chore(rust): improved blocking

.github/actions/install_smithy_dafny_codegen_dependencies/action.yml

@@ -27,7 +27,7 @@ runs:
     - shell: bash
       run: |
         python -m pip install --upgrade pip
-        python -m pip install --upgrade black
+        python -m pip install black==25.1
         python -m pip install --upgrade docformatter
 
     - name: Install Go

DynamoDbEncryption/runtimes/net/DynamoDbEncryption.csproj

@@ -67,7 +67,7 @@
             -->
     <PackageReference Include="System.Collections.Immutable" Version="1.7.0"/>
     <!-- Work around for dafny-lang/dafny/issues/1951; remove once resolved -->
-    <PackageReference Include="System.ValueTuple" Version="4.5.0"/>
+    <PackageReference Include="System.ValueTuple" Version="4.6.1"/>
 
     <Compile Include="Extern/**/*.cs"/>
     <Compile Include="Generated/**/*.cs"/>

DynamoDbEncryption/runtimes/net/tests/Test-DynamoDbEncryption.csproj

@@ -17,7 +17,7 @@
     -->
     <PackageReference Include="System.Collections.Immutable" Version="1.7.0" />
     <!-- Work around for dafny-lang/dafny/issues/1951; remove once resolved -->
-    <PackageReference Include="System.ValueTuple" Version="4.5.0" />
+    <PackageReference Include="System.ValueTuple" Version="4.6.1" />
   </ItemGroup>
 
   <ItemGroup>

DynamoDbEncryption/runtimes/rust/.gitignore

@@ -16,6 +16,7 @@ src/ecdh.rs
 src/ecdsa.rs
 src/error
 src/error.rs
+src/escape.rs
 src/hmac.rs
 src/implementation_from_dafny.rs
 src/kms.rs

DynamoDbEncryption/runtimes/rust/Cargo.toml

@@ -2,7 +2,6 @@
 name = "aws-db-esdk"
 version = "1.2.1"
 edition = "2021"
-rust-version = "1.88.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,21 +15,21 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.8.10"
-aws-lc-rs = {version = "1.15.0"}
-aws-lc-sys = { version = "0.36", optional = true }
+aws-config = "1.8.12"
+aws-lc-rs = {version = "1.15.4"}
+aws-lc-sys = { version = "0.37", optional = true }
 aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.99.0"
-aws-sdk-kms = "1.94.0"
-aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
-aws-smithy-types = "1.3.4"
-chrono = "0.4.42"
+aws-sdk-dynamodb = "1.103.0"
+aws-sdk-kms = "1.98.0"
+aws-smithy-runtime-api = {version = "1.10.0", features = ["client"] }
+aws-smithy-types = "1.3.6"
+chrono = "0.4.43"
 cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"] }
 dashmap = "6.1.0"
 pem = "3.0.6"
-tokio = {version = "1.48.0", features = ["full"] }
-uuid = { version = "1.18.1", features = ["v4"] }
+tokio = {version = "1.49.0", features = ["full"] }
+uuid = { version = "1.19.0", features = ["v4"] }
 
 [[example]]
 name = "main"

DynamoDbEncryption/runtimes/rust/copy_externs.sh

@@ -12,6 +12,7 @@ cp $SRC/ddb.rs src
 cp $SRC/digest.rs src
 cp $SRC/ecdh.rs src
 cp $SRC/ecdsa.rs src
+cp $SRC/escape.rs src
 cp $SRC/hmac.rs src
 cp $SRC/kms.rs src
 cp $SRC/local_cmc.rs src

DynamoDbEncryption/runtimes/rust/examples/main.rs

@@ -11,10 +11,10 @@ pub mod create_keystore_key;
 pub mod get_encrypted_data_key_description;
 pub mod itemencryptor;
 pub mod keyring;
+pub mod migration;
 pub mod multi_get_put_example;
 pub mod searchableencryption;
 pub mod test_utils;
-pub mod migration;
 
 use std::convert::From;
 

DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/common.rs

@@ -1,12 +1,12 @@
 // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
+use aws_db_esdk::dynamodb::types::DynamoDbTableEncryptionConfig;
+use aws_db_esdk::dynamodb::types::PlaintextOverride;
 use aws_db_esdk::material_providers::client;
 use aws_db_esdk::material_providers::types::material_providers_config::MaterialProvidersConfig;
-use aws_db_esdk::CryptoAction;
-use aws_db_esdk::dynamodb::types::DynamoDbTableEncryptionConfig;
 use aws_db_esdk::types::dynamo_db_tables_encryption_config::DynamoDbTablesEncryptionConfig;
-use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use aws_db_esdk::CryptoAction;
 use std::collections::HashMap;
 
 pub async fn create_table_configs(

DynamoDbEncryption/runtimes/rust/examples/migration/plaintext_to_awsdbe/awsdbe/migration_step_1.rs

@@ -1,14 +1,14 @@
 // Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use aws_sdk_dynamodb::types::AttributeValue;
-use std::collections::HashMap;
-use aws_db_esdk::intercept::DbEsdkInterceptor;
-use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
 use crate::migration::plaintext_to_awsdbe::migration_utils::{
-    verify_returned_item, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE, DO_NOTHING_VALUE,
+    verify_returned_item, DO_NOTHING_VALUE, ENCRYPTED_AND_SIGNED_VALUE, SIGN_ONLY_VALUE,
 };
-use crate::migration::plaintext_to_awsdbe::awsdbe::common::create_table_configs;
+use aws_db_esdk::dynamodb::types::PlaintextOverride;
+use aws_db_esdk::intercept::DbEsdkInterceptor;
+use aws_sdk_dynamodb::types::AttributeValue;
+use std::collections::HashMap;
 
 /*
 Migration Step 1: This is the first step in the migration process from
@@ -137,49 +137,101 @@ pub async fn migration_step_1_example(
 
 #[tokio::test(flavor = "multi_thread")]
 async fn test_migration_step_1() -> Result<(), Box<dyn std::error::Error>> {
-    use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
     use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_2::migration_step_2_example;
     use crate::migration::plaintext_to_awsdbe::awsdbe::migration_step_3::migration_step_3_example;
+    use crate::migration::plaintext_to_awsdbe::plaintext::migration_step_0::migration_step_0_example;
     use crate::test_utils;
     use uuid::Uuid;
 
     let kms_key_id = test_utils::TEST_KMS_KEY_ID;
     let table_name = test_utils::TEST_DDB_TABLE_NAME;
     let partition_key = Uuid::new_v4().to_string();
     let sort_keys = ["0", "1", "2", "3"];
-    
+
     // Successfully executes step 1
-    let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[1]).await?;
+    let success = migration_step_1_example(
+        kms_key_id,
+        table_name,
+        &partition_key,
+        sort_keys[1],
+        sort_keys[1],
+    )
+    .await?;
     assert!(success, "MigrationStep1 should complete successfully");
 
     // Given: Step 0 has succeeded
-    let success = migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
+    let success =
+        migration_step_0_example(table_name, &partition_key, sort_keys[0], sort_keys[0]).await?;
     assert!(success, "MigrationStep0 should complete successfully");
 
     // When: Execute Step 1 with sortReadValue=0, Then: Success (i.e. can read plaintext values from Step 0)
-    let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[0]).await?;
-    assert!(success, "MigrationStep1 should be able to read items written by Step 0");
+    let success = migration_step_1_example(
+        kms_key_id,
+        table_name,
+        &partition_key,
+        sort_keys[1],
+        sort_keys[0],
+    )
+    .await?;
+    assert!(
+        success,
+        "MigrationStep1 should be able to read items written by Step 0"
+    );
 
     // Given: Step 2 has succeeded
-    let success = migration_step_2_example(kms_key_id, table_name, &partition_key, sort_keys[2], sort_keys[2]).await?;
+    let success = migration_step_2_example(
+        kms_key_id,
+        table_name,
+        &partition_key,
+        sort_keys[2],
+        sort_keys[2],
+    )
+    .await?;
     assert!(success, "MigrationStep2 should complete successfully");
 
     // When: Execute Step 1 with sortReadValue=2, Then: Success (i.e. can read encrypted values from Step 2)
-    let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[2]).await?;
-    assert!(success, "MigrationStep1 should be able to read items written by Step 2");
+    let success = migration_step_1_example(
+        kms_key_id,
+        table_name,
+        &partition_key,
+        sort_keys[1],
+        sort_keys[2],
+    )
+    .await?;
+    assert!(
+        success,
+        "MigrationStep1 should be able to read items written by Step 2"
+    );
 
     // Given: Step 3 has succeeded
-    let success = migration_step_3_example(kms_key_id, table_name, &partition_key, sort_keys[3], sort_keys[3]).await?;
+    let success = migration_step_3_example(
+        kms_key_id,
+        table_name,
+        &partition_key,
+        sort_keys[3],
+        sort_keys[3],
+    )
+    .await?;
     assert!(success, "MigrationStep3 should complete successfully");
 
     // When: Execute Step 1 with sortReadValue=3, Then: Success (i.e. can read encrypted values from Step 3)
-    let success = migration_step_1_example(kms_key_id, table_name, &partition_key, sort_keys[1], sort_keys[3]).await?;
-    assert!(success, "MigrationStep1 should be able to read items written by Step 3");
+    let success = migration_step_1_example(
+        kms_key_id,
+        table_name,
+        &partition_key,
+        sort_keys[1],
+        sort_keys[3],
+    )
+    .await?;
+    assert!(
+        success,
+        "MigrationStep1 should be able to read items written by Step 3"
+    );
 
     // Cleanup
     for sort_key in &sort_keys {
         test_utils::cleanup_items(table_name, &partition_key, sort_key).await?;
     }
 
     Ok(())
-}
+}