Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Bump to MPL HEAD, Smithy-Dafny HEAD #1299

Merged
merged 72 commits into from
Nov 1, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
72 commits
Select commit Hold shift + click to select a range
48e3204
primitives name
lucasmcdonald3 Aug 21, 2024
2bbf457
oop
lucasmcdonald3 Aug 21, 2024
0d4482a
Merge branch 'main' into primitives-name
lucasmcdonald3 Aug 21, 2024
4369a3c
snap
lucasmcdonald3 Aug 21, 2024
dac6f94
Merge branch 'main' into primitives-name
lucasmcdonald3 Aug 23, 2024
b895643
remove unnecessary asserts
ajewellamz Aug 22, 2024
81d8b26
m
ajewellamz Aug 22, 2024
4825712
m
ajewellamz Aug 22, 2024
ffd5b0d
Merge branch 'main' into primitives-name
lucasmcdonald3 Aug 23, 2024
7283823
chore: add ddb local to dafny interop test vectors (#1316)
josecorella Aug 26, 2024
621e9cc
fix: remove usage of `:|` (#1320)
josecorella Aug 28, 2024
4c608d2
chore: add check only keyword action (#1327)
josecorella Aug 29, 2024
cd69b16
chore: remove /// from smithy files (#1349)
ajewellamz Sep 10, 2024
e8bcd12
m
lucasmcdonald3 Sep 24, 2024
7e3681b
chore(release): 3.7.0 (#1368)
josecorella Sep 17, 2024
d436498
chore: fix dafny version release scripts (#1369)
josecorella Sep 17, 2024
8d30402
chore: enable local testing (#1380)
josecorella Sep 20, 2024
40a1f79
chore(CI): make smithy fidd check smarter (#1381)
josecorella Sep 20, 2024
ffb993b
Merge branch 'main' into primitives-name
lucasmcdonald3 Sep 24, 2024
e1fde21
m
lucasmcdonald3 Sep 25, 2024
bdb0533
m
lucasmcdonald3 Sep 25, 2024
3536f16
m
lucasmcdonald3 Sep 25, 2024
6d06369
chore: Bump to MPL 1.7 and localtests
lucasmcdonald3 Sep 25, 2024
ce14c7e
m
lucasmcdonald3 Sep 25, 2024
a86f24e
m
lucasmcdonald3 Sep 25, 2024
3cc75ed
m
lucasmcdonald3 Sep 25, 2024
7996a61
m
lucasmcdonald3 Sep 25, 2024
6cd82f7
m
lucasmcdonald3 Sep 25, 2024
a740c4a
m
lucasmcdonald3 Sep 25, 2024
663cbf1
m
lucasmcdonald3 Sep 25, 2024
dbc0893
m
lucasmcdonald3 Sep 25, 2024
4a386ba
m
lucasmcdonald3 Sep 25, 2024
8162cc6
m
lucasmcdonald3 Sep 25, 2024
6c06933
no patch
lucasmcdonald3 Sep 25, 2024
5a76f3e
m
lucasmcdonald3 Sep 25, 2024
dc5b482
m
lucasmcdonald3 Sep 25, 2024
d476ff5
m
lucasmcdonald3 Sep 25, 2024
6803207
m
lucasmcdonald3 Sep 25, 2024
ce41385
m
lucasmcdonald3 Sep 25, 2024
7615cdc
m
lucasmcdonald3 Sep 25, 2024
3f8ae26
m
lucasmcdonald3 Sep 25, 2024
b4959f6
m
lucasmcdonald3 Sep 25, 2024
362c3b3
m
lucasmcdonald3 Sep 25, 2024
32842c7
m
lucasmcdonald3 Sep 25, 2024
4851473
m
lucasmcdonald3 Sep 25, 2024
4498ca1
m
lucasmcdonald3 Sep 25, 2024
36b6d1b
m
lucasmcdonald3 Sep 25, 2024
58556ca
m
lucasmcdonald3 Sep 26, 2024
5f01a6e
m
lucasmcdonald3 Sep 26, 2024
ebe03ae
m
lucasmcdonald3 Sep 26, 2024
dadb50b
m
lucasmcdonald3 Sep 26, 2024
44b0666
m
lucasmcdonald3 Sep 26, 2024
bd47477
use passing one
lucasmcdonald3 Sep 26, 2024
241d9a9
m
lucasmcdonald3 Sep 26, 2024
9fd7411
fix
lucasmcdonald3 Sep 26, 2024
1d6ac49
m
lucasmcdonald3 Sep 26, 2024
c3d0cc8
m
lucasmcdonald3 Sep 26, 2024
24a1f21
m
lucasmcdonald3 Sep 26, 2024
84d6574
bump smithy-dafny to main
lucasmcdonald3 Sep 26, 2024
5665d3b
clean
lucasmcdonald3 Sep 26, 2024
bc349a7
Merge branch 'mpl-1.7' into primitives-name
lucasmcdonald3 Sep 26, 2024
9b3f20a
m
lucasmcdonald3 Sep 26, 2024
5e38451
update
lucasmcdonald3 Oct 29, 2024
cfc3e01
Merge branch 'main' into primitives-name
lucasmcdonald3 Oct 29, 2024
c97ebff
repoly
lucasmcdonald3 Oct 29, 2024
1deae41
local testing?
lucasmcdonald3 Oct 29, 2024
b6aa520
refine the cache
seebees Oct 30, 2024
f945592
m
lucasmcdonald3 Oct 30, 2024
b11dc2e
m
lucasmcdonald3 Oct 31, 2024
8f75098
m
lucasmcdonald3 Oct 31, 2024
a73fbc6
main mpl
lucasmcdonald3 Oct 31, 2024
8bf0a7b
repoly
lucasmcdonald3 Oct 31, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/library_format.yml
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
- name: Setup Dafny
uses: dafny-lang/setup-dafny-action@v1.8.0
with:
dafny-version: ${{ '4.2.0' }}
dafny-version: ${{ inputs.dafny }}

- name: Check format of Java code et al
run: |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,9 @@ module {:extern "software.amazon.cryptography.dbencryptionsdk.dynamodb.internald
&& output.value.branchKeyIdSupplier.ValidState()
&& output.value.branchKeyIdSupplier.Modifies !! {History}
&& fresh(output.value.branchKeyIdSupplier)
&& fresh ( output.value.branchKeyIdSupplier.Modifies - Modifies - {History} - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
&& fresh ( output.value.branchKeyIdSupplier.Modifies
- Modifies - {History}
- input.ddbKeyBranchKeyIdSupplier.Modifies ) )
ensures CreateDynamoDbEncryptionBranchKeyIdSupplierEnsuresPublicly(input, output)
ensures History.CreateDynamoDbEncryptionBranchKeyIdSupplier == old(History.CreateDynamoDbEncryptionBranchKeyIdSupplier) + [DafnyCallEvent(input, output)]

Expand Down Expand Up @@ -535,7 +537,9 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbService
&& output.value.branchKeyIdSupplier.ValidState()
&& output.value.branchKeyIdSupplier.Modifies !! {History}
&& fresh(output.value.branchKeyIdSupplier)
&& fresh ( output.value.branchKeyIdSupplier.Modifies - Modifies - {History} - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
&& fresh ( output.value.branchKeyIdSupplier.Modifies
- Modifies - {History}
- input.ddbKeyBranchKeyIdSupplier.Modifies ) )
ensures CreateDynamoDbEncryptionBranchKeyIdSupplierEnsuresPublicly(input, output)
ensures History.CreateDynamoDbEncryptionBranchKeyIdSupplier == old(History.CreateDynamoDbEncryptionBranchKeyIdSupplier) + [DafnyCallEvent(input, output)]
{
Expand Down Expand Up @@ -592,7 +596,9 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbOperations {
&& ( output.Success? ==>
&& output.value.branchKeyIdSupplier.ValidState()
&& fresh(output.value.branchKeyIdSupplier)
&& fresh ( output.value.branchKeyIdSupplier.Modifies - ModifiesInternalConfig(config) - input.ddbKeyBranchKeyIdSupplier.Modifies ) )
&& fresh ( output.value.branchKeyIdSupplier.Modifies
- ModifiesInternalConfig(config)
- input.ddbKeyBranchKeyIdSupplier.Modifies ) )
ensures CreateDynamoDbEncryptionBranchKeyIdSupplierEnsuresPublicly(input, output)


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module BaseBeacon {

import DDB = ComAmazonawsDynamodbTypes
import Prim = AwsCryptographyPrimitivesTypes
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives
import UTF8
import SortedSets
import TermLoc
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ module CompoundBeacon {
import opened DdbVirtualFields

import Prim = AwsCryptographyPrimitivesTypes
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives
import UTF8
import Seq
import SortedSets
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ module SearchConfigToInfo {
import CB = CompoundBeacon
import SE = AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
import MPT = AwsCryptographyMaterialProvidersTypes
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives

// convert configured SearchConfig to internal SearchInfo
method Convert(outer : DynamoDbTableEncryptionConfig)
Expand Down Expand Up @@ -137,14 +137,19 @@ module SearchConfigToInfo {
else
MPT.Default(Default := MPT.DefaultCache(entryCapacity := 1));

//= specification/searchable-encryption/search-config.md#key-store-cache
//# For a Beacon Key Source a [CMC](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cryptographic-materials-cache.md)
//# MUST be created.
var input := MPT.CreateCryptographicMaterialsCacheInput(
cache := cacheType
);
var maybeCache := mpl.CreateCryptographicMaterialsCache(input);
var cache :- maybeCache.MapFailure(e => AwsCryptographyMaterialProviders(e));
var cache;
if cacheType.Shared? {
cache := cacheType.Shared;
} else {
//= specification/searchable-encryption/search-config.md#key-store-cache
//# For a Beacon Key Source a [CMC](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/cryptographic-materials-cache.md)
//# MUST be created.
var input := MPT.CreateCryptographicMaterialsCacheInput(
cache := cacheType
);
var maybeCache := mpl.CreateCryptographicMaterialsCache(input);
cache :- maybeCache.MapFailure(e => AwsCryptographyMaterialProviders(e));
}

if config.multi? {
:- Need(0 < config.multi.cacheTTL, E("Beacon Cache TTL must be at least 1."));
Expand Down
12 changes: 6 additions & 6 deletions DynamoDbEncryption/dafny/DynamoDbEncryption/src/SearchInfo.dfy
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ module SearchableEncryptionInfo {
import UTF8
import opened Time
import KeyStore = AwsCryptographyKeyStoreTypes
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives
import Prim = AwsCryptographyPrimitivesTypes
import MP = AwsCryptographyMaterialProvidersTypes
import KeyStoreTypes = AwsCryptographyKeyStoreTypes
Expand Down Expand Up @@ -71,11 +71,11 @@ module SearchableEncryptionInfo {
//# MUST be generated in accordance with [HMAC Key Generation](#hmac-key-generation).
var newKey :- GetBeaconKey(client, key, keysLeft[0]);
reveal Seq.HasNoDuplicates();
//= specification/searchable-encryption/search-config.md#get-beacon-key-materials
//# [Beacon Key Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#beacon-key-materials) MUST be generated
//# with the [beacon key id](#beacon-key-id) equal to the `beacon key id`
//# and the [HMAC Keys](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#hmac-keys) equal to a map
//# of every [standard beacons](beacons.md#standard-beacon-initialization) name to its generated HMAC key.
//= specification/searchable-encryption/search-config.md#get-beacon-key-materials
//# [Beacon Key Materials](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#beacon-key-materials) MUST be generated
//# with the [beacon key id](#beacon-key-id) equal to the `beacon key id`
//# and the [HMAC Keys](../../submodules/MaterialProviders/aws-encryption-sdk-specification/framework/structures.md#hmac-keys) equal to a map
//# of every [standard beacons](beacons.md#standard-beacon-initialization) name to its generated HMAC key.
output := GetHmacKeys(client, allKeys, keysLeft[1..], key, acc[keysLeft[0] := newKey]);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ module BeaconTestFixtures {
import DDBC = Com.Amazonaws.Dynamodb
import KTypes = AwsCryptographyKeyStoreTypes
import SI = SearchableEncryptionInfo
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives
import MaterialProviders
import MPT = AwsCryptographyMaterialProvidersTypes
import SortedSets
Expand Down Expand Up @@ -181,6 +181,9 @@ module BeaconTestFixtures {
ensures output.keyStore.ValidState()
ensures fresh(output.keyStore.Modifies)
ensures output.version == 1
ensures
&& output.keySource.multi?
&& output.keySource.multi.cache.None?
{
var store := GetKeyStore();
return BeaconVersion (
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -759,62 +759,98 @@ abstract module AbstractAwsCryptographyDbEncryptionSdkDynamoDbTransformsService
var tmps4 := set t4 | t4 in tmp3.search.value.versions;
forall tmp4 :: tmp4 in tmps4 ==>
tmp4.keyStore.ValidState()
modifies set tmps5 <- set t5 <- config.tableEncryptionConfigs.Values | true
&& t5.keyring.Some?
:: t5.keyring.value,
obj <- tmps5.Modifies | obj in tmps5.Modifies :: obj
modifies set tmps6 <- set t6 <- config.tableEncryptionConfigs.Values | true
&& t6.cmm.Some?
:: t6.cmm.value,
obj <- tmps6.Modifies | obj in tmps6.Modifies :: obj
requires var tmps5 := set t5 | t5 in config.tableEncryptionConfigs.Values;
forall tmp5 :: tmp5 in tmps5 ==>
tmp5.search.Some? ==>
var tmps6 := set t6 | t6 in tmp5.search.value.versions;
forall tmp6 :: tmp6 in tmps6 ==>
tmp6.keySource.multi? ==>
tmp6.keySource.multi.cache.Some? ==>
tmp6.keySource.multi.cache.value.Shared? ==>
tmp6.keySource.multi.cache.value.Shared.ValidState()
modifies set tmps7 <- set t7 <- config.tableEncryptionConfigs.Values | true
&& t7.legacyOverride.Some?
:: t7.legacyOverride.value.encryptor,
&& t7.keyring.Some?
:: t7.keyring.value,
obj <- tmps7.Modifies | obj in tmps7.Modifies :: obj
modifies set tmps8 <- set t8 <- config.tableEncryptionConfigs.Values | true
&& t8.search.Some?
, t9 <- t8.search.value.versions :: t9.keyStore,
&& t8.cmm.Some?
:: t8.cmm.value,
obj <- tmps8.Modifies | obj in tmps8.Modifies :: obj
modifies set tmps9 <- set t9 <- config.tableEncryptionConfigs.Values | true
&& t9.legacyOverride.Some?
:: t9.legacyOverride.value.encryptor,
obj <- tmps9.Modifies | obj in tmps9.Modifies :: obj
modifies set tmps10 <- set t10 <- config.tableEncryptionConfigs.Values | true
&& t10.search.Some?
, t11 <- t10.search.value.versions | true
:: t11.keyStore,
obj <- tmps10.Modifies | obj in tmps10.Modifies :: obj
modifies set tmps12 <- set t12 <- config.tableEncryptionConfigs.Values | true
&& t12.search.Some?
, t13 <- t12.search.value.versions | true
&& t13.keySource.multi?
&& t13.keySource.multi.cache.Some?
&& t13.keySource.multi.cache.value.Shared?
:: t13.keySource.multi.cache.value.Shared,
obj <- tmps12.Modifies | obj in tmps12.Modifies :: obj
ensures res.Success? ==>
&& fresh(res.value)
&& fresh(res.value.Modifies
- ( set tmps10 <- set t10 <- config.tableEncryptionConfigs.Values | true
&& t10.keyring.Some?
:: t10.keyring.value,
obj <- tmps10.Modifies | obj in tmps10.Modifies :: obj
) - ( set tmps11 <- set t11 <- config.tableEncryptionConfigs.Values | true
&& t11.cmm.Some?
:: t11.cmm.value,
obj <- tmps11.Modifies | obj in tmps11.Modifies :: obj
) - ( set tmps12 <- set t12 <- config.tableEncryptionConfigs.Values | true
&& t12.legacyOverride.Some?
:: t12.legacyOverride.value.encryptor,
obj <- tmps12.Modifies | obj in tmps12.Modifies :: obj
) - ( set tmps13 <- set t13 <- config.tableEncryptionConfigs.Values | true
&& t13.search.Some?
, t14 <- t13.search.value.versions :: t14.keyStore,
obj <- tmps13.Modifies | obj in tmps13.Modifies :: obj
- ( set tmps14 <- set t14 <- config.tableEncryptionConfigs.Values | true
&& t14.keyring.Some?
:: t14.keyring.value,
obj <- tmps14.Modifies | obj in tmps14.Modifies :: obj
) - ( set tmps15 <- set t15 <- config.tableEncryptionConfigs.Values | true
&& t15.cmm.Some?
:: t15.cmm.value,
obj <- tmps15.Modifies | obj in tmps15.Modifies :: obj
) - ( set tmps16 <- set t16 <- config.tableEncryptionConfigs.Values | true
&& t16.legacyOverride.Some?
:: t16.legacyOverride.value.encryptor,
obj <- tmps16.Modifies | obj in tmps16.Modifies :: obj
) - ( set tmps17 <- set t17 <- config.tableEncryptionConfigs.Values | true
&& t17.search.Some?
, t18 <- t17.search.value.versions | true
:: t18.keyStore,
obj <- tmps17.Modifies | obj in tmps17.Modifies :: obj
) - ( set tmps19 <- set t19 <- config.tableEncryptionConfigs.Values | true
&& t19.search.Some?
, t20 <- t19.search.value.versions | true
&& t20.keySource.multi?
&& t20.keySource.multi.cache.Some?
&& t20.keySource.multi.cache.value.Shared?
:: t20.keySource.multi.cache.value.Shared,
obj <- tmps19.Modifies | obj in tmps19.Modifies :: obj
) )
&& fresh(res.value.History)
&& res.value.ValidState()
ensures var tmps15 := set t15 | t15 in config.tableEncryptionConfigs.Values;
forall tmp15 :: tmp15 in tmps15 ==>
tmp15.keyring.Some? ==>
tmp15.keyring.value.ValidState()
ensures var tmps16 := set t16 | t16 in config.tableEncryptionConfigs.Values;
forall tmp16 :: tmp16 in tmps16 ==>
tmp16.cmm.Some? ==>
tmp16.cmm.value.ValidState()
ensures var tmps17 := set t17 | t17 in config.tableEncryptionConfigs.Values;
forall tmp17 :: tmp17 in tmps17 ==>
tmp17.legacyOverride.Some? ==>
tmp17.legacyOverride.value.encryptor.ValidState()
ensures var tmps18 := set t18 | t18 in config.tableEncryptionConfigs.Values;
forall tmp18 :: tmp18 in tmps18 ==>
tmp18.search.Some? ==>
var tmps19 := set t19 | t19 in tmp18.search.value.versions;
forall tmp19 :: tmp19 in tmps19 ==>
tmp19.keyStore.ValidState()
ensures var tmps21 := set t21 | t21 in config.tableEncryptionConfigs.Values;
forall tmp21 :: tmp21 in tmps21 ==>
tmp21.keyring.Some? ==>
tmp21.keyring.value.ValidState()
ensures var tmps22 := set t22 | t22 in config.tableEncryptionConfigs.Values;
forall tmp22 :: tmp22 in tmps22 ==>
tmp22.cmm.Some? ==>
tmp22.cmm.value.ValidState()
ensures var tmps23 := set t23 | t23 in config.tableEncryptionConfigs.Values;
forall tmp23 :: tmp23 in tmps23 ==>
tmp23.legacyOverride.Some? ==>
tmp23.legacyOverride.value.encryptor.ValidState()
ensures var tmps24 := set t24 | t24 in config.tableEncryptionConfigs.Values;
forall tmp24 :: tmp24 in tmps24 ==>
tmp24.search.Some? ==>
var tmps25 := set t25 | t25 in tmp24.search.value.versions;
forall tmp25 :: tmp25 in tmps25 ==>
tmp25.keyStore.ValidState()
ensures var tmps26 := set t26 | t26 in config.tableEncryptionConfigs.Values;
forall tmp26 :: tmp26 in tmps26 ==>
tmp26.search.Some? ==>
var tmps27 := set t27 | t27 in tmp26.search.value.versions;
forall tmp27 :: tmp27 in tmps27 ==>
tmp27.keySource.multi? ==>
tmp27.keySource.multi.cache.Some? ==>
tmp27.keySource.multi.cache.value.Shared? ==>
tmp27.keySource.multi.cache.value.Shared.ValidState()

// Helper functions for the benefit of native code to create a Success(client) without referring to Dafny internals
function method CreateSuccessOfClient(client: IDynamoDbEncryptionTransformsClient): Result<IDynamoDbEncryptionTransformsClient, Error> {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module AwsCryptographyDbEncryptionSdkStructuredEncryptionOperations refines Abst
import Prim = AwsCryptographyPrimitivesTypes
import StructuredEncryptionHeader
import Random
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives
import Header = StructuredEncryptionHeader
import Footer = StructuredEncryptionFooter
import MaterialProviders
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ module StructuredEncryptionCrypt {

import CMP = AwsCryptographyMaterialProvidersTypes
import Prim = AwsCryptographyPrimitivesTypes
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives
import UTF8
import Header = StructuredEncryptionHeader
import HKDF
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ module StructuredEncryptionFooter {
import opened StandardLibrary.UInt
import opened AwsCryptographyDbEncryptionSdkStructuredEncryptionTypes
import opened StructuredEncryptionUtil
import Aws.Cryptography.Primitives
import Primitives = AtomicPrimitives
import Materials
import Header = StructuredEncryptionHeader

Expand Down
Loading
Loading