diff --git a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml b/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml
index db52a17ed9..2aa4fa3323 100644
--- a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml
+++ b/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml
@@ -27,7 +27,7 @@ runs:
- shell: bash
run: |
python -m pip install --upgrade pip
- python -m pip install --upgrade black
+ python -m pip install black==25.1
python -m pip install --upgrade docformatter
- name: Install Go
diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go
index edd510e8a7..57aa61763e 100644
--- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go
+++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go
@@ -524,12 +524,7 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetEncryptedDataKeyDescriptionUni
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetEncryptedDataKeyDescriptionUnion_item_FromDafny(input interface{}) map[string]dynamodbtypes.AttributeValue {
diff --git a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go
index 650135db51..7e28d57e53 100644
--- a/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go
+++ b/DynamoDbEncryption/runtimes/go/ImplementationFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go
@@ -237,12 +237,7 @@ func Aws_cryptography_dbEncryptionSdk_structuredEncryption_StructuredDataTermina
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_structuredEncryption_StructuredDataTerminal_typeId_FromDafny(input interface{}) []byte {
@@ -250,12 +245,7 @@ func Aws_cryptography_dbEncryptionSdk_structuredEncryption_StructuredDataTermina
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_structuredEncryption_AuthItem_action_FromDafny(input interface{}) awscryptographydbencryptionsdkstructuredencryptionsmithygeneratedtypes.AuthenticateAction {
@@ -778,12 +768,7 @@ func Aws_cryptography_dbEncryptionSdk_structuredEncryption_ResolveAuthActionsInp
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_structuredEncryption_ResolveAuthActionsOutput_cryptoActions_FromDafny(input interface{}) []awscryptographydbencryptionsdkstructuredencryptionsmithygeneratedtypes.CryptoItem {
diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go
index edd510e8a7..57aa61763e 100644
--- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go
+++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkdynamodbsmithygenerated/to_native.go
@@ -524,12 +524,7 @@ func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetEncryptedDataKeyDescriptionUni
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_dynamoDb_GetEncryptedDataKeyDescriptionUnion_item_FromDafny(input interface{}) map[string]dynamodbtypes.AttributeValue {
diff --git a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go
index 650135db51..7e28d57e53 100644
--- a/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go
+++ b/DynamoDbEncryption/runtimes/go/TestsFromDafny-go/awscryptographydbencryptionsdkstructuredencryptionsmithygenerated/to_native.go
@@ -237,12 +237,7 @@ func Aws_cryptography_dbEncryptionSdk_structuredEncryption_StructuredDataTermina
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_structuredEncryption_StructuredDataTerminal_typeId_FromDafny(input interface{}) []byte {
@@ -250,12 +245,7 @@ func Aws_cryptography_dbEncryptionSdk_structuredEncryption_StructuredDataTermina
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_structuredEncryption_AuthItem_action_FromDafny(input interface{}) awscryptographydbencryptionsdkstructuredencryptionsmithygeneratedtypes.AuthenticateAction {
@@ -778,12 +768,7 @@ func Aws_cryptography_dbEncryptionSdk_structuredEncryption_ResolveAuthActionsInp
if input == nil {
return nil
}
- a := input.(dafny.Sequence).ToArray().(dafny.GoNativeArray)
- b := make([]byte, 0, a.Length())
- for i := uint32(0); i < a.Length(); i++ {
- b = append(b, a.Select(i).(byte))
- }
- return b
+ return dafny.ToByteArray(input.(dafny.Sequence))
}()
}
func Aws_cryptography_dbEncryptionSdk_structuredEncryption_ResolveAuthActionsOutput_cryptoActions_FromDafny(input interface{}) []awscryptographydbencryptionsdkstructuredencryptionsmithygeneratedtypes.CryptoItem {
diff --git a/DynamoDbEncryption/runtimes/net/DynamoDbEncryption.csproj b/DynamoDbEncryption/runtimes/net/DynamoDbEncryption.csproj
index 46ef23b417..1ff91a7984 100644
--- a/DynamoDbEncryption/runtimes/net/DynamoDbEncryption.csproj
+++ b/DynamoDbEncryption/runtimes/net/DynamoDbEncryption.csproj
@@ -67,7 +67,7 @@
-->
-
+
diff --git a/DynamoDbEncryption/runtimes/net/tests/Test-DynamoDbEncryption.csproj b/DynamoDbEncryption/runtimes/net/tests/Test-DynamoDbEncryption.csproj
index c3ccf953bf..e28aa39bcf 100644
--- a/DynamoDbEncryption/runtimes/net/tests/Test-DynamoDbEncryption.csproj
+++ b/DynamoDbEncryption/runtimes/net/tests/Test-DynamoDbEncryption.csproj
@@ -17,7 +17,7 @@
-->
-
+
diff --git a/DynamoDbEncryption/runtimes/rust/.gitignore b/DynamoDbEncryption/runtimes/rust/.gitignore
index 18aea02fab..c2e6ae5f0e 100644
--- a/DynamoDbEncryption/runtimes/rust/.gitignore
+++ b/DynamoDbEncryption/runtimes/rust/.gitignore
@@ -16,6 +16,7 @@ src/ecdh.rs
src/ecdsa.rs
src/error
src/error.rs
+src/escape.rs
src/hmac.rs
src/implementation_from_dafny.rs
src/kms.rs
diff --git a/DynamoDbEncryption/runtimes/rust/Cargo.toml b/DynamoDbEncryption/runtimes/rust/Cargo.toml
index d9b84d5d68..698659dccf 100644
--- a/DynamoDbEncryption/runtimes/rust/Cargo.toml
+++ b/DynamoDbEncryption/runtimes/rust/Cargo.toml
@@ -2,7 +2,6 @@
name = "aws-db-esdk"
version = "1.2.1"
edition = "2021"
-rust-version = "1.88.0"
keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
license = "ISC AND (Apache-2.0 OR ISC)"
description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,21 +15,21 @@ readme = "README.md"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
-aws-config = "1.8.10"
-aws-lc-rs = {version = "1.15.0"}
-aws-lc-sys = { version = "0.36", optional = true }
+aws-config = "1.8.12"
+aws-lc-rs = {version = "1.15.4"}
+aws-lc-sys = { version = "0.37", optional = true }
aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.99.0"
-aws-sdk-kms = "1.94.0"
-aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
-aws-smithy-types = "1.3.4"
-chrono = "0.4.42"
+aws-sdk-dynamodb = "1.103.0"
+aws-sdk-kms = "1.98.0"
+aws-smithy-runtime-api = {version = "1.10.0", features = ["client"] }
+aws-smithy-types = "1.3.6"
+chrono = "0.4.43"
cpu-time = "1.0.0"
dafny_runtime = { path = "../../../submodules/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"] }
dashmap = "6.1.0"
pem = "3.0.6"
-tokio = {version = "1.48.0", features = ["full"] }
-uuid = { version = "1.18.1", features = ["v4"] }
+tokio = {version = "1.49.0", features = ["full"] }
+uuid = { version = "1.19.0", features = ["v4"] }
[[example]]
name = "main"
diff --git a/DynamoDbEncryption/runtimes/rust/copy_externs.sh b/DynamoDbEncryption/runtimes/rust/copy_externs.sh
index 2f3fceb8a3..ac1bf125c1 100755
--- a/DynamoDbEncryption/runtimes/rust/copy_externs.sh
+++ b/DynamoDbEncryption/runtimes/rust/copy_externs.sh
@@ -12,6 +12,7 @@ cp $SRC/ddb.rs src
cp $SRC/digest.rs src
cp $SRC/ecdh.rs src
cp $SRC/ecdsa.rs src
+cp $SRC/escape.rs src
cp $SRC/hmac.rs src
cp $SRC/kms.rs src
cp $SRC/local_cmc.rs src
diff --git a/DynamoDbEncryption/runtimes/rust/examples/main.rs b/DynamoDbEncryption/runtimes/rust/examples/main.rs
index 7d20caa321..cd3d5b9b57 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/main.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/main.rs
@@ -11,10 +11,10 @@ pub mod create_keystore_key;
pub mod get_encrypted_data_key_description;
pub mod itemencryptor;
pub mod keyring;
+pub mod migration;
pub mod multi_get_put_example;
pub mod searchableencryption;
pub mod test_utils;
-pub mod migration;
use std::convert::From;
diff --git a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/common.rs b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/common.rs
index b15e095271..471213e188 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/common.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/common.rs
@@ -1,12 +1,12 @@
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
+use aws_db_esdk::dynamodb::types::DynamoDbTableEncryptionConfig;
+use aws_db_esdk::dynamodb::types::PlaintextOverride;
use aws_db_esdk::material_providers::client;
use aws_db_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
-use aws_db_esdk::CryptoAction;
-use aws_db_esdk::dynamodb::types::DynamoDbTableEncryptionConfig;
use aws_db_esdk::types::dynamo_db_tables_encryption_config::DynamoDbTablesEncryptionConfig;
-use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use aws_db_esdk::CryptoAction;
use std::collections::HashMap;
pub async fn create_table_configs(
diff --git a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_1.rs b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_1.rs
index efcefed8e1..aa7f668768 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_1.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_1.rs
@@ -1,14 +1,14 @@
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
-use aws_sdk_dynamodb::types::AttributeValue;
-use std::collections::HashMap;
-use aws_db_esdk::intercept::DbEsdkInterceptor;
-use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
use crate::migration::plaintext_to_awsdbe::migration_utils::{
- verify_returned_item, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE, DO_NOTHING_VALUE,
+ verify_returned_item, DO_NOTHING_VALUE, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE,
};
-use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
+use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use aws_db_esdk::intercept::DbEsdkInterceptor;
+use aws_sdk_dynamodb::types::AttributeValue;
+use std::collections::HashMap;
/*
Migration Step 1: This is the first step in the migration process from
@@ -137,9 +137,9 @@ pub async fn migration_step_1_example(
#[tokio::test(flavor = "multi_thread")]
async fn test_migration_step_1() -> Result<(), Box> {
- use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_2::migration_step_2_example;
use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_3::migration_step_3_example;
+ use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
use crate::test_utils;
use uuid::Uuid;
@@ -147,34 +147,86 @@ async fn test_migration_step_1() -> Result<(), Box> {
let table_name = test_utils::TEST_DDB_TABLE_NAME;
let partition_key = Uuid::new_v4().to_string();
let sort_keys = ["0", "1", "2", "3"];
-
+
// Successfully executes step 1
- let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[1]).await?;
+ let success = migration_step_1_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[1],
+ sort_keys[1],
+ )
+ .await?;
assert!(success, "MigrationStep1 should complete successfully");
// Given: Step 0 has succeeded
- let success = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
+ let success =
+ migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
assert!(success, "MigrationStep0 should complete successfully");
// When: Execute Step 1 with sortReadValue=0, Then: Success (i.e. can read plaintext values from Step 0)
- let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[0]).await?;
- assert!(success, "MigrationStep1 should be able to read items written by Step 0");
+ let success = migration_step_1_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[1],
+ sort_keys[0],
+ )
+ .await?;
+ assert!(
+ success,
+ "MigrationStep1 should be able to read items written by Step 0"
+ );
// Given: Step 2 has succeeded
- let success = migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[2]).await?;
+ let success = migration_step_2_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[2],
+ sort_keys[2],
+ )
+ .await?;
assert!(success, "MigrationStep2 should complete successfully");
// When: Execute Step 1 with sortReadValue=2, Then: Success (i.e. can read encrypted values from Step 2)
- let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[2]).await?;
- assert!(success, "MigrationStep1 should be able to read items written by Step 2");
+ let success = migration_step_1_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[1],
+ sort_keys[2],
+ )
+ .await?;
+ assert!(
+ success,
+ "MigrationStep1 should be able to read items written by Step 2"
+ );
// Given: Step 3 has succeeded
- let success = migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[3]).await?;
+ let success = migration_step_3_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[3],
+ sort_keys[3],
+ )
+ .await?;
assert!(success, "MigrationStep3 should complete successfully");
// When: Execute Step 1 with sortReadValue=3, Then: Success (i.e. can read encrypted values from Step 3)
- let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[3]).await?;
- assert!(success, "MigrationStep1 should be able to read items written by Step 3");
+ let success = migration_step_1_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[1],
+ sort_keys[3],
+ )
+ .await?;
+ assert!(
+ success,
+ "MigrationStep1 should be able to read items written by Step 3"
+ );
// Cleanup
for sort_key in &sort_keys {
@@ -182,4 +234,4 @@ async fn test_migration_step_1() -> Result<(), Box> {
}
Ok(())
-}
\ No newline at end of file
+}
diff --git a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_2.rs b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_2.rs
index 52872dac07..7766474bce 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_2.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_2.rs
@@ -1,14 +1,14 @@
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
-use aws_sdk_dynamodb::types::AttributeValue;
-use std::collections::HashMap;
-use aws_db_esdk::intercept::DbEsdkInterceptor;
-use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
use crate::migration::plaintext_to_awsdbe::migration_utils::{
- verify_returned_item, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE, DO_NOTHING_VALUE,
+ verify_returned_item, DO_NOTHING_VALUE, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE,
};
-use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
+use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use aws_db_esdk::intercept::DbEsdkInterceptor;
+use aws_sdk_dynamodb::types::AttributeValue;
+use std::collections::HashMap;
/*
Migration Step 2: This is the second step in the migration process from
@@ -139,9 +139,9 @@ pub async fn migration_step_2_example(
#[tokio::test(flavor = "multi_thread")]
async fn test_migration_step_2() -> Result<(), Box> {
- use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_1::migration_step_1_example;
use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_3::migration_step_3_example;
+ use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
use crate::test_utils;
use uuid::Uuid;
@@ -151,32 +151,84 @@ async fn test_migration_step_2() -> Result<(), Box> {
let sort_keys = ["0", "1", "2", "3"];
// Successfully executes step 2
- let success = migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[2]).await?;
+ let success = migration_step_2_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[2],
+ sort_keys[2],
+ )
+ .await?;
assert!(success, "MigrationStep2 should complete successfully");
// Given: Step 0 has succeeded
- let success = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
+ let success =
+ migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
assert!(success, "MigrationStep0 should complete successfully");
// When: Execute Step 2 with sortReadValue=0, Then: Success (i.e. can read plaintext values from Step 0)
- let success = migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[0]).await?;
- assert!(success, "MigrationStep2 should be able to read items written by Step 0");
+ let success = migration_step_2_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[2],
+ sort_keys[0],
+ )
+ .await?;
+ assert!(
+ success,
+ "MigrationStep2 should be able to read items written by Step 0"
+ );
// Given: Step 1 has succeeded
- let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[1]).await?;
+ let success = migration_step_1_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[1],
+ sort_keys[1],
+ )
+ .await?;
assert!(success, "MigrationStep1 should complete successfully");
// When: Execute Step 2 with sortReadValue=1, Then: Success (i.e. can read plaintext values from Step 1)
- let success = migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[1]).await?;
- assert!(success, "MigrationStep2 should be able to read items written by Step 1");
+ let success = migration_step_2_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[2],
+ sort_keys[1],
+ )
+ .await?;
+ assert!(
+ success,
+ "MigrationStep2 should be able to read items written by Step 1"
+ );
// Given: Step 3 has succeeded
- let success = migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[3]).await?;
+ let success = migration_step_3_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[3],
+ sort_keys[3],
+ )
+ .await?;
assert!(success, "MigrationStep3 should complete successfully");
// When: Execute Step 2 with sortReadValue=3, Then: Success (i.e. can read encrypted values from Step 3)
- let success = migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[3]).await?;
- assert!(success, "MigrationStep2 should be able to read items written by Step 3");
+ let success = migration_step_2_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[2],
+ sort_keys[3],
+ )
+ .await?;
+ assert!(
+ success,
+ "MigrationStep2 should be able to read items written by Step 3"
+ );
// Cleanup
for sort_key in &sort_keys {
@@ -184,4 +236,4 @@ async fn test_migration_step_2() -> Result<(), Box> {
}
Ok(())
-}
\ No newline at end of file
+}
diff --git a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_3.rs b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_3.rs
index c54cba21d5..9ab74d91ce 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_3.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_3.rs
@@ -1,14 +1,14 @@
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
-use aws_sdk_dynamodb::types::AttributeValue;
-use std::collections::HashMap;
-use aws_db_esdk::intercept::DbEsdkInterceptor;
-use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
use crate::migration::plaintext_to_awsdbe::migration_utils::{
- verify_returned_item, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE, DO_NOTHING_VALUE,
+ verify_returned_item, DO_NOTHING_VALUE, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE,
};
-use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
+use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use aws_db_esdk::intercept::DbEsdkInterceptor;
+use aws_sdk_dynamodb::types::AttributeValue;
+use std::collections::HashMap;
/*
Migration Step 3: This is the final step in the migration process from
@@ -140,9 +140,9 @@ pub async fn migration_step_3_example(
#[tokio::test(flavor = "multi_thread")]
async fn test_migration_step_3() -> Result<(), Box> {
- use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_1::migration_step_1_example;
use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_2::migration_step_2_example;
+ use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
use crate::test_utils;
use uuid::Uuid;
@@ -152,32 +152,84 @@ async fn test_migration_step_3() -> Result<(), Box> {
let sort_keys = ["0", "1", "2", "3"];
// Successfully executes step 3
- let success = migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[3]).await?;
+ let success = migration_step_3_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[3],
+ sort_keys[3],
+ )
+ .await?;
assert!(success, "MigrationStep3 should complete successfully");
// Given: Step 0 has succeeded
- let success = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
+ let success =
+ migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
assert!(success, "MigrationStep0 should complete successfully");
// When: Execute Step 3 with sortReadValue=0, Then: should error out when reading plaintext items from Step 0
- let result = migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[0]).await;
- assert!(result.is_err(), "MigrationStep3 should fail when reading plaintext items");
+ let result = migration_step_3_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[3],
+ sort_keys[0],
+ )
+ .await;
+ assert!(
+ result.is_err(),
+ "MigrationStep3 should fail when reading plaintext items"
+ );
// Given: Step 1 has succeeded
- let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[1]).await?;
+ let success = migration_step_1_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[1],
+ sort_keys[1],
+ )
+ .await?;
assert!(success, "MigrationStep1 should complete successfully");
// When: Execute Step 3 with sortReadValue=1, Then: should error out when reading plaintext items from Step 1
- let result = migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[1]).await;
- assert!(result.is_err(), "MigrationStep3 should fail when reading plaintext items");
+ let result = migration_step_3_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[3],
+ sort_keys[1],
+ )
+ .await;
+ assert!(
+ result.is_err(),
+ "MigrationStep3 should fail when reading plaintext items"
+ );
// Given: Step 2 has succeeded
- let success = migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[2]).await?;
+ let success = migration_step_2_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[2],
+ sort_keys[2],
+ )
+ .await?;
assert!(success, "MigrationStep2 should complete successfully");
// When: Execute Step 3 with sortReadValue=2, Then: Success (i.e. can read encrypted values from Step 2)
- let success = migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[2]).await?;
- assert!(success, "MigrationStep3 should be able to read items written by Step 2");
+ let success = migration_step_3_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[3],
+ sort_keys[2],
+ )
+ .await?;
+ assert!(
+ success,
+ "MigrationStep3 should be able to read items written by Step 2"
+ );
// Cleanup
for sort_key in &sort_keys {
@@ -185,4 +237,4 @@ async fn test_migration_step_3() -> Result<(), Box> {
}
Ok(())
-}
\ No newline at end of file
+}
diff --git a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/migration_utils.rs b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/migration_utils.rs
index 83d76f248d..3f7e40ae55 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/migration_utils.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/migration_utils.rs
@@ -34,11 +34,9 @@ pub fn verify_returned_item(
if let Some(AttributeValue::N(sk)) = item.get("sort_key") {
if sk != sort_key_value {
- return Err(format!(
- "sort_key mismatch: expected {}, got {}",
- sort_key_value, sk
- )
- .into());
+ return Err(
+ format!("sort_key mismatch: expected {}, got {}", sort_key_value, sk).into(),
+ );
}
} else {
return Err("sort_key not found or not a number".into());
diff --git a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/plaintext/migration_step_0.rs b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/plaintext/migration_step_0.rs
index d69b97508b..5b75054ebf 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/plaintext/migration_step_0.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/plaintext/migration_step_0.rs
@@ -1,11 +1,11 @@
// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
-use aws_sdk_dynamodb::types::AttributeValue;
-use std::collections::HashMap;
use crate::migration::plaintext_to_awsdbe::migration_utils::{
- verify_returned_item, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE, DO_NOTHING_VALUE,
+ verify_returned_item, DO_NOTHING_VALUE, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE,
};
+use aws_sdk_dynamodb::types::AttributeValue;
+use std::collections::HashMap;
/*
Migration Step 0: This is the pre-migration step for the
@@ -124,36 +124,76 @@ async fn test_migration_step_0() -> Result<(), Box> {
let sort_keys = ["0", "1", "2", "3"];
// Successfully executes step 0
- let success = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
+ let success =
+ migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
assert!(success, "MigrationStep0 should complete successfully");
// Given: Step 1 has succeeded
- migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[1]).await?;
-
+ migration_step_1_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[1],
+ sort_keys[1],
+ )
+ .await?;
+
// When: Execute Step 0 with sortReadValue=1, Then: Success (i.e. can read plaintext values)
- let success = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[1]).await?;
- assert!(success, "MigrationStep0 should be able to read items written by Step 1");
-
+ let success =
+ migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[1]).await?;
+ assert!(
+ success,
+ "MigrationStep0 should be able to read items written by Step 1"
+ );
+
// Given: Step 2 has succeeded
- migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[2]).await?;
-
+ migration_step_2_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[2],
+ sort_keys[2],
+ )
+ .await?;
+
// When: Execute Step 0 with sortReadValue=2, Then: should error out when reading encrypted items.
- let result = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[2]).await;
- assert!(result.is_err(), "MigrationStep0 should fail when reading encrypted items");
- assert!(result.unwrap_err().to_string().contains("attribute1 not found or not a string"));
-
+ let result =
+ migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[2]).await;
+ assert!(
+ result.is_err(),
+ "MigrationStep0 should fail when reading encrypted items"
+ );
+ assert!(result
+ .unwrap_err()
+ .to_string()
+ .contains("attribute1 not found or not a string"));
+
// Given: Step 3 has succeeded
- migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[3]).await?;
-
+ migration_step_3_example(
+ kms_key_id,
+ table_name,
+ &partition_key,
+ sort_keys[3],
+ sort_keys[3],
+ )
+ .await?;
+
// When: Execute Step 0 with sortReadValue=3, Then: should error out
- let result = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[3]).await;
- assert!(result.is_err(), "MigrationStep0 should fail when reading encrypted items");
- assert!(result.unwrap_err().to_string().contains("attribute1 not found or not a string"));
-
+ let result =
+ migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[3]).await;
+ assert!(
+ result.is_err(),
+ "MigrationStep0 should fail when reading encrypted items"
+ );
+ assert!(result
+ .unwrap_err()
+ .to_string()
+ .contains("attribute1 not found or not a string"));
+
// Cleanup
for sort_key in &sort_keys {
test_utils::cleanup_items(table_name, &partition_key, sort_key).await?;
}
Ok(())
-}
\ No newline at end of file
+}
diff --git a/DynamoDbEncryption/runtimes/rust/examples/test_utils.rs b/DynamoDbEncryption/runtimes/rust/examples/test_utils.rs
index 3e810d9827..52c845c308 100644
--- a/DynamoDbEncryption/runtimes/rust/examples/test_utils.rs
+++ b/DynamoDbEncryption/runtimes/rust/examples/test_utils.rs
@@ -53,7 +53,7 @@ pub async fn cleanup_items(
) -> Result<(), Box> {
let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
let ddb = aws_sdk_dynamodb::Client::new(&sdk_config);
-
+
let key = std::collections::HashMap::from([
(
"partition_key".to_string(),
@@ -72,4 +72,4 @@ pub async fn cleanup_items(
.await?;
Ok(())
-}
\ No newline at end of file
+}
diff --git a/DynamoDbEncryption/runtimes/rust/src/intercept.rs b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
index d7fe278b67..252cf809c8 100644
--- a/DynamoDbEncryption/runtimes/rust/src/intercept.rs
+++ b/DynamoDbEncryption/runtimes/rust/src/intercept.rs
@@ -7,6 +7,8 @@
#![allow(unused)]
#![allow(clippy::result_large_err)]
+use crate::escape::escape_to_async;
+
use aws_sdk_dynamodb::{
config::{
interceptors::{BeforeSerializationInterceptorContextMut, FinalizerInterceptorContextMut},
@@ -24,16 +26,7 @@ macro_rules! modify_request {
.store_put(OriginalRequest(Input::erase($request.clone())));
// transform the request
- let result = tokio::task::block_in_place(|| {
- tokio::runtime::Handle::current().block_on(async {
- $self
- .client
- .$transform()
- .sdk_input($request.clone())
- .send()
- .await
- })
- });
+ let result = escape_to_async($self.client.$transform().sdk_input($request.clone()).send());
match result {
Ok(x) => *$request = x.transformed_input.unwrap(),
Err(x) => {
@@ -56,17 +49,14 @@ macro_rules! modify_response {
.expect("we know this type corresponds to the output type");
// transform the response
- let result = tokio::task::block_in_place(|| {
- tokio::runtime::Handle::current().block_on(async {
- $self
- .client
- .$transform()
- .original_input(original.clone())
- .sdk_output($response.clone())
- .send()
- .await
- })
- });
+ let result = escape_to_async(
+ $self
+ .client
+ .$transform()
+ .original_input(original.clone())
+ .sdk_output($response.clone())
+ .send(),
+ );
match result {
Ok(x) => *$response = x.transformed_output.unwrap(),
Err(x) => {
diff --git a/DynamoDbEncryption/runtimes/rust/src/lib.rs b/DynamoDbEncryption/runtimes/rust/src/lib.rs
index 4a0ac47351..8f3b32d89e 100644
--- a/DynamoDbEncryption/runtimes/rust/src/lib.rs
+++ b/DynamoDbEncryption/runtimes/rust/src/lib.rs
@@ -114,6 +114,8 @@ mod standard_library_externs;
pub(crate) use crate::deps::aws_cryptography_primitives;
pub(crate) mod implementation_from_dafny;
+pub(crate) use crate::deps::com_amazonaws_dynamodb::client::Client as DdbClient;
+pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
pub(crate) use crate::implementation_from_dafny::_Wrappers_Compile;
pub(crate) use crate::implementation_from_dafny::software;
pub(crate) use crate::implementation_from_dafny::AesKdfCtr;
@@ -129,7 +131,6 @@ pub(crate) use crate::implementation_from_dafny::ECDH;
pub(crate) use crate::implementation_from_dafny::HMAC;
pub(crate) use crate::implementation_from_dafny::UTF8;
pub(crate) use crate::implementation_from_dafny::UUID;
-pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
pub(crate) mod conversions;
pub(crate) mod deps;
@@ -143,6 +144,7 @@ pub(crate) mod ddb;
pub(crate) mod digest;
pub(crate) mod ecdh;
pub(crate) mod ecdsa;
+pub(crate) mod escape;
pub(crate) mod hmac;
pub(crate) mod kms;
pub(crate) mod local_cmc;
diff --git a/TestVectors/runtimes/rust/.gitignore b/TestVectors/runtimes/rust/.gitignore
index f832d05d4f..b8cade6741 100644
--- a/TestVectors/runtimes/rust/.gitignore
+++ b/TestVectors/runtimes/rust/.gitignore
@@ -17,6 +17,7 @@ src/ecdh.rs
src/ecdsa.rs
src/error
src/error.rs
+src/escape.rs
src/hmac.rs
src/implementation_from_dafny.rs
src/kms.rs
diff --git a/TestVectors/runtimes/rust/Cargo.toml b/TestVectors/runtimes/rust/Cargo.toml
index 72e844e391..f72918c6f6 100644
--- a/TestVectors/runtimes/rust/Cargo.toml
+++ b/TestVectors/runtimes/rust/Cargo.toml
@@ -2,26 +2,25 @@
name = "aws-db-esdk-test-vectors"
version = "0.1.0"
edition = "2021"
-rust-version = "1.88.0"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
-aws-config = "1.8.10"
-aws-lc-rs = {version = "1.15.0"}
-aws-lc-sys = { version = "0.33", optional = true }
+aws-config = "1.8.12"
+aws-lc-rs = {version = "1.15.4"}
+aws-lc-sys = { version = "0.37", optional = true }
aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.99.0"
-aws-sdk-kms = "1.94.0"
-aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
-aws-smithy-types = "1.3.4"
-chrono = "0.4.42"
+aws-sdk-dynamodb = "1.103.0"
+aws-sdk-kms = "1.98.0"
+aws-smithy-runtime-api = {version = "1.10.0", features = ["client"] }
+aws-smithy-types = "1.3.6"
+chrono = "0.4.43"
cpu-time = "1.0.0"
dafny_runtime = { path = "../../../submodules/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"] }
dashmap = "6.1.0"
pem = "3.0.6"
-tokio = {version = "1.48.0", features = ["full"] }
-uuid = { version = "1.18.1", features = ["v4"] }
+tokio = {version = "1.49.0", features = ["full"] }
+uuid = { version = "1.19.0", features = ["v4"] }
[features]
wrapped-client = []
diff --git a/TestVectors/runtimes/rust/copy_externs.sh b/TestVectors/runtimes/rust/copy_externs.sh
index 81792034ad..d3a0012bb4 100755
--- a/TestVectors/runtimes/rust/copy_externs.sh
+++ b/TestVectors/runtimes/rust/copy_externs.sh
@@ -12,6 +12,7 @@ cp $SRC/ddb.rs src
cp $SRC/digest.rs src
cp $SRC/ecdh.rs src
cp $SRC/ecdsa.rs src
+cp $SRC/escape.rs src
cp $SRC/hmac.rs src
cp $SRC/kms.rs src
cp $SRC/local_cmc.rs src
diff --git a/TestVectors/runtimes/rust/src/intercept.rs b/TestVectors/runtimes/rust/src/intercept.rs
index ce59fe7a64..dcdc4a6e87 100644
--- a/TestVectors/runtimes/rust/src/intercept.rs
+++ b/TestVectors/runtimes/rust/src/intercept.rs
@@ -7,6 +7,7 @@
#![allow(unused)]
#![allow(clippy::result_large_err)]
+use crate::escape::escape_to_async;
use aws_sdk_dynamodb::{
config::{
interceptors::{BeforeSerializationInterceptorContextMut, FinalizerInterceptorContextMut},
@@ -24,16 +25,12 @@ macro_rules! modify_request {
.store_put(OriginalRequest(Input::erase($request.clone())));
// transform the request
- let result = tokio::task::block_in_place(|| {
- tokio::runtime::Handle::current().block_on(async {
+ let result = escape_to_async(
$self
.client
.$transform()
.sdk_input($request.clone())
- .send()
- .await
- })
- });
+ .send());
match result {
Ok(x) => *$request = x.transformed_input.unwrap(),
Err(x) => {
@@ -56,17 +53,13 @@ macro_rules! modify_response {
.expect("we know this type corresponds to the output type");
// transform the response
- let result = tokio::task::block_in_place(|| {
- tokio::runtime::Handle::current().block_on(async {
+ let result = escape_to_async(
$self
.client
.$transform()
.original_input(original.clone())
.sdk_output($response.clone())
- .send()
- .await
- })
- });
+ .send());
match result {
Ok(x) => *$response = x.transformed_output.unwrap(),
Err(x) => {
diff --git a/TestVectors/runtimes/rust/src/lib.rs b/TestVectors/runtimes/rust/src/lib.rs
index 8c3fe29b7f..3ee17d6a43 100644
--- a/TestVectors/runtimes/rust/src/lib.rs
+++ b/TestVectors/runtimes/rust/src/lib.rs
@@ -51,6 +51,7 @@ pub(crate) use crate::implementation_from_dafny::HMAC;
pub(crate) use crate::implementation_from_dafny::UTF8;
pub(crate) use crate::implementation_from_dafny::UUID;
pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
+pub(crate) use crate::deps::com_amazonaws_dynamodb::client::Client as DdbClient;
pub mod aes_gcm;
pub mod aes_kdf_ctr;
@@ -60,6 +61,7 @@ pub mod ddb;
pub mod digest;
pub mod ecdh;
pub mod ecdsa;
+pub mod escape;
pub mod hmac;
pub mod kms;
pub mod local_cmc;
diff --git a/db-esdk-performance-testing/benchmarks/rust/Cargo.toml b/db-esdk-performance-testing/benchmarks/rust/Cargo.toml
index 912a244295..47a595d662 100644
--- a/db-esdk-performance-testing/benchmarks/rust/Cargo.toml
+++ b/db-esdk-performance-testing/benchmarks/rust/Cargo.toml
@@ -12,7 +12,7 @@ path = "src/main.rs"
aws-db-esdk = { path = "../../../DynamoDbEncryption/runtimes/rust" }
# Async runtime
-tokio = { version = "1.47", features = ["full"] }
+tokio = { version = "1.49", features = ["full"] }
# Serialization
serde = { version = "1.0", features = ["derive"] }
@@ -48,14 +48,14 @@ stats_alloc = "0.1"
# Async utilities
futures = "0.3"
-aws-config = "1.8.6"
-aws-sdk-dynamodb = "1.92.0"
-aws-sdk-kms = "1.86.0"
-aws-sdk-sso = "1.83.0"
-aws-sdk-ssooidc = "1.84.0"
-aws-sdk-sts = "1.85.0"
+aws-config = "1.8.12"
+aws-sdk-dynamodb = "1.103.0"
+aws-sdk-kms = "1.98.0"
+aws-sdk-sso = "1.92.0"
+aws-sdk-ssooidc = "1.94.0"
+aws-sdk-sts = "1.96.0"
aws-smithy-types = "1.3"
cpu-time = "1.0.0"
[dev-dependencies]
-criterion = { version = "0.7", features = ["html_reports"] }
+criterion = { version = "0.8", features = ["html_reports"] }
diff --git a/submodules/MaterialProviders b/submodules/MaterialProviders
index 6878377045..3ea116182a 160000
--- a/submodules/MaterialProviders
+++ b/submodules/MaterialProviders
@@ -1 +1 @@
-Subproject commit 687837704534fccf7764767b7057a7b83a3f1a17
+Subproject commit 3ea116182a442607720330c102f086ebf3c6975f
diff --git a/submodules/smithy-dafny b/submodules/smithy-dafny
index 8ac2c09112..351cff6fbc 160000
--- a/submodules/smithy-dafny
+++ b/submodules/smithy-dafny
@@ -1 +1 @@
-Subproject commit 8ac2c09112187d7819088e8300d713a7ab3de83c
+Subproject commit 351cff6fbcf94de451dd24b1f69de51f2ed20ffb