fix: support new input validation (#1518)

* fix: support new input validation

DynamoDbEncryption/runtimes/rust/.gitignore

@@ -32,4 +32,5 @@ src/time.rs
 src/types
 src/types.rs
 src/uuid.rs
+src/validation.rs
 target

DynamoDbEncryption/runtimes/rust/Cargo.toml

@@ -2,7 +2,7 @@
 name = "aws-db-esdk"
 version = "0.1.1"
 edition = "2021"
-rust-version = "1.80.0"
+rust-version = "1.81.0"
 keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
 license = "ISC AND (Apache-2.0 OR ISC)"
 description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
@@ -16,18 +16,19 @@ readme = "README.md"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.5.10"
-aws-lc-rs = "1.11.1"
-aws-lc-sys = "0.23.1"
-aws-sdk-dynamodb = "1.54.0"
-aws-sdk-kms = "1.50.0"
+aws-config = "1.5.11"
+aws-lc-rs = "1.12.0"
+aws-lc-sys = "0.22.0"
+aws-sdk-dynamodb = "1.56.0"
+aws-sdk-kms = "1.52.0"
 aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
-aws-smithy-types = "1.2.9"
-chrono = "0.4.38"
+aws-smithy-types = "1.2.10"
+chrono = "0.4.39"
+cpu-time = "1.0.0"
 dafny-runtime = "0.1.1"
 dashmap = "6.1.0"
 pem = "3.0.4"
-tokio = {version = "1.41.1", features = ["full"] }
+tokio = {version = "1.42.0", features = ["full"] }
 uuid = { version = "1.11.0", features = ["v4"] }
 
 [[example]]

DynamoDbEncryption/runtimes/rust/examples/basic_get_put_example.rs

@@ -116,7 +116,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/clientsupplier/client_supplier_example.rs

@@ -123,7 +123,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the DynamoDb Config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -215,7 +215,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_replica_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)?)
         .build();
     let only_replica_ddb = aws_sdk_dynamodb::Client::from_conf(only_replica_dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/keyring/hierarchical_keyring.rs

@@ -181,7 +181,7 @@ pub async fn put_item_get_item(
     // 7. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/keyring/kms_rsa_keyring.rs

@@ -151,7 +151,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
 
     // 6. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/keyring/mrk_discovery_multi_keyring.rs

@@ -115,7 +115,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -182,7 +182,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let dynamo_config_for_decrypt = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs_for_decrypt))
+        .interceptor(DbEsdkInterceptor::new(table_configs_for_decrypt)?)
         .build();
     let ddb_for_decrypt = aws_sdk_dynamodb::Client::from_conf(dynamo_config_for_decrypt);
 

DynamoDbEncryption/runtimes/rust/examples/keyring/multi_keyring.rs

@@ -148,7 +148,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 7. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -217,7 +217,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_aes_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_aes_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_aes_table_configs)?)
         .build();
     let only_aes_ddb = aws_sdk_dynamodb::Client::from_conf(only_aes_dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/keyring/multi_mrk_keyring.rs

@@ -136,7 +136,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create the DynamoDb Encryption Interceptor
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 
@@ -218,7 +218,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_replica_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_replica_table_configs)?)
         .build();
     let only_replica_ddb = aws_sdk_dynamodb::Client::from_conf(only_replica_dynamo_config);
 
@@ -266,7 +266,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
         .build()?;
 
     let only_srk_dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(only_srk_table_configs))
+        .interceptor(DbEsdkInterceptor::new(only_srk_table_configs)?)
         .build();
     let only_srk_ddb = aws_sdk_dynamodb::Client::from_conf(only_srk_dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/keyring/raw_aes_keyring.rs

@@ -113,7 +113,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the Config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/keyring/raw_rsa_keyring.rs

@@ -151,7 +151,7 @@ pub async fn put_item_get_item() -> Result<(), crate::BoxError> {
     // 6. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/multi_get_put_example.rs

@@ -116,7 +116,7 @@ pub async fn multi_put_get() -> Result<(), crate::BoxError> {
     // 5. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/searchableencryption/basic_searchable_encryption.rs

@@ -249,7 +249,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
     // 7. Create a new AWS SDK DynamoDb client using the TableEncryptionConfigs
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/searchableencryption/beacon_styles_searchable_encryption.rs

@@ -268,7 +268,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
 
     // 10. Create a new AWS SDK DynamoDb client using the DynamoDb Config above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(encryption_config))
+        .interceptor(DbEsdkInterceptor::new(encryption_config)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/searchableencryption/complexexample/beacon_config.rs

@@ -547,7 +547,7 @@ pub async fn setup_beacon_config(
     // 13. Create a new AWS SDK DynamoDb client using the config above
     let sdk_config = aws_config::load_defaults(aws_config::BehaviorVersion::latest()).await;
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(table_configs))
+        .interceptor(DbEsdkInterceptor::new(table_configs)?)
         .build();
 
     Ok(aws_sdk_dynamodb::Client::from_conf(dynamo_config))

DynamoDbEncryption/runtimes/rust/examples/searchableencryption/compound_beacon_searchable_encryption.rs

@@ -260,7 +260,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
 
     // 12. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(encryption_config))
+        .interceptor(DbEsdkInterceptor::new(encryption_config)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/examples/searchableencryption/virtual_beacon_searchable_encryption.rs

@@ -350,7 +350,7 @@ pub async fn put_and_query_with_beacon(branch_key_id: &str) -> Result<(), crate:
 
     // 13. Create a new AWS SDK DynamoDb client using the DynamoDb Encryption Interceptor above
     let dynamo_config = aws_sdk_dynamodb::config::Builder::from(&sdk_config)
-        .interceptor(DbEsdkInterceptor::new(encryption_config))
+        .interceptor(DbEsdkInterceptor::new(encryption_config)?)
         .build();
     let ddb = aws_sdk_dynamodb::Client::from_conf(dynamo_config);
 

DynamoDbEncryption/runtimes/rust/src/intercept.rs

@@ -84,9 +84,9 @@ pub struct DbEsdkInterceptor {
 impl DbEsdkInterceptor {
     pub fn new(
         config: crate::types::dynamo_db_tables_encryption_config::DynamoDbTablesEncryptionConfig,
-    ) -> Self {
-        let client = crate::client::Client::from_conf(config).unwrap(); // FIXME
-        DbEsdkInterceptor { client }
+    ) -> Result<Self, crate::types::error::Error> {
+        let client = crate::client::Client::from_conf(config)?;
+        Ok(DbEsdkInterceptor { client })
     }
 }
 

DynamoDbEncryption/runtimes/rust/src/lib.rs

@@ -67,3 +67,4 @@ pub(crate) mod software_externs;
 pub(crate) mod storm_tracker;
 pub(crate) mod time;
 pub(crate) mod uuid;
+pub(crate) mod validation;

TestVectors/runtimes/rust/.gitignore

@@ -36,4 +36,5 @@ src/types.rs
 src/uuid.rs
 src/wrapped
 src/wrapped.rs
+src/validation.rs
 target

TestVectors/runtimes/rust/Cargo.toml

@@ -2,21 +2,22 @@
 name = "aws-db-esdk-test-vectors"
 version = "0.1.0"
 edition = "2021"
-rust-version = "1.80.0"
+rust-version = "1.81.0"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
-aws-config = "1.5.10"
-aws-lc-rs = "1.11.1"
-aws-lc-sys = "0.23.1"
-aws-sdk-dynamodb = "1.54.0"
-aws-sdk-kms = "1.50.0"
+aws-config = "1.5.11"
+aws-lc-rs = "1.12.0"
+aws-lc-sys = "0.22.0"
+aws-sdk-dynamodb = "1.56.0"
+aws-sdk-kms = "1.52.0"
 aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
-aws-smithy-types = "1.2.9"
-chrono = "0.4.38"
+aws-smithy-types = "1.2.10"
+chrono = "0.4.39"
+cpu-time = "1.0.0"
 dafny_runtime = { path = "../../../submodules/MaterialProviders/smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust"}
 dashmap = "6.1.0"
 pem = "3.0.4"
-tokio = {version = "1.41.1", features = ["full"] }
+tokio = {version = "1.42.0", features = ["full"] }
 uuid = { version = "1.11.0", features = ["v4"] }

TestVectors/runtimes/rust/src/lib.rs

@@ -12,6 +12,7 @@ pub mod error;
 /// All operations that this crate can perform.
 pub mod operation;
 pub mod types;
+pub mod validation;
 
 #[cfg(feature = "wrapped-client")]
 pub mod wrapped;