chore(rust): release 1.2.1

.github/actions/install_smithy_dafny_codegen_dependencies/action.yml

@@ -22,7 +22,7 @@ runs:
     - name: Setup Python, black, and docformatter for code formatting
       uses: actions/setup-python@v6
       with:
-        python-version: ${{ matrix.python-version }}
+        python-version: 3.11
         architecture: x64
     - shell: bash
       run: |

.github/workflows/ci_test_go.yml

@@ -45,7 +45,7 @@ jobs:
 
       - name: Setup Docker
         if: matrix.os == 'macos-15-intel' && matrix.library == 'TestVectors'
-        uses: douglascamata/[email protected].1
+        uses: douglascamata/[email protected].2
 
       - name: Setup DynamoDB Local
         if: matrix.library == 'TestVectors'

.github/workflows/ci_test_vector_java.yml

@@ -48,7 +48,7 @@ jobs:
 
       - name: Setup Docker
         if: matrix.os == 'macos-15-intel' && matrix.library == 'TestVectors'
-        uses: douglascamata/[email protected].1
+        uses: douglascamata/[email protected].2
 
       - name: Setup DynamoDB Local
         if: matrix.library == 'TestVectors'

.github/workflows/ci_test_vector_net.yml

@@ -44,7 +44,7 @@ jobs:
 
       - name: Setup Docker
         if: matrix.os == 'macos-15-intel' && matrix.library == 'TestVectors'
-        uses: douglascamata/[email protected].1
+        uses: douglascamata/[email protected].2
 
       - name: Setup DynamoDB Local
         if: matrix.library == 'TestVectors'

.github/workflows/library_rust_tests.yml

@@ -43,7 +43,7 @@ jobs:
 
       - name: Setup Docker
         if: matrix.os == 'macos-15-intel' && matrix.library == 'TestVectors'
-        uses: douglascamata/[email protected].1
+        uses: douglascamata/[email protected].2
 
       - name: Setup DynamoDB Local
         if: matrix.library == 'TestVectors'
@@ -121,6 +121,13 @@ jobs:
         run: |
           make test_rust
 
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v5
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-DDBEC-Dafny-Role-us-west-2
+          role-session-name: DDBEC-Dafny-Rust-Tests
+
       - name: Test ${{ matrix.library }} Rust Fips
         shell: bash
         working-directory: ./${{ matrix.library }}/runtimes/rust/

.github/workflows/pull.yml

@@ -54,11 +54,11 @@ jobs:
     uses: ./.github/workflows/library_rust_tests.yml
     with:
       dafny: ${{needs.getVersion.outputs.version}}
-  pr-ci-go:
-    needs: getVersion
-    uses: ./.github/workflows/ci_test_go.yml
-    with:
-      dafny: ${{needs.getVersion.outputs.version}}
+  # pr-ci-go:
+  #   needs: getVersion
+  #   uses: ./.github/workflows/ci_test_go.yml
+  #   with:
+  #     dafny: ${{needs.getVersion.outputs.version}}
   pr-ci-net-test-vectors:
     needs: getVersion
     uses: ./.github/workflows/ci_test_vector_net.yml
@@ -83,7 +83,7 @@ jobs:
       - pr-ci-java-examples
       - pr-ci-net
       - pr-ci-rust
-      - pr-ci-go
+      # - pr-ci-go
       - pr-ci-net-test-vectors
       - pr-ci-net-examples
     runs-on: ubuntu-22.04

DynamoDbEncryption/runtimes/rust/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "aws-db-esdk"
-version = "1.2.0"
+version = "1.2.1"
 edition = "2021"
-rust-version = "1.86.0"
+rust-version = "1.88.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,21 +16,21 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.8.5"
-aws-lc-rs = {version = "1.13.3"}
-aws-lc-sys = { version = "0.30", optional = true }
+aws-config = "1.8.10"
+aws-lc-rs = {version = "1.15.0"}
+aws-lc-sys = { version = "0.33", optional = true }
 aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.90.0"
-aws-sdk-kms = "1.84.0"
-aws-smithy-runtime-api = {version = "1.9.0", features = ["client"] }
-aws-smithy-types = "1.3.2"
-chrono = "0.4.41"
+aws-sdk-dynamodb = "1.99.0"
+aws-sdk-kms = "1.94.0"
+aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
+aws-smithy-types = "1.3.4"
+chrono = "0.4.42"
 cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"] }
 dashmap = "6.1.0"
-pem = "3.0.5"
-tokio = {version = "1.47.1", features = ["full"] }
-uuid = { version = "1.18.0", features = ["v4"] }
+pem = "3.0.6"
+tokio = {version = "1.48.0", features = ["full"] }
+uuid = { version = "1.18.1", features = ["v4"] }
 
 [[example]]
 name = "main"

DynamoDbEncryption/runtimes/rust/src/lib.rs

@@ -129,6 +129,7 @@ pub(crate) use crate::implementation_from_dafny::ECDH;
 pub(crate) use crate::implementation_from_dafny::HMAC;
 pub(crate) use crate::implementation_from_dafny::UTF8;
 pub(crate) use crate::implementation_from_dafny::UUID;
+pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
 
 pub(crate) mod conversions;
 pub(crate) mod deps;

TestVectors/runtimes/rust/Cargo.toml

@@ -2,26 +2,26 @@
 name = "aws-db-esdk-test-vectors"
 version = "0.1.0"
 edition = "2021"
-rust-version = "1.86.0"
+rust-version = "1.88.0"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.8.5"
-aws-lc-rs = {version = "1.13.3"}
-aws-lc-sys = { version = "0.30", optional = true }
+aws-config = "1.8.10"
+aws-lc-rs = {version = "1.15.0"}
+aws-lc-sys = { version = "0.33", optional = true }
 aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.90.0"
-aws-sdk-kms = "1.84.0"
-aws-smithy-runtime-api = {version = "1.9.0", features = ["client"] }
-aws-smithy-types = "1.3.2"
-chrono = "0.4.41"
+aws-sdk-dynamodb = "1.99.0"
+aws-sdk-kms = "1.94.0"
+aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
+aws-smithy-types = "1.3.4"
+chrono = "0.4.42"
 cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"] }
 dashmap = "6.1.0"
-pem = "3.0.5"
-tokio = {version = "1.47.1", features = ["full"] }
-uuid = { version = "1.18.0", features = ["v4"] }
+pem = "3.0.6"
+tokio = {version = "1.48.0", features = ["full"] }
+uuid = { version = "1.18.1", features = ["v4"] }
 
 [features]
 wrapped-client = []

TestVectors/runtimes/rust/src/lib.rs

@@ -50,6 +50,7 @@ pub(crate) use crate::implementation_from_dafny::ECDH;
 pub(crate) use crate::implementation_from_dafny::HMAC;
 pub(crate) use crate::implementation_from_dafny::UTF8;
 pub(crate) use crate::implementation_from_dafny::UUID;
+pub(crate) use crate::deps::com_amazonaws_kms::client::Client as KmsClient;
 
 pub mod aes_gcm;
 pub mod aes_kdf_ctr;

releases/rust/db_esdk/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
 name = "aws-db-esdk"
-version = "1.2.0"
+version = "1.2.1"
 edition = "2021"
-rust-version = "1.86.0"
+rust-version = "1.88.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,20 +16,20 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.8.5"
-aws-lc-rs = {version = "1.13.3"}
-aws-lc-sys = { version = "0.30", optional = true }
+aws-config = "1.8.10"
+aws-lc-rs = {version = "1.15.0"}
+aws-lc-sys = { version = "0.33", optional = true }
 aws-lc-fips-sys = { version = "0.13", optional = true }
-aws-sdk-dynamodb = "1.90.0"
-aws-sdk-kms = "1.84.0"
-aws-smithy-runtime-api = {version = "1.9.0", features = ["client"] }
-aws-smithy-types = "1.3.2"
-chrono = "0.4.41"
+aws-sdk-dynamodb = "1.99.0"
+aws-sdk-kms = "1.94.0"
+aws-smithy-runtime-api = {version = "1.9.2", features = ["client"] }
+aws-smithy-types = "1.3.4"
+chrono = "0.4.42"
 cpu-time = "1.0.0"
 dashmap = "6.1.0"
-pem = "3.0.5"
-tokio = {version = "1.47.1", features = ["full"] }
-uuid = { version = "1.18.0", features = ["v4"] }
+pem = "3.0.6"
+tokio = {version = "1.48.0", features = ["full"] }
+uuid = { version = "1.18.1", features = ["v4"] }
 dafny-runtime = { version = "0.3.1", features = ["sync", "small-int"] }
 
 [[example]]

releases/rust/db_esdk/examples/main.rs

@@ -11,6 +11,7 @@ pub mod create_keystore_key;
 pub mod get_encrypted_data_key_description;
 pub mod itemencryptor;
 pub mod keyring;
+pub mod migration;
 pub mod multi_get_put_example;
 pub mod searchableencryption;
 pub mod test_utils;

releases/rust/db_esdk/examples/test_utils.rs

@@ -44,3 +44,32 @@ pub const TEST_BRANCH_KEY_WRAPPING_KMS_KEY_ARN: &str =
 // Our tests require access to DDB Table with this name configured as a branch keystore
 pub const TEST_BRANCH_KEYSTORE_DDB_TABLE_NAME: &str = "KeyStoreDdbTable";
 pub const TEST_COMPLEX_DDB_TABLE_NAME: &str = "ComplexBeaconTestTable";
+
+// Helper method to clean up test items
+pub async fn cleanup_items(
+    table_name: &str,
+    partition_key_value: &str,
+    sort_key_value: &str,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
+    let ddb = aws_sdk_dynamodb::Client::new(&sdk_config);
+
+    let key = std::collections::HashMap::from([
+        (
+            "partition_key".to_string(),
+            aws_sdk_dynamodb::types::AttributeValue::S(partition_key_value.to_string()),
+        ),
+        (
+            "sort_key".to_string(),
+            aws_sdk_dynamodb::types::AttributeValue::N(sort_key_value.to_string()),
+        ),
+    ]);
+
+    ddb.delete_item()
+        .table_name(table_name)
+        .set_key(Some(key))
+        .send()
+        .await?;
+
+    Ok(())
+}

releases/rust/db_esdk/src/concurrent_call.rs

@@ -10,23 +10,23 @@
 pub mod ConcurrentCall {
 
     fn de_const(
-        p: *const dafny_runtime::Object<(dyn Callee + 'static)>,
-    ) -> *mut dafny_runtime::Object<(dyn Callee + 'static)> {
+        p: *const dafny_runtime::Object<dyn Callee + 'static>,
+    ) -> *mut dafny_runtime::Object<dyn Callee + 'static> {
         p as _
     }
 
     pub struct FakeCallee {
-        callee: *const dafny_runtime::Object<(dyn Callee + 'static)>,
+        callee: *const dafny_runtime::Object<dyn Callee + 'static>,
     }
     impl FakeCallee {
-        fn new(callee: &dafny_runtime::Object<(dyn Callee + 'static)>) -> Self {
+        fn new(callee: &dafny_runtime::Object<dyn Callee + 'static>) -> Self {
             Self {
                 callee: std::ptr::from_ref(callee),
             }
         }
         fn call(&self, x: u32, y: u32) {
             let mptr = de_const(self.callee);
-            let value: &mut dafny_runtime::Object<(dyn Callee + 'static)> = unsafe { &mut *mptr };
+            let value: &mut dafny_runtime::Object<dyn Callee + 'static> = unsafe { &mut *mptr };
             value.as_mut().call(x, y);
         }
     }
@@ -37,7 +37,7 @@ pub mod ConcurrentCall {
     use crate::ConcurrentCall::Callee;
     impl _default {
         pub fn ConcurrentCall(
-            callee: &dafny_runtime::Object<(dyn Callee + 'static)>,
+            callee: &dafny_runtime::Object<dyn Callee + 'static>,
             serial_iters: u32,
             concurrent_iters: u32,
         ) {

releases/rust/db_esdk/src/ecdh.rs

@@ -442,7 +442,7 @@ pub mod ECDH {
                 &public_key,
             );
             let shared: Vec<u8> =
-                aws_lc_rs::agreement::agree(&private_key, &public_key, "foo", |x| Ok(x.to_vec()))
+                aws_lc_rs::agreement::agree(&private_key, public_key, "foo", |x| Ok(x.to_vec()))
                     .map_err(|_e| "Failure in aws_lc_rs::agreement::agree.".to_string())?;
             Ok(shared)
         }