyring::multi_mrk_keyring::put_item_get_item().await?; - // keyring::raw_aes_keyring::put_item_get_item().await?; - // keyring::multi_keyring::put_item_get_item().await?; - // keyring::mrk_discovery_multi_keyring::put_item_get_item().await?; - // clientsupplier::client_supplier_example::put_item_get_item().await?; + basic_get_put_example::put_item_get_item().await?; + itemencryptor::item_encrypt_decrypt::encrypt_decrypt().await?; + get_encrypted_data_key_description::get_encrypted_data_key_description().await?; + multi_get_put_example::multi_put_get().await?; + keyring::raw_rsa_keyring::put_item_get_item().await?; + keyring::kms_rsa_keyring::put_item_get_item().await?; + keyring::multi_mrk_keyring::put_item_get_item().await?; + keyring::raw_aes_keyring::put_item_get_item().await?; + keyring::multi_keyring::put_item_get_item().await?; + keyring::mrk_discovery_multi_keyring::put_item_get_item().await?; + clientsupplier::client_supplier_example::put_item_get_item().await?; let key_id = create_keystore_key::keystore_create_key().await?; - // let key_id2 = create_keystore_key::keystore_create_key().await?; + let key_id2 = create_keystore_key::keystore_create_key().await?; // Key creation is eventually consistent, so wait 5 seconds to decrease the likelihood // our test fails due to eventual consistency issues. println!("Key Store Keys created. Waiting 5 seconds for consistency."); - std::thread::sleep(std::time::Duration::from_secs(3)); + std::thread::sleep(std::time::Duration::from_secs(5)); - // keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?; + keyring::hierarchical_keyring::put_item_get_item(&key_id, &key_id2).await?; searchableencryption::basic_searchable_encryption::put_and_query_with_beacon(&key_id).await?; - // searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id) - // .await?; - // searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) - // .await?; - // searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) - // .await?; - // searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id) - // .await?; + searchableencryption::beacon_styles_searchable_encryption::put_and_query_with_beacon(&key_id) + .await?; + searchableencryption::compound_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) + .await?; + searchableencryption::virtual_beacon_searchable_encryption::put_and_query_with_beacon(&key_id) + .await?; + searchableencryption::complexexample::complex_searchable_encryption::run_example(&key_id) + .await?; // ScanError will have to wait until we have a reasonable error message strategy diff --git a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs index 00f3a07db..94456cfa7 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs @@ -236,7 +236,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate: .keyring(kms_keyring) .search( SearchConfig::builder() - // .write_version(1) // MUST be 1 + .write_version(1) // MUST be 1 .versions(beacon_versions) .build()?, ) From c5bc4fd4e6ab39dc2c6bf90676c1b8ce10e701fd Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 08:40:49 -0500 Subject: [PATCH 5/8] m --- DynamoDbEncryption/runtimes/rust/src/intercept.rs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/DynamoDbEncryption/runtimes/rust/src/intercept.rs b/DynamoDbEncryption/runtimes/rust/src/intercept.rs index 1b465ef5f..533b8d5ca 100644 --- a/DynamoDbEncryption/runtimes/rust/src/intercept.rs +++ b/DynamoDbEncryption/runtimes/rust/src/intercept.rs @@ -88,11 +88,6 @@ impl DbEsdkInterceptor { ) -> Result { let client = crate::client::Client::from_conf(config)?; Ok(DbEsdkInterceptor { client }) - // let client = crate::client::Client::from_conf(config); - // match client { - // Ok(x) => Ok(DbEsdkInterceptor { client : x }), - // Err(e) => Err(format!("{:?}", e)) - // } } } From 09f7f783fa85733fc3ecd2d8f366f52d1a554fa9 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 08:41:33 -0500 Subject: [PATCH 6/8] m --- DynamoDbEncryption/runtimes/rust/src/intercept.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/DynamoDbEncryption/runtimes/rust/src/intercept.rs b/DynamoDbEncryption/runtimes/rust/src/intercept.rs index 533b8d5ca..5300ef35b 100644 --- a/DynamoDbEncryption/runtimes/rust/src/intercept.rs +++ b/DynamoDbEncryption/runtimes/rust/src/intercept.rs @@ -84,7 +84,6 @@ pub struct DbEsdkInterceptor { impl DbEsdkInterceptor { pub fn new( config: crate::types::dynamo_db_tables_encryption_config::DynamoDbTablesEncryptionConfig, - // ) -> Result { ) -> Result { let client = crate::client::Client::from_conf(config)?; Ok(DbEsdkInterceptor { client }) From 1c21a49f80c52540c4fb04092d067e3df09a21f4 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 09:07:15 -0500 Subject: [PATCH 7/8] m --- .../runtimes/rust/examples/basic_get_put_example.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs index c3e68e6b5..ba656dab6 100644 --- a/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs +++ b/DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs @@ -116,7 +116,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> { // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await; let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config) - .interceptor(DbEsdkInterceptor::new(table_configs)) + .interceptor(DbEsdkInterceptor::new(table_configs)?) .build(); let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config); From 600c21ff4ce08c07bcd4b882eefacef92cee3d80 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 18 Dec 2024 15:13:34 -0500 Subject: [PATCH 8/8] m --- DynamoDbEncryption/runtimes/rust/Cargo.toml | 18 +++++++++--------- TestVectors/runtimes/rust/Cargo.toml | 18 +++++++++--------- submodules/MaterialProviders | 2 +- submodules/smithy-dafny | 2 +- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/DynamoDbEncryption/runtimes/rust/Cargo.toml b/DynamoDbEncryption/runtimes/rust/Cargo.toml index 2af556cd4..ee3c14e48 100644 --- a/DynamoDbEncryption/runtimes/rust/Cargo.toml +++ b/DynamoDbEncryption/runtimes/rust/Cargo.toml @@ -2,7 +2,7 @@ name = "aws-db-esdk" version = "0.1.1" edition = "2021" -rust-version = "1.80.0" +rust-version = "1.81.0" keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"] license = "ISC AND (Apache-2.0 OR ISC)" description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB." @@ -16,19 +16,19 @@ readme = "README.md" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -aws-config = "1.5.10" -aws-lc-rs = "1.11.1" -aws-lc-sys = "0.23.1" -aws-sdk-dynamodb = "1.54.0" -aws-sdk-kms = "1.50.0" +aws-config = "1.5.11" +aws-lc-rs = "1.12.0" +aws-lc-sys = "0.22.0" +aws-sdk-dynamodb = "1.56.0" +aws-sdk-kms = "1.52.0" aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] } -aws-smithy-types = "1.2.9" -chrono = "0.4.38" +aws-smithy-types = "1.2.10" +chrono = "0.4.39" cpu-time = "1.0.0" dafny-runtime = "0.1.1" dashmap = "6.1.0" pem = "3.0.4" -tokio = {version = "1.41.1", features = ["full"] } +tokio = {version = "1.42.0", features = ["full"] } uuid = { version = "1.11.0", features = ["v4"] } [[example]] diff --git a/TestVectors/runtimes/rust/Cargo.toml b/TestVectors/runtimes/rust/Cargo.toml index 3a11a50da..83da9ef73 100644 --- a/TestVectors/runtimes/rust/Cargo.toml +++ b/TestVectors/runtimes/rust/Cargo.toml @@ -2,22 +2,22 @@ name = "aws-db-esdk-test-vectors" version = "0.1.0" edition = "2021" -rust-version = "1.80.0" +rust-version = "1.81.0" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -aws-config = "1.5.10" -aws-lc-rs = "1.11.1" -aws-lc-sys = "0.23.1" -aws-sdk-dynamodb = "1.54.0" -aws-sdk-kms = "1.50.0" +aws-config = "1.5.11" +aws-lc-rs = "1.12.0" +aws-lc-sys = "0.22.0" +aws-sdk-dynamodb = "1.56.0" +aws-sdk-kms = "1.52.0" aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] } -aws-smithy-types = "1.2.9" -chrono = "0.4.38" +aws-smithy-types = "1.2.10" +chrono = "0.4.39" cpu-time = "1.0.0" dafny_runtime = { path = "../../../submodules/MaterialProviders/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust"} dashmap = "6.1.0" pem = "3.0.4" -tokio = {version = "1.41.1", features = ["full"] } +tokio = {version = "1.42.0", features = ["full"] } uuid = { version = "1.11.0", features = ["v4"] } diff --git a/submodules/MaterialProviders b/submodules/MaterialProviders index 96fa3af3e..0e2859d43 160000 --- a/submodules/MaterialProviders +++ b/submodules/MaterialProviders @@ -1 +1 @@ -Subproject commit 96fa3af3e93183f7ddd62e1e8e73e1100f22e5a8 +Subproject commit 0e2859d43710373c0df06783db7d38afe3f0bea7 diff --git a/submodules/smithy-dafny b/submodules/smithy-dafny index fc8abc130..f67c21075 160000 --- a/submodules/smithy-dafny +++ b/submodules/smithy-dafny @@ -1 +1 @@ -Subproject commit fc8abc130463201789568e6ee45546fb0635146e +Subproject commit f67c21075ebac40e052204b6827a4db641e65862